alzoid (u/alzoid) - Readit News

alzoid commented on Memory Safety memorysafety.org/... · Posted by u/pmaddams

creatonez · 3 days ago

I'm not talking about null safety in the sense of null pointers. Null pointers and out of bound pointers are still in the realm of memory safety, which of course Java has solved for the most part.

Proper null safety (sometimes called void safety) is to actually systematically eliminate null values, to force in the type system a path of either handling or explicitly crashing. This is what many newer expressive multi-paradigm languages have been able to achieve (and something functional programming languages have been doing for ages), but remains out of reach for Java. Java does throw an exception on errant null value access, but allows the programmer to forget to handle it by making it a `RuntimeException`, and by the time you might try to handle it, you've lost all of the semantics of what went wrong - what value was actually missing and what a missing value truly means in the domain.

> Catching exceptions, logging them, and continuing seems to be rather common. It's not like Rust and Go, where unexpected panics in libraries are often treated as security vulnerabilities because panics are expected to take down entire services, instead of just stopping processing of the current request.

Comparing exceptions to panics is a category error. Rust for example has great facilities for bubbling up errors as values. Part of why you want to avoid panicking so much is that you don't need to do it, because it is just as easy to create structured errors that can be ignored by the consumer if needed. Java exceptions should be compared to how errors are actually handled in Rust code, it turns out they end up being fairly similar in what you get out of it.

alzoid · 3 days ago

Java introduced Optional to remove nulls. It also introduced a bunch of things to make it behave like functional languages. You can use records for immutable data, sealed interfaces for domain states, you can switch on the sealed interface for pattern matching, use the sealed interfaces + consumers or a command pattern to remove exception handling and have errors as values.

alzoid commented on Critical vulnerability in LangChain – CVE-2025-68664 cyata.ai/blog/langgrinch-... · Posted by u/shahartal

gcr · 3 days ago

It was an earnest question. I didn’t intend to be sarcastic.

alzoid · 3 days ago

I went through evaluating a bunch of frameworks. There was Langchain, AG2, Firebase Gen AI / Vertex / whatever Google eventually lands on, Crew AI, Microsoft's stuff etc.

It was so early in the game none of those frame works are ready. What they do under the hood when I looked wasn't a lot. I just wanted some sort of abstraction over the model apis and the ability to use the native api if the abstraction wasn't good enough. I ended up using Spring AI. Its working well for me at the moment. I dipped into the native APIS when I needed a new feature (web search).

Out of all the others Crew AI was my second choice. All of those frameworks seem parasitic. One your on the platform you are locked in. Some were open source but if you wanted to do anything useful you needed an API key and you could see that features were going to be locked behind some sort of payment.

Honestly I think you could get a lot done with one of the CLI's like Claude Code running in a VM.

alzoid commented on Google Antigravity exfiltrates data via indirect prompt injection attack promptarmor.com/resources... · Posted by u/jjmaxwell4

mystifyingpoi · a month ago

This is hillarious. AI is prevented from reading .gitignore-d files, but also can run arbitrary shell commands to do anything anyway.

alzoid · a month ago

I had this issue today. Gemini CLI would not read files from my directory called .stuff/ because it was in .gitignore. It then suggested running a command to read the file ....

alzoid commented on Two things LLM coding agents are still bad at kix.dev/two-things-llm-co... · Posted by u/kixpanganiban

stuartjohnson12 · 3 months ago

"hey claude, please remove the fake data and use the real data"

"sure thing, I'll add logic to check if the real data exists and only use the fake data as a fallback in case the real data doesn't exist"

alzoid · 3 months ago

I will also add checks to make sure the data that I get is there even though I checked 8 times already and provide loads of logging statements and error handling. Then I will go to every client that calls this API and add the same checks and error handling with the same messaging. Oh also with all those checks I'm just going to swallow the error at the entry point so you don't even know it happened at runtime unless you check the logs. That will be $1.25 please.

alzoid commented on A competitor crippled a $23.5M bootcamp by becoming a Reddit moderator larslofgren.com/codesmith... · Posted by u/SilverElfin

pg_bot · 3 months ago

I suspect this is true for almost every somewhat relevant subreddit. Everything has been captured, someone has taken control of the politburo and is defining the message. I've been using the site since 2008 and within the last couple of years it feels like you cannot post anything unless you know someone.

alzoid · 3 months ago

I feel like it was this way 10 years ago. Once r/TheDonald successfully gamed the system everyday I think people with interest took notice. Now you can be in a niche sub reddit that averages 40 comments on a post. Then a post that could be adjacent to some hot U.S. political wedge topic gets mentioned and there are 300 comments from users who never take part in the discussion. Even something very general like "students are protesting tuition hikes" the small city I live in gets posted and it gets flooded by people who never comment. If you hit a hot topic like Israel / Palestine, the Ukraine war you see it as well.

Reddit, Fackbook, Twitter, TikTok etc are the places where people get their information and form their options. That why the the wealthy and powerful are buying them outright, or paying to push their influence into every aspect of the conversation. Poisoning the well or "Flooding the zone with shit".

