Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)T

thesmokingman

@ thesmokingman @programming.dev

Posts
1
Comments
347
Joined
3 yr. ago

  • Where's the Shovelware? Why AI Coding Claims Don't Add Up

    Jump

  • Your response seems very enterprise-focused. I think you might be missing the kind of software development that happens before it becomes enterprise. All of these metrics are very reasonable for new products, startups, consulting, and hobby hackers. If code were moving 10X now, we should reasonably see 10X new growth. These numbers show we’re not.

    Arguably we should also see a 10X something in legacy and enterprise as well which is harder to measure. If we assume a 10X dev is producing 10X more code, we should expect 10X more bugs so we should also see a rise in QA positions. We’re not, so that’s a good indicator. We should also see a rise in product manager roles to handle teams that are suddenly producing 10X per member. We’re not, so that’s a good indicator. We should also see 10X new product deliveries from companies like Salesforce. We’re not, so that’s a good indicator.

    You completely missed the sections on how long these tools have been available. Your point about the internet would be valid if this article was written in, say, 2021 when Copilot and Tabnine were new and hot. It would also have maybe been valid in early 2023 when people were first spinning up workflows off ChatGPT and making 10X promises. It’s now years later and we’re not seeing any growth in any of those numbers as illustrated by the article.

  • U.S. Government Starts Pushing Economic Data Onto Blockchains as 'Proof of Concept'

    Jump
  • Removed Deleted

    Permanently Deleted

    Jump

  • If you really want to be creeped out, check out Flesh and Code. Not only will you feel incredibly uncomfortable, you’ll question who the fuck thought it was a good idea to release such an uncritical (as in lack of research and investigation not negative) of AI relationships.

  • Proton is vibe coding some of its apps.

    Jump

  • Advanced Persistent Threat. For example, we assume the Lazarus Group is responsible for several high profile attacks. We don’t have anything close to the evidence here for direct attribution; using that as a bar I’d say the Proton attribution is pretty strong. Since my callout was security-focused, I wanted to ground it in other security terms. Your point was completely spot on and it was a great reminder to me because sometimes I forget the basics.

    For folks that don’t know, there are a few bad things with the Proton response. First and foremost, you don’t rewrite main ever just from a development perspective. It usually causes more trouble than it’s worth unless you’re a team of one and no one else has ever touched your repo. From a security perspective, it’s very misleading to assume rewriting history can clear history from GitHub as I hope I’ve shown here. Additionally, anyone with a local copy of the repo from before the rewrite can use the reflog to access that history. While it won’t work for any new pulls post-rewrite, it’s still a risk for a large repo like this.

    The correct way to handle this or other sensitive information being added to a repo is to use remove the file in a merge and rotate any secrets exposed. Take the hit on the chin; security is just about reducing risk not removing it. I have cleaned up plenty of repos before. Tools like gitleaks can search your active tree as well as your history for exposed secrets. Delete, commit, own the failure. Proper ignore files, meticulous review, and automated checks also help reduce risk.

    Overall that’s why I think this is dumb. To me it would be a non-issue if a security-minded company had used security best practices to handle this.

  • Proton is vibe coding some of its apps.

    Jump

  • Absolutely fair! The other commits in that tree for the .cursor folder match existing contributors. This unchanged PR and this unchanged PR both contain the same structure. This tree comes from this unmerged, closed PR which also matches. This closed issue, commented on by maintainers, references this tree which corroborates the other unlinked commit tree. (Edit: I stopped because I got bored; see the other unchanged issues and PRs that show a rewrite of history)

    Attribution is never 100% especially when APTs are concerned. I am confident when I say there is way more evidence here showing the files officially exist and were officially part of the tree than many of the very confident yet unconfirmed APT attributions we actively rely on.

  • Proton is vibe coding some of its apps.

    Jump

  • I’m annoyed because I had to go find a tree that actually had the cursor files. If there’s a smoking gun, you gotta fucking link it when you call someone out.

    The irony of Proton attempting to remove it this way is that GitHub trees are permanently available. The only way to remove something once a link has been created is to delete the repo. I’d expect a security-minded company to understand that. To me that’s much more egg-on-face than vibe-coding secure applications. Neither is good; only one very explicitly highlights you don’t know shit about security.

