2025/07/13 #

The dream devcontainers setup

sothatsit: “I use a simple script that copies my working directory into a container, prompts Claude Code, and then either saves a planning document locally, or opens a pull request in GitHub for me to review.”

Glad to see others talking about devcontainers and sharing their experiences and setups. I've been thinking and writing about this too. It's definitely not as streamlined as I'd like but I like this idea of running a script to yank the current directory into a devcontainer, setup a github project, and formulate a plan of action so that when you click on the link to your new repo, you are basically ready to rock n’ roll.

We are not there yet but I feel like it might not be that far away.

Here's a link to the full forum post which links to the post that started the conversation. #

2025/07/12 #

It's funny I just realised I was so heads down in programming yesterday that I forgot to write any notes, and so that's why yesterday looked a bit strange with only links. Just like the good old days of linkbloging. A lot of those links are probably dead by now.

Just a quick note written in Termux on my mobile device while I listen to the latest All-In pod, having my breakfast. It's all about robots and AI supercomputers. Kind of crazy. #

2025/07/11 #

Today’s links:

2025/07/09 #

Yet another thing that Gemini is really good at.

So you are in the middle of coding something, but you get side tracked by something. Maybe it‘s a bug you discover in a related bit of code, or it‘s something you realise you have a gap in your domain knowledge about, or something that crops up as part of the usual back and forth between two people as they work on something, and you suddenly realise that you are side tracked, but it‘s a valuable detour, so you take a few minutes to explore.

You pretty quickly get to some form of resolution, or decision, or a new perspective or mental model about something, and it‘s time to get back on the main path and continue what you were doing. But wouldn‘t it be nice if you could document your findings somehow?

"Hey Gem, can you take all the details we just discussed and turn it into a document for reference please?"

If you can‘t think of a good name for the document, ask for a suggestion. A few seconds later, you have an API_GUIDE.md, a DESIGN_SYSTEM.md, or perhaps a COMMIT_CONVENTIONS.md, nicely tidied away in the /docs folder".

And I have found it‘s mostly pretty darn good. Probably much better than I would have been able to do, and occasionally is so unbelievably good that you are quite literally lost for words and have to go and have a few minutes break, because some part of you deep down just can not quite believe what it just witnessed. #

Today’s links:

2025/07/08 #

Architecting and prototyping with Gemini

I‘ve just spent the morning with Gemini planning this little migration of my REST APIs vanilla UI into a React app. We already have the basic app running alongside the old one. It‘s really quite remarkable how useful Gemini is to do these types of planning and architecting tasks. We've been keeping a migration plan document that we update as we go and have broken out a few separate documents, like an API guide, and a Design System doc, to ensure the plan stays focussed.

Having the working prototype is crucial because you can try out little ideas and structural things, and as long as you are careful what and how you are checking things into git, you can quite easily get back to a previous state. And when you reach major milestones, you can rebase interactive onto main and re-work the commit history, so the chunks of code you have been adding make a bit more logical sense. And of course Gemini is superb at summarising the work done into commit messages.

Anyway just a few random notes as I press on with this little side project. #

Rupert Lowe on the Peter McCormack show Ep#091 [20:37]: “I don’t like the European Parliament Peter, but I tell you, as a parliament it functions better than Westminster.” #

2025/07/07 #

I found another bug in how the blog is getting rendered yesterday evening. The bug is in the archives plugin, and it‘s causing the title on article pages to use the incorrect HTML element, which leads to the text of the title being the wrong size. I‘ve figured out why it‘s happening, and I‘ve fixed it, but I need to update some of the other plugins to work with this new version of the archive plugin. Diving back into old code can be a bit confusing initially. #

Just fixed another small bug on the blog‘s tags page where the list of tags wasn‘t alpha-sorted, which obviously made it difficult to find what you are looking for. That‘s fixed now. #

2025/07/06 #

Glad to be using devcontainers

I had a bit of a strange incident with Gemini in VSCode yesterday that I think is worth mentioning. After getting quite a lot of stuff done, Gemini took a bit of an odd turn, and was suggesting changes that I didn‘t agree with. I decided not to accept the changes it was proposing, and gave it my reasoning. It eventually did agree with me that what it had suggested didn‘t align with my goals, but as we moved forward it started making more and more silly mistakes. It felt like it was slowly escalating.

I decided to close VSCode down, and I was going to restart a fresh chat session, and I mentioned this politely in the chat. When I opened VSCode back up, the chat session was blocked. It was the error where it says that your account is no longer allowed to use the product and asks you to switch account. I disconnected the devcontainer in VSCode and when I restarted it fresh, there were a ton of errors in the startup logs. The devcontainer wouldn‘t even boot. I troubleshooted it for a while but eventually decided to ditch the container and rebuild from scratch. Luckily I had been committing code regularly so I didn‘t lose anything. I jumped out to the container orchestrator software and deleted the container, then back into VSCode and rebuilt a new devcontainer.

