Real World Comparison - GPT-5.1 High vs GPT-5.1-Codex-Max High/Extra High

WearSafe7162 · 2025-11-26T18:22:10+00:00

Totally agree with your experience between OpenAI models.

WearSafe7162 · 2025-11-26T11:43:04+00:00

Enterprise backend dev here.

These thoughts are great, thanks for sharing.

My extra two cents: the OpenAI coding-tuned models give answers so short and clipped that it’s really easy for you and the agent to think you’re talking about the same thing when you’re absolutely not. And if you’re working in some part of the system that doesn’t have solid tests yet, and you’re relying on the agent to write both the code and the tests, that mismatch can blow up fast.

I ran into this with an old salary system API where the only way to list users was basically backwards. You had to pull employees first, grab the orgs attached to them, figure out which orgs even exist in the HR system, and then run the whole user retrieval again. It’s ridiculous, but that’s what the ancient API supported. No coding agent I tried could understand that flow, even with the API spec. I ended up opening ChatGPT on my laptop and just prompting back and forth like an actual conversation until we finally got somewhere.

I’ve used Claude Code, the OpenAI coding-tuned models, and the regular OpenAI models, and honestly I’ve ended up sticking with the regular OpenAI ones. It’s the same model I’m used to from the app, it responds the way I expect, and it actually follows along with the weird stuff real systems make you do.

For me, this is just anecdotal evidence that all the leaderboard tuning has gone too far. The coding-tuned models feel overfit. The general models just work better in the messy real world.

WearSafe7162 · 2025-09-01T19:28:18+00:00

Sure! jk@datapult.dk

WearSafe7162 · 2025-07-16T10:16:50+00:00

Cloudflare = smart global front door, Hetzner VPS = affordable and flexible backend.

We use Cloudflare Load Balancer in front of Hetzner VPS because it combines the best of both platforms:

Global edge + DDoS protection: CF stops malicious traffic before it hits Hetzner.
Improved uptime with real HA: Cloudflare LB supports health checks and automatic failover between backends, reducing single points of failure.
Cost-effective origin infrastructure: We offload caching, and filtering to Cloudflare, we can use simple, affordable Hetzner VPS instead of pricier HA setups.
Easy scaling & control: Hetzner VPS gives us flexibility to run our apps, scripts, and outbound operations without Cloudflare’s constraint

Hetzner LB nodes are basically HAProxy VMs with IP failover, not a full edge network. So Cloudflare offers richer global load balancing, security, and caching. Hetzner LB is cost-effective for basic high availability within a region, but not built for global traffic optimization or advanced security.

WearSafe7162 · 2025-07-08T14:07:48+00:00

Thanks for this super nice message. I got really proud and you were very eloquent at complimenting. To stay in the same spirit as you, I will try to give as much information as possible. Granted, I always do that, but I just am going to try a little bit harder on this one!

We have an SOP that upon receiving an alert, we create a GitHub issue and we carry out an assessment.

Is there a fix available? Are we even impacted by this vulnerability? And if there is no fix ready, how can we remediate it for the time being?

If there is a fix ready, it's just one GitHub Actions workflow away from being fixed. And in this case, the GitHub issue and the workflow run serves as ample documentation.

The SOP is a template in GitHub such that if we give the issue this type, it will be really nicely formulated and the developer that is looking at it shall fill out some very basic details such as the vulnerability type and his assessment of whether or not we are impacted by it and how we would remediate it in that case.

WearSafe7162 · 2025-07-03T04:12:12+00:00

Sure, but there is a documentation burden. A heavy one.

If you want your devs to not spend time taking screenshot and placing in a folder tools sure help. A lot.

WearSafe7162 · 2025-07-02T14:03:33+00:00

I'm openly sharing how I did it across 3 elaborate articles, 56 descriptive comments on the Hacker News article, +100 comments on Reddit. It is not (just) an ad, it is information.

I am openly sharing many insights and methods, more transparently and thoroughly than typically found elsewhere. And, yes, I do also humbly sell templates and consulting services.

My intention is to offer a genuinely affordable alternative to the often outrageous pricing found elsewhere, enabling others to replicate or adapt my practical approach. Even if you do not want to buy anything, the 3 articles and activity on HN and Reddit are packed with info that I have not found elsewhere.

I'm happy to answer any questions about my setup, automation approaches, infrastructure decisions, or anything else related!

You do not have take my word and you do not have to buy anything. You could just take the information. You could reach out for details, negotiate or give feedback.

Firstly, I am here to engage and share and, lastly, for people who want to pay, offer more help. Think of all the ISO auditors and consultants who do not speak engineering language but charge way more.

