HackerTrans
TopNewTrendsCommentsPastAskShowJobs

haxton

no profile record

comments

haxton
·8 miesięcy temu·discuss
Why is this AI generated slop so highly upvoted?
haxton
·w zeszłym roku·discuss
California has banned non competes since 1872. You might be thinking about non solicits which was 2024 also reaffirming the ban on non competes
haxton
·w zeszłym roku·discuss
Unrelated. Has nothing to do with the gcp outage that was related to.
haxton
·w zeszłym roku·discuss
Always treat startup equity as 0 until you've sold it.
haxton
·w zeszłym roku·discuss
> Custom OAuth implementation with user registration/login

Please don't. At 2 minute glance you are allowing empty state (csrf) and bearer tokens in query string[0], not checking if token is expired or not[1], storing secrets in plain text / not salting[2], missing PKCE Validation, debug mode always on, redirect URL only checking if includes (127.0.0.1.evil.com works)[3] so much...

Please, please, please don't recommend this for any production usage.

[0] https://github.com/f/mcp-cloudflare-boilerplate/blob/master/... [1] https://github.com/f/mcp-cloudflare-boilerplate/blob/master/... [2] https://github.com/f/mcp-cloudflare-boilerplate/blob/master/... [3] https://github.com/f/mcp-cloudflare-boilerplate/blob/master/...
haxton
·w zeszłym roku·discuss
> The former Google employee

It's literally like the 3rd sentence...
haxton
·w zeszłym roku·discuss
I've been about it as "throwaway software." Why bother searching for someone else's mediocre LLM generated software when I can just as easily (and hopefully as cheaply) generate the same thing, but it just works for me
haxton
·w zeszłym roku·discuss
Kindle has been doing this for years and has really made me a loyal customer to them. Always surprised the penny pinchers at Amazon haven't killed it yet.
haxton
·2 lata temu·discuss
The demos I see for these types of tools are always some toy project and doesn't reflect day to day work I do at all. Do you have any example PRs on larger more complex projects that have been written with codebuff and how much of that was human interactive?

The real problem I want someone to solve is helping me with the real niche/challenging portion of a PR, ex: new tiptap extension that can do notebook code eval, migrate legacy auth service off auth0, record and replay API GET requests and replay a % of them as unit tests, etc.

So many of these tools get stuck trying to help me "start" rather than help me "finish" or unblock the current problem I'm at.
haxton
·3 lata temu·discuss
Definitely a difficult problem you're taking on here, but I don't see anything specific to LLMs here? How or why are you marketing towards LLMs?

How do you compare to the larger players here already Nango[0] and Merge[1] ?

I'm curious how you're thinking about data access / staleness? It's great that you're handling the oauth dance, but does that mean every end user of the product has to auth every product they interface with or are you handling this all at the super admin / enterprise level?

Right now I think there's too much emphasis on the "data loading" aspect of LLMs. I expect to see a swing back into using 3rd party API's SDKs. Interested to hear your thoughts on the Google API, it's absolutely massive and trying to shoehorn that into a unified API scares me.

The only real player that I could see to launch something like this and be successful is Okta.

[0] - https://github.com/NangoHQ/nango [1] - https://merge.dev/