I've on many occasion said I hate some word or phrase, but I don't think I've ever truly meant it, until "vibe coding".
A large part of my work is code reviews. I'm now seeing an increasing amount of influence from AI generated tripe.
It might be speeding up someone else's job, but mine just became much harder, challenging and time consuming, since I now have to go through the code twice as thoroughly.
Fuck AI.
Hey, has anyone seen a good #AI #CodeReview tool? It's one of the few areas I think it could add value. Ideally something you have experience with.
@haircode #typescript #tailwind #reactRouter #docker #graphql #java #nix #vim #mac #ios #iphone #express #gcp #reactNative #nativeApps #appStore #apple #aapl #htmx #vercel #netlify #heroku #nevernester #10xDev #10xdevelopers #codeReview #pairProgramming #oop #earlyReturns #guardClauses #flutter #angular #neverNesting #unitTest #unitTesting #cssFrameworks #jest #jetbrains #neoVim #wordpress #SQL #postgresql #rdbms #rubyOnRails
#proTip: When you open a file of #code to edit it, fill in the #commitMessage with the goal of the changes you want to make in your #versionControl interface.
After you make your changes, only "Add" the changes necessary to accomplish the goal in the commit message; anything else should go in a separate #commit.
This keeps you focused on the task, and prevents your #commits from getting polluted with unrelated work that may confuse #codeReview.
Review Board 7 is here! This release is all about improving your code review flow, day or night, with:
Dark Mode and Light Mode themes
Image review in the diff viewer
Microsoft Teams support
Mobile diff review
https://www.reviewboard.org/news/2024/06/06/review-board-7-its-a-bright-day-for-code-review/
Formatting issues are never discussed in #codereview; just #eslint rules. #prettier is a given here.
No fighting about this either; everyone on the project votes, and the most popular rule setting wins and everyone moves on.
Codereview feedback should only be in the form of automated tests.
If your suggested changes don't result in testable outcomes then they are a waste of time.
To appreciate the bright side, picture handling a comparable backdoor incident in the late nineties, but without the convenience of Git and instead relying on numerous CVS repositories…
We’ve just launched a new installer for Review Board, with support for over 50 different system #Linux environments.
We wanted to make it easy to get up-and-running quickly, instead of following a page of step-by-step instructions.
So now it's as simple as typing a single command:
$ curl https://install.reviewboard.org | python3
https://www.reviewboard.org/news/2024/03/05/installing-review-board-has-never-been-easier/
Simplifying Deployment Scripts While Maintaining Segregation of Duties
~~
ACM.367 Eliminating some of the context switching in my first iteration of securing deployment code
~~
#code #scripts #sourcecontrol #codereview #repository #secure #deployment
Announcing Review Board 6!
Review Board 6 is all about focusing on an improved #codereview, graphics review, and #document #review experience in a pleasant environment.
https://www.reviewboard.org/news/2023/10/17/announcing-review-board-6/
I applaud #Microsoft for putting their docs on #GitHub and allowing community members to submit PRs to fix these issues, but I can't help thinking that this policy has actually backfired to a certain degree, because it gives the people responsible for writing the #docs in the first place a false sense of security and/or an excuse not to put in their best effort. I think they're too often cutting corners, pushing new #docs into production without a proper #CodeReview, and simply relying on the community to tidy up their messes. Unfortunately, though many of us in the community have the requisite knowledge to fix issues like this, those with the highest levels of knowledge naturally also have the lowest levels of free time for contributing to #OpenSource #documentation, so the issues that are likely to cause the most problems for beginner and intermediate #developers are also the least likely to be corrected by a community-submitted #PR.
2/2
My CLI tool Depo, which aims to manage dependencies for #Clojure projects, which conveniently has many different formats of configurations, seems to be the perfect place to use #protocols
and #multimethods.
After rewriting the dispatch flow three times, I feel like this is the cleanest my abilities have been able to get it. Would be cool if someone would take a look-see and let me know if protocols/multimethods makes sense in this context!
#jvm #polymorphism #code #codereview
https://github.com/somecho/depo/blob/master/src/depo/dispatch.clj#L33
#DEFCONTRAINING Las Vegas Spotlight
Join Ken Johnson and @sethlaw for their training "Practical Code Review"
From the abstract "This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language."
Making Code Reviews Easier
~~
Why you might want to keep using them — with some changes
~~
by Teri Radichel | Apr, 2023
#appsec #secure #code #codereview
https://medium.com/cloud-security/making-code-reviews-easier-3894189411ea
We've been here for a while now and think it's time for an #introduction.
We are Lutra Security, an #infosec company based in Munich, Germany. Our mission, to which we have committed ourselves, is to improve IT security for our customers and in general, while maintaining the highest possible ethical and sustainability standards. We focus on providing high quality offensive security services (like #pentesting and #codereviews) and consulting, while continuously investing in research and education.
If you have any questions, please do not hesitate to contact us.
An answer in advance: Lutra Security is named after the Eurasian Otter (Lutra lutra), representing our philosophy of sustainability and the agility of our work as penetration testers.
