Ha! Mine ran on 18.04 [0] and I migrated it a couple months ago. When I went to take a screenshot for bragging rights, I noticed two other servers 16.10 and 15.04
The applications run just fine, but I don't even know where to start. Apparently I coded them directly into the server, no dev machine!
I've always added analytics scripts on websites I worked on. It was second nature for me. Then when I got my own start up, I didn't just add regular analytics but one that tracks mouse movements so you can watch sessions back like a video [0].
I told a friend about my start up and she jumped on it immediately. I opened the tool and watched her interaction. Then I told her "oh so you opened the dev tools" She immediately ended the session. "How did you know? That's creepy". It was the first time I've actually felt like these tools invade privacy.
Yeah, we include it in our terms and condition and privacy page, but I don't think users truly grasp how those tools work. I understand that all analytics tools provide this feature now, but its always creepy to know someone can watch what you are doing.
I think there's a very interesting duality forming around privacy. It seems like most people don't really care if they're being filmed, or if their data is being slurped up six ways from Sunday, as long as it's aggregated and going through automated systems. But as soon as it feels like an actual person is looking at individual behavior, it's creepy (which is, of course, always a possibility, but plausible deniability is a powerful thing).
Yes. This is it. People are used to "private conversation in public restaurant". It's not private because no one can hear, but because no one is listening.
Right, the very nature of human society for the last several thousand years has been privacy in public. You walk around outside where everyone can see you, but the societal expectation is that you don't watch others. You have conversations in public because that's where life happens, but they're still private conversations.
Every counter-example to this is people being intentionally creepy, inappropriate, or outright malicious. Which was a manageable problem when it was just a single dude being weird, society would eventually exclude and shun them. Trouble is today that we've mechanised malicious inappropriate behavior at scale and ensured we've set up our entire society and government such that the people responsible can never be held accountable in any way. So long as you're being maliciously creepy at scale (and you're wealthy) everything's fine and there's no consequences.
> Every counter-example to this is people being intentionally creepy, inappropriate, or outright malicious
Or you just...overhear something in public and strike up a conversation. Doesn't happen here in North-East USA often but that southern hospitality is a different animal
I think creepiness manifests when the observation is one way. Without technology that’s kind of hard. With tech it becomes increasingly easy for everyday people to one-way spy on each other
How do you know what life was like 2000 years ago? I don't think you can truly know when this convention appeared. I suspect it's tied to urbanism at least. If you're living alone in the woods, miles from anywhere, and someone walks past your house, you're probably not going to politely ignore them.
The other side of this is that there are aspects of privacy that average people absolutely care about, but that the tech crowd largely ignores.
It's things like hiding your online activity from your partner / boss / parent / ex, making sure nobody knows you just went to a gay club, hiding the fact that you're playing video games from that one guy you don't actually want to play with, not giving out your phone number to the parents of your students, that sort of thing.
For most people, E2E and VPNs are useless gimmicks that just make life unnecessarily difficult, but vanishing messages and incognito mode are life-saving features.
> It seems like most people don't really care if they're being filmed, or if their data is being slurped up six ways from Sunday
For the majority of people I don’t think it’s true that they don’t care, but rather that they don’t know, don’t understand the implications, or don’t have the luxury of being able to do anything about it.
In the instances where I was able to have a longer discussion with someone to really explain what’s going on, they did care. Even if they previously said they didn’t.
People do know on some level though. There was enough willpower to get the cookie bullshit on every website.
I think it's just that it's more of a visceral lizard-brain thing than a logical thing. Like how you can go through life eating meat every day, then someone sits you down and tells you the horrors of that industry and shows you a cow being butchered, and you go oh that's horrible, and then most likely put it out of mind and continue eating meat.
the people doing the "analytics" (surveillance) like their privacy too, because they are doing creepy stuff and don't want people to know it. And even if they aren't doing creepy stuff, the data might be used that way in the future (profile building, psychological tricks, personalized pricing, sharing behavior with others, etc)
Yes - also it's one thing to say "A user entered the site, clicked here than here" (analyzed in bulk) and another "this specific guy entered the site, clicked here than here"
Which is wild because the aggregation and “big data” element is where the harm actually happens in very real terms. Of course, much harder to explain to typical laymen.
> we include it in our terms and condition and privacy page, but I don't think users truly grasp how those tools work
Since you did collect the metrics, you had direct knowledge of how many users opened the T&C and scrolled down to the place where you mention you're recording their session.
