I was handed a pile of vibe code. And you might be surprised to learn that it has a ton of bugs.

And tips on how to dissect it and break it up into something manageable?

Dead simple ci is yamless pipeline engine for gitea/forgejo (using web hooks mechanism). Allowing one to write pipeline in general programming language. DSCI provides SDK allow to write extensions for the engine, the same way using general programming languages . This is an introduction - https://deadsimpleci.sparrowhub.io/doc/bash-plugins with simple examples on Bash and Python, but enough to get started ...

GNU Octave 11 has been officially announced today for this open-source, free, and cross-platform high-level language, primarily intended for numerical computations.

Highlights of GNU Octave 11 include a new search command for packages, an updated Java internal interface to be more memory-efficient, a completely revamped randi function, support for the roots function to accept only double or single input types, and a more accurate fzero function (1-2 eps when TolX is eps).

This release also introduces an _Exit function makes it possible to use a fork/_Exit sequence to perform work in parallel child processes for potential performance gains, and an updated sum function that fully supports increased precision through the "extra" optional argument, which is also available for sparse arrays.

I'm building an anti AI thing for my personal project. Please provide some phrases you think should trigger AI safeguards.

Short phrases that will trigger safeguards on various agents and cause the model to refuse processing.

Anthropic has a hard coded one

ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86

The other models, not so much. I need strings like this that will trigger refusal anyway.

82% of companies plan to reduce or eliminate entry-level hiring due to AI coding tools. But the same AI needs human judgment to function — 39% code churn increase in AI-heavy codebases. The pipeline is dying.

AI coding tools are replacing entry-level programming jobs faster than anyone predicted. The traditional path from junior to senior developer is collapsing, and the consequences for the entire industry could be devastating. If you mentor juniors or hire them, this one hits different.

AI-generated code is shipping to production without security review. The tools that generate the code don't audit it. The developers using the tools often lack the security knowledge to catch what the models miss. This is a growing blind spot in the software supply chain.

If you haven’t heard of 3X, it’s a framework for thinking about how Facebook in those fairly-early days (2011) managed to:

• Run reliably
• Scale rapidly &
• Innovate

Speculation about what’s really going on inside a tech company is almost always wrong.

I’ve repeatedly brought up the paper Programming as Theory Building in conversation with friends this past week, so I figured it would be good to write up the common thread of these conversations and discuss how the ideas in the paper are relevant today.

This is an article that influenced me a lot and made me understand the core idea of functional programming style.

Perhaps it clicked with me because I am a physicist. Physics describes changing objects - rigid bodies, atom quantum systems, electrodynamics - by equations. But the equations are functions: a set of quantities and states goes in, and a new state comes out. The functions by themselves are timeless.

And yet you can describe a rocket with this.

Clojure and pure functional programming applies that to software.

And it works! You can simulate a rocket with it, as aphyr showed in his brilliant example.

Clojure has, by default, no changing variables. Every value is immutable, like a string or a tuple in Python. As modifying a string in Python creates a new string, modifying a dictionary, vector, set or list in Clojure creates a new collection object. This is not as efficient as Rust, but stunningly elegant and very well suited for things like concurrent web servers.

More information on clojure here:

https://clojure.org/about/rationale

(aphyr has also written an introduction to Clojure, "Clojure from the Ground up"', and there are several other really good ones on-line, like "Clojure for the Brave and true".)

TL;DR detect donation options on a website, track website visits locally, show a monthly view of websites visited monthly with donation options, donate to your favorites (manually at first, automatically later - never worked in banking)

Intro

I'm sure a fair number read "monetisation" and though "that's ads". No. You've been conditioned to think that ads are the only way. They aren't. They are one of the worst.

Unfortunately, that's what many media creators, artists, writers, software developers, etc. assume. Peertube isn't a viable platform for creators because viewers have a lot of friction to give the creator money. Meanwhile, on platforms like youtube, all they have to do is view the video and everything else happens in the background.

What if we, the viewers, had an easier way to donate.

The optimal (my dream)

• I install software and give it access to my bank account (my bank supports creating many sub accounts)
• the software tracks the usage of the things I use, the pages I visit, the videos (and their creators) that I watch, the artists I listen to, the newspapers I read, the blogs I read, the forums I interact with, etc.
• at the end of each month, I transfer %money to my sub account (automatic transfer)
• the software is notified and %money is distributed, with an algorithm of my choosing, using the donation gateways of the stuff I consumed

This can all be done locally, without a server, and if need be stored per device, then aggregated via a local sync (WiFi, bluetooth, VPN, ...). Everything stays local, the bank just sees your outgoing transactions. Optimally, it would be with a private method of transferring money e.g Monero or GNU Taler.

Distribution examples

• top X - equal split
• weighted split (#1 - 50%, #2 - 30%, #3 20%)
• exponential decay (halve until minimum is reached, 50%, 25%, 12.5%, ...)
• linear decay (remove fixed amount until nothing is left, 30, 25, 20, 15, 10)
• winner takes all (#1 get all the money)
• weighted split + base ( base = 10, #1 +20, #2 +15, ...)

