Not entirely sure, but my best guess is that the previous DevOps engineer was running a PostgreSQL 14 instance exposed to the internet with the password set to postgres. There's even an old CVE describing a remote code execution path for that kind of setup. Unfortunately, the PostgreSQL logs had been deleted, so I was never able to confirm it.
We have long passed the point where there is more AI generated content than authentic human content.
That will soonish spiral into uniformity and degradation (see the experiments where image generation is recursively trained on generated images).
The idea is good, but the proposal falls in the same trap.
The best case would be to issue whatever method is specified in the "method" attribute.
At the moment, it suggests to add support for PUT, PATCH, DELETE because that is the current bias in using REST. However html should be agnostic of the implementation behind the scenes and allow for any http method akin the http standard itself.
Is it a full blown browser with support for all capabilities (basically a web-view with no title bar?) or does also it attempt to block all fatigue-related bloat, ads, moving parts, auto-play videos,...?
It is all about the power of statistics and the un-humanly conceivable processing power we grant it.
I like the dream analogy framing as it avoids to personify an algorithm.
Though, the article may somewhat underrate the quality of the dream (aka code) we can get from AI. Trivial tasks have been trained so much that high fidelity output is frequent.
It is when your idea is genuine and novel that the divergence is most noticeable because there is less resemblance to mimick.
Indeed, this is ridiculous for a country that says no beer before 21. Arguing that children will learn to bypass the age restriction is equally founded as for alcohol.
This is the reason SBOM is an attempt to force documenting dependencies.
It will not solve everything but it helps.
Other than that, it is a reponse to one's laziness to import a full library to use only one method... it is part of my code review to always question the need for imports and (try to) weight the maintenance cost.
It's not so much about velocity or quality, both of which LLM do (or will) provide.
The real question is about accountability and liability.
When a major data leak is going to happen, who will they sue or fire ? That is the value engineers provide. They understand, confirm, and take ownership.
This is what I'm wondering too. We've signed a confidentiality agreement with all the big players (as I'm sure all other companies have done), which is supposed to ensure our data is both segregated and not used for training. I don't trust these companies not to do just that; their business is in taking what we have and training their models.
Yeah, I always wonder if they do some type of obfuscation and transformation on the private data and find a way to backdoor the info without technically using it directly.
Unique data like that is unlikely to have any impact on the learned/final weights after training. SGD, Adam and the other hillclimbing solvers abhor jagged edges from "novel" trade secrets and the like.
Unless it turns out everyone had the same secret genius idea (and it became a pattern to learn).
Ostensibly, due-diligence should not change. But people are lazy, just as they've always been around testing/QA/definition-of-done.
I'm not even certain that laziness gets them further along than it used to; I think it's that people have not had their overconfidence painfully corrected yet. Behaviors will re-align pretty fast when people realize that no, they're not going to get away with just pressing a button and saying everything is "good". That is happening right now.
Just having this discussion with someone about AI in healthcare and how issues are going to be handled.
If a nurse does something incorrectly, they can lose their license. Ensuring that nurse will never be a nurse again. There is a very clear path of accountability and very clear ways to mitigate it.
For instance, if a nurse is drunk and you recognize there is a pattern of people showing up drunk, you institute drug tests and breathalyzers and move on.
While we probably won't have LLM's autonomously performing procedures, they are 100% parsing documentation, reading lab results, making suggestions, etc. And right now, the burden has been placed squarely on the clinicians themselves. It'll feed them them the data, ask if they approve/agree, and then essentially wash their hands of accountability. Let's say an LLM starts incorrectly reading lab results, how is that fixed/remedied? A prompt update? Additional safeguards? Adjusting the temperature? Changing a model?
This is a far different type of engineering that still feels pretty new. Granted, I'm still an amateur in this space (I use Claude Code a decent bit), but it feels really opaque to me right.
This question has been easily answered by many companies.
You, the IC, the developer prompting the code extruder, are ultimately responsible for its outputted code and its behaviour.
You may feel pressured to push out thousands of lines of code a day. You may see those thousands of lines refactored several times over the lifespan of a merge request. You may be asked to do this continue this in the long term with all the mental fatigue that entails.
When it's too much for you to sustainably deal with and you turn to using LLMs to review the code, that will still, presumably, fall on you at the end of the day.
> When a major data leak is going to happen, who will they sue or fire ? That is the value engineers provide. They understand, confirm, and take ownership.
This goes for serious incidents, disasters, outages and security breaches.
If there was an investigation and the answer was "a piece of software was vibe coded with AI" why would anyone trust the software vendor after that?
EU companies are judged guilty of negligence because backups were not totally disconnected (even though distant site) and ransomware did destroy them.
So that is starting to dig deeper than a plain mistake. I guess we will soon-ish witness the first AI slop trial going on, this will be interesting to follow
I can understand the motivation for CLI-based clients, but the browser built-in network inspector overlaps a lot.
There is more to Oproxy with traffic shaping but would it be enough to convince ? Spawning a Docker is easy today but it would be less friction with a normal app imho.
reply