Would be interesting if you can share an aggregate statistic of that.
Everyone knows stores have security cameras. But if you called them up and said 'I saw you pick up the chips' they wouldnt have a good feeling.
Everyone understands websites use analytics and tracking, but people dont want to be reminded of it. Which is why people hate those FB ads which exactly match what you searched for 24 hours ago.
I'm surprised browsers don't warn users about every website that has listeners attached to keyboard/mouse events. It's totally fine for something like a game or an experiment website, but might not be something you expect from a blog or a news site.
> Yeah, we include it in our terms and condition and privacy page
Please be honest with yourself. People don't read terms and conditions. There's a good chance you don't read terms and conditions. And even if you do, odds are better than even that you don't fully understand all the legal implications.
Terms and conditions pages nowadays are there mostly to provide legal protection under the guise of "the user told us that they read these by ticking a box on our signup page; it's hardly our fault if they didn't."
I'm also of the opinion that at lot of T&C are basically signing under duress and I consider them invalid. Like if I have to sign a T&C with Google Play and a T&C with your city's sanctioned parking app in order to park on the street, I consider both of those T&C's invalid. As a legal resident of the country with a legally owned car and legal driving license, I should be able to park and pay, I shouldn't have to agree to anything else.
By reading this website, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
Especially clickthrough license for software on devices that you've already bought. You turn on your new phone and it shows 300 pages of legalese. You cannot use your new phone until you press 'I accept.' If you don't like it, return the phone. All the other phones have their own equivalent T&C.
As an example, most of Boston's public street parking meters use a collection of various parking apps. A large number have broken quarter slots and broken card readers but you're still expected to make payment via app or you can get towed.
This is also why I wish we could make anti-towing (anti-car-theft) devices that physically resist and fight the tow people to make their lives uncomfortable and miserable, because predatory jobs like that should just not exist. But any time I suggest this, 5000 people come out of the woods and say "pay your bill" and "don't park where you're not supposed to" whereas my point is really "you shouldn't have to accept a T&C in order to pay for parking" and "you should still have a right to park even if the cash/card reader is broken".
Look, I understand the hate against terms and conditions. They're not a lot of fun. But the alternative is worse. Let's imagine a world where terms and conditions don't apply;
Firstly, businesses can do whatever they like. There are no terms to agree to. They simply function in whatever way they "consider to be valid". If a customer disagrees with what is valid or not, hey, that's what courts are for. And given there's no agreement between business and customer, who's to say who is right?
The business can equally terminate you as a customer, with no notice, for no reason, at any time. They can delete all your data. They can spam your contact list. (Ok, they do all that already, but you know what I mean.)
Secondly, customers can do whatever they like. They payed their $9.95. They can do whatever they like. Sure, sharing logins is fine (if they "consider that valid".) They can abuse the system, scrape data out and resell it, anything goes. And of course the only recourse is back to the courts. Which is ultimately no recourse at all.
Even your analogy to parking breaks down. Should you have to prove legal residency to park? Should I be able to park a car on the street (unmoved) for a year? Should I be allowed to park next to a fire-hydrant? Can I park it in the middle of the road? Can my neighbor "reserve" his parking space using an orange cone? Clearly there's a lot more to parking a car than "I should be able to park".
T&C might not be fun, and you may not agree with them (hint: if you don't, then don't use the service) but they at least set out the business behavior that you can expect. Read them, don't read them, that's up to you. But don't complain that the fault is on them when they do something that are in the T&Cs.
And yes, I get they're one sided. customers never bother to submit their own T&C's so they're not fairly represented. Again, that's on you for using that service.
> customers never bother to submit their own T&C's so they're not fairly represented
You can't. Not a question of bother.
> if you don't, then don't use the service
The problem is that this is mostly not an option. The service doesn't have competition or competitors don't have better T&C. Sometimes, like in the original commenter's example, there is a legally enforced monopoly.
At least the government has to enforce certain rights when using government provided services.
Every single terms and conditions document is just legal boilerplate that boils down to "we can do whatever we want, while you can do nothing we don't want".
The problem with this line of thinking is that businesses don't expect you to read T&Cs.
This site itself is, funnily enough, a good example of this (and, to be fair, an outlier). When you sign up to an account here, you're not asked to agree to any terms. There's nothing that forces you to agree to any terms of service. The site does have them[0], but you can only access them by clicking the "Legal" link in the footer, and you're never required to do so. Yet people here are, by and large, behaving themselves, largely due to good moderation on the part of dang and others.
