Published
Weekend Reading โ ๐ Rolling with the boilerplate
This week we use AI to find bugs and generate security holes, flex with cats, design for Teletext, and defeat a chicken.
Masthash So I got bored over the weekend and decided to follow more interesting peeps on Mastodon.
Somehow I ended up creating this simple app that can surface tagged posts across several instances. For example: #webdev, #reactjs, and #gpt-3.
Click the handle next to the post and it will copy to the clipboard for easy following. You can also subscribe to tags as RSS feeds. (I'm working on a way to make following even easier)
Tech Stuff
Aly HTML โฆ you're next!
Hello everyone, I have successfully made a Regex which accepts valid JSON and rejects invalid JSON
gildas-lormeau/SingleFile Browser extension that saves the current web page as a single HTML file, including the images, styles, frames, fonts, etc. Available for Chrome, Safari, Firefox, and Edge.
we take it for granted today, but a single npm package contains more prototype pollutions than a peasant in the 1400s would experience in his entire lifetime
AI ound a Bug in My Code That's an interesting idea. The current state of AI is that it's good at making predictions, and you can ask the AI to predict the next line of code.
Here you can see in green when the AI is surprised but doesn't have an alternative to propose. And you can see in red when the AI is surprised and has a suggestion that it likes better (red). In this case, it's flagging a bug.
Do Users Write More Insecure Code with AI Assistants? Sounds like there's some AI meet D-K effect going on: people who use AI assistants settle for lower quality and also believe they're producing higher quality. ๐ค
Overall, we find that participants who had access to an AI assistant based on OpenAI's codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an AI assistant were more likely to believe they wrote secure code than those without access to the AI assistant. Furthermore, we find that participants who trusted the AI less and engaged more with the language and format of their prompts (e.g. re-phrasing, adjusting temperature) provided code with fewer security vulnerabilities. Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants' language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future.
Alex Russell ๐ Thread on the benefits of less client-side JS:
When you send code to the client, you're programming computers you did not spec, of a vintage you can't know, struggling under AV/malware you can't remove, in a browser you can barely identify, w/ extensions that do wild things, over networks serviced by carrier pigeon (probably)
Sean Heber How dare you narrate my life:
Speaking of that "not an expert" feeling, it is sometimes the case that I do actually become a world expert at a specific problem while debugging it, except that expertise is confined to knowledge about the inner workings of one app in a codebase no one else has access to so my "world expert" status isn't worth very much to anyone.
Then a day or two later, I'll forget all the details and if you asked me to explain them, I'd once again sound like a bumbling idiot. For me, expertise is fleeting.
Why do we call it "boilerplate code?" Well โฆ it all started with steam engines and then went in a totally different direction than I expected. Fascinating read.
Osamu โJust had this late #caturday entry pop up on another social feed. Not sure where it comes from originallyโ
Eye for Design
Detecting the state of the caps lock key can improve the usability of web applications. For example, a visitor entering a password can be warned if they have caps lock turned on. See my tutorial, with notes on the differences between browsers, at: https://iamkate.com/code/caps-lock/
As a user, I don't want to.
3-bit art Teletext! โฆ this is even more challenging than 8-bit art:
Who remembers Teletext? Knowing our audience, there's a good chance that you do, but if not, the TL;DR of Teletext is it was a mostly text based data service for tellyboxes back before the signal went digital. (Yes there's a version now, but it isn't the SAME!) It looked like this. Woo, and yay, that'sโฆ
Business Side
Jaana Dogan When it comes to complexity, I think more people get prompted for adding than subtracting:
Many executives fail to understand why tech companies are bloated. They are bloated because everything is held together with duck tape and "task force" teams. And it's due to gross lack of funding when it comes to removing complexity and technical debt.
Researchers have discovered a sixth love language: canceling meetings
Insecurity
Permission Slip by CR Consumer Report's app for tracking what data companies collect about you, demanding removal, or requesting it not be sold.
Weโll file requests on your behalf, ordering companies to stop selling your personal information.
When itโs time to delete your data from a companyโs database, Permission Slip will handle the requests for you.
Set it and forget it. Weโ'll continuously reach out to dozens of companies that broker your data and tell them to stop.
Daniel Vaughn โI'll just leave this here.โ
Everything Else
Jason Schreier โNo I did not, but now you got me paranoidโ
me: screaming into the abyss
the abyss: who gave you this number
Introducing Metatext The default Masatdon app is just ok. If you're looking for something better โ cleaner UI, remembers your point in the timeline โ check out Metatext. iPhone, iPad, and also works well on M1 (wish they had keyboard shortcuts).
FRIEND: It's called cauliflower. It's not ghost broccoli.
ME: [taking a long drag on my cigarette] Listen kid, I know what I saw.
Dylan #introvert
Kingu Platypus โA mistake was made...โ