Ayende @ Rahien

https://bookmarkpress.space commented on Learning to code, 1990s vs 2026

Tue, 09 Jun 2026 08:43:50 GMT

References: King of prussia casino [https://bookmarkpress.space](https://bookmarkpress.space/item/online-spielen-mit-bonus "https://bookmarkpress.space")

https://skitterphoto.com commented on Learning to code, 1990s vs 2026

Tue, 09 Jun 2026 04:58:16 GMT

References: Harrah's new orleans casino [https://skitterphoto.com](https://skitterphoto.com/photographers/2799310/brandt-martinsen "https://skitterphoto.com")

https://intensedebate.com/people/latexmark9 commented on Learning to code, 1990s vs 2026

Mon, 08 Jun 2026 20:22:24 GMT

References: Grand villa casino [https://intensedebate.com/people/latexmark9](https://intensedebate.com/people/latexmark9 "https://intensedebate.com/people/latexmark9")

headlinebeacon.site commented on Learning to code, 1990s vs 2026

Mon, 08 Jun 2026 10:50:55 GMT

References: New mobile games [headlinebeacon.site](https://headlinebeacon.site/item/offizielle-webseite-500-bonus-2 "headlinebeacon.site")

Oren Eini commented on Learning to code, 1990s vs 2026

Wed, 03 Jun 2026 20:48:11 GMT

Peter, That looks like giving the model / agent to run actions that it shouldn't.You should assume that the model is hostile, and limit what it can do to the scope of what the user is able to do, not anything privileged.

peter commented on Learning to code, 1990s vs 2026

Tue, 02 Jun 2026 17:24:05 GMT

https://x.com/DarkWebInformer/status/2061253599758315527

peter commented on Learning to code, 1990s vs 2026

Tue, 02 Jun 2026 17:22:27 GMT

META's Instagram (IG) implemetned an AI bot and it is - AS WE SPEAK - allowing users to takeover other peoples' accounts

Oren Eini commented on Learning to code, 1990s vs 2026

Mon, 01 Jun 2026 18:56:25 GMT

peter, Can you explain what you mean?

peter commented on Learning to code, 1990s vs 2026

Mon, 01 Jun 2026 17:30:09 GMT

I think it's time for a writeup of the IG mess vs how RavenDB has implemented AI.

Oren Eini commented on Using AI agents in long-lived software projects

Thu, 14 May 2026 11:10:33 GMT

Rafal, Regenerating the project each times assumes that you *can* do that. That isn't true. Users have expectations, any integration would break, etc. And code has _weight_ the more code you have, the harder it is to actually work properly. It is actually _measurable_ now, since you have a context window limit in the agent. Given those two statements, it is really obvious that you _need_ to worry about your source code and its longevity.

Rafal commented on Using AI agents in long-lived software projects

Wed, 22 Apr 2026 06:09:06 GMT

Had similar thoughts recently - if the software is so easy to generate, why worry about the source code at all - just throw it away and recreate from scratch every time. And then even the technology doesn't matter. Claude seems to shine the most when creating something from scratch, it feels like working with a great developer who understands, thinks ahead and builds the model in their head as you speak to them. But (as always, a but) it reaches a limit - if the complexity grows a bit it often gets stuck in a loop - it creates a solution, but it's wrong, so you explain what is wrong in next prompt, and it happily nods its digital head, gets to work, says it found the problem and applied a fix, but you're back to square one - still doesnt work. Repeat several times, same scenario, and it's clear it won't move forward. And in the meantime the code gets big and complex so it's impossible to go thru it and assist the assistant.

Barth Benner commented on The 'Million AI Monkeys' Hypothesis & Real-World Projects

Fri, 03 Apr 2026 22:23:00 GMT

It is no longer a skill. Soon we will all accept it. We can all now create great software. All the outstanding developers are saying it.

Oren Eini commented on A tale of one-off, coding agents and the shortest path to victory

Sun, 15 Feb 2026 06:48:52 GMT

Rustam, Yes, you can do that with `slackdump`, sure. I literally couldn't get the auth to work properly. Now, I *could* make it work, for sure. But it was literally easier to get an agent to produce a once off then try to figure out how to get `slackdump` auth working properly. That's the point of this post.

