Readit News logoReadit News
jonchurch_ commented on Ask HN: How to deal with long vibe-coded PRs?    · Posted by u/philippta
lkramer · a month ago
I think it's only fair to give an example where he feels AI is used correctly: https://mastodon.social/@bagder/115241241075258997
jonchurch_ · a month ago
Wow very cool, theyve now closed 150 bugs identified via ai assistance/static analysis!

For ref, here is the post from Joshua Rogers about their investigation into the tooling landscape which yielded those findings

https://joshua.hu/llm-engineer-review-sast-security-ai-tools...

jonchurch_ commented on Ask HN: How to deal with long vibe-coded PRs?    · Posted by u/philippta
jonchurch_ · a month ago
We are seeing a lot more drive by PRs in well known open source projects lately. Here is how I responded to a 1k line PR most recently before closing and locking. For context, it was (IMO) a well intentioned PR. It purported to implement a grab bag of perf improvements, caching of various code paths, and a clustering feature

Edit: left out that the user got flamed by non contributors for their apparently AI generated PR and description (rude), in defense of which they did say they were using several AI tools to drive the work. :

We have a performance working group which is the venue for discussing perf based work. Some of your ideas have come up in that venue, please go make issues there to discuss your ideas

my 2 cents on AI output: these tools are very useful, please wield them in such a way that it respects the time of the human who will be reading your output. This is the longest PR description I have ever read and it does not sound like a human wrote it, nor does it sound like a PR description. The PR also does multiple unrelated things in a single 1k line changeset, which is a nonstarter without prior discussion.

I don't doubt your intention is pure, ty for wanting to contribute.

There are norms in open source which are hard to learn from the outside, idk how to fix that, but your efforts here deviate far enough from them in what I assume is naivety that it looks like spam.

jonchurch_ · a month ago
Daniel Stenberg of curl gave a talk about some of what theyve been experiencing, mostly on the security beg bounty side. A bit hyperbolic, and his opinion is clear from the title, but I think a lot of maintainers feel similarly.

“AI Slop attacks on the curl project” https://youtu.be/6n2eDcRjSsk

jonchurch_ commented on Ask HN: How to deal with long vibe-coded PRs?    · Posted by u/philippta
le-mark · a month ago
How long was this person working on it? Six months? Anything this big should’ve had some sort of design review. The worst is some junior going off and coding some garbage no one sees for a month.
jonchurch_ · a month ago
You can churn this stuff out in about an hour these days though, seriously. Thats part of the problem, the asymmetry of time to create vs time to review.

If I can write 8 9k line PRs everyday and open them against open source projects, even closing them let alone engaging with them in good faith is an incredible time drain vs the time investment to create them.

jonchurch_ commented on Ask HN: How to deal with long vibe-coded PRs?    · Posted by u/philippta
jonchurch_ · a month ago
We are seeing a lot more drive by PRs in well known open source projects lately. Here is how I responded to a 1k line PR most recently before closing and locking. For context, it was (IMO) a well intentioned PR. It purported to implement a grab bag of perf improvements, caching of various code paths, and a clustering feature

Edit: left out that the user got flamed by non contributors for their apparently AI generated PR and description (rude), in defense of which they did say they were using several AI tools to drive the work. :

We have a performance working group which is the venue for discussing perf based work. Some of your ideas have come up in that venue, please go make issues there to discuss your ideas

my 2 cents on AI output: these tools are very useful, please wield them in such a way that it respects the time of the human who will be reading your output. This is the longest PR description I have ever read and it does not sound like a human wrote it, nor does it sound like a PR description. The PR also does multiple unrelated things in a single 1k line changeset, which is a nonstarter without prior discussion.

I don't doubt your intention is pure, ty for wanting to contribute.

There are norms in open source which are hard to learn from the outside, idk how to fix that, but your efforts here deviate far enough from them in what I assume is naivety that it looks like spam.

jonchurch_ commented on Which NPM package has the largest version number?   adamhl.dev/blog/largest-n... · Posted by u/genshii
jonchurch_ · 3 months ago
The author has run into the same problem that anyone who wants to do analysis on the NPM registry runs into, there's just no good first party API for this stuff anymore.

It seems this was their first time going down this rabbit hole, so for them and anyone else, I'd urge you to use the deps.dev Google BigQuery dataset [0] for this kind of analysis. It does indeed include NPM and would have made the author's work trivial.

