Companies attacking security researchers always goes so well for them.

Meh. I’ll be impressed when it plays Aria Math.

(j/k, this is awesome, I love it)

Everything works fine. It’s super handy having such fine control over my router.

OpenWRT.

Australians soon engaging in wider spread adoption of VPN and tor usage.

Yeah! Postgres is great!

• Mutters something under his breath about MariaDB.

My experience working with a vibe coder hired by one of our clients is actually that’s it great for MAXIMUM VP, as in a viable product made up of just under 40k lines of typescript, plus 90+ Node libraries for an app that amounts to a login page, a Square payment gateway and a user settings page (it’s seriously just a signup page for a coastguard and weather alerts service that the rest of our team built in Python and Rust). It crashes if it can’t talk to a database server that hosts no actual databases. It crashes if it doesn’t have the Square API secrets as envars, but the LLM also hard coded them into the API calls. It actually crashes if you try to run it any way other than “npm run dev” (so I srsly set up a service that runs it as npm run dev, as the ubuntu user).

We would have gone extinct before we discovered fire.

Please don’t promote Red Cap politics disguised as software.

Even if they did, you can run VPNs over https, or make Tor disguise itself as other kinds of web traffic.

I’m working with some Rust right now that is 100% a big mess…

It’s consistently either the Rust or the Docker components that fail to build. In fairness, it’s a VERY big and complex application.

At a guess, the Venn diagram of people who would happily regularly pay for apps and people who have heard of flathub is teeny tiny.

Qubes or gtfo (troll answer, don’t listen to me)

Why would it be a bad idea?

That reputation has entirely been created by the media frenzy over busting the worst kinds of criminals.

Oh they’re all using the same technology? Yeah of course they are, because that’s the technology that works the best. It has so many fucking use cases.

Funny that the media frenzy is hitting a fever pitch just as we most desperately need powerful tools for opposing fascism. Almost like that’s not really a coincidence.

What we’re seeing in US states with these kinds of stupid laws, is massive increases in traffic to porn sites based overseas that have no obligation to follow the age verification law, and the state has no mechanism to compel them to do so. So all they’re doing is hurting American companies AND increasing the probability that residents of their state (including teens) will visit sketchy ass sites with sketchy ass content, sketchy ass viruses and the ability to chat with sketchy ass creepballs.

We’ve also seen massive increases in VPN and Tor usage, as well as a massive increase in searches for information about VPN technology. I actually consider that a huge positive. Knock yourselves out Republicans.

Of course, these laws aren’t about effectively accomplishing anything other than virtue signaling to Christofacists. At least in the US. IDK what’s going on in the UK.

I’m working with a team where my business partner and I are external consultants, but they also have internal developers (who are mostly very junior and need hand holding with things like using git).

Anyway, the CEO (without talking to us first) hired a pure vibe coder with no software engineering experience to build the user interface. Super nice guy, super easy to work worth, super eager to learn but OH MY GOD THIS CODE.

A lot of my work is / has been in cybersecurity (mostly for the space industry / NASA adjacent projects, but also less recently for start ups and fortune 500 companies). This app is the worst I’ve ever seen. The AI writes things SO weirdly. 30k lines of typescript to do something we could have done in 6k. Reams of dead code. Procedural code to do repeatable tasks instead of functions / classes (10 different ways of doing the same thing). API keys / data base credentials committed to git. API Keys stored in .env but then ALSO just hardcoded into the actual API calls.

AND no. At the end of the day, it wasn’t cheaper or faster than it would have been to hire us to do it right. And the tech debt now accumulated to secure / maintain this thing? Security is a long term requirement, we’re bringing a buddy of mine in to pentest this thing next week, I expect him to find like 10-12 critical vulns. Wow.

tl;dr: If a project requires security, stability, auditability, or the need to quickly understand how something works / why something happens, DON’T vibe code it. You won’t save money OR time in the long run. If you’re project DOESN’T need any of those things (and never will), then by all means I guess, knock yourself out.

Driving wider adoption of alternative social media and privacy tools.

Although I expect them to try to come for us and our tools at some point.

Saved me a click.

I feel like there’s probably a way I could do the same thing without Comcrap as a middleman. Anyone written libraries for doing this kind of thing with an open wrt box and a bunch of Linux machines?