jjordan
Born on January 11, 2011•1411 Karma
So what's missing is that keeping up-to-date with CVEs is important and some CVEs are Internet-nerd famous. Remember Heartbleed? Even some casual gamers I know had heard of it. And everyone who's mildly serious about sysadmin knows you want to defensively keep systems patched against important CVEs. The second layer of that, what the exploits actually are or do, is a second-layer term of art, one that one might miss the jargon for even if one has familiarity with the concepts.
To me, the fact that the page is obviously AI-assisted is way more upsetting than some guy not knowing what an acronym means. There's something about AI prose that is just so fucking tedious. It makes the mind glaze over.
I obviously do not expect someone who has merely heard of various CVEs before to know anything about the contents of those CVEs. The other poster said they had "read many CVEs", which I took to mean they have read many CVE disclosures, where the term is extremely common. Perhaps they meant that they've read about CVEs, in which case I can see why the term would not be on their radar.
Back in the day those of us breaking into shitty php sites didn't use LPE, we used "privesc", IIRC.
I guess I don't really understand what it buys you over just running vanilla VS Code and Codex.
You can do that with claude code, github copilot (built into vs code) and codex, in any of their IDE versions, plugins for other ides (jetbrains, vscode, anything else you care to name) and also, of course, the CLI versions of all of them. They're also integrated into github, jira, and everything else.
Seriously, try other tools! if only to get a more balanced perspective.
This all being said, its been a long time since I last tried cursor... I'll give it a go.
I have, right now, a tmux session with Codex on the bottom and Neovim on the top. It does what I was doing in Cursor just fine.
I am not really “anti Cursor”, I just genuinely am confused as to what it actually buys me over the setup I just described.
* Perhaps could be solved with the right terminal software, but I like the GUI for seeing my running agents and viewing all my conversations
* Works with multiple model providers in the same tool. I probably worry about cost optimization more than my employer would care for me to, but I frequently switch between openai/anthropic and switch between model sizes to use the tool that I think can get the job done for the least money. Another thing I like is having a long conversation with an expensive model, then I can switch to 5.4-nano to cheaply extract some little piece of information or summary from the conversation. Really this is big being able to switch model providers throughout the months without having to change my interface.
* Good support for the various ways of providing context. Rules, AGENTs.MD/CLAUDE.md files (if you want it to automatically read those), skills. Good hook support.
* I think the agent diff review experience is pretty good, but maybe it works similarly when you hook the cli agents into an editor, IDK.
* The default shell sandbox behavior is quite good. Every shell command runs in some sort of sandbox so that read only commands work without approval. The model asks for more permissions when it tries to do something that needs more permissions like network access or writing outside of the workspace directory. I know Claude code has a similar feature you can use.
* Good fork / revert conversation to checkpoints, with the option of reverting the code or just reverting the conversation.
* Feels decent that I am an API customer through Cursor. I don't hit Claude limits. Cursor doesn't have an incentive to limit reasoning or token usage, although they do have an opposite incentive.
* They are reasonably responsive to bugs and feature requests through their forum.
* Works well with a lot of repos / folders added to your workspace. I probably should organize all my stuff under a single directory, but alas I have like 8 different folders added to my workspace and it handles this well. Perhaps Claude --add-dir support works fine too.
DOWNSIDES:
* They are not quickly adding the best open source models to Cursor. Like Kimi 2.6 or whatever. Possibly not incentivized to given their Composer models.
* Don't love the subagent support. I can define custom subagents although it is not easy to get models to use mine instead of the builtin ones. The builtin ones do not allow me to control what model they run, so they will always run something like composer-2-fast, which is a fine model for all I know, but I would like to control it. Also, I would like if you could optionally make the subagent experience more first class. Like browse all the subagents and continue conversations with them or switch their model etc, although that is probably tricky / weird.
When it comes to something like this, mom's advice is golden: "If you don't have anything nice to say, don't say anything."
As is THIS ENTIRE COMMENT THREAD.
And 10,000x other comment threads exactly like it, with you fools arguing back and forth for 300 pages about the subject.
What a complete waste of time and energy. Thanks, copyright law.
You don't acquire something like this, as a metrics company, who does cohort analysis and touchpoint tracking[0] simply to make a bit of ad revenue.
Nova is dead. No room left for optimism.