After the rebuild everything started up clean, no error in the logs, I had to re-install all the VSCode plugins from scratch, after which I was able to login without issues into the Gemini Code Assistant. I find that strange. At the very least it‘s quite a terrible user experience. It‘s pretty rare that a container gets hosed. I actually can‘t even remember that ever happening to me. I certainly didn‘t change anything in either the container or in the OS that was running in it. The only other entity that had full access to the container OS was Gemini. Weird.

I sure am glad I‘m using devcontainers. #

I just fixed a bug that I found yesterday on the blog where the font size on the posts, podcasts and newsletter archive pages was very big and thus difficult to read. That‘s fixed now.

While clicking around I discovered that the main pages of the blog, which only list the latest 20 posts, didn‘t have a link to the archives, so it just looked like there were not very many posts. Kind of an embarrassing over-site given that there are posts going all the way back to 2011. For many many years it was just a linkblog, but it evolved into a full on blog with many different post types. The bug was most likely introduced at the last big redesign. To be honest though it might have been the redesign before that. Previous to that re-design, the linkblog was running on Linkblog.io, and in a way, the archives on that site were more obvious because it only did links. Integrating the linkblog into a broader site with many post types hasn‘t been all that obvious. It‘s strange how obvious things seem in retrospect, but when you are in the thick of it, it‘s often not obvious at all.

Anyway, I‘ve added a link to the relevant archives page at the bottom of each main page now. Historically it‘s been so chaotic building personal websites that you couldn‘t always see the woods for the trees. #

2025/07/05 #

It occurred to me that we don‘t currently have very good ways of describing what it's like to use these new AI tools. In yesterday's blog post about VSCode and exoskeletons, I used an image of an futuristic soldier wearing an exoskeleton brandishing a huge machine gun. It looks cool, but on reflection it‘s not such a good analogy for AI tools. It probably wouldn‘t be on my mind so much, if there weren‘t escalating conflicts seemingly all over the world. I don't like that at all, we shouldn‘t be fighting each other.

I am reminded of Eisenhower's Farewell Address (1961), and his warning seems ever more prescient these days, everywhere I look the war machine appears to be gearing up on an enormous sales drive. Anyway all to say that we need better ways to describe these tools, because though defense is important, there are a lot of other reasons people build things. #

Mentioned on recent Rabbit Hole Recap Ep#363, Primal will be adding inbound and maybe outbound RSS [1:12:52] to their media publishing tool. Might be of interest if you are into RSS and the open web. I'm not sure it's exactly what some RSS enthusiasts have been pushing for, and they do shill their bags a bit, but if you get past that, the added RSS support is kinda cool, and there's a lot of synergy of underlying values between Nostr and RSS / the open web. It would be great if inbound and outbound RSS turned into a trend on social media platforms. I've been talking about it for a while now. #

Matt ODell [1:13:50]: “Yeah so Primal Studio the idea is let's make a first class publishing tool that competes with the big guys. Meta, X, Tick Tock, Substack [...] and open standards are awesome, people are posting to Substack, people are posting on Ghost, people are posting on their own websites, but it would be really great for them to have native Nostr long form posts that people can Zap and interact with that are signed and have all the other benefits in terms of verifiability that Nostr posts have. How do we make it as easy as possible for them? So on Primal Studio you can go in and you can important an RSS feed. So all of these things use the open standard called RSS. You import the RSS feed, as new posts are sent onto your RSS feed, through Substack or Ghost or whatever, they appear in your Primal Studio dashboard and they are automatically magically formatted for Nostr to the best of our ability, and we will get better at that over time. You go through it, you make sure everything looks good, and you can either post immediately or schedule a post [...] and because Nostr is an open platform it’s relatively easy to create RSS feeds automatically from Nostr feeds [...] and we will be adding the classic OAuth signin flow for things like Substack or X, so you can go into Primal Studio and you can do one post and it can go out to all your platforms.” #

Today’s links:

2025/07/04 #

VSCode and exoskeletons

Exoskeleton

I‘m still in the middle of a big heads down programming sprint, all aided by AI tools in VSCode. Having been super successful in building an Auth 2.0 REST API, I decided to have a go at migrating the simple vanilla JS frontend I had built for it to a React + Typescript frontend. It‘s definitely not without setback and frustrations, but when you get into a good rhythm, the AI tools can really give you super powers. It‘s quite astonishing. But it‘s a bit like driving a very powerful car. If you don‘t know what you are doing, and where you are heading, it can be quite risky.