But if there were to be a lawsuit, for whatever reason, it's potentially possible that someone could successfully argue that they never had to agree to any terms. It's a technicality, of course - again, very few people read terms of service, and if they did, you'd think somebody would have noticed this omission by now - but an arguably legally actionable one.
Which leads me back to my point - the only reason that businesses make you agree to terms of service is because if they didn't, they could get lawsuits that might be found in favour of the plaintiff. Businesses don't want that, so they include the checkbox.
We really need to update all relevant laws to the same standard as GDPR's "informed consent" where hiding something in a wall of legalese doesn't cut it.
Ethical question: is there a huge difference between seeing the dev tools being opened in a re-created session replay AND simply storing an event with [dev_tools_opened at 1min 3s].
If you have only the event, you can basically re-create a playback of that action if you want.
Now, if you track all actions of interest, than that's basically almost the same as a full session recording.
We had a mandatory ChatGPT training course at work. You had to sign up in limited space classes. This is a large company, needless to say it was chaos to get a significant number of people to participate.
I got a spot. We were shown how to copy and paste data from excel and other data sources into the chat interface. We had sample data to work with, there was always someone in class who would say "mine didn't work." The developers in the room asked about codex, the instructor said she wasn't a developer.
We did get a certificate though. There was nothing they could teach that you couldn't learn by using the free version in your own time. Whatever they are doing with the Maltese government is just to increase the monthly active user count.
I’m now responsible for improving AI literacy in the organization I work.
But the people in charge just want the employees to just answer some questions so they can handover Claude or Chat GPT licenses so they can show people are using AI to improve productivity.
There are people who don’t know when to use AI and when not to use Ai and think they can just Claude their way through everything. I wanted to change that but when the whole idea is to just increase AI use I guess they don’t care about how AI is used.
I was on a quarter demo the other day and the project lead for ai innovation was talking about the things he's preparing for the company.
I will not address the things he pitched (as coming soon), as I'm a developer and (hopefully) not the target audience, but I was quiet surprised when they made a questioneer asking how many people use ai and how frequently. (The target demographic was middle management, product owners etc)
75% of people answering said they're using it daily and considered it an essential tool they need to work
Considering it was anonymous I was expecting lower numbers, honestly.
In the recent past, my department received an email from on high with a list of people who were yet to complete the "anonymous" survey.
I always assume my work-survey answers are traceable back to me, whether it's via self-doxxing with my answers, tracing links of the rootkit-level MDM software that can record my screen, but they pinky-promise to only use for remote assistance, in case I open a ticket with IT.
Talked to someone at a large company who had admin access to survey results (require to do some analytics). The survey was “anonymous” but results were geo-located, and had some information about the team they came from, which in many cases was enough to clearly identify people. There is a difference between “doesn’t have a persons name on it” anonymous and actually anonymized in a way hardened against figuring out who is who. I don’t think anyone really does the latter.
I've seen questions asking for my org, team size, role, and when I joined, and thought it would have saved me time had they asked for my employee number instead.
Most external survey providers claimed anonymity but in their T&Cs stated in a very roundabout way that they could provide some information to customers for quality purposes or something. Read “we’ll deanonymize some users if the paying customer wants it”. Internal survey tools are subject to internal management pressure.
Even when you use a tool like Microsoft Forms, where MS really can’t be bothered to deanonimize users unless 3 letter agencies get involved, it’s still possible to do timestamp matching between the proxy/VPN logs and the submission time.
Asume real anonymity only if the URL is the same for everyone and you can fill the survey from any computer on the internet.
But the explanation for why people overhype AI usage is probably simpler. They want to keep their license because it’s a nice perk. They’ll use it to get the gist of a long email thread without bothering the read the details, to get some meeting minutes without validating if that was actually what was said, to generate some crappy modern equivalent of wordart graphics for their presentations, and feel like the time saved to generate what most time is slop was worth it.
When I worked on this (outside of coding) it was a pain to find a use case that really benefited. These were all niche uses that fit an LLM like a glove. These rest was slop, I could see the usage reports, and the BS self reporting surveys. Everyone inflated the numbers and usage to justify keeping their license.
It's perfectly possible. Two tables, one stores answer responses only, the other just marks off who has responded. No link between them and you have anonymous data but can tell who hasn't responded.
