zlacker

[parent] [thread] 9 comments
1. i5heu+(OP)[view] [source] 2025-06-03 07:26:36
Revealing against what?

If you look at the README it is completely revealed... so i would argue there is nothing to "reveal" in the first place.

> I started this project on a lark, fully expecting the AI to produce terrible code for me to laugh at. And then, uh... the code actually looked pretty good. Not perfect, but I just told the AI to fix things, and it did. I was shocked.

> To emphasize, this is not "vibe coded". Every line was thoroughly reviewed and cross-referenced with relevant RFCs, by security experts with previous experience with those RFCs.

replies(4): >>risyac+B3 >>rienbd+d8 >>JW_000+99 >>kortil+ZR
2. risyac+B3[view] [source] 2025-06-03 08:02:55
>>i5heu+(OP)
If the guy knew how to properly implement oauth - did he save any time though by prompting or just tried to prove a point that if you actually already know all details of impl you can guide llm to do it?

Thats the biggest issue I see. In most cases I don't use llm because DIYing it takes less time than prompting/waiting/checking every line.

replies(2): >>JimDab+S5 >>theshr+17
◧◩
3. JimDab+S5[view] [source] [discussion] 2025-06-03 08:24:44
>>risyac+B3
> did he save any time though

Yes:

> It took me a few days to build the library with AI.

> I estimate it would have taken a few weeks, maybe months to write by hand.

>>44160208

> or just tried to prove a point that if you actually already know all details of impl you can guide llm to do it?

No:

> I was an AI skeptic. I thoughts LLMs were glorified Markov chain generators that didn't actually understand code and couldn't produce anything novel. I started this project on a lark, fully expecting the AI to produce terrible code for me to laugh at. And then, uh... the code actually looked pretty good. Not perfect, but I just told the AI to fix things, and it did. I was shocked.

https://github.com/cloudflare/workers-oauth-provider/?tab=re...

replies(1): >>autoex+Vg1
◧◩
4. theshr+17[view] [source] [discussion] 2025-06-03 08:38:25
>>risyac+B3
Do people save time by learning to write code at 420WPM? By optimising their vi(m) layouts and using languages with lots of fancy operators that make things quicker to write?

Using an LLM to write code you already know how to write is just like using intellisense or any other smart autocomplete, but at a larger scale.

5. rienbd+d8[view] [source] 2025-06-03 08:52:09
>>i5heu+(OP)
> Revealing against what?

Revealing of what it is like working with an LLM in this way.

6. JW_000+99[view] [source] 2025-06-03 09:02:53
>>i5heu+(OP)
I think OP meant "revealing" as in "enlightening", not as "uncovering something that was hidden intentionally".
7. kortil+ZR[view] [source] 2025-06-03 14:45:42
>>i5heu+(OP)
Revealing the types of critical mistakes LLMs make. In particular someone that didn’t already understand OAuth likely would not have caught this and ended up with a vulnerable system.
◧◩◪
8. autoex+Vg1[view] [source] [discussion] 2025-06-03 17:08:57
>>JimDab+S5
> I thoughts LLMs were glorified Markov chain generators that didn't actually understand code and couldn't produce anything novel.

How novel is a OAuth provider library for cloudflare workers? I wouldn't be surprised if it'd been trained on multiple examples.

replies(1): >>kenton+Yh1
◧◩◪◨
9. kenton+Yh1[view] [source] [discussion] 2025-06-03 17:15:09
>>autoex+Vg1
I'm not aware of any other OAuth provider libraries for Workers. Plenty of clients, but not providers -- implementing the provider side is not that common, historically. See my other comment:

>>44164204

replies(1): >>nipah+aBn
◧◩◪◨⬒
10. nipah+aBn[view] [source] [discussion] 2025-06-12 14:13:05
>>kenton+Yh1
Novelness is not a characteristic of interpolation, tho, it's about extrapolation. If you have plenty of clients and plenty of related stuff to the provider side, even if on on auth, then it could be considerably trivial for the LLM to interpolate on that field.
[go to top]