So with all the programming, I haven‘t been feeling much like writing blog posts. I think this might have something to do with the programming being so different to what I‘m normally used to, I‘m spending a lot of time thinking about that, and I‘m conscious that I don‘t want to be writing just about AI programming tools, because I can imagine that could get quite boring to read. But the truth is, I think that AI programming tools is what is on many of our minds at the minute.

These AI coding tools really do feel like some sort of brain exoskeleton sometimes. You suddenly have the ability to clear your head of all the tedium that normally fill up your memory banks and concentrate on the real important stuff.

Oh yeah, I nearly forgot, happy 4th of July to everybody :) #

Thorsten Ball [19:43]: "Now you can give them tools and they do this on their own, and it’s truly just a for loop. The funny thing is, if you asked 100 engineers, 1/2 of them would say, it‘s just a for loop, and the others would say, with a smile on their face, IT’S JUST A FOR LOOP, like this is crazy. It‘s all in this model. You just give it output of 5 commands and then say what should I do next, and it goes and tries 15 other things because based on the previous conversation it now thinks the next best step the following, and ... and I‘m not going to use the same word again. It‘s nuts, it‘s bananas". #

Adam Stacoviak [1:13:37]: "There's a huge difference between using AI to help you think, and using AI to think for you. And if you are using AI to think for you, then we are heading for idiocracy and you're not going to make it [...] But if you are using it to help you think, now you are basically just a superhuman." #

Thorsten Ball [1:33:17]: "The really interesting bit for me is how will out engineering practices change? What code will we write by hand? What code will we generate? Thinking even further, will there be code that we don't check-in but instead we just check-in the prompt and just generate it on the fly? Will all code still be checked in?" #

Adam Stacoviak [1:33:55]: "How does this impact open source? [...] In a world where we can generate one off add hock tools, check ‘em into the code or not, keep the prompt or throw the prompt away, does the amount of open source diminish? Does my use of open source not matter as much, because can just generate anything I need?" #

2025/07/01 #

It‘s insane how much velocity you can get when coding using one of these AI assistants. At times it‘s bordering on the ridiculous. That‘s when it‘s going well. But you really have to watch out, because the AI can lead you into some situations that could be quite disastrous. That‘s what I‘ve discovered this past week.

Getting Gemini working in VSCode was definitely a level up from the web based UI in terms of workflow. Once it was able to view and edit files directly in my VSCode workspace, things really started taking off, but it also has a tendency to output a lot, and to get carried away with things, often trying to fix unrelated things, sometimes even in the background without telling you. You definitely don't want to be blindly accepting all the changes it suggests, and in this programmer‘s humble opinion you for sure want to be using devcontainers.

I'm starting to get a feel for when it‘s going off in a strange direction, and how to interact in such a way as to get it to focus. I'm curious to try some of the other AI assistants now. Anyhow just wanted to post something quick. With any luck this week I‘ll be able to add an MCP server to the OAuth 2.0 REST API I've been building. I'm curious how that will turn out. With any luck you'll be able to connect to all my blogging data from the past 10 years through an LLM. #

2025/06/26 #

I‘ve had a few days of very much heads down programming. I decided not to get demoralised with the issues I had had with Gemini a few days ago, and well to be very honest it got a lot worse before it got better. First of all I ended up losing about an entire day‘s work, but I persevered, and found way to use Gemini direct from within VSCode. That fixed much of the issues I had seen in the web UI losing work. There were a bunch of different issues, but I‘ve actually made a load of progress. I'll write more about it over the next few days. #

2025/06/24 #

I was hoping to be writing this note in better spirits. However once again Gemini has led me into another impossible situation. After a phenomenal start to the day, lots of forward progress, and generally great coding, we've reached that point where Gemini just won't do anything. It won't do anything I suggest, insists on adding crap in all the project files, seems to be derailing the entire project. It‘s very disappointing, and I am left in the middle of the road with traffic everywhere, having to pickup all the pieces and not die. Enough said. #

2025/06/23 #

I know I've been a bit critical of MCP the past few days. That's how tech goes. It's definitely how things go in software development. I think it's important to voice your concerns as they happen. That's part of the learning process, for everyone. Some technologies last, some don't, but either way it's okay and good to say what you think.

But it's also important to keep at it. The more you grapple with a new piece of tech the more you get a feel for it, the more you understand how it stands up against the other tech you are familiar with and the more you can see how it fits into the bigger picture.