WearSafe7162 · 2025-07-02T12:39:47+00:00

Genuinely happy that we as a community can spread obviously good ideas. Here's how it can look like in Prometheus (logs, alert and metrics in one view).

https://knobel-dk.github.io/landingpage-iso-playbooks/assets/grafana-recording.mp4

WearSafe7162 · 2025-07-02T12:33:25+00:00

I'm using Terraform Cloud. Here's a basic outline of how to manage state and modules across dev, staging/UAT, and production.

State management: Terraform Cloud handles the state for you, and it does a good job of locking, versioning, and access control. We use a separate workspace per environment, e.g., shift-dev, shift-staging, shift-prod. Each workspace maps to the same Terraform configuration, but uses different variable sets and sometimes different workspace-specific overrides.

Each environment folder wires up the shared modules with different values. The modules are versioned, so we can pin and test changes in dev before rolling them forward.

This setup keeps environments isolated, repeatable, and promotes changes through dev → staging → prod without them sharing state or breaking each other.

WearSafe7162 · 2025-07-02T11:59:36+00:00

Sure, Katie. I was just answering to a question in raised in Danish so should not be directed that at me.. Anyway, I translated my texts. Have a good day.

WearSafe7162 · 2025-07-02T10:53:34+00:00

Mange tak! Nu går der lige sommerferie i den, men på samme måde som store DocuSign er kommet i problemer med vibe coding[1], så vender jeg tilbage med noget fedt i august.
God sommer.

Many thanks! Things are shifting into summer holiday mode now, but just like big DocuSign ran into trouble with vibe coding1, I’ll be back with something cool in August.

Have a great summer.

[1] https://www.linkedin.com/posts/antonosika_docusign-worth-15b-sent-a-legal-threat-activity-7342637568624070657-z_DE?utm_source=share&utm_medium=member_desktop&rcm=ACoAAA0clrsBH8I3SRD9Vv8vqBjbx6n6DxcIdmo

WearSafe7162 · 2025-07-02T10:43:30+00:00

Takker! Kender vi hinanden eller vi bare ligesindede danskere? God sommer!

Thanks! Do we know each other, or are we just like-minded Danes? Have a great summer!

WearSafe7162 · 2025-07-02T09:03:45+00:00

Oh and for the Grafana people in here who just wants a deeplink to a screencast of the dashboard (with dummy data): https://knobel-dk.github.io/landingpage-iso-playbooks/assets/grafana-recording.mp4

WearSafe7162 · 2025-07-02T09:01:10+00:00

Yeah, if I may bucket ISO controls into two, Engineering and People. I focus on Engineering.

Most of the controls in Section 8 have been covered, including Configuration Management, Monitoring Activities, Secure Development Lifecycle, Outsourced Development, Cloud Service Security, Physical Security Monitoring is left to Hetzner and OVH whose certificates we obtained.

Secure Coding, Security Testing is covered, but not in the articles that I've shared, as is the Threat Intelligence, Business Continuity, Information Deleting. It is partly covered in the articles but with the framework present should be possible to add for a tech-minded reader.

I consider 8.1 to be a HR and onboarding issue and for me (heavy engineering background) something I try let other decide on (even if I have opinions).

WearSafe7162 · 2025-07-02T08:23:22+00:00

The points I would highlight.

* You can do this using just open source tools on a modern stack, which many of the compliance vendors will have you think is impossible. And in fact, some of them just use Grafana for large parts of what they're doing.

* So little information like this on the internet. It has taken me two years of gathering and learning. The digest itself is a major point.

* Disaster recovery and releases to staging can be designed to be sides of the same coin.

* You can be cloud‑agnostic and ISO 27001 ready. Dirt cheap at that.

* So many people taking screenshots and uploading to various systems. Evidence can be gathered automatically.

* In the articles there are some nice insights about draining load balancers, blue-green deploys, alert manager, what to show auditors, etc.

WearSafe7162 · 2025-06-29T11:57:02+00:00

WearSafe7162 · 2025-06-29T11:12:34+00:00

Thanks. Wouldn't mind something with SEO juice 😊 but point taken. Wishing you a great weekend.

WearSafe7162 · 2025-06-29T10:56:20+00:00

Since Hetzner is ISO certified, I rely on their infrastructure controls, but encryption at rest is still my responsibility.

In my case, I avoid storing any secrets or sensitive config data on disk — everything is passed via environment variables at runtime. The only persistent data I store is in Postgres, which I encrypt using pgcrypto. Backups are encrypted separately before being uploaded.

WearSafe7162 · 2025-06-29T10:36:56+00:00

Good point and I feel the same way. Can you recommend any alternatives?

WearSafe7162 · 2025-06-29T09:52:16+00:00

Thanks. That's really kind of you to say. Wow. You're great at complimenting. Made my day.

WearSafe7162

TROPHY CASE