  • lib.rs has a special surprise when you search "twitter"

    Jump

  • Everything on the internet is shaped by political views. I don’t understand this take at all. All of the internet projects started as defense projects run by people that believed information should be shared and were taken over to become surveillance institutions. The notion that someone should run a free website indexing all rust crates is itself greatly informed by the politics surrounding FOSS and open information. How you respond to the paradox of tolerance is deeply political. We just happen to fall of different sides of the issue so I have no qualms calling it out.

  • Nintendo-owned titles excluded from Japan’s biggest speedrunning event after organizers were told they had to apply for permission for each game

    Jump

  • The most shocking thing to me is that they’re going to feature Nintendo games in the future. I wouldn’t want to jump through all of those hoops just to possibly be rejected or have the content taken down arbitrarily in the future when Nintendo is feeling capricious. That’s a huge investment for very poor expected value.

  • Why you're going to see more swimming pools in strip malls

    Jump

  • The photo is AI.

  • It's time to boycott U.S. digital services! Here's a chart to help you do so:

    Jump

  • Coincidentally an American investment fund owns ~42% of the company and is the single largest stakeholder. Many would say that qualifies this as an American service.

  • Microsoft bans LibreOffice developer's account without warning, rejects appeal

    Jump

  • I didn’t realize Codeberg offered email services. When did that start?

  • "Source code file"

    Jump

  • I assume this is Poe’s Law in action. Elon historically doesn’t understand shit about tech so the commenter is just highlighting something that’s been GA for other tools for years.

  • Peasants

    Jump

  • The current thread is about AI slop, not DMS. You helped create the branch we’re on. You said “people on Lemmy can’t tell slop from useful info.” I said “this is AI slop because the sources don’t match,” assuming that I wouldn’t have to explain the hallucinations (fabrications is a bit better here) because that usually comes with slop. Since the current thread is about whether or not slop is meaningful, I have no idea what you added by saying “hey I attacked someone for not liking AI then attacked someone else for a refutation of the AI that I was white knighting.”

  • Peasants

    Jump

  • Given the sources don’t really back up the content, I think it’s safe to say this is slop. You should probably proof AI slop before you white knight it next time.

  • The 'Stop Killing Games' initiative is close to its final deadline, and after that, its leader is understandably done: 'Either the frog hops out of the pot, or it's dead'

    Jump

  • Can you help me understand which political petitions meant to document real constituent desires don’t require doxxing yourself? I don’t believe I’ve ever participated in any citizens initiative that didn’t require personal information.

  • The 'Stop Killing Games' initiative is close to its final deadline, and after that, its leader is understandably done: 'Either the frog hops out of the pot, or it's dead'

    Jump

  • I don’t follow this argument. In this context, proprietary code is work product that has value to its owner. Often large swathes of said work product is reused across games so the theory is that releasing the work product means your competitors can make your work product. I do not understand how wrapping someone else’s work product in your own work product doesn’t require them to first release their work product.

    Note I don’t necessarily buy the company mindset on proprietary code; I explained here because I don’t understand where you’re coming from.

  • Anyone else not understand the hate for hydrogen peroxide?

    Jump

  • This isn’t recent. This has been an ongoing thing for at least 20 years (if not longer; that’s just the earliest I remember having this convo). Yes, it cleans the wound by killing things but it also fucks up the healthy tissue around the wound (see other comments for a more scientific explanation). Having some in a medical kit is useful for other activities such as diluting with water for an ear rinse, diluting with water for various mouth stuff (rinse not swallow), and some skin treatments (again, diluting first).

  • Deleted

    Permanently Deleted

    Jump

  • California is not Colorado nor is it federal. I don’t think you understand the things you’re saying since you don’t seem to grasp, as you put it, the regulations are “often state-specific.” You linked California, not Colorado, which this article is in reference to. Even in the beginning, you didn’t seem to grasp why regulation and some level of understanding about what people should or shouldn’t do is reasonable to have defined. Good luck!

  • Deleted

    Permanently Deleted

    Jump

  • In the US? I’m gonna need to see some statutes there bud. Last I checked there are no federal requirements and as far as I can tell there are only insurance requirements in Colorado at the moment.