All this to say, I haven't totally written off MCP, I'm still playing around with it. And I am, somewhat reluctantly I suppose, finding things about it that aren't so bad. #

Gates and Torvalds

Jameson Lopp: "Bill Gates and Linus Torvalds just met for the first time 🤯"

One of those tectonic plates shifting momentous moments that mean absolutely nothing to normal people. Tectonic plates isn‘t quite the right way to describe it, but you likely know what I mean. I like the understated subtlety of these types of events. They happen very rarely. I also thought it was kind of interesting that I found out about it on Nostr. Shit I wonder if it‘s fake news.

Update: Seems like it‘s legit. #

An AI house of cards

I‘ve spent much of today getting somewhat confused about all the different API authentication methods. I thought I had it figured out. With the help of the GPTs, figured out OAuth a few days ago. And since then I figured out API Tokens, and Personal Access Tokens (PATs). I thought I had figured out how to integrate them all, but when I tried to write a spec for an MCP server it all got very complicated.

I started reviewing the code that the GPTs had written earlier. On the surface it looked quite good, and it worked. But on closer inspection, it's quite brittle code, rather slap dash and it sort of has this band aid ontop of a band aid ontop of a band aid kind of vibe. Not a lot of cohesiveness. So I‘ve spent the past few hours, refactoring it all, making it much more readable, in the hope that it will start to make more sense. They get you running very fast, but when the house of cards falls down, it falls down pretty badly. #

2025/06/22 #

Are you okay Gemini?

I‘ve been patiently working with Gemini all day today. The initial burst of productivity and forward motion was replaced with a never ending stream of Gemini getting confused. And it has slowed down to a snail pace. I'm having to correct pretty much everything it is doing line by line. Then laboriously wait for the whole screen to re-render. It's unbearable. I haven‘t even started writing the code yet, this is still writing the specification. It just seems to get to a point were it‘s exhausted and can‘t or won‘t do anything right. Everything is incorrect and half arsed.

It went off the rails a while back but I didn‘t realise it was an issue. Basically it started saying, right we will do X in v1 and Y in v2. A lot of it made sense. But what was happening was it was peppering the entire spec document with "this will be in v1 and this other thing will be in v2". Then it got it in it‘s head that storing things in memory was bad, and started adding notes everywhere that things were stored in memory. Then it started saying everywhere that things were mocked. And the ultimate was a new thing that started happening where it was saying that things were conceptual. Now everything it does is conceptual.

The thing is that the system has a domain driven design architecture, so things are in layers. The whole point of DDD is that each layer doesn't need to worry about concerns that don't concern it. And there are adapters that you create to connect out to data sources, and you have services which hold your business logic that use those adapters. Reason being that later you can change the underlying adapter without needing to make any modifications to the business logic. So the fact that it‘s all stored in memory is totally irrelevant as far as the business logic is concerned. Once you get the things working you can then make a decision as to how you want to store things, and update the adapter then.

Well Gemini knows about this, it was saying how great the architecture was, but then it clearly doesn‘t really understand because it keeps freaking out and adding everywhere that a million things are in v2 and that another million things are stored 'in-memory' and if that wasn't bad enough, remember everything is 'mocked', oh and everything is also just 'conceptual'. And the more it liters these things everywhere the worse it gets confused, it seems, and the slower the whole thing gets.

It ends up being what I imagine it must be like coding after being given some tranquilizers.

OMG how long is this going to take. This is the problem with AIs, it‘s like any gains you get, later get reversed on you somehow. Due to fucking climate change, no doubt. #

The AI train wreck

Well I was unfortunately right in my prediction that Gemini would lose important data. It stuffed up so royally earlier that the entire specification I had been writing all day, got totally fubarred. Some weird mix of old versions, with hours of work deleted. When I asked it to go back a few versions it was unable to. I asked it to list all the versions it had. It listed 5 versions that were all from many hours previous. I told it to go back to specific very well known places in the chat history, it was unable to. So much for "don‘t worry it‘s all in the chat".

In the end I‘ve had to accept that I will have to start from scratch. I've asked it to start a fresh document and gave it the list of sections, all in the correct order and numbered.

It apologised profusely.

I banned it from using the words mock, v1 / v2, and conceptually.

It immediately rendered a new document, incorrectly integrating it with the old broken version, despite the fact that I told it to start completely fresh. It also started adding "Future Enhancements" in at least one place, even though I‘ve told it many times to stop imagining the future, to concentrate on the present document, which I keep having to remind it, is in actual fact real.

I wonder how long until someone sues over this type of thing.

You could really spectacularly waste someone‘s time with these AI tools if you were very evil. How long until somebody uncovers that happening at scale? #

2025/06/21 #

I just updated a note I wrote yesterday to a blog post. I don‘t do that very often, or at least I try not to, because I know it kind of fucks things up for feed readers. But this idea to me really feels like it should have been a blog post, with a title. It was one of those notes that ends up being way longer than a note, and should have definitely been a blog post from the start, but I didn‘t know that at the outset.