Rustam commented on A tale of one-off, coding agents and the shortest path to victory

Sat, 14 Feb 2026 04:42:50 GMT

It's quite easy with slackdump: 1. Run a dump of a channel: slackdump dump - produces a zip file with the timestamp, i.e. slackdump_20250214_143900.zip. 2. Format as csv: slackdump format slackdump_20250214_143900.zip - produces a zip file with two CSV files: conversation and channel information. All the best.

Nicholas Piasecki commented on Maintainability in the age of coding agents

Sat, 31 Jan 2026 02:29:55 GMT

As someone reading you for a long time and maintaining his own 15 year old code base, on a much smaller scale, I also came to the conclusion that it succeeded only because I got the architecture mostly correct — of course the topography is all obsolete now, but the fault lines were right — in that changes and evolution were localized, and I could change and deploy just a small part of the system at a time. This was a great essay.

Oren Eini commented on Implementing Agentic Reminders in RavenDB

Fri, 12 Dec 2025 07:41:40 GMT

Peter, That actually comes from a bunch of reasons. - `@refresh` - is easier to just type then provide a strongly typed API for.- We have to consider cross language API. C# has really nice facilities for strongly typed stuff (but they are complex). With Python / node.js, that is not the case- `smartest-agent` or `GetRaisedReminders` are defined by the user. Sure, we can go the same route we did with indexes, with defining a class, etc. That comes back to the previous point about other systems, and reducing the cost of approaching this in all platforms.

peter commented on Implementing Agentic Reminders in RavenDB

Thu, 11 Dec 2025 16:06:01 GMT

curious why literal strings are used (@refresh, smartest-agent, GetRaisedReminders etc). Is there no simple way to use stringly-typed variables?

Ray Kwei commented on Using multi-staged actions with AI Agents to reduce costs & time

Mon, 24 Nov 2025 21:48:19 GMT

Oren - software investor at Radian Capital - just shot you an email. Thought I might try reaching out through the blog!

Oren Eini commented on RavenDB's new offices

Wed, 29 Oct 2025 21:17:32 GMT

Judah, Would be very happy to host you, let us know

Judah Gabriel Himango commented on RavenDB's new offices

Wed, 29 Oct 2025 21:14:25 GMT

Looks great, Oren! Congrats on the growth and the new building. I'll have to stop by next time I'm in Israel.

eqr commented on RavenDB's new offices

Thu, 23 Oct 2025 14:50:21 GMT

It's so cool, congrats. The logo is awesome.

Oren Eini commented on A deep dive into RavenDB's AI Agents

Wed, 08 Oct 2025 20:17:05 GMT

Jason, That is a great point, yes. I wrote about this recently in depth, see: https://ayende.com/blog/203140-A/ai-agents-security-the-on-behalf-of-concept?key=45fe4f251b4a41f9b4df1a8dbb2dcdb5

Jason Parkhurst commented on A deep dive into RavenDB's AI Agents

Wed, 08 Oct 2025 16:24:48 GMT

What are you doing to defend against prompt injections in the data stored in the database? If the agent takes the data from the database as an input, it is now subject to misinterpreting it, and if you have any user controlled data in the database it could be malicious.

Oren Eini commented on A deep dive into RavenDB's AI Agents

Mon, 15 Sep 2025 06:58:19 GMT

Bob, This is available in the cloud in the dev environment, and on either the higher ended tiers (P30+) or as an addon

Bob Lamb commented on A deep dive into RavenDB's AI Agents

Fri, 12 Sep 2025 11:44:08 GMT

Very interesting. Is this available in the RavenDB cloud on the free tier? If not, on which tier is it available?

