Do you want a CVE?
Uncategorized
17
Posts
13
Posters
0
Views
-
Do you want a CVE? Because this is how you get a CVE.
@atoponce I am again reminded that the best thing we can do is figure out what devices, services, and apps these "fuck quality, full speed ahead!" choads are using and surface every single bit of their data publicly.
-
Do you want a CVE? Because this is how you get a CVE.
@atoponce
this is DEFINITELY how you get a CVE -
Do you want a CVE? Because this is how you get a CVE.
First of all, it's a _quarter century_ since we left the 90s and the Internet boom, and these money-grubbers are still stuck on chasing the high of that era's first-to-market success stories. Stop it. It doesn't work like that any more.
Secondly, while there's truth in the adage that "perfect is the enemy of good enough", do you know what's also an enemy of good enough? Sloppy work and bullshit.
-
Do you want a CVE? Because this is how you get a CVE.
@atoponce I love how people just forget that keeping a service running is as/more important that writing new feature.
Anyone who comes upw with the opinion apparent has never worked in a operations role.
-
Do you want a CVE? Because this is how you get a CVE.
@atoponce I get CVEs without AI, despite my best efforts.
If you create new code, some proportion of it will have security problems, even purely manually. What's the point of pretending only AI causes CVEs, it's obviously false.
We manage our manual failures by static analysis and fuzzing to try to find the flaws first. That will also work with flaws introduced by AI, right?
Services like Jules are becoming workable. I'm afraid we are all going to have to adapt to that.
-
@atoponce I get CVEs without AI, despite my best efforts.
If you create new code, some proportion of it will have security problems, even purely manually. What's the point of pretending only AI causes CVEs, it's obviously false.
We manage our manual failures by static analysis and fuzzing to try to find the flaws first. That will also work with flaws introduced by AI, right?
Services like Jules are becoming workable. I'm afraid we are all going to have to adapt to that.
@hopeless No one is assuming only AI slop creates CVEs, including OP in the screenshot. Slop is slop, AI or human.
OP is being disingenuous. He's defining slop as AI or human generated, while comparing it to perfect code instead of quality code. I'm not aware of any company with "perfection assurance" departments.
But "release early, release often" is exactly the mindset that produces CVEs and technical debt.
-
undefined oblomov@sociale.network shared this topic on
-
@atoponce It's just amazing (and really disappointing) that so many people so quickly gave up thinking (critical or otherwise) the moment LLM slop generators hit the market.
Smart people went all in on outsourcing their brain cells to... this.
-
@odoruhako Your company shipping AI slop will be solving production issues while your competitors focusing on quality will maintain high availability and reliability.
Rushing to ship code might work in the short term, but it will burn you in the long term as you accumulate technical debt by ignoring quality.
Good luck with that.
The point for some people is to sell the company before the technical debt comes due.
-
-
@f4grx @phl @atoponce this is the truth in my opinion. There is a portion of people who enjoy it, and they tend to be good at it. It's just that by the 90's we were running out of people who enjoyed it, but coders (in the original sense, as opposed to programmers) were still needed. Hence, code camps, etc.
The llm craze is just a continuation of this. But now you have the drawback that none of the people doing grunt coding will have the opportunity to discover actual programming, meaning we'll have a severe lack of senior developers soon enough.
-
@atoponce
this is DEFINITELY how you get a CVE
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@countablenewt sure. We don't get to choose our traffic light software at every intersection. Sometimes you have to live with what's preinstalled.
-
@evan My "Yes, but" was in cases of things like tax preparation software
There shouldn't be competition there, it should just be a free piece of software from the government
Not Rocket and Block constantly trying to fight the battle of "how expensive can we make it to file your taxes"
-
@virtuous_sloth well, I guess it could come down to relative importance. Choice of software is not important compared to having water, air, food, shelter.
-
@TGioiellieri @spettacoli quando uscì "La vita di Adele" pensavo avrebbe avuto una carriera da Valeria Marini francese. E invece sta infilando una serie di film da paura. E questo è un miracolo che sia arrivato in Italia: ha dovuto incassare un sacco in Francia perché lo distribuissero un anno dopo
-
So, I'd say Yes, but. It's important, but I can imagine cases where I could live with a lack of choice.
-
However, I can see the point of some low-level, infrastructural software to have a small number of implementations, even one.
Especially if the software is free and open source and the project has high multipolar participation.
It might be better for the community to put bug fixing and security effort into a single project rather than spreading it across multiple projects.
-
Interesting results! I think choice is really important.
-
@fucinafibonacci @spettacoli Grazie, non lo conoscevo, l' ho cercato, l' ho trovato in streaming free e l' ho salvato. Non vedo l' ora di guardarlo. Adele diva assoluta