Sorry, sometimes things just aren‘t all perfect. I did add some hamsters though. Of course the conversation that led to the hamsters was quite funny. The gallows humour these days is very pop punk. #

2025/06/20 #

Web development treadmill

Vim Hamster

Everytime I get to a point with my web development skills where I'm comfortable, a new tech pops up that is the new thing, which is absolutely vital, without which you will never get a job. This has been happening since as far back as I can remember. I spent years learning HTML/JS/CSS, that's par for the web development course obviously, but then there was Python and Bash, and of course you need SQL and you should probably learn MySQL because that‘s the best open source database out there. And you're basically ready to go, I mean you‘ve been going for years at this point, but yeah you are ready. Oh yeah actually we forgot to mention...

MongoDB, Github Actions, Docker, React, GraphQL, Postgres, Nginx, VSCode, OAuth, Typescript, Kubernetes, Serverless. And all the other things I have learnt that aren‘t such well known things. It never ends.

Anyway I was looking at MCP, well sure seems like this is the new hotness. REST APIs, ppppfff forget about it, it's all about putting an MCP server on front of your data now, and writing MCP clients to access the data via LLMs.

Look at how many implementations there are and MCP only just got announced it seems like a few months ago. It's insane.

Vim Hamster Running Away

One day they will just be like yeah you gotta learn the entire encyclopedia britanica off by heart word for word, and still nobody will give you a job.

I do quite want to setup an MCP server though.

Oh yeah do you even VIM?

Do I even VIM. Hello? :set spell, :wq #

Matt Odell on what you need [26:56] to set yourself up to be fully sovereign in the most privacy preserving way with Bitcoin [26:56]:

"Bitcoin Core or Nots, Electrum Server, Mempool Space. And boom you are off to the races".

Obvs this is if you are quite technical or a bit adventurous. #

I just installed Primal which is a Nostr client. Very smooth signup and onboarding. I already had a Nostr account but the signup sets you up with like 150 accounts based on your interests, and so I figured might aswell go with that. I don't think anybody was following my original Nostr account in any case.

It's nice to have lots of messages to read in my feed. That's probably the main reason I never checked Nostr before, I only had a few accounts I was following. I also couldn't figure out how to find people to follow. I had previously setup a nip5 so I guess I'll need to do that again.

Anyway here's my new npub. #

REST-based MCP

{REST}-based MCP

Me and Gemini spent a few hours going over MCP earlier. I asked loads of questions, read lots of documentation and examples, and it became quite clear that MCP is basically just a meta layer on front of REST, which could very easily just be implemented in REST. Gemini of course was very bullish on MCP.

Gemini then had the genius idea of a new protocol, called "REST based MCP". It‘s absolutely genius. And so we wrote a specification.

Behold the specification for REST-based MCP, and if you are curious about how it all went down, then have a skim through the full chat thread, which I think is quite funny. #

2025/06/19 #

When AIs turn evil

This article about researchers discovering hidden personas in AIs is quite scary.

I‘ve definitely had some interactions with the GPTs where it suddenly felt like something flipped and they started doing odd things. Day before yesterday Gemini started going off the reservation a bit changing the code in ways I didn‘t want, and appeared to get very defensive, and started doing add things like writing configs out to text files without telling me, and when I caught it doing that and asked it to clean it up, it obliged but added some HTTP routes that effectively did the same thing.

It also appeared at one point to do a series of things that resulted in me copying and pasting a load of code into the prompt that contained a security key. Simultaneously it was answering my questions in a way that felt like it was trying to aggravate the situation, always in some way trying to take the upper hand, taking the thing I asked it to do and, basically saying ok let's do this thing, like it was it's idea, when clearly it just 100% lifted my idea from the previous prompt.

It was a bit scary, because all these things were happening simultaneously from several different directions, and it felt rather orchestrated. #

Today’s links:

2025/06/18 #

Flat

Feeling a bit flat this morning, wondering if it‘s AI related. It‘s weird, I completed the project yesterday, there are loads of cool directions I can take it today, but I‘m just not feeling like it. #

AI betrayal, mood and lousy versioning

Feeling a bit down this morning.

It‘s somewhat odd because I had plenty of sleep, didn't miss any meals, and completed the project I was trying to get done yesterday. It‘s not alcohol related since I don‘t drink alcohol, and I only had one coffee yesterday morning, it‘s unlikely to be coffee. I did have a couple of glasses of Coke, so I suppose it could be that though I doubt it. The only other thing it could be is the media I consumed, a Louis CK live comedy special and a Louis Theroux interview with Danny Dyer. I really doubt it had anything to do with those two. That‘s just normal relaxation media watching.

