No matter how well reasoned, allegedly fit for purpose or how much something pretends to be it, we shouldn’t be trusting those promises, especially not from people we don’t know. That does not end well neither for the free candy van nor for cybersecurity. Trust like that has been responsible for a lot of attacks over varying vectors and for projects going wrong.
On the other hand, detrimental reliance is a tort and if someone is relying on an app for a specific safety function, the app could be civilly liable if it fails it’s function in some way.
Yes, if the app would be any kind of official tool.
Imagine if you had this attitude about an insulin use tracker/calculator, that sometimes gave wildly wrong insulin dose numbers.
Yes, and that’s why regulations for those kinds of things exist, that prevent those things. There is no regulation for the ice tracker.
Maybe down the road, it’s decided that aiding and abetting ICE is a crime, and providing misinformation intentionally or unintentionally is a criminal act. App developer dude could be criminally liable if he knew or ought to have known he had vulnerabilities. You know, in your New Nuremberg trials that you are going to get sometime in the next decade or so.
If down the road a regulation would happen for, app developer dude would be forced to either comply or to stop operations.
So fucking what? He is not being paid in any kind, and anything he does on that project is volunteer work. If he was not able to do anything on that project due to regular work, vacation, personal issues, or the simple fact that he didn’t want to?
If you don’t pay for a service, you don’t get to decide what people do, deal with it
Honestly, apart from the report being potentially wrong, the researcher seems pretty entitled as well. Like good intentions and all that, but he’s given him a week to fix the issue, usual practice in responsible disclosure are 90 days. We’re not talking about a company here, it’s some single random dude providing the app.
This really sounds like some personal issue written down for public drama, while making himself ridiculous for not knowing his own shit properly.
https://github.com/undergroundwires/privacy.sexy/discussions/359
The setting toggle seems to be available since Android 12, but not all vendors seem to have implemented it. There are instructions in the linked GitHub issue that seem sane.
Youre jumping to conclusions. Bigger companies missed bigger problems in their reviews and QA. Why should they be wanting their cursorrules in there, and what kind of mental gymnastics is it to conclude that they are vibecoding based on that. You don’t need it committed, you don’t even need it to be in the project directory.
It’s definitely badly communicated and suspicious, I just called out jumping to extreme conclusions based on a suspicion alone. There probably will be people who are gonna review the code and see how much of it is probably LLM generated, and then we will know. I still think that it’s pretty much impossible to vibe code something on that scale, but I haven’t seen their cursorrules either.
Absolutely, I do them daily, what about you?
Just because they are using Cursor, it doesn’t mean that they are vibe coding. Anyone grabbing their pitchforks for that and screaming “they are vibecoding” only shows their own incompetence.
If they would be vibecoding, their whole software would’ve gone to shit long ago.
Just because some random people without an engineering background are using vibecoding to push their broken slop, it doesn’t mean that any kind of AI assisted coding is bad.
Unless there are those who need certain words for their jobs, I can kinda understand why Microsoft wouldn’t want emails from work addresses to go out with political agendas… for either side.
Sure. Then block both sides, and not only the one not bringing you money.
Work emails should just be about work. Too many people use their work emails like a personal email… with their banking, shopping, etc. That’s what personal email addresses are for.
No one uses their company email for their personal banking, simply for the reason because if you’d leave, you’d lose your access, and since most companies run behind firewalls, vpns, 2fa tokens and similar additional credentials, it’s simply harder to use.
This policy should go for many non-work related topics too. IT can unblock the words for certain users who need to use them for their job.
Of course, let’s waste resources to maintain idiotic blocklists that are out of date the moment they are rolled out, and additional resources to make the blocklist actually work. Palestine, p4lestine, pale s tine, p a l e s t i n e, paleztine. Need more?
You’re not at work for someone with this kind of unhinged mentality watching you working for 8 hours a day straight with no breaks and no distractions. You’re there to get your work done. In my current team, we’ve had the best ideas talking about our problems at the coffee machine. I personally focus best when I have music on. We’re doing sports together once a week on a company fitness incentive, which boosted our team dynamic massively. None of this would be possible in such a controlled environment.
“Googling a lot while coding” is not even remotely close to vibe coding, please don’t gaslight yourself into that.
When you read up on things, you know what you’re looking for. You read a potential solution (e.g. part of a documentation, an example, someone else’s solution, a solution to a similar problem), you think about it and transfer that to your own problem, with your own code, with your own thoughts.
Using AI support is totally fine too - it’s a smarter code completion, nothing more. It might spit out something wrong, something partial, something good. You might ignore it as with the regular completion. In the end, it’s still you thinking about it, modifying it until it works, and doing your thing.
“Vibe coding” is basically saying tech jesus take the wheel. And it might go well for someone who cannot code, who managed to create their small game or some website. It will go horribly wrong for any project handling user data, sensitive data, or something that needs to be maintained after. We’ve had more than enough examples of that.
The worst kind of shorts are the ones pretending to present serious content.
Of course you crammed all related parts about any current war into a maximum of 60 seconds or summarized the latest news.
Fuck you to anyone doing this.
Yeah, quote the LLM that’s proven to have been manipulated on several occasions by the muskrat, who’s done way more to polarize with his cult following of idiots like you, who keep posting shit like this. Fuck off.
Edit: random name, first and single comment, posts a grok quote. Yeah, tell me more about non-“organic crowd sourcing”.