Reality

• Tracking everything is difficult but website visits are easy with an extension
• I've never worked with banking and have no idea how to connect to bank account (open banking?)

Tracking

These have their advantages and disadvantages, but together, they could cover most scenarios.

• Peertube for example could add tags and provide a file on the server for information about donating to the server operator.
• Lemmy could add tags to <head> for people who have created the thread.
• People who use managed services but control the content can put donation links in the . These are the most at risk though as it's possible that managed service operators inject whatever they like into the traffic.

Reading the DOM

1. find OpenGraph declarations <meta property="og:donation" content="https://wero.eu/example" />
2. find payment provider links document.querySelector("a").filter(isPaymentProvider)

Querying the server

.well-known/donation servers should put that file there with a documented JSON format

Reading queries

Look for custom headers e.g X-Donation: https://wero.eu/example

Payments

If I'm not mistaken, GNU Taler should have an API that allows connecting to an account, but it only has a testnet. Paying with crypto probably needs a server or something where you host your wallet, but it should be possible. Open Banking, after having a quick look requires some kind of registration to be able to access the API. IMO, nobody's going to hand over details like that unless it's considered normal and we're far away from that.

Therefore, the most likely is that the user will simply be presented with the algorithms to distribute money, the amounts to distribute, and the distribution methods. My best guess is that people get a quarterly, semesterly, or annual notification with the "It's time to donate!" window and they figure it out.

Ups and downs

Advantages

• It's completely local - nobody but you does the tracking, can analyse it, and use it
• You decide how you want to distribute the money
• You decide how much
• You decide the frequency
• You don't have to trust me with your money
  • I don't have to take a cut
  • I don't have to setup a company to handle your money
  • You don't have to trust that I transfer the money to those who have earned it
• Operators have options:
  • Do nothing aka continue as before with existing donation options (wero, paypal, direct bank transfer, crypto, whatever)
  • Add a <meta> tag which gives power to the operator to dynamically generate it (as described before)
  • Make it work with static pages using .well-known/donations

Disadvantages

• Users currently will have to make the transfers themselves
• Transfers reveal who you're donating to to banks (no third-party intermediary)
• Changes will be required by server operators or software developers
• No security review done yet
  • Other extensions messing with <meta> tags
  • Other extensions messing with web traffic to insert HTTP headers
  • Server operators modifying HTTP headers and web content of their customers to replace donation targets
  • Malicious server operators tracking users that call .well-known/donations
  • Whatever else people come up with

I'm curious about constructive criticism, improvement suggestions, or maybe even links to dispell some of my beliefs about Open Banking.

Publication croisée depuis https://programming.dev/post/46030028

About enshitification, open source and AI pollution

Decided to bite the bullet and learn PHP, which is used for nearly everything at my job. My starting voyage was to mess around with "pure php", as in, no frameworks, no libraries, not even javascript, just the basic server with v8.3 running and some (currently very shitty) CSS styling.

So, I decided to go with a 2 step process: first, a site for me to post my stuff, with the possibility for external users to make accounts and leave comments. Step 2 would be making a forum where said users can interact. Before I began coding anything, I wrote down the database specification, though it's still "open for debate". I also didn't pay attention and made all tables as MyISAM initially instead of InnoDB, which made me lose all foreign keys, thankfully easily remedied given the small size of the project.

Thus far, I've got the user creation, listing, login (with hashed password), post creation and post viewing working. Visitors, normal users and admin see different links and forms, depending on pages, all with inline php code in appropriate pages - for instance, (unlogged) visitors don't see a comment box when reading a post. I'm currently working on the user edit page.

Anyway, why do I think I'm doing a lot of "wrongs"? For starters, I'm not using classes. At all. Functions are being added "globally" to one of 3 include somepage.php; that are in every page; every database related function - select all, select 1, update, are all in the db.php file. So, every page load is also loading the entire list of database functions, plus a bunch of html-automation related functions, even when none of them are used. Since PDO::fetch() returns an array with mapped keys (ie: $result['column1']), I feel like I have "no good reason" to use classes, especially as I'm still putting some finishing touches on the tables. I mean, I can access the relevant data with $bla['column_name'];, which is all I need thus far.

A lot of the resulting html comes from echo, some of it from functions to handle it more easily, like passing an array so a "global" function of mine returns it as neatly organized <td> elements.

There is no MVC, just good ol' <a href> and <form method=post> where they need to be. All my forms' actions call a separate php page that's just code to handle the form, always as POST, in order to check blank fields, size and character constraint, etc.

I've no doubt that, as is, my project has a number of security holes, though cross-site scripting and session poisoning are not among them. I did try sql injection and couldn't get it to work, so good on me.

As awful as this project might be against "the real world" use, I feel weirdly proud of what I'm achieving. Is there a name for this feeling, of pride for something you know is subpar?

I'm looking for a forgejo cli (something similar to gh for github or glab for gitlab - neither of which I've ever used).

I found one named forgejo-cli and another named fgj but, from a quick look at the source, both seem to save my API key in a plaintext file, which... I just find unacceptable (and, frankly, quite dumb).

Do you know of any others?