I get the issues with image generation and using text generation in scams etc. but as a professional coding tool (not just vibe coding slop) AI can be extremely helpful certain tasks, and this use case, where organizations just don’t have the resources to have a security expert pore through millions of lines of code for bugs, is a net positive.

I think this is a case of “don’t throw the baby out with the bathwater” we can absolutely still criticize the industry and specific companies for IP, societal, and environmental concerns but lets not turn away a win just because they’re causing harm elsewhere.

Bro, if I don’t have to sit there for a half hour banging out code to map structure A on to structure B, I won’t. I’ll let someone else write it and spend 5 minutes to check that the code is clean and it works

Vibe coding is you not reviewing what the model outputs. I read every line, often give feedback and tell the model about patterns I want to use.

I probably write like 60-70% of the code myself.

I disagree about better code. Claude has been pretty bad at understanding external context and deriving why you’re doing something from the implementation. This can result in wonky structure that you need to fix, or at the very least tell Claude to redo over and over untill it looks clean and organized.

Honestly, never been on a team that stuck to TDD. As you test your stuff, and understand whatever libraries and apis you’re calling you modify your implementation as you go.

For public facing methods, especially ones called by customers, having pre agreed upon tests matter more but usually that’s at the integration test and system test level. I usually use AI for unit testing and read what was written. Tests end up being a lot of writing harnesses and setting up mocks that you delegate to the model and if there’s gaps or incorrect requirements, you change them.

I would never let the agent define the code structure. It doesn’t understand business processes or what might need to be extended or we’re instead about.

I’ve been doing software for a while, I know how to review code. I don’t vibe code, I let the model implement boilerplate and mapping functions while I do other stuff, like manual testing or talking with product. If done correctly, you can incorporate generative models into your workflows without fully handing over all control.

There’s an anecdote that comes up in software about people working on missile software not caring about memory leaks because it’s going to explode anyway before that becomes an issue.

Who cares about bugs in your software if it’s a hobby project that’s going to blow up anyway.

Also, including Claude doesn’t inherently mean vibe coded, it can be for writing tests, small components, or debugging.

Hope it does well, but consider how hard it was to get people to move from WhatsApp to discord, getting them to use a niche federated option is going to be an uphill battle for any non-techie groups for a bit.

Forget DHS or other government agencies, these companies have been shown to be untrustworthy stewards of our data from regular hackers.

I get that discord is used to groom kids and there is a very real risk to allowing children to use it unsupervised, but that means kids devices are the ones that need to be locked down, not the rest of the world.

It’s more that it wasn’t disclosed when asked which was disqualifying.

Unknown could be anything. It could even be windows!

Why the F is a single contractor able to delete an entire DB without any kind of sign off by a manager for that operation, unless they were and to sign off for each other.

Imagine if a junior messed up the command? Every system I’ve worked on has had these controls mainly for the latter issue, by the former also shouldn’t have been possible.

An issue I’ve seen brought up in the open source community is that they have audits that look at the number of untriaged issues and time to resolve serious issues that their funding depends on.

I’m in software, but not open source, so it seems like they don’t have someone aligned with their team who they can sit down and say “either we need more resources, cut scope for new features, or accept quality / security issues coming up” to, its kind of this weird game of politics they end up needing to play to get any kind of funding for full time maintainers.

That’s the main reason they can’t just ignore issues that come up in their backlog, especially security ones.

Kind of, in this case its a vulnerability in a portion of code that you need to compile with special flags to even include in the library (ie its not in the default build, you need to rebuild it and opt-in) so its super low impact and just ends up giving the maintainers excessive paperwork.

Security vulnerabilities are different, especially when they also put a 90 day disclosure period in it which is more severe for a security exploit.

That disclosure bit, not in the article, is really what tipped this all over the edge. If it was just hey, here’s a bug then its really just flooding the backlog for the maintainers who need to triage that. Disclosures are often used so people are aware that they’re using libraries that the maintainer has refused to patch, but in this case its really just holding the maintainers hostage so they end up wasting their time going through irrelevant issues.

Also, many of these libraries get security audits to make sure they are actually triaging and working through their backlogs, so could lose actual funding they get.

Ideally, they would either use their supposedly capable and powerful AI code gen to just make a fix and send over a patch, or at least use LLMs on their own end to triage the issues and only send over the most sever X periodically.

Because its the only one that supports rendering the opening cutscene from a decades old lucas arts game.

From my non-physicist or mathematician reading of the article, it seems like it hinges on a specific computational theory of quantum gravity. I don’t believe we have an experimentally verified theory that connects quantum gravity to macroscopic gravity so it seems like the whole analysis hinges on that.

Not just the Bible. A lot of this extremist ideology comes from people who like to sound smart, but don’t know what they’re talking about.

Like the whole effective altruism movement, or even just the resurgence of eugenics with Musk and his whole birthing weirdness.

This is why humanities degrees are important. We’re putting people into leadership positions surrounded by others who also have never critically engaged with a book.

Not having a feasible business model tends to be bad for companies in general.

Calling 4chan the most hateful site on the Internet ignores the fact that xitter is a thing.

The kind of hateful rhetoric and grooming are not unique to 4chan, they happen on Facebook, discord, and roblox. 4chan has just been a minimally filtered representation of underground online cultures for decades now meaning it’s still just as much a font of creativity as it is a cesspool of internet refuse.