Sad to see it go. The philosophy of CDK has been to offer a shared ecosystem between IaC, backend code and frontend code, allowing to share configuration, data structures and libraries between all of them. It has made development more unified and have less redundancy and manual work. Personally I don't want to repeat some stuff in a special Terraform language, if I can find a way to manage the whole application in TypeScript.
I feel the opposite about SQL: It is often being shoehorned into use cases that don't fit the relative/transactional database model at all. My own default database is AWS DynamoDB, because it fits 90% of my own use cases quite well and offers a fast approach for iterative development. Recently I've been evaluating how to find the same level of abstraction in open source databases, and MongoDB feels like the closest match. Postgres with JSONB comes second, but manipulating JSON with SQL is not very comfortable and tends to result in subtle problems e.g. when something is NULL.
At minimum, the government gets a "ping" when identified citizens visit adult sites requiring the age check, so they can keep a record. In worse scenarios, maybe some identifier leaks through that can also identify which site they visited. And of course, the identification apps can be hacked through supply chain attacks etc.
Without knowing the specifics, this is not necessarily the case. It could be implemented without needing to ping "the government". As a strawman idea, there could be a monthly refreshed distributed database of booleans per citizen identity and accessed through a keyed hash.
There is a very possible attack. Open a porn website, buy ad traffic in France, once users are here, claim identity needs to be verified. In the background, start the process to open a bank account in one of these online banks and act as a relay in the verification process.
Is that an actual thread model, and or are you just making stuff up?
I'm asking because even oauth would make this kind of attack vector impossible, as the referrer and redirect urls are verified - and I sincerely doubt they're so incompetent not to do something similar in such a context.
There are a lot of verification platforms, so the idea is that the user is asked to be verified and that his proof of identity is reused in live for something else.
In the addressbar, user sees "dangerousporn.com" -> "safeidentify.com"
The operator of "dangerousporn.com" starts (manually) an application to a [bank account / crypto exchange "bank.com"], using a fixed residential proxy (Luminati / Oxylabs, etc).
Once a victim arrives on "safeidentify.com", the user that is on "safeidentify.com" is asked to follow the actions that "bank.com" is asking to do (upload your ID, turn head left, turn head right, up, down).
"safeidentify.com" plays back the recorded video on the KYC platform of "bank.com" using an emulated Webcam.
Difficult ? Yes and no, but manually doable on a case-by-case basis, and you don't need thousands of victims as it is really worth.
to begin with, youve already switched the hacker from an advertiser to the operator running the website.
but ignoring that: none of what youve written there has been enabled by an identity provider hosted by the state. These scams already exists, today and various "special" users fall victim to them.
but lets ignore that too: these verifications are usually done interactively and cannot simply be played back, as you need to actually react to the actions of the person verifying your identiy
but lets ignore that too: its _highly_ unlikely the service will make users upload IDs and get verified via video etc on every connection. I'm gonna bet this is a one-time action, and after that you'll probably have to simply authenticate via 2-3 factors (username, password, biometric, sms, email, e-pass, certificate etc) - so what you're insinuating (this service makes people numb to such situation) is implausible. Especially in the context this scenario is in: merely verifying >18 yo
No, that would defeat the entire point, and any such system should be fought indeed. It's possible to build systems that explicitly do not have this property.
I don't really know what to do with a dumbphone, since I don't get any phone calls or text messages any more. Everything goes through apps, email or web nowadays.
I understand the sentiment, but I don't get how you could draw more complex software plans by hand. I usually use Draw.io/Diagrams.net, and the drawings get pretty large and need reorganizing dozens of boxes several times while planning the architecture.
OTOH if the plan is very simple and obvious, and can be drawn out in one go, it doesn't really need a diagram in the first place, so I skip spending time drawing the obvious stuff.
I don't often do very complex software plans like that. My working notes are often on a smaller scale like individual features or so. If we need to document the full architecture for the project, I'm happy to do that with digital tools.
But while I'm planning parts of it or designing it, I do better with pen and paper. My main issue with many of the digital tools I've tried comes down to the added friction if I need to switch to a different tool in the app when I switch between circles and rectangles and text and the fact that I find free-hand drawing with mouse really difficult.