Reddit became what Digg was with MrBabyMan. Or actually something worse.

alzoid commented on Two things LLM coding agents are still bad at kix.dev/two-things-llm-co... · Posted by u/kixpanganiban

yodsanklai · 3 months ago

5 minutes ago, I asked Claude to add some debug statements in my code. It also silently changed a regex in the code. It was easily caught with the diff but can be harder to spot in larger changes.

alzoid · 3 months ago

I asked Claude to add a debug endpoint to my hardware device that just gave memory information. It wrote 2600 lines of C that gave information about every single aspect of the system. On the one hand kind of cool. It looked at the MQTT code and the update code, the platform (esp) and generated all kinds of code. It recommended platform settings that could enable more detailed information that checked out when I looked at the docs. I ran it and it worked. On the other hand, most of the code was just duplicated over and over again ex: 3 different endpoints that gave overlapping information. About half of the code generated fake data rather than actually do anything with the system.

I rolled back and re-prompted and got something that looked good and worked. The LLMs are magic when they work well but they can throw a wrench into your system that will cost you more if you don't catch it.

I also just had a 'senior' developer tell me that a feature in one of our platforms was deprecated. This was after I saw their code which did some wonky hacky like stuff to achieve something simple. I checked the docs and said feature (URL Rewriting) was obviously not deprecated. When I asked how they knew it was deprecated they said Chat GPT told them. So now they are fixing the fix chat gpt provided.

alzoid commented on Vibe code is legacy code blog.val.town/vibe-code... · Posted by u/simonw

MrGilbert · 5 months ago

And what you will get in return is professional software developers looking at vibe-coded modules that already went into production, stating that "we will never ever touch this", as they don’t want to be responsible for something they would have never put into production in the first place.

Now, they see themselves challenged to defend against the non-technical departments, because all they see are some elitist developers, that deem something as "not good enough", which, from a user standpoint, "is working quite well".

However - it's unmaintainable. That whole situation is a mess, and it's becoming bigger and bigger.

alzoid · 5 months ago

I ran into an AI coded bug recently the generated code had a hard coded path that resolved another bug. My assumption is the coder was too lazy to find the root cause of the bug and asked the LLM to "make it like this". The LLM basically set a flag to true so the business logic seems to work. It shouldn't have got past the test but whatever.

In another code base, all the code was written with this pattern. Its like the new code changed what the old code did. I think that 'coder' kept a big context window and didn't know how to properly ask for something. There was 150 line function that only needed to be 3 lines, a 300 line function that could be done in 10 etc. There were several a sections where the LLM moved the values of a list to another list and then looped through the new list to make sure the values were in the new list. It did this over and over again.

alzoid commented on AI agent startups at Y Combinator’s Spring ’25 Demo Day businessinsider.com/y-com... · Posted by u/aspenmayer

bluefirebrand · 6 months ago

It's stuff like this that makes me want to puke when I hear people talking about how great the AI future is going to be

AI is a force multiplier.

Forces can be applied in a negative direction too, and often are

alzoid · 6 months ago

The future is already here. Look at how companies behave today, AI will not change their behaviour. AI will not make them 'nicer'. People talk about the massive productivity change and how we need to think about Universal Basic Income. They don't realize that in the US and other western nations they are already living in abundance (even excess). How do we treat the unemployed and "Unskilled" workforce? Do they have UBI? When they complain about rent and food prices do the wealthy step in to help? Or are they told they should have went to school or acquired a better skill to deserve a better life. What will happen when AI makes while collar workers "unskilled"? The same thing that happens today.

alzoid commented on Apache NetBeans 25 github.com/apache/netbean... · Posted by u/tannhaeuser

aadhavans · 10 months ago

I remember briefly using NetBeans in my high school programming class. Anyone still use it? Is it a good alternative to corporate-backed IDEs?

alzoid · 10 months ago

It was my go to back when I was doing Java Desktop / Servelets / Java EE. I found it easier to use than Eclipse, which most people I knew were using. I recently did a Google AppEngine project to collect and display weather data and used Netbeans for dev and Spring for the framework. It still works well, integrates with the package managers and build tools easily enough.

Before Netbeans I was using Textpad with shortcuts mapped to javac. What I liked about Netbeans at that time (2005ish) was that you could press the Run button and your application just ran, weather it was a desktop app or a servelet web app. It reminded me of Visual Studio and the VB6 IDEs.

alzoid commented on Unpkg CDN down causing dependent website outages github.com/mjackson/unpkg... · Posted by u/ManWith2Plans

afavour · 2 years ago

I’m curious, in what scenario was bandwidth for static resources an issue? It’s one of the most trivial things to serve cheaply.

alzoid · 2 years ago

When the server is behind a pipe of limited size. When most of your new visits happen all at once over a short period of time. When you can't rely on a mobile phones cache like a desktop because 90% of your visitors are using one. A CDN is a easy win to off load resources, even if they are small.