The online whiteboard of Kristofer Palmvik
If you haven’t been paying attention to what’s going on with Stable Diffusion, you really should be. Stable Diffusion is a new "text-to-image diffusion model" that was released to the public by Stability.ai six days ago, on August 22nd.
I know how to beat XSS, and SQL injection, and so many other exploits. I have no idea how to reliably beat prompt injection! As a security-minded engineer this really bothers me. I’m excited about the potential of building cool things against large language models. But I want to be confident that I can secure them before I commit to shipping any software that uses this technology.
We could think of that category as things I’ve found. That’s the purpose of my link blog: it’s an ongoing log of things I’ve found—effectively a combination of public bookmarks and my own thoughts and commentary on why those things are interesting.
Watching OpenAI’s new o3 model guess where a photo was taken is one of those moments where decades of science fiction suddenly come to life. It’s a cross between the Enhance Button and Omniscient Database TV Tropes.
I’ve mainly explored full GPT-5. My verdict: it’s just good at stuff. It doesn’t feel like a dramatic leap ahead from other LLMs but it exudes competence—it rarely messes up, and frequently impresses me. I’ve found it to be a very sensible default for everything that I want to do. At no point have I found myself wanting to re-run a prompt against a different model to try and get a better result.
Andrej could not have stated this more clearly: vibe coding is when you forget that the code even exists, as a fun way to build throwaway projects. It’s not the same thing as using LLM tools as part of your process for responsibly building production code.
I’ve started using the term HTML tools to refer to HTML applications that I’ve been building which combine HTML, JavaScript, and CSS in a single file and use them to provide useful functionality. I have built over 150 of these in the past two years, almost all of them written by LLMs.
A computer can never be held accountable. That’s your job as the human in the loop. Almost anyone can prompt an LLM to generate a thousand-line patch and submit it for code review. That’s no longer valuable. What’s valuable is contributing code that is proven to work.
tldraw, the outstanding collaborative drawing library, are moving their test suite to a private repository - apparently in response to Cloudflare's project to port Next.js to use Vite in a week using AI. They also filed a joke issue, now closed to Translate source code to Traditional Chinese.