Oren Eini commented on AI Agents Security: The on-behalf-of concept

Thu, 09 Oct 2025 15:21:29 GMT

Jason, a) You are broadly correct - anything that you expose to the agent, you should be concerned about it affecting it. b) That is limited by what _actions_ the agent can direct (which is distinct than take). c) We'll soon offer the ability to "nest" agents, to the point that you can have a split between "filter the no overheat" query from the "recommend the best value" agent. Finally - at the end of the day, we are still dealing with a technology that has no actual control / data plane difference. In SQL - that is like not having parameters and hopsing that `replace("'", "''")` would protect you. Going back to point (c) above - the agent isn't free to do whatever it wants, it must go through the available actions you provide to it. And then you have a chance to add validation, etc. For example, if you are an under 18 customer, and try to buy alcohol. It isn't the LLM that is supposed to stop you, but the validation on the "AddToCart".

Jason Parkhurst commented on AI Agents Security: The on-behalf-of concept

Thu, 09 Oct 2025 15:11:04 GMT

If you allow the agent to see any content generated by any other user, the agent can be hijacked. For example in an e-commerce setting letting the agent see reviews left by other customers or product descriptions from shady 3rd party marketers can cause your website to take unintended actions on the users behalf. This is similar to a xss attack. If you maintain the state of the agent during a session or longer you have made it a persistent exploit vector. Limiting the agent to only see what the user can see seems insufficient. The key thing here is that *anything* the agent sees is a vector. Folks will naturally want their agents to see what they see, so I expect teams will open up these vectors. Things like: "List only the drills with no complaints about overheating" seem tailor made for LLMs. Listing them would be fine as a one shot, but then if you use the same session for other things like account management or modifying your cart you're wide open. While you may be able to defend system integrity, you're opening yourself up to legal liability.

Henry Rollins commented on AI Agents Security: The on-behalf-of concept

Mon, 08 Sep 2025 14:57:20 GMT

Ah, yes. Thanks, protecting the user versus protecting the system is a great distinction. For protecting the system, you're right, the harm an unwary user could do would remain limited in most scenarios. I do still worry about scenarios where the user is inside the system, where an agent acting on behalf of an unwary user would have broader scope. Say, a bank representative, HR department, developer just granted just-in-time access to prod, etc.

Oren Eini commented on AI Agents Security: The on-behalf-of concept

Sat, 06 Sep 2025 06:49:12 GMT

Henry, You are correct, in that you still have security issues, but there is a whole different level of that. If I tell you to run: `eval(atob("YWxlcnQoJ3B3bmVkJyk="));` on your end, and you do that... you are in the same situation. The key here is whether this is a _user_ risk or a _system_ risk. Because those need to be addressed very differently. An agent acting on-behalf-of the user is limited to what it can do. If the user misbehaves, that is a problem, but well scoped. In the real world, consider the grandma getting a call saying from a supposed grandson: "I need to pay bail with gift cards, and it needs to be NOW". That _is_ a problem, but it is not a problem for the bank. On the other hand, if I were able to do the same thing to the bank's _teller_, it's a whole different ball game.

Henry Rollins commented on AI Agents Security: The on-behalf-of concept

Fri, 05 Sep 2025 22:42:50 GMT

"There is no damage the agent can cause that the user cannot also cause on their own." I agree with this point, but we need to keep in mind the next level of exploits, and recognize that there is damage the agent can cause that the user would not cause on their own. Case in point, GitHub Copilot executes commands in the user's terminal, and can thus be instructed to do anything the user could do... which becomes very problematic [when it can also bypass human approval safeguards](https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/). Fortunately, that particular exploit has been patched. Unfortunately, we have absolutely no reason to trust that we're safe from any number of others. Now in your example scenario, there is no terminal in play, but I'd say we still have trouble. Say a bad actor shares what appears to be a very helpful prompt, but they have performed similar exploits to hide extra instructions (e.g., buy e-gift cards and send them to the bad actor). Users throw these prompts into the system and of course they have permissions to make purchases on their own behalf. Or leave the bad actor out of it, and accept the reality that a non-deterministic lexical pattern engine may occassionally get a wild idea that the user wants to increase their automatic monthly contribution by 10x. Now we have to build another layer of guardrails around how far the agent can go, even on behalf of the user.