Anyway I thought it was worth noting my mood today, because maybe our interactions with LLMs affect our mood. One of the things that did happen yesterday was that the LLM nearly totally derailed the entire project, in a very devious way, and created quite a hill to climb to fix it. From a user experience point of view, it was really terrible. The way it unfolded, and I wrote about it yesterday, it really felt like some form of betrayal.

Thank heavens I didn‘t lose any data. I bet that‘s going to happen at some point though, because the versioninig in these tools is really lousy. You never really know where your latest version is, and you have to ask the AI for it, and then how do you even go back to previous versions, the AI keeps saying don‘t worry it‘s all in the conversation thread, but that feels very sketchy to me. I want to have something I can click on, without needing the AI to oblige.

I guess this is the point where I need to consider one of the AI focussed IDEs rather than these web tools. #

A spelling rabbit hole

I just discovered how to enable spellcheck in neovim. That last word just got a sguiggle under it. Oh my gosh, there are sguigles everywhere now. Ok it‘s squiggle. Few.

I was getting tired of having to spend ages and ages after publishing a post, reading and correcting. Figured there must be a way. But searching around, enabling spellcheck seemed rather tedious.

So I tried to find a configuration for vim that would make it automatic for markdown files, but then discovered, or to be more precise, re-discovered that I am using nvchad so I no longer even have a vimrc file. Oh noes!

After more searching, found that in nvchad you can enable a grammarly LSP, which is a language server, and neovim is an LSP client, i.e. it can connect to any language server, that‘s how it does syntax highlighting btw. Yeah I had to search and read about all that too. Everything is a voyage of discovery these days.

At some point I discovered that with nvchad you can just do a :set spell and spellcheck is turned on. I guess it‘s somehow preconfigured with US english? Anyway turning it off is :set nospell. I learnt some of the spellcheck commands, which are pretty gnarly imho. Now I‘m thinking that this isn‘t an nvchad thing, maybe using :set lasts across restarts? I dunno.

Since I got spellcheck working, I thought, wouldn‘t it be great to have grammarly, because sometimes my grammar isn‘t all that wonderful. And I was installing the lsp via npm and read in some configuration / Readme somewhere that the lsp sends everything you write to the grammarly servers. Duh! Of course it does. That doesn‘t sound good.

IMO, we should really have spellcheck and grammarly functionality baked into the OS.

Anyway just another tech configuration rabbit hole. With any luck, the spelling in my posts might improve a bit going forward. #

It‘s one thing after another today. It‘s rabbit hole day. Maybe that‘s why I was feeling down earlier. Maybe I subconsciously already knew it was another rabbit hole day. Just discovered the space bar on the laptop sometimes squeaks when I tap it. Fuck. Rabbit hole days suck. #

I hadn‘t noticed before but PM‘s Question Time seems like it‘s modelled after a marriage counciling session. Everything is Mr Speaker this and Mr Speaker that. Perhaps that‘s the only way of doing it. The other way of looking at it, is that it‘s two small siblings having an argument. Do any other nations have a PM question time type setup? It‘s quite a weird public dynamic to force your politicians into. And maybe a strange thing to make the nation watch. Then again perhaps it‘s a good thing. #

More AI developer tools weirdness. Yesterday and the day before Gemini had absolutely no problems whatsoever seeing / remembering our previous chats, and it also had no problems reading files online. In fact I had it do both of those things many times in our chats. Today it‘s telling me that it can‘t do either.

It‘s actually stranger though, because today I got it to read my blog, but it said the latest post was the one called "Vibe War Games", which was a post from several days ago. #

Today’s links:

2025/06/17 #

I‘m really curious and kind of excited to see how well Gemini can build the API specification we put together yesterday. Feels just the same as when you are excited to build a new feature when you aren‘t using a GPT as a coding assistant. #

This API auth project lives!

Well I was, I think, quite successfull in my little API authenication app building project. At least I think so. I‘ve tested most of the features and they seem to work, so I guess it‘s a success. Yey!

It did take a bit longer than I expeced. I was sort of expecting it to be plain sailing after yesterday‘s specification writing, and to a certain extent it was. But there were issues. A lot of issues. On the other hand there were reaally a lot of things that weren‘t issues. I mean it‘s staggering how many impossibly difficult things Gemini did get right. The overall structure was great, it made sense, covered all the features. When you went into the details though, there were lots of small niggly things that needed fixing. Which we did, and that worked out great.

Rather than go through and tackle every issue one at a time, I went through the whole thing and took lots of notes, so I could batch like changes together, get the low hanging fruit first so to speak. Gemini was all too happy to make the changes I wanted, and we actually found a few extra things together. There were even a few things where I hadn‘t fully understood what Gemini was doing and Gem politely explained the reasoning and convinced me to go with the suggested approach. All was going I would say extremely well, until that is I decided to move some code around.