> OTOH if the plan is very simple and obvious, and can be drawn out in one go, it doesn't really need a diagram in the first place, so I skip spending time drawing the obvious stuff.
I think there's a middle ground where it might be easy to draw on one go but deciding what to draw and how things work together and what's needed requires iterations and for that, thinking through drawing and writing helps me a ton.
I guess there's many cases where you don't really know how complicated or simple the solution will end up to be, and start drawing it while thinking about it.. I must admit that those are usually the most interesting parts of the work.
I actually do all this stuff in my head and use hierarchies of bullet points in a text file to externalize some stuff. Some of these may end in arrows that point to a different process.
I never use paper because I'm always moving these bullet points around and inserting stuff between them. Apps are too slow.
I never write down all the information because these notes are enough for me to reload everything. It's pretty easy to see that I didn't write something when there's a gap in my notes. I never wrote it down because I'm going to come up with the same or better solution quickly.
This isn't really helpful for anyone else and doesn't work well with pair programming.
My main issue in the EU is that cloud platform services are not very mature compared to AWS, Azure, GCP. They have some of the basic stuff like VMs and storage, but almost nobody has FaaS and the smaller services like SQS, SNS, scalable pay-per-request database like DynamoDB, etc. I hope these things become available so that it becomes possible to build scalable serverless apps here. Ultimately these services should be standardized like S3 did for storage.
Cursor is not about vibe coding. Vibe coding means you don't care about the AI's code output as long as it works. Cursor is all about efficiently reviewing the AI-proposed changes and hitting Tab only when you approve them. Much of the editing process is hitting Esc because the proposed change is not good.
I know this is a meta point but I'm pretty sure vibe coding is just an X meme that means whatever the poster intends. I'm not sure you can say vibe coding does or doesn't care about relative quality
Yeah, I'm afraid "vibe coding" is a term that quickly lost its meaning because everyone was using it to mean different things.
Some people use it to mean using AI for writing code in general. I've preferred for it to mean when someone who doesn't know how to code uses AI to write code and doesn't understand the output.
Almost, but not quite. As per Karpathy's definition [0], it's not about not knowing to code (he obviously does), but rather not caring -
"fully give in to the vibes" and "forget that the code even exists". So the closest implementation to this ideal would probably be something like lovable.dev, that fully hides the code from you, because if you can't resist the need to look at the code, you're not fully "vibing".
Agreed, that's how you'll have much more success using it. Basically, I ask it to write 4-10 lines at a time, if the lines are too many for me to comfortably review, I reject the change and ask more specifically.
there is essentially no difference if you give the agent total control in cursor, you can code entirely via prompt without ever touching the code after you create a workspace.
that is to say I can't think of any greater support of vibe-coding , you can open up a chat prompt and have at it.
It's funny how back in the 1990s the concept of software was different. You might buy an actual shrink wrapped package with an install disc and be happy with it for years. Nowadays it would be unthinkable to use software without getting regular updates (at least security updates) and always being able to install the latest version.
Isn't that partially because even your stove is now connected to the Internet? The attack surface changed from "when I connect my USR modem" to "someone can portscan all of IPv4 in reasonable time"
I do gravely miss the ability to actually have the bits, and will take any steps I can to grab an offline installer if offered
I got my first fixed IP address and always-on Internet connection in 1995 and I don't particularly miss the dial-up times before that. I prefer to have everything connected and online all the time, but also with proper security.
I'm really happy with my Bosch washing machine's WiFi. Getting a notification to the phone when the wash cycle is complete is something I wouldn't give up now, since I don't hear the beeping to upstairs. I also wish I'd get notifications from the dish washer, but it's an old model that still works and it's hard to justify replacing it yet.
I also have no clue what all the physical buttons on the washing machine's control panel do, but it's easy to configure the wash program using the phone app whenever something special is needed. I wish I had the same kind of remote control for the dish washer, since its buttons are also pretty much undecipherable.
The actual Home Connect Android app is not great though. Could be simplified and cleaned up of unnecessary cruft.
I bought an LG a few years ago and connected it to WiFi. I have no idea what I need to program for special wash cycles, but it’s nice getting a notification on my watch when a load is done or having issues.
reply