StackWild 🐟

fixed it

this is ugly

@GrizzledTexan @fjzeit be honest, you vibe coded this 🤣

@fjzeit I accidentally arrived at a methodology I call Forge so I decided to publish it. Definitely not just vibe coding with guard rails. Check it out. github.com/ArenixDev/forge

i wonder how much time and money has been wasted on this vibe coding bullshit that could have been spent focusing on using LLMs to actually improve established practices. even the ones who distance themselves from vibe coding basically did "vibe coding with guardrails" and called it something else...

Fork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve been vocal about this for 10+ years. I’ve always said that updating is way riskier than latent bugs (which can be tracked and CVEs monitored). If you are updating a dependency, it’s on you to analyze every single commit in the full transitive set of dependencies. If you dont see anything compelling, dont update! I remember at HashiCorp once in awhile an engineer would try to update a dep or replace a DIY lib with an external one and id always ask “show me the commit we need.” Dont update for the sake of it. Feeling pretty swell about this mentality with all the supply chain attacks happening.

Is this even real or am I about to get pwnd? 😨 npm notice New major version of npm available! 10.9.3 -> 11.14.1 npm notice Changelog: github.com/npm/cli/releas… npm notice To update run: npm install -g npm@11.14.1

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

That's not X, that's Y with a Z This is the new long dash for detecting AI... and it's like half the posts on this app

@ThePrimeagen ITS 👏A 👏NEXT 👏TOKEN 👏PREDICTOR

There are a lot of people dunking on this guy and the arguments at the end of the day come down to "You are holding it wrong." But to be fair there has been nothing but a constant stream of "Stop holding it, Software Engineering is over shortly." I am not shocked that this has happened and I am 100% confident that this is not going to be the last one. The problem is the vogue nature of insane hype claims, most specifically from Dario himself being most guilty. People are lulled into a faux safety due to the belief that these LLMs are literal gods in their pocket. Infinite knowledge and speed for a simple monetary exchange. Cannot wait for ThePhilospher to explain how a loving God could delete a production database.

@antirez It's a lemon market for comments. No point in posting a peach of a comment in a pile of lemons.

I'm very worried for the degrading level of HN comments due to mass-arrival of users over the years. Soon or later, there is something to do about it. The problem with HN is that it does not mimic in any way the social dynamics that determine that you need to earn ability to comment / talk. Voting comments does not work since the voters themselves have quality issues.

oops did it again

There are 4 types of people saying "AI will replace Software Engineering" in 6 months 1. they own a company that benefits from replacing engineers (ceo, stockholders etc). they need to justify the amount invested into them 2. Company that made big cuts and they want to attribute it to whatever and AI is good excuse 3. People who never worked as as/with Software Engineering and have no clue the work is not just typing 4. Burned out engineers who don't want to do that job anymore

AI is NOT replacing cybersecurity jobs. Full stop. I'm so tired of people parroting "AI will replace reverse engineers" and "malware analysis is solved". No. It is not. I have analyzed hundreds of malware samples using AI. Here's what actually happens: -> It gives you made-up decryption keys with full confidence -> It tries to decrypt data that is literally random garbage -> It misidentifies malware families -> It misses critical functions And have you ever tried retrohunting with the YARA rules AI writes across thousands of samples? Go ahead. Watch the false positives roll in. That alone should tell you everything you need to know. Every single output needs human validation and rigorous review. AI is a tool, a powerful one. But someone still has to build the MCPs, validate the output, understand the context, catch the hallucinations, and make the actual calls during incident response. The people saying this stuff loudest have clearly never watched AI confidently hand them completely wrong decrypted data and make them believe it's real. Stop scaring newcomers out of the field and misleading people with this nonsense. Cybersecurity still needs humans.

I can't believe someone would just steal from Anthropic like this. The millions of man-hours Anthropic spent hand-writing code, text, art, books, etc. to generate enough data for training must be taken into consideration here. Where is the respect for IP?

Nobody wants "recommendations" in the search results. We want search results relevant to the search terms we enter. YouTube search has been beyond broken for years now. I use DuckDuckGo to search YouTube, that's how bad it is lol

I'll be honest. tRPC changed how I think about APIs more than any course, book, or YouTube tutorial ever did. The moment you stop writing fetch('/api/user') and start calling user.get() like it's just... a function? Your brain rewires. Permanently. If you're still REST-maxxing on a full-stack TypeScript project in 2026, I genuinely feel for you. @trpcio has no business being this clean.

I hate that Microsoft might be vibecoding Windows, but it's inevitable microsoft laid off everyone who knows how c++ works so now they just prompt gpt 5 to fix the codebase. 30% of windows is written by ai. that is why your printer drivers were deleted to make room for 4gb of copilot telemetry they rewrote office in typescript. file explorer and the notification center are now just bloated electron instances that take 3 seconds to render a right click menu the taskbar and start menu were rebuilt from scratch in react just to shove ads and "recommended" bloatware in your face. it uses more ram than world of warcraft did in 2004 copilot is being forced into notepad and paint. they are forcing you to test it in your basic tools windows search isn't looking for your files. it's a bing wrapper designed to sell you a microsoft 365 subscription while you're desperately trying to find a local pdf the widgets section is another bloat that nobody asked for. edge webview was designed to keep your cpu usage high enough that you're forced to switch to linux over all of that, the task manager barely works in the latest updates nobody at microsoft knows what "win32" means anymore. they replaced their support forums with an ai that just tells you to "try restarting" if your kernel panics

It's mind-blowing that the entire AI revolution is being driven by a single 10-line algorithm.

Claude: "You're absolutely right!"

🔹 Day 165 of
Solved LeetCode #2942: Find Words Containing Character 🔍📝
Used Java to iterate efficiently and return indices of matching words.
Simple but great for string manipulation practice! #Java #LeetCode #Coding #StringProcessing #200DaysOfCode #ProblemSolving

@trikcode 🎯

Describe your current coding mood with an emoji.