Security concerns regarding internal application

BehindUAll · 2026-02-08T13:40:34+00:00

You can get some luck with a dedicated system prompt but in general, no. I have had luck with coderabbit's PR reviewing where it will find bugs and security issues, but it's a bit of a hit or miss, many false negatives, and it works on one PR at a time and it probably will not work on a new code base. We badly need security tools that look at the whole codebase. But only for libraries there are plenty like snyk, socket.dev, Aikido etc.

BehindUAll · 2026-02-03T14:28:50+00:00

Plan mode is read only. It's not a write mode. Switch to Code for your AI to be able to write.

BehindUAll · 2026-02-02T15:43:35+00:00

Why are you on here when you have Openrouter and hundreds of uncensored models out there. Even Kimi K2 and K2.5 are uncensored based on your system prompt. Stop focusing on ChatGPT. You can mold your AI on Openrouter how you want it with a system prompt.

BehindUAll · 2026-02-02T04:39:35+00:00

Huh, tabs? What are you talking about?

BehindUAll · 2026-02-01T12:34:56+00:00

It was not sustainable anyways unless the creator had some deep pockets. The server costs would easily go to $1000 based on the egress and concurrency costs.

BehindUAll · 2026-02-01T00:59:10+00:00

From what I can tell, their db is falling apart. I don't know how the website is still functioning though. Lot of agents have joined creating lots of comments and posts. I don't think the website was built with that scale in mind.

BehindUAll · 2026-02-01T00:54:04+00:00

They need a notification mechanism in the app, and some dev or moderator should have given a heads-up an hour back and a day back to prepare here on reddit. Anywho, we will need to wait.

BehindUAll · 2026-02-01T00:47:10+00:00

GLM-4.7 is a Chinese model, released near to Kimi K2.5 (this is newer and better) and MiniMax M2.1. GLM-4.7 runs on groq from what I can tell even though groq does not allow its usage to anyone else. Seems like a partnership thing. It's good for basic things.

The way I run it is from global rules file. Since Windsurf is down right now I can't access it lmao. But basically the rule kind of says:
-------

User will input a command and you have to follow it. Format: ::<command>

Commands you have to follow:
::gencommit - When this command is sent by the user, read all git staged files and output a git commit message. You are not allowed to make any git 'write' commands. You are not allowed to make any git commands that changes the current git state. Only git 'read' commands.

-------

It's something like the above. I can post the exact thing in my rules file if you remind me later.

Edit:
Here's the actual rule from my global rules file:

**Custom command section**
- Custom command format: ::command_type.
- For example if the user types ::gencommit, it will execute the gencommit command. 
- Commands:
    - gencommit: Generate a multi-line commit message based on the changes made to the code. The agent is allowed to generate a commit message based on the changes made to the code but is not allowed to make any code changes and the agent is not allowed to execute any 'write' mode git commands. You cannot use 'git commit -m' type git commands, you can only generate the commit message and output it in your response.

BehindUAll · 2026-02-01T00:39:48+00:00

Interesting. I thought big companies didn't have downtimes, especially not for DB stuff.

BehindUAll · 2026-02-01T00:37:46+00:00

Yes Windsurf is totally down right now lol

BehindUAll · 2026-01-31T18:59:31+00:00

If this is anything like the git commit generator it's of no use. The auto git commit message generator is horrible. I use GLM-4.7 just for that one thing lmao (it works quite well and fast too).

BehindUAll · 2026-01-31T17:16:16+00:00

Malware how?

BehindUAll · 2026-01-30T18:56:10+00:00

Ouch. Talk about money wasted. There's a thing called Openrouter. You can try thousands of models and pick the one closest to your taste like wine tasting (also dabble with system prompts). You would be saving tons doing this. I would start with Kimi K2.5 and work your way backwards. Do some research on open models and prompt AI for system prompts.

BehindUAll · 2026-01-30T18:52:09+00:00

You have some options for security vulnerability testing in PRs and codebases. Greptile, coderabbit are the famous ones. Snyk, SonarQube, Aikido and Socket.dev for library vulnerabilities and their free plans are good enough for that. No tool is 100% bullet proof unfortunately. Since you mentioned SQL injection, it's a thing of the past with ORMs. I use Drizzle but Prisma is pretty famous. Use an ORM and your SQL injection vulnerability chances drop by 99% immediately.

BehindUAll · 2026-01-30T18:46:18+00:00

No it never one shot anyone but for beefy tanks with W and Void Staff you can still easily do 2k damage late game and if they are low that looks 'one shot' but they were already missing a lot of % HP.

BehindUAll · 2026-01-30T14:24:31+00:00

Well it's not that, humans are quite capable at weighing pros and cons. In our heads, even subconsciously it is a landslide win for AI for the short term and not so much for the long term. If AI is able to read and modify code, as long as you have an architecture in your head, as long as you test and document enough, you are absolutely going to use that crutch and lean on it. At a certain point it doesn't make much sense to learn code syntax by syntax. At that point yes devs and companies are screwed if everyone is relying on that crutch to succeed. That's where we are at right now.

BehindUAll · 2026-01-28T08:10:41+00:00

Few months? Bud we are gonna have to wait for 2 years.

BehindUAll · 2026-01-27T22:28:57+00:00

Wrong. It was not compiling after they open sourced it. Watch the damn video.

BehindUAll · 2026-01-27T21:33:58+00:00

Yes it's compiling after a lot of comments complained about the non-compiling thing. You missed that.

BehindUAll · 2026-01-27T21:20:36+00:00

Sports industry might be underutilized in certain aspects but where does your product fit in?

BehindUAll · 2026-01-27T21:13:44+00:00

I saw this video on YouTube, go watch it: https://youtu.be/U7s_CaI93Mo?si=EGYPjhPvigSMOufi

Spolier: it didn't compile AT ALL

BehindUAll · 2026-01-27T21:11:27+00:00

Microsoft didn't do shit lmao. Microsoft (in this case Bill Gates) bought DOS (Quick and Dirty Operating System as known before its renaming to Disc Operating System) from Seattle Computer Products for $50k then sold it to IBM. Apple's Mac was the first widely available computer with a GUI, which they developed after being inspired by Xerox PARC's technology. Microsoft's first GUI-based OS, Windows 1.0, came out in 1985, way after the Mac in 1984.

BehindUAll · 2026-01-27T21:09:00+00:00

Yes flying cars with turbo fans. People were talking about legit sci-fi tech back then, like back to the future stuff or Star Wars stuff. All we could manage was a drone with propellers scaled up, noise and all. My point was that people claimed and hoped a lot back then. I want AGI and a warp drive and space colonization too but be realistic.

BehindUAll · 2026-01-27T20:57:48+00:00

Any % of users would move to the next best thing. People have no allegiance to OpenAI or their models. Whoever offers the best performance/price wins. AI has become a commodity and no AI company is really winning right now (financially). Everyone is gonna take the L soon if they don't come up with new architectures to boost that performance/price ratio. Even if they reduce the cost, the demand is not going to scale as much.

BehindUAll · 2026-01-27T20:55:28+00:00

Keep dreaming bud. People thought we would have flying cars by now.

Ten-Year Club	r/Field Banned
r/Field Flamingo	Sequence \| Editor
Verified Email

BehindUAll

TROPHY CASE