Believe it or not, straight to jail! Just kidding, great writeup. I know it's not groundbreaking, but does surprise me how many products don't bother with rate limiting controls.
i actually think a quick-fix was setting a rate limit. which sadly thwarted my brute-forcing, but did not actually fix the race condition itself. though it's a very fair "kid, stop it" response until they fixed the race condition.
Rate limiting is a stopgap, not a fix. I would have expected a transaction lock in Postgres (SELECT FOR UPDATE) to serialize the requests. Or a Redis mutex if they are worried about database contention.
Fascinating to see an outsized increase in "game" development compare to a year ago: https://news.ycombinator.com/item?id=43154065 (I'm sure someone could throw this into some llm analysis and prove it out, but a quick and dirty count of "game" between then two shows a 2x increase on roughly the same comment count).
I suspect has to do with having agentic coding assist for folks who would otherwise not have the means to develop a game, but now do.
Which makes me think: yes, llms can solve some of this, but still only some. It's more than a research tool, when you combine tools and agentic workflows. I don't see a reason it should slow down.
seconding this. I bought a SteamDeck OLED -- and it blows my mind more people havent heard about these. it's essentially a bad ass handheld laptop. yes it plays games great, but the OS side when you boot into desktop mode is quite capable - I spend more time on it than my home pc these days
TFA claims Cursor "obtains the majority of its compute from Anthropic — with AWS contributing a relatively small amount" and therefore only claims that for Cursor the AWS number indicates a "direction of travel" for compute costs. (Debatable whether it does indicate even that, ofc.)
reply