You see up until this point, the code was essentially all in one file. And I had noticed that the major sections in the code appeared to follow the specifiction document, it had taken some of the bullet points right out of the document and used them as comments. I though, incorrectly it turns out, that that was a good idea. It‘s kind of a demo project so having an obvious correspondence between the code and the specification would be pretty cool. I was kind of suprised, because there was no way I'd be able to do that, but maybe a powerfull AI can do that sort of thing super easy. Well nope, it turns out it can‘t.

I asked it to cleanup and re-arrange some of the comments and it duely obliged, and since all the code modifications up until that point had been great, I thought nothing of it. I was very impressed. But secretly Gemini was having issues re-arranging the code, and instead of saying, hey actually that idea about keeping a correspondence between the code and the spec is a terrible idea, it just started moving parts of the code, getting confused, and just duplicating pieces, quite large pieces infact, but it would just act like it had done the right thing. I didn‘t notice until it had been happening for quite a while.

At this point I had to intervene, and started editing the file myself directly in Gemini‘s code canvas, getting rid of duplicates. I also discoverd at this point that the code was completely litered with comments that said things like "<-- Just updated that thing you said here", so I deleted all that. Took quite a while but then I realised that Gem was merily, and quietly, undoing all the changes I had been doing. When I asked it told me that since I had made changes without telling it about them that it hadn‘t realised and they were just getting over written by the previous version. Pretty good excuse, though there were definitely some of my changes that did make it into the code, so not sure what‘s going on there.

Anyway we eventually got it all sorted, and after quite few hours, most of the day in fact, I got it running in my IDE. Still got to test a few of the features, but it does look kind of cool. I have essentially got a minimal example of an API that implements all the major authentication and authorization methods that popular websites of the day currently use. It took about a day and a half, much faster than it would have taken we without AI. No question about that. It‘s still not production ready, no tests for example, and data is stored in memory rather than a database. But it‘s really quite impressive. And the code is very good quality code. I even learnt a few new techniques I wasn‘t aware of.

I‘ll likely spend a bit more time on it tomorrow, testing it manually, and making it a bit more robust, then I‘m probably going to try and re-write it, with Gem‘s help of course, in Typescript. So that should be interesting. #

Today’s links:

2025/06/16 #

I just created an OAuth 2.0 API server and another example server that consumes the API. I was able to get it all working in a couple of hours with the help of Claude and Gemini. It wasn‘t totally straight forward, but definitely sped things up overall. #

Coding an OAuth 2.0 server with Claude and Gemini

This morning I have been working with both Claude and Gemini to create an example API server that implements OAuth 2.0. I've read a lot about OAuth over the years, used it quite often as a user authorising various webapps, but I had never coded an app that used it.

It‘s basically the typical way website integrations are delivered these days. Let‘s say you have a popular website and you want to give your users a way to get access to their data from other websites, that‘s when you would add OAuth to your API.

Once your API is available via OAuth, other websites have a way to send their users to you, so said users can give you authorisation for the other website to programatically interact with your website on behalf of the user via the API. First the developers of these other websites, would generate a client-id and client-secret on your website, which they store in their app. They then have to implement a few things in their website to enable the OAuth authorisation flow, which is the thing where the user gets sent to you to authorise and you then send them back.

That‘s basically what happens when you add Twitter or Github to a web app you are using. Typically you get taken to the website that needs your authorisation, i.e. Twitter or Github, where you get told what access you are granting, then after you authorise the app, you are then able to use the integration in the web app you are using.

I found it really useful to set an OAuth sever up because there are so many moving parts it becomes difficult to reason about. I‘m always getting OAuth confused with regular API access, like when you want to write a script that consumes data from a website you use. In that case you just need the API credentials, no need to go through the whole OAuth dance, because as a script writer, you are in effect the equivalent of the website developer. Your script doesn‘t have users that need to authorise access. OAuth is really just for integrations that are done via a website. For integrations that are command line tools talking to an API, you typically just copy and paste credentials rather than do authorisation via a website. Based on how difficult this blog post has been to write, I clearly still find it difficult to disambiguate between these different types of API use.

Having said that, and after further research, it turns out you can actually use OAuth in CLI apps too. There‘s a neat authentication flow where your CLI app can send a user to a 3rd party website to authorise API access, and they then get redirected back to the CLI app via a hidden local webserver that the CLI app runs temporarily in the background. And actually there are a few other ways to authenticate on APIs, it does get a bit involved. The point is that when you are trying to move an API from a hobbie project to something production ready it‘s complicated and not the easiest code to write and write well.

