Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)T

thesmokingman

@ thesmokingman @programming.dev

Posts
1
Comments
332
Joined
2 yr. ago

  • Exit Sign

    Jump

  • My initial take on the sticker was the whole “fire exit git commit git push;” I do see this other perspective now

  • Exit Sign

    Jump

  • We’re just quitting without writing? Living very dangerously aren’t we?

  • REST my ass 💩

    Jump

  • It’s still just another type of ID so you can do lookups on it. Nothing would change. UUIDs are used all the time.

  • Subscription models like Xbox Game Pass are "not properly valuing" developers, says former Bethesda exec

    Jump

  • Pete Hines didn’t fucking properly value developers. I don’t buy this shit at fucking all. Mandatory crunch, shitty benefits, and terrible consumer practices were par for the course during his whole tenure. Since I don’t see him out on the union front donating all his fucking blood money this is just a different way of saying “Pete Hines and other executives aren’t making enough money off residuals from a subscription model.” Bethesda (and ZeniMax) was a shitty place to work that conned devs into getting fucked because Bethesda. He can fuck right off with this shit.

    Devs haven’t been properly valued in decades and subscription models are nothing new.

  • Kevin Barry, the founder and original developer of Nova Launcher has stopped working on Nova Launcher and the open sourcing efforts.

    Jump

  • Note that the linked article answers your FOSS question.

  • Where's the Shovelware? Why AI Coding Claims Don't Add Up

    Jump

  • Your response seems very enterprise-focused. I think you might be missing the kind of software development that happens before it becomes enterprise. All of these metrics are very reasonable for new products, startups, consulting, and hobby hackers. If code were moving 10X now, we should reasonably see 10X new growth. These numbers show we’re not.

    Arguably we should also see a 10X something in legacy and enterprise as well which is harder to measure. If we assume a 10X dev is producing 10X more code, we should expect 10X more bugs so we should also see a rise in QA positions. We’re not, so that’s a good indicator. We should also see a rise in product manager roles to handle teams that are suddenly producing 10X per member. We’re not, so that’s a good indicator. We should also see 10X new product deliveries from companies like Salesforce. We’re not, so that’s a good indicator.

    You completely missed the sections on how long these tools have been available. Your point about the internet would be valid if this article was written in, say, 2021 when Copilot and Tabnine were new and hot. It would also have maybe been valid in early 2023 when people were first spinning up workflows off ChatGPT and making 10X promises. It’s now years later and we’re not seeing any growth in any of those numbers as illustrated by the article.

  • U.S. Government Starts Pushing Economic Data Onto Blockchains as 'Proof of Concept'

    Jump
  • Removed Deleted

    Permanently Deleted

    Jump

  • If you really want to be creeped out, check out Flesh and Code. Not only will you feel incredibly uncomfortable, you’ll question who the fuck thought it was a good idea to release such an uncritical (as in lack of research and investigation not negative) of AI relationships.

  • Proton is vibe coding some of its apps.

    Jump

  • Advanced Persistent Threat. For example, we assume the Lazarus Group is responsible for several high profile attacks. We don’t have anything close to the evidence here for direct attribution; using that as a bar I’d say the Proton attribution is pretty strong. Since my callout was security-focused, I wanted to ground it in other security terms. Your point was completely spot on and it was a great reminder to me because sometimes I forget the basics.

    For folks that don’t know, there are a few bad things with the Proton response. First and foremost, you don’t rewrite main ever just from a development perspective. It usually causes more trouble than it’s worth unless you’re a team of one and no one else has ever touched your repo. From a security perspective, it’s very misleading to assume rewriting history can clear history from GitHub as I hope I’ve shown here. Additionally, anyone with a local copy of the repo from before the rewrite can use the reflog to access that history. While it won’t work for any new pulls post-rewrite, it’s still a risk for a large repo like this.

    The correct way to handle this or other sensitive information being added to a repo is to use remove the file in a merge and rotate any secrets exposed. Take the hit on the chin; security is just about reducing risk not removing it. I have cleaned up plenty of repos before. Tools like gitleaks can search your active tree as well as your history for exposed secrets. Delete, commit, own the failure. Proper ignore files, meticulous review, and automated checks also help reduce risk.

    Overall that’s why I think this is dumb. To me it would be a non-issue if a security-minded company had used security best practices to handle this.

  • Proton is vibe coding some of its apps.

    Jump

  • Absolutely fair! The other commits in that tree for the .cursor folder match existing contributors. This unchanged PR and this unchanged PR both contain the same structure. This tree comes from this unmerged, closed PR which also matches. This closed issue, commented on by maintainers, references this tree which corroborates the other unlinked commit tree. (Edit: I stopped because I got bored; see the other unchanged issues and PRs that show a rewrite of history)

    Attribution is never 100% especially when APTs are concerned. I am confident when I say there is way more evidence here showing the files officially exist and were officially part of the tree than many of the very confident yet unconfirmed APT attributions we actively rely on.

  • Proton is vibe coding some of its apps.

    Jump

  • I’m annoyed because I had to go find a tree that actually had the cursor files. If there’s a smoking gun, you gotta fucking link it when you call someone out.

    The irony of Proton attempting to remove it this way is that GitHub trees are permanently available. The only way to remove something once a link has been created is to delete the repo. I’d expect a security-minded company to understand that. To me that’s much more egg-on-face than vibe-coding secure applications. Neither is good; only one very explicitly highlights you don’t know shit about security.

  • lib.rs has a special surprise when you search "twitter"

    Jump

  • Everything on the internet is shaped by political views. I don’t understand this take at all. All of the internet projects started as defense projects run by people that believed information should be shared and were taken over to become surveillance institutions. The notion that someone should run a free website indexing all rust crates is itself greatly informed by the politics surrounding FOSS and open information. How you respond to the paradox of tolerance is deeply political. We just happen to fall of different sides of the issue so I have no qualms calling it out.

  • Nintendo-owned titles excluded from Japan’s biggest speedrunning event after organizers were told they had to apply for permission for each game

    Jump

  • The most shocking thing to me is that they’re going to feature Nintendo games in the future. I wouldn’t want to jump through all of those hoops just to possibly be rejected or have the content taken down arbitrarily in the future when Nintendo is feeling capricious. That’s a huge investment for very poor expected value.

  • Why you're going to see more swimming pools in strip malls

    Jump

  • The photo is AI.

  • It's time to boycott U.S. digital services! Here's a chart to help you do so:

    Jump

  • Coincidentally an American investment fund owns ~42% of the company and is the single largest stakeholder. Many would say that qualifies this as an American service.

  • Microsoft bans LibreOffice developer's account without warning, rejects appeal

    Jump

  • I didn’t realize Codeberg offered email services. When did that start?

  • "Source code file"

    Jump

  • I assume this is Poe’s Law in action. Elon historically doesn’t understand shit about tech so the commenter is just highlighting something that’s been GA for other tools for years.

  • Peasants

    Jump

  • The current thread is about AI slop, not DMS. You helped create the branch we’re on. You said “people on Lemmy can’t tell slop from useful info.” I said “this is AI slop because the sources don’t match,” assuming that I wouldn’t have to explain the hallucinations (fabrications is a bit better here) because that usually comes with slop. Since the current thread is about whether or not slop is meaningful, I have no idea what you added by saying “hey I attacked someone for not liking AI then attacked someone else for a refutation of the AI that I was white knighting.”

  • Peasants

    Jump

  • Given the sources don’t really back up the content, I think it’s safe to say this is slop. You should probably proof AI slop before you white knight it next time.