Of course if you record created/updated timestamps on both, insert both records in the same order, accidently record the user code in the response data, take backups in between responses, have identifying questions or just don't have that many people responding it's easy/not hard to reverse engineer.
But it's quite possible to do right, I did it quite effectively almost by mistake years ago. Sent a customer survey out with generated codes as identifiers recorded with answers. Before sending reminder emails a script grabbed the codes, marked the customer as responded and wiped the code (so I could just get future responses where code was not null to mark next people off). Although I had timestamps the script meant customers were updated in blocks, there really wasn't any data to link them.
I know because the Boss was not happy he couldn't find out which customer had said what, and I had to point out all the communication (with customers and me) called it an anonymous survey, so why would I have saved them?
So it is possible, just not easy even if you intend it, and it's often not intentional...
If the participant has to trust the survey creator, then it is not anonymous. The survey creator can link the data.
If the survey creator has to trust the participant, the survey is anonymous. The participant can lie in the survey, lie about participating, or submit the survey multiple times.
Your example was not anonymous. But you did not break the participant's trust, thank you! (Or maybe you are lying.)
Anonymous example:
Sending a clean link to people to take the survey.
If not enough answers have been received, a reminder can be sent to all, with a clause, that says: "if you have already done it, you can ignore the reminder."
Never expect anonymous voting/quizz/whatever to be fully anonymous in big corporations, if its something about touchy topics and/or can affect employment/performance of given person results will be skewed. If metric becomes the target it ceases to be a good metric and all that.
It all rest on the shoulders of responsible manager(s) on how moral they are. Many are not.
It wasn't, and it was visibly updating while people were submitting their answers. I just rounded it as I don't remember the exact number at the time they closed the submission.
Could still be faked ofc, but I don't think they did.
> 75% of people answering said they're using it daily and considered it an essential tool they need to work
> (The target demographic was middle management, product owners etc)
This leaves a fairly wide set of options for what "essential" entails.
Do 75% of middle management and product owners actually need AI for their job? Seems unlikely.
Do 75% of middle management and product owners use AI to slop up emails, meeting "summaries", and reports? That's quite possible. Would they declare it to be an "essential tool"? One imagines they are not too fond of actually doing meaningful work.
It's quite easy to get high percentages like this when the AI is involved in make-work and the costs are low if not zero. The moment inference costs go up, most of this usage will evaporate.
The leaders who mandate AI have no understanding on how to actually use it for productivity. They use it like a Magic 8-Ball to confirm whatever ignorance they have and believe the hype that it can do anything.
They have always done this. These are the same managers who ask subordinates for reports that support their predetermined agendas, or higher level execs who hire consultants for the same purpose.
I agree with you, but also it’s not entirely unreasonable to just use AI (or any other tool) and let them figure out over time what are and aren’t good uses. This approach requires an ability to see past the next quarterly earnings report, which is a rare quality for a business, but it can be healthy. The long term result is likely to be a culture that is more AI literate than they would be if they had top down instruction. The optimal path is probably a bit of both, but if I had to pick a ditch it would be “trust my employees”.
The thing I have a real issue with, and which seems more common, is the belief that they can cut raises because AI will make them more productive. In that case, the best employees (read: those most capable of leveraging AI effectively) will leave to find better paying work and the remainder will be too busy with the additional workload to have time to figure out how to use AI to make themselves more efficient.
Not that there would be any ill effects from this, executives sit mostly in meetings, they don’t really do anything much besides that; maybe occasionally write a short email.
They also don’t have access to critical systems.
I’ve never gone through a paid training course that wasn’t a complete waste of time. It’s at the point where people at work know there isn’t even a point in offering these to me. “But why don’t you take the Terraform training?” Because I’m not going to waste my time with a 3-day course where it takes the first day to install and configure Terraform. I can install it on my computer in 5 minutes. I think people usually see these as a paid vacation, but I find them so insufferably boring I’d rather just work.
Yes! Forty years ago (c. 1985) members of our department of anesthesiology (University of Virginia Medical Center) were offered an optional two full day course on how to do our own MedLine searches so as not to have to put in a request to the biomedical librarian for same.
I jumped at the chance to not have to be in the OR from 7am-5pm doing the same old same old but instead relax and learn something useful.
Bad choice.
The instructor and material were deadeningly boring; I couldn't even begin to enter into the computer the right search request format and terms and as I sat there I was reminded of my days in elementary school watching the big round clock on the wall tick away the minutes until the final dismissal bell.
