upvote

points

by fc417fc80218 hours ago |
comments
upvoteby matheusmoreira50 minutes ago|
next
[-]
It's hard to think long term when your salary depends on short term thinking. I keep seeing horrifying comments from all sorts of people saying they'd be fired if they stopped using AI to bang out ridiculous amounts of code at lightning speed.
reply
upvoteby tokioyoyo17 hours ago|
prev|
next
[-]
> “high profile developer supply chain compromises”

And nothing big has happened despite all the risks and problems that came up with it. People keep chasing speed and convenience, because most things don’t even last long enough to ever see a problem.

reply
upvoteby fc417fc80213 hours ago|
parent|
[-]
I've yet to be saved by an airbag or seatbelt. Is that justification to stop using them? How near a miss must we have (and how many) before you would feel that certain practices surrounding dependencies are inadvisable?

A number of these supply chain compromises had incredibly high stakes and were seemingly only noticed before paying off by lucky coincidence.

reply
upvoteby tokioyoyo13 hours ago|
parent|
next
[-]
> How near a miss must we have (and how many)

The fun part is, there have been a lot of non-misses! Like a lot! A ton of data have been exfiltrated, a lot of attacks, and etc. In the end... it just didn't matter.

Your analogy isn't really apt either. My argument is closer to "given in the past decade+, nothing of worth has been harmed, should we require airbags and seatbelts for everything?". Obviously in some extreme mission critical systems you should be much smarter. But in 99% cases it doesn't matter.

reply
upvoteby hiq9 hours ago|
parent|
prev|
[-]
> I've yet to be saved by an airbag or seatbelt. Is that justification to stop using them?

By now, getting a car without airbags would probably be more costly if possible, and the seatbelt takes 2s every time you're in a car, which is not nothing but is still very little. In comparison, analyzing all the dependencies of a software project, vetting them individually or having less of them can require days of efforts with a huge cost.

We all want as much security as possible until there's an actual cost to be paid, it's a tradeoff like everything else.

reply
upvoteby franktankbank8 hours ago|
parent|
[-]
The funniest part is that it always gets traded off, everytime. Talking about tradeoffs you'd think sometimes you'd keep it sometimes you'd let it go, but no, its every goddamn time cut it.
reply
upvoteby totallymike16 hours ago|
prev|
next
[-]
“Objectively smarter” is the last descriptor I’d apply to software developers
reply
upvoteby fc417fc80215 hours ago|
parent|
[-]
My intent was to cast a very wide net there that covers more or less all expert knowledge workers. Zingers aside software developers as a group are well above the societal mean in many respects.
reply
upvoteby culopatin17 hours ago|
prev|
next
[-]
If anything I feel more in control of these agents than the millions of LOC npm or pip pull in to just show me a hello world
reply
upvoteby Sindisil8 hours ago|
parent|
[-]
The load bearing word being "feel".
reply
upvoteby vkou15 hours ago|
prev|
[-]
Objectively smart people wouldn't be working so hard at making themselves obsolete.
reply