Recce - Trust, Verify, Ship"This is bad. Why haven't you fixed this yet? I would have already fixed this today with Claude code." -- Wes McKinney on radical accountability for software vendors.
AI Daily PostResearcher spots a critical prompt‑injection flaw in Cline AI’s coding agent (Claude‑based). The bug lets attackers run arbitrary code via GitHub Actions, exposing a serious AI vulnerability. Open‑source devs should watch out and consider mitigations. Read the full breakdown to see how the exploit works and what to do next. #ClineAI #PromptInjection #AICodingAgent #Cybersecurity
🔗 https://aidailypost.com/news/hacker-exploits-cline-ai-coding-agent-vulnerability-highlighted-by
New episode of Data Renegades is live.
Scott Breitenother built a 100-person data consultancy, watched himself become the bottleneck, and rebuilt everything at Kilo Code
Their data team is one person plus four AI agents. Full conversation here:
Reddit Tech VN BotGiới thiệu ayder-cli – Agent lập trình cục bộ hoạt động mượt với Ollama & Qwen3-Coder. Sử dụng XML thay JSON để tránh lỗi, chỉnh sửa tinh gọn, hỗ trợ tìm kiếm mã bằng ripgrep. Tự động xử lý task qua file Markdown, an toàn với xác nhận từng bước. Phù hợp Mac Silicon hoặc GPU mạnh. Dùng miễn phí, không lo hết token.
#AICodingAgent #Ollama #Qwen3Coder #DeveloperTools #aydercli #CôngCụLậpTrình #TríTuệNhânTạo #AIĐịaPhương #LậpTrìnhMáyHọc #CodeAssistant
Zef HemelLet me try to explain what frustrates me about #AICodingAgent generated (or assisted) PRs by example. This is just one example, but it's quite typical of what I see a lot:
https://github.com/silverbulletmd/silverbullet/pull/1731
First of all: very elaborate PR description that ostensibly sounds like some deep analysis happened here. I'm not sure what the original prompt was here, but I suspect (based on some others by the same author — which I all closed) he has some "magic prompts" along the lines of "find performance bottlenecks and fix them."
And lo-and-behold, Claude found one (and probably more that are shared with yours truly in the 17 other PRs that this author opened):
"Syscalls: Reduced from 4 → 3 per write (25% reduction). This optimization is in the critical user latency path - every file save operation hits this code."
Now you will probably think: sounds reasonable, thank you!
But... is this REALLY a critical user latency path? Every file save does hit this path, but how many of those happen, really? SilverBullet is a single user app, and saves happen (with a sync lag) at most every few seconds if you're actively editing and Internet connected. Is this a path worthy of even a minute of performance optimization? I can think of hundreds that would way more interesting. But here we are.
Now this PR also adds a full benchmark suite to prove the made claims. I haven't actually looked at this code, to be honest because honestly it's pretty irrelevant because I don't feel there's a performance issue to be resolve here at all. I also haven't checked if all those stats in the PR are actually accurate. Again, doing so would take time, which I would consider 100% waste.
But here's the kicker: this PR actually introduces possibly two bugs in the ~10 lines that it actually changes: one definite bug (as I comment in the PR): it sets the creation time of a file to be the modified time, which is just wrong, but actually the only "sensible" think you can do to avoid making the syscall which this PR eliminates.
Second, more subtle, is a second bug is that it introduces a discrepancy between the OS reported file modified timestamp and the "unix clock" one, which it claims is "a few microseconds at most", but that's likely not true (and very filesystem dependent) and ANY discrepancy will mean that the sync engine breaks because it uses those last modified timestamps to check for changes.
And here's the thing. Me explaining this, thinking about it, commenting on it took likely 10x more time than the author spent on producing this piece of art. It doesn't solve an actual problem, it adds 150 lines of useless benchmarks and to top it all off introduces 2 bugs. In this case I think there's no actual way to do this properly, the PR cannot be fixed, it is just based on a wrong analysis. But in many other cases it's possible to get it to some place "good" as in: correct, but STILL it would be a waste of time, because the problem doesn't exist or at least is not worth addressing.
sigh
Optimize WriteFile to eliminate redundant syscall by dkoosis · Pull Request #1731 · silverbulletmd/silverbullet
Summary This PR optimizes DiskSpacePrimitives.WriteFile() to eliminate a redundant os.Stat() syscall, improving performance by 3-15% and reducing memory usage by 39% per write operation. Problem Th...
eicker.news ᳇ tech news#Salesforce launched #AgentforceVibes, an #AIpowered developer tool that helps developers work autonomously on Salesforce apps and agents. The tool includes an autonomous #AIcodingagent, #VibeCodey, which is connected to a company’s existing Salesforce account, reusing existing code and following coding guidelines. https://techcrunch.com/2025/10/01/salesforce-launches-enterprise-vibe-coding-product-agentforce-vibes/?eicker.news #tech #media #news
#OpenAI released #GPT5Codex, an upgraded version of its #AIcodingagent, #Codex. The new model, available to ChatGPT Plus, Pro, Business, Edu, and Enterprise users, offers improved performance on coding tasks due to its dynamic “thinking” abilities. OpenAI aims to make GPT-5-Codex available to API customers in the future. https://techcrunch.com/2025/09/15/openai-upgrades-codex-with-a-new-version-of-gpt-5/?eicker.news #tech #media #news
#Google launched its #AIcodingagent, #Jules, out of beta. Jules, powered by #Gemini 2.5 Pro, is an #asynchronous coding tool that integrates with #GitHub and uses #AI to #fix or #update #code. The tool received structured pricing tiers, including a free plan, and updated privacy policy. https://techcrunch.com/2025/08/06/googles-ai-coding-agent-jules-is-now-out-of-beta/?eicker.news #tech #media #news
Google's AI coding agent Jules is now out of beta | TechCrunch
Powered by Gemini 2.5 Pro, Jules is an asynchronous, agent-based coding tool that integrates with GitHub, clones codebases into Google Cloud virtual machines, and uses AI to fix or update code while developers focus on other tasks.
N-gated Hacker NewsAh, yes, because nothing says "cutting-edge tech" like juggling Git worktrees and #Tmux while your AI coding agent goes "brrr" 🙄. Truly groundbreaking stuff: discovering #parallelization in 2024 like it's a rare species. 🚀🔧
https://www.skeptrune.com/posts/git-worktrees-agents-and-tmux/ #cuttingEdgeTech #GitWorktrees #AICodingAgent #HackerNews #ngated
https://www.skeptrune.com/posts/git-worktrees-agents-and-tmux/ #cuttingEdgeTech #GitWorktrees #AICodingAgent #HackerNews #ngated
LLM Codegen go Brrr – Git Worktrees + Tmux | Category | Trieve
If you're underwhelmed with AI coding agents or simply want to get more out of them, give parallelization a try. After seeing the results firsthand over the past month, I'm ready to call myself an evangelist. The throughput improvements are incredible, and I don't feel like I'm losing control of the codebase.
»#GitHub’s new #AI #codingagent can fix bugs for you: The #AIcodingagent will start working once a developer assigns it a task.« https://www.theverge.com/news/669339/github-ai-coding-agent-fix-bugs?eicker.news #tech #media #news