Because our chairman was in the class and had encouraged all of us tenure-track faculty to take the course, I couldn't bail after the first day but had to return for the second day.
Subsequently I continued using the biomedical librarian to request my searches (it took just a couple minutes to fill out the form) with excellent results.
Eh, if you are measuring social output and success (eg Emmy nominations), then no duh; there’s a lot of network effects and winner take all games. Also surely there’s some principle about when one end is capped (0) but the other end is not, this happens.
My saddest interaction recently was with a friend with a 1st class degree in computing and several years experience in software engineering in many prestigious companies.
I asked if he had tried out Claude code or anything similar.
His answer: My company has scheduled a training course in that so I'll wait
He is serious. He has an AI company with a vibe coded website.
All positive comments here come from the financially invested or the near-retirement people who need cognitive assistance and are willing to sell out future generations.
Bold claim. I have the opposite experience. On this site I imagine most folks will agree with you, but there are a lot of folks who choose to work at larger companies over small ones.
I have worked for enterprise companies all my life, they are all a horrible mess of people trying to play 4d chess to get a promotion and look good. They do offer better life / work balance, so if you are not a workaholic like the startup / SF crowd, then its actually a decent job. Just remember to enjoy the life outside the office, with people that are not from the office and you will be fine.
It's the VC mind rot, the only thing that matters in life is working apparently. A sad existence indeed but you need a cohort to exploit if you're gonna make the next unicorn for cashing out.
Oh I don't know, it seems like a good step forward towards regulatory capture. First partner, then certify, then require the certification. A limited regional beta, like launching your app in New Zealand first.
A company could get more profits from formally teaching employees the function of the Fn key on their laptops.
It is staggering how most people, even among developers, don't know what it's for, and consequently, nearly everybody suffers from not being able to turn volume up or down, or accidentally disconnect from meetings by having turned on airplane mode.
> We were shown how to copy and paste data from excel and other data sources into the chat interface.
Grnnnnnnnnnnnnnnnnnnguuurnnngh.
I remember the copy and paste drudgery from the early days of ChatGPT. It was a miserable and joyless experience. Nowadays (and for a long time) you can simply attach the file.
As someone who never bothered to get any certificates (beyond a University degree) even when I'd do online courses (of which the most course-like must've been fast.ai), are these ever actually useful in any manner?
They are useful for getting a job, that’s about it.
In our case, we get our entire team AWS solution architect certs as well just so we can always tell our customers that our whole team is certified (we do a lot of “forward deployed” stuff for enterprise customers).
For everyone in the EU: Copying and pasting sensitive data (like customer data) into AI tools is a violation of the GDPR, and potentially the AI act, which will be enforced soon.
I would be cautious to advocate these laws that strongly in the context of AI tools:
Companies and employees always make their decisions based on a risk/reward basis.
Sometimes a commercial contract (like Microsoft Copilot) is enough to cover your ass and to meet the needs of the regulator.
Even if the operator is exactly the same.
Laws are constraints to navigate, but if you are successful enough (ahem, rich) then they don’t apply to you.
At the moment what the EU wants is to make sure that in the long-term they can access your private information.
Realistically if you are in the EU you have more risks telling your darkest secrets to a EU-hosted model that the government will arrest you, than to a Chinese-model (who doesn’t collaborate).
EU Chat Control, is here to protect kids and protect you from terrorists; you don’t want to claim you support pedophiles right ?
So following these rules is always a matter of choice.
Respect and you will be stuck with your shitty Mistral and no privacy, not respect and you have your shiny Claude that you have to think what to input inside.
I agree with you I could have made it more compact by making 1 point = 1 paragraph, sometimes it’s a bit difficult to cleanly articulate my ideas, and I try not to clean them up with GPT first in order to keep the original tone.
For the not liking it part, I guess that if someone writes a long text, there are more chances to find at least a point of disagreement than a very short sentence
It depends heavily on what type of data though. As far as I understand if you have no PII or anything close to it you are mostly safe - especially if it's customer data but aggregated.
You’re brushing too broad a stroke GDPR only affects personal information. There’s plenty of sensitive business information that is not covered by GDPR - for example per business customer revenue data - that is legal to put into an AI tool but your employer may not want you to.
This sounds an awful lot like the early how to get on to the internet highway classes that existed. I don't think the classes had a lot of worth in the strict educational sense of like "here's how you do X Y & Z" but... We're I think much more effective at saying, you know, "X Y & Z are now possible."
