jo.vaneyck

@jovaneyck
134 Followers
182 Following
113 Posts

I help software orgs get things done without shooting themselves in the foot. Technologist, technical coach, tech lead, software crafter, legacy code wrestler.

Also, boardgames 🎲

About mehttps://about.me/jo.vaneyck
Bloghttps://jvaneyck.wordpress.com/
Youtubehttps://www.youtube.com/jovaneyck
Githubhttps://github.com/jovaneyck
jo.vaneyckOct 29
Ruth — of systems & em dashesOct 29

“Any AI that is working in an adversarial environment—and by this I mean that it may encounter untrusted training data or input—is vulnerable to prompt injection. It's an existential problem that, near as I can tell, most people developing these technologies are just pretending isn't there.”

— Bruce Schneier

quoted in

https://martinfowler.com/articles/agentic-ai-security.html

Agentic AI and Security

The serious security risks involved in using autonomous LLM applications and what we can do to mitigate them

martinfowler.com
jo.vaneyckOct 6
Clare SudberyOct 6

Today I published my second post with practical advice on how to get the most out of agentic AI coding tools. This time I talk about how much you should get the LLM to do for you. I mention Llewellyn Falco's great talk from Craft Conference, @kentbeck 's fascinating OllyCast podcast interview with @jessitron, Ethan Mollick's Co-Intelligence book, and @emilybache 's advice on using LLMs when doing coding katas.

Have a read and then go play!

The post: https://queen-of-questions.kit.com/posts/how-much-should-an-llm-do-for-you

#ClareSudberyAI

How much should an LLM do for you?

jo.vaneyckSep 18
Elizabeth AyerSep 14

Talking to friends in software orgs recently, I've been struck by commonalities across countries and sectors:

Executives are driving "efficiency," by which they mean maximizing time spent on direct value-creation activities.

BUT there's a tacit, industry-wide assumption that writing code is the only value-creating activity and that all coding generates value.

It's like everyone has prioritized instantaneous boat speed and abandoned navigation and maintenance.

Such a reckoning coming...

jo.vaneyckSep 10
David TanzerSep 10

Ethics of AI in Software Development

https://videos.devteams.at/w/xhhjdKiBwgi4JhtNj6cTCf

Ethics of AI in Software Development

PeerTube
jo.vaneyckSep 3
Show threadHazel WeaklySep 3

Seriously, a large percentage of these attacks boil down to downloading untrusted content, mangling it ever so slightly, and then hoping that the AI decides to blindly eval all of it

WHICH
IT
THEN
FUCKING
DOES

I am losing it. What are these absurdly overpaid devs doing with their life?

Are you an AI vendor and you wanna prevent most attacks on the internet? All you need to do is:

1. Make your config files _READ ONLY_ during agent invocation
2. Use Content Security Policies correctly
3. Sanitize + normalize unicode input and output
4. Scan *both* the input and output

… bruh??

What is this, are we back in the 90s? And holy shit the "OWASP 10 Tricks To Not Get Pwned By A Script Kiddy" listicle is somehow shockingly novel and innovative??

I am begging you foundational model code monkeys. Y'all are paid WAY too much to write code this stupid. Get your shit together, PLEASE

I do concede that a stronger fix of building a symbolic execution engine, constructing an AST of tool invocations, and then ensuring that all reachable traversal paths have appropriate policies on them to prevent data integrity violations... is difficult.

But the bar for *competence* is far lower

jo.vaneyckAug 31

Ever wondered how AI coding agents like Claude Code, Github Copilot and Codex work? So did I! So of course I had to go and build one myself 😅

https://youtu.be/7oTPNr9APGE

#claudecode #codex #cursor #copilot #anthropic #openai #llm #agenticai #ai

I Built an AI Coding Agent in 200 Lines of Code.

YouTube
jo.vaneyckAug 29
Adrian CockcroftAug 29
@tastapod have you tried to get LLM coding tools to use BDD techniques yet? It seems like it would be helpful, if we can get the agent swarm setup with the right contexts. I’m going to give it a try but I don’t really know what I’m doing, so it would be helpful to have some critique from BDD experts as Claude and I figure it out.
jo.vaneyckAug 27
samir, 60% aloo, 40% rageAug 26

I finally wrote up my experience running a few TDD workshops internally at work, and the things I learned.

https://functional.computer/blog/tdd-workshop

I found it quite different to running workshops for the public; I needed to start from the very beginning, and couldn’t rely on a few people with knowledge spreading it.

I’m looking forward to doing it again soon, with a few tweaks!

Ninja Pairing, redux

samir : coffee → nonsense
jo.vaneyckAug 24

Can AI coding agents do Test-Driven Development (TDD) properly? They sure can!

In this week's video I take a look at two approaches: prompt engineering & using the tdd-guard library

We'll run an experiment and compare results:
Does it improve code/test quality?
What are other trade-offs?
How does tooling like tdd-guard work behind the covers?

📺 https://youtu.be/IVdYaVKuekk

#ai #aiassistedcoding #claudecode #tdd #testdrivendevelopment #tddguard

Can AI coding agents do Test-Driven Development (TDD)?

YouTube
jo.vaneyckAug 23
alexbolyAug 23

LLMs have many ethical implications, and we decided to tackle them head on in this video, in the context of using AI assistants to generate code and other software development artifacts.

https://youtu.be/qfeXIlwrmfA

The brief:
The top issues for using LLMs for software development are: copying the whole internet to build the models, possible copyright infringement in generated code, environmental impac...
https://mozaicworks.com/blog/ethical-concerns-of-llms-in-software-development?fsp_sid=217