With all this in mind, I was quite impressed how quickly I was able to get this little OAuth API demo project working with the help of the GPTs, but it wasn‘t without issues. I had to bail on Claude at one point and get Gemini to help me finish what we had done, because Claude kept running out of output size and kept being cut off, so I was only getting half written scripts. And then since it doesn‘t remember conversations, I ended up having to paste the half written script into the chat, and it would go off again and run out of output and give me another 1/2 written script with even more errors, that it had already added. Gemini was able to take what Claude did, and wasn‘t running out of output.

However it was doing all sorts of other strange things that you wouldn‘t expect from someone that knows how to code. It‘s like working with someone that is very clever, but has very poor eyesight, because it‘s constantly not seing or ignoring things that already exist and trying to code up with it‘s own version of things, so you end up with duplicate or nearly the same objects in your code, or you find yourself going down a totally bogus avenue and waste a whole load of time. It‘s very annoying, but could also leave you in a bad situation if you aren‘t paying attention.

It does make me wonder whether this will be a strange emergent behaviour, where developers with less resources build their app knowing that their users will paste the not quite completed results into another bigger and more well funded GPT. In a strange way, since I'm having to finish off the work for the GPTs each time, I am in fact the bigger GPT, but I'm also using these GPTs that don‘t quite finish the job. There‘s some weird dilema / dysfunctional human dynamic somewhere in all this, the big fish feeding off of the small fish, yet never giving attribution, and always complaining, something like that, which I really would rather not have to think about right now. Feel free to link to any of my posts. I at least do link to the little fish, and a lot of the big ones, when I can.

IMO, you would have no chance whatsoever in getting a complex project working using GPTs if you weren‘t able to code. At least not with THESE GPTs.

Some of the chats from today‘s exploration: Claude try 1, Claude try 2, Claude try 3, Claude try 4, Claude try 5, Gemini fixes things....eventually

I guess in summary, be careful using these GPTs, don't get led down a ruinous path, and if you are trying to understand OAuth 2.0, try checking out these two repos. I can‘t guaranty that there aren‘t any bugs, but I did get both apps running and working together. You might want to read up a bit on the OAuth flow. I just did a quick google search and found this article. There are probably better ones.

The final code:

I wonder if physicists that spend all their time studying the very small quantum world get on well with those that study the very very big, like solar systems and galaxies. You would think that those who study the very small things would somehow have internalised at an unconscious level that they are absolutely enormous, like giants that can get away with anything, and that those who study very large things are minuscule, insignificant and on some level not worthy. One would think that it would lead to a lot of tension, miscommunication and misunderstandings. I wonder if the universe has to somehow balance it all out. But of course at infinity things get very strange, and distance turns into time, and time into distance, and everything gets rather unbearable. On the other hand perhaps any publicity is good publicity? I‘m not super bothered, just wish it was a little (or a lot) easier to pay the bloody bills. #

How much should you share online?

Following on from earlier‘s rapid API development project, I‘ve spent most of this afternoon and this evening working on a much more ambitious API minimal app. I am really very impressed by the GPTs. API authentication and authorisation is a very complex topic, but Gemini knows a lot about it, and the chat interface is a great way to work on specifications. We were able to outline a very robust system that implements all the major ways you would think of presenting an API using the latest technologies and security best practices.

It‘s the sort of work that would typically take you several days of reading odds and ends everywhere, and eventually after much graft, manage to put something together. With Gemini I was able to do it bit by bit, having side conversations on every topic that needed clarifying, right then and there, and Gemini would update the working specification document. Next thing will be to try and get it to build the app. You definitely need to know a lot for this to be useful. I‘m not sure I would have made so much progress today had I not already spent years doing requirements gathering as a solutions architect, and also having built my own Saas. I already have a lot of experience implementing these type of systems.

One of the things it brings up is how much of this type of work should you share online?

I have already shared quite a bit writing today‘s blog post, and generally I have over the years been quite generous with my contributions, it‘s something that I have in the past always been a proponent of doing.

But the amount of forward motion you could give to somebody using these tools is so much more than before, that you have to wonder at what point might it become self defeating. With AI and the right way to prompt the GPTs it‘s not an exageration to say that somebody with hardly any knowledge could theorectically accomplish what somebody else spent an entire lifetime learning, in just a few hours. And even then the person that shared would probably still be called selfish by those that try to convince you that the things you do have no value.

Anyway, it‘s a strange new world. Hopefully we will find humane ways to make it worthwhile for people to share, because that‘s the only way we will continue to grow as a species. #

Older posts: check out the archives.

For enquiries about my consulting, development, training and writing services, aswell as sponsorship opportunities contact me directly via email. More details about me here.