It does take time and a little skill to know the edges of the AI tools. What's reasonable? What's not? What's likely to hallucinate? You could get something in the rough bounds of trust.
But if you can prove any kind of success with Malta then you can go to the next 10 "slightly bigger" nations out there and tell them "See? It worked very well with Malta". And then move to a bigger layer, and a bigger layer...
In practice since this is valid for a year it is essentially a free-trial they are giving away and they hope that it may generate additional revenue at some point after that
Maybe this is what will turn software engineering into an Engineering field.
Right know, prompters are setting up whole company infrastructure. I personally know one. He migrated the companies database to a newer Postgres version. He was successful in the end, but I was gnawing my teeth when he described every step of the process.
It sounded like "And then, I poured gasoline on the servers while smoking a cigarette. But don't worry, I found a fire extinguisher in the basement. The gauge says it's empty, but I can still hear some liquid when I shake it..."
If he leaves the company, they will need an even more confident prompter to maintain their DB infrastructure.
As a junior dev there is this pressure to produce code, add features, and investigate bugs within unprecedented time period. I know whole code base is fking up but i will still add that feature or do a sloppy bug fix without digging deeper.
In my experience, AI really lowered the bar for bad code in the name of delivering faster.
I have seen people write highly complex code where all the complexity was not necessary. Think: deep unnecessary branching, pointless error handling and retries which make no sense in our context, hand-coded parsing using regexps, haphazard data flow, functions which seem purely computational but slyly make API calls, pointlessly nullable model fields, verbose doc comments which describe the implementation instead of the contract. I could go on.
The worst part is, even when "prompted" by bad coders, it works in the end. Even has tests (ostensibly mock-ridden, a pet peeve of mine which always falls on deaf ears). So I cannot reject the PR without being an asshole.
I am no luddite. I make heavy use of AI, with all the skills / AGENTS.md / style guides and clear specs, then review every line of code, prefer testing with minimal mocking. I'd even say with right prompting, it can write better low level code than me (eg: anticipating common error conditions).
But my biggest fear about AI is how it enables normies with little to no understanding of CS principles to produce code faster which looks correct but slowly poisons the codebase.
I have a friend, smart guy, who is writing web services and “connecting them together” for a large firm; he has absolutely no programming experience.
Talking to him, he told me he couldn’t even reverse a string. He is at once many times more valuable than ever before to his company, but also far more dangerous than ever before.
This is what fascinates me. I have a friend, also a smart guy, who has made it to the point he’s at by being a kind of solutions expert. He’s an IT guy, basically. He’s very technical but has never claimed to be a software engineer. He’s writing software with Claude now. The other day he sent me a screenshot of some other team at his work asking him to shut off something he made that was brutalizing an API of theirs. I asked him if he had ever heard of a 429 or exponential back offs. He said no. How do you meta-prompt for that without knowledge?
You can create an agent in Claude with the role of Technical Lead / Architect and have it review your code. That depends on your agent specification. Just have ChatGPT generate that first.
If you get the logs you can feed them in and ask for improvements, that sometimes helps.
He's "smart" but he chooses to be in a business where he's presumptively willfully ignorant of the fundamentals (since he surely should be able to learn to reverse a string if he wanted to learn)? He doesn't have a more lucrative opportunity available? Or does he somehow have a skillset that makes him able to "connect web services together" by prompting AIs in ways that other people (including ones who can reverse strings, etc.) couldn't?
This form of being "smart" is a bit difficult for me to comprehend, I must admit.
> This form of being "smart" is a bit difficult for me to comprehend, I must admit.
I strongly agree with this. Suddenly with the mass adoption of LLMs there are so many smart, yet naive people out there willing to toe the line. Why these smart people couldn't bring value in a million different other ways is, of course, left unsaid.
They're not even trying to dress up these bullshit stories anymore. In truth it doesn't matter if you believe it. So much buzz is people just talking to themselves out loud.
Well that’s not his primary job. It’s an extra task he’s doing at his job. At a non-tech company with small/horrific engineering components, someone in the business who can do any programming (or vibeing) is indistinguishable from magic.
So many fallbacks. So many function_exists. So much pointless type casting. I swear it’s like the system prompt is designed to waste as many tokens as possible.
I agree 100%. At work I'm teaching software engineering principles to system administrators and they, too, often use AI without thinking. Then it's on me to provide feedback on the PRs they barely read themselves. Not a lot of fun but slowly but surely they're learning.
