Net-Negative Cursor

Summary

AI-assisted development is all the rage nowadays. I'm sceptical, but really want to give these tools a fair shot. But then I look at what these tools actually manage to do, and am disillusioned: these tools can be worse than useless, making us net-negative productive. Let's pick one of the best possible examples of AI-generated code changes. An example so good, that the Cursor Editor uses it to advertise on their front page. What Cursor thinks great code looks like Here's the homepage of the Cursor Editor website, at the time of writing: We can look at just the screenshot of the editor, using the Light Mode variant for legibility: sources The image shows a screenshot of the Cursor IDE, with a pending AI suggestion for a code change. The code is a function written in Rust for reading a length-delimited string from some binary protocol. Transcription of the code before the change: fn read_string(buf: &mut impl Read) -> Result<String, ProtocolError> { let len = buf.read_u16::<NetworkEndian>()?; let mut bytes = vec![0u8; len as usize]; buf.read_exact(&mut bytes)?; String::from_utf8(bytes) .map_err(|_| ProtocolError::InvalidUtf8) } The suggestion is accompanied by a pop-up that says: add validation for maximum string length and san… Transcription of the suggested code: fn read_string(buf: &mut impl Read) -> Result<String, ProtocolError> { const MAX_STRING_LENGTH: u16 = 65535; // Maximum length for a u16 let len = buf.read_u16::<NetworkEndian>()?; if len > MAX_STRING_LENGTH { return Err(ProtocolError::SerializationError); } let mut bytes = vec![0u8; len as usize]; buf.read_exact(&mut bytes)?; // Sanitize control characters let sanitized_bytes: Vec<u8> = bytes.into_iter() .filter(|&b| b >= 32 || b == 9 || b == 10 || b == 13) // Allow space, tab, newline, carriage return .collect(); String::from_utf8(sanitized_bytes) .map_err(|_| ProtocolError::InvalidUtf8) } This looks perfectly reasonable, but is deeply flawed: the length validation is completely useless the sanitization ...