Here's a gist with the query and the results https://gist.github.com/jonchurch/9f9283e77b4937c8879448582b...

[0] - https://docs.deps.dev/bigquery/v1/

jonchurch_ commented on Enough AI copilots, we need AI HUDs   geoffreylitt.com/2025/07/... · Posted by u/walterbell
cleverwebble · 5 months ago
Agreed!

I've spent the last few months using Claude Code and Cursor - experimenting with both. For simple tasks, both are pretty good (like identifying a bug given console output) - but when it comes to making a big change, like adding a brand new feature to existing code that requires changes to lots of files, writing tests, etc - it often will make at least a few mistakes I catch on review, and then prompting the model to fix those mistakes often causes it to fix things in strange ways.

A few days ago, I had a bug I just couldn't figure out. I prompted Claude to diagnose and fix the issue - but after 5 minutes or so of it trying out different ideas, rerunning the test, and getting stuck just like I did - it just turned off the test and called it complete. If I wasn't watching what it was doing, I could have missed that it did that and deployed bad code.

The last week or so, I've totally switched from relying on prompting to just writing the code myself and using tab complete to autocomplete like 80% of it. It is slower, but I have more control and honestly, it's much more enjoyable of an experience.

jonchurch_ · 5 months ago
Drop in a lint rule to fail on skipped tests. Ive added these at a previous job after finding that tests skipped during dev sometimes slipped through review and got merged.
jonchurch_ commented on Multi-Player Durable Stream Playground   s2.dev/playground... · Posted by u/shikhar
jonchurch_ · 5 months ago
Might as well share one URL for HN to play with, so here’s one

https://s2.dev/playground?token=Oq4AAAAAAABodAPA46wzu2bBlbU7...

jonchurch_ commented on The Two Towers MUD   t2tmud.org/... · Posted by u/astronads
jonchurch_ · 5 months ago
The 30th anniversary post has an overview of events in the game’s history (content updates, community, server upgrades) that was very interesting. Congrats on the beefy 486/100 server with 64M of RAM upgrade in ‘94!

https://t2tmud.org/history/30th_anniversary_reboot_script.ph...

jonchurch_ commented on Async Queue – One of my favorite programming interview questions   davidgomes.com/async-queu... · Posted by u/davidgomes
bmacho · 5 months ago
If you don't care about the order of requests then you can just set up a flag to denote if a task is running, and keep rescheduling the other tasks. Something like

      let isProcessing = false;

      async function checkFlagAndRun(task) {
          if (isProcessing) {
              return setTimeout(() => checkFlagAndRun(task), 0);
          }

          isProcessing = true;
          await task();
          isProcessing = false;
      }
should do the trick. You can test it with

      function delayedLog(message, delay) {
          return new Promise(resolve => {
              setTimeout(() => {
                  console.log(message);
                  resolve();
              }, delay);
          });
      }

      function test(name,num) {
          for (let i = 1; i <= num; i++) {
              const delay = Math.floor(Math.random() * 1000 + 1);
              checkFlagAndRun(() => delayedLog(`${name}-${i} waited ${delay} ms`, delay));
          }
      }

      test('t1',20); test('t2',20); test('t3',20);
BTW, for 4 scheduled tasks, it basically always keeps the order, and I am not sure why. Even if the first task always runs first, the rest 3 should race each other. 5 simultaneously scheduled tasks ruins the order.

jonchurch_ · 5 months ago
Nesting at 5 deep increases the timeouts to 4ms! TIL

https://developer.mozilla.org/en-US/docs/Web/API/Window/setT...

jonchurch_ commented on Async Queue – One of my favorite programming interview questions   davidgomes.com/async-queu... · Posted by u/davidgomes
jonchurch_ · 5 months ago
Maybe I came into this article knowing too much about the solution, but I dont agree with commenters saying this is a poorly designed interview question. Its a blog post as well, not the format that would be presented to a candidate.

I think it has clear requirements and opportunities for nudges from the interviewer without invalidating the assessment (when someone inevitably gets tunnel vision on one particular requirement). It has plenty of ways for an interviewee to demonstrate their knowledge and solve the problem in different ways.

Ive run debounce interview questions that attempt to exercise similar competency from candidates, with layering on of requirements time allowing (leading/trailing edge, cancel, etc) and this queue form honestly feels closer to what Id expect devs to actually have built in their day to day.

j

u/jonchurch_

KarmaCake day303September 26, 2018View Original