> The worst part is, even when "prompted" by bad coders, it works in the end. Even has tests (ostensibly mock-ridden, a pet peeve of mine which always falls on deaf ears). So I cannot reject the PR without being an asshole.
Yes, you absolutely can. And you should. Try to teach them lessons and what patterns to watch out for, then tell them to put those insights in their CLAUDE.md, so that their agent becomes better, too. You can also tell them to just copy your own CLAUDE.md, like I did: https://github.com/codethief/ENGINEERING_PRINCIPLES.md
> it works in the end. Even has tests (ostensibly mock-ridden, a pet peeve of mine which always falls on deaf ears). So I cannot reject the PR without being an asshole.
This is a social problem that I had thought the industry had solved a long time ago.
When I read the discussions about AI making code worse I keep bringing the same argument: people made bad code even before AI. Average coder is barely functioning and that's a fact.
And we were safe from them because they couldn’t produce a mountain of code every day. But soon many places will be buried under a planet of unmaintainable code. It’s adding friction and operational cost and often not adding value.
People could, however, learn to not make bad code. LLMs are incapable of that feat because they do not have any understanding or ability to reason. They are strictly worse than a human.
As others have elaborated, the problem is empowering them to ship mountains of bad code;
And yeah, many semi-technical M2s or even M1s can't distinguish bad code from good code, or worse bad architecture from good; this is golden time for those who are willing to sacrifice the future for present. Just burnnn'em tokenzzz.
> In my experience, AI really lowered the bar for bad code in the name of delivering faster.
I would've believed that 6 months ago, but not now.
If you have a good codebase with proper rails, hygiene and architecture, AI will produce better code than most engineers out there.
People forget that 90% of the field has always been charlatans barely able to implement a fizz buzz or go much beyond trial and error googling.
I'll say even more. I'm in the 10%, and it's increasingly clear to me that AI writes in minutes code that's better than mine.
Even stellar and respected OSS engineers are nowadays leveraging AI and guiding it less and less everyday beyond giving indications of what kind of data structure they may want for a complex problem or the kind of architecture they are looking for.
In any case, I don't like this field anymore, I have no joy from it, way too much work, way too many changes a human can cope with both on product and technological level (not even counting AI and its tooling itself). The interesting parts of thinking an entire afternoon or week experimenting to get that design right disassembling the pros and cons are gone.
Even if you want to do that, it's just faster to launch 6/7 worktrees with the different ideas and judge the results. But you don't get as intimate with the problem and the amount of information is way more than you can process.
I'm hand rolling a project right now because even frontier models I use bloat things beyond comprehension. Because I'm intimately familiar with the domain, I know the shape of things, how the data should flow, and so on, and if l even if I spec it clearly AI will write 2x to 5x the amount of code necessary to make something work.
"beyond comprehension" is a good way of putting it. I've been genuinely baffled by some of these AI designs - why any intelligent thing would write >10 lines of bloat for what should be a one-liner.
> "beyond comprehension" is a good way of putting it. I've been genuinely baffled by some of these AI designs - why any intelligent thing would write >10 lines of bloat for what should be a one-liner.
As Anthropic's drones say: treat Claude as your genius coworker. Don't think yourself, don't judge, the machine must know better than you. It is the genius, after all, not you.
Forgive my ignorance, but if the corpus of coding data was always 90% bad, isn't that the same data being used for training LLMs? How are they magically any better than that average?
Proper rails, hygiene and architecture need to be actively maintained, they don’t just continue to exist in a developing codebase. Historically, a small proportion (the 10% as you say) had a disproportionate amount of influence on coding standards. When they can no longer keep up with that ongoing maintenance, which we’re seeing with the increased pressure to ship code, the hygiene will regress. We’re riding the tail of all the engineering practices we’ve developed as an industry.
This is what I’m seeing, anyways. Junior engineers are being rewarded for shipping so much code, it’s impossible to evaluate it all, and subtle changes in existing patterns are slipping through. Eventually all those subtle changes transform the rails.
> Maybe this is what will turn software engineering into an Engineering field.
Oh man, I think you may have touched the third rail here.
My first job out of high school was as an AutoCAD/network admin at a large Civil & Structural firm. I later got further into tech, but after my initial experience with real Engineering, "software engineering" always made my eyes roll. Without real enforced standards, without consequences, it's been vibe engineering the whole time.
