I get to say that I’ve truly made it as a programmer. The reason is that I wrote around 75 lines of Rust, came back a year later, and I could see exactly how it works.

In case you’re wondering, it’s a command line Slack client for sending notifications. Colored highlights and everything.

My company sends out emails like “vibe it up” with links to their vibe coding workshops.

I’m getting the impression that people need it explained that “vibe coding” is not supposed to be a complement.

Why are all my variables suddenly named after SS officers?

Meh. Even hosting static files in a RAM disk over localhost, you’re 99% as good as you can be by using the sendfile() system call. The kernel can copy data from one file descriptor to another faster than any userspace program can. Implementing the Length header is a stat() call.

If you’re not on a RAM disk and not on localhost, then disk access or network throughput will predominate.

Assembly is not magic go faster sauce.

Specifically these issues: https://github.com/jellyfin/jellyfin/issues/5415

The big one is that video/audio playing endpoints can be used without authentication. However, you have to guess a UUID. If Jellyfin is using UUIDv4 (fully random), then this shouldn’t be an issue; the search space is too big. However, many of the other types of UUIDs could hypothetically be enumerated through brute force. I’m not sure what Jellyfin uses for UUIDs.

Nah, setting non-standard ports is sound advice in security circles.

People misunderstand the “no security through obscurity” phrase. If you build security as a chain, where the chain is only as good as the weakest link, then it’s bad. But if you build security in layers, like a castle, then it can only help. It’s OK for a layer to be weak when there are other layers behind it.

Even better, non-standard ports will make 99% of threats go away. They automate scans that are just looking for anything they can break. If they don’t see the open ports, they move on. Won’t stop a determined attacker, of course, but that’s what other layers are for.

As long as there’s real security otherwise (TLS, good passwords, etc), it’s fine.

If anyone says “that’s a false sense of security”, ignore them. They’ve replaced thinking with a cliche.