In Civil, Structural, and many other fields, Engineers have a path to Professional Engineer. That PE stamp means that you suffer actual legal consequences if you are found guilty of gross negligence in your field. This is why Engineering firms are a collective of actual Professional Engineer partners, and not your average corporate structure.
The issue is that in software dev, we move fast, SOC2 is screenshot theater, and actual Engineering would slow things way down. But, now that coding is fast, maybe you are correct! Maybe vibe coding is the forcing function for actual Software Engineering!
___
edit: I just searched to see if my comment was correct, and it turns out that Software PE was attempted! It was discontinued due to low participation.
> NCEES will discontinue the Principles and Practice of Engineering (PE) Software Engineering exam after the April 2019 exam administration. Since the original offering in 2013, the exam has been administered five times, with a total population of 81 candidates.
Note that other types of engineering are also often vibes based. The mechanical engineering for a rocket engine is extremely rigorous but the engineering for an injection molded housing for a cheap cell phone is a lot more about following a few heuristics and getting it out the door. Even in robotics where I work, it’s mostly about making parts that pass whatever acceptance tests you come up with. In civil engineering and aerospace failure costs human lives and millions or billions of dollars. In robotics maybe you have some machines fail in the field but in many instances you have one overarching safety system and many of the parts are irrelevant to that. The camera housing for example. So no paper trail or mathematical design validation is required to prove you designed it right. Often those are desirable but if you just manufacture it and test it a lot you’re probably fine.
This was something I noticed in my early career in mechanical engineering and later doing PCB design and software for robotics. It’s easy to find firms that just need adequate parts without the professional certifications or ass-covering calculations of other engineering fields.
All this to say, it’s not just software versus the rest of them. From my position, civil and aerospace seemed more like the exception while much of the rest of the engineering world is more vibes based.
What makes it a profession is not just the certification, it's the burden of responsibility for consequences. Your lawyer, accountant, and real engineers carry "we need insurance for this" level of risk in their work, all the way up to "can go to prison for getting things really wrong".
Until and unless software is held to that standard, software will never be engineering and always just a craft that can be performed to any or no standard.
Eh writing software for healthcare, or aircraft or self driving cars is more rigorous than an EE working on industrial lighting or toys.
Im sure for the most part, engineers in physical space deal with the same kind of tradeoffs software engineers make, where you try your best based on industry standards, personal past experiences without some way to prove what youve done is right
> Eh writing software for healthcare, or aircraft or self driving cars is more rigorous than an EE working on industrial lighting or toys.
That’s a relatively small field within the software industry.
Most of the work being done (adding new fields to CRUD apps etc) is glorified clerical work, where the people doing it are rightfully fearful of being automated out of existence by AI.
I work at software in a medical setting. We are piloting an integration with a startup for measuring [some bodily variable relevant in ICU setting]. They are obviously vibecoding (docs are telling) and their API is failing in unexpected ways that they are not able to resolve. I am just waiting when this are going to harm somebody.
> Maybe this is what will turn software engineering into an Engineering field
I think it’ll be the opposite. Maybe it’ll be what will eventually cement the field as “talent” based field. Just like it was difficult to quantify what makes a flute player better than another, how good your are at endlessly prompting a blackbox machine would be the only measure. The engineers of ol’ whoe developed kernels and drivers would be thought of as the “crazy people who put the flute against their temple to tune it” LOL. we don’t need people like that. You can just buy a flute tuning device. who gives a fuck? Can you make the next “Shake it, Shake it”?
Now imagine if you’re one step removed. You don’t see the cigarettes, smell the gasoline, nor see the fire extinguisher gauge. You only see the servers running business-as-usual. Those “engineering” guys are always drama queens, you think. We have processes and fire extinguishers when shit hits the fan, right?
That’s basically every M2, and many if not most M1s, in the last 10 years. So fuck it. Why does any of it matters?
Yes, you can’t blame AI for it. But it was a self limiting system. You couldn’t just go to a fresh college hire and ask them to do deep surgery on the entire stack. You would go to your very senior engineers for that. Those senior engineers will push back on some stuff then in the push-pull cycle you would have to settle at some middle ground.
With AI I’m seeing managers literally get an intern, ask them if they can change fundamental assumptions of a system, give the intern claude 1M window, have the intern ready with a 37k line PR in an afternoon and then go ping a senior engineer if they can “take a look”.
This is the pattern you will see when medium-successful ignorant people take o ver a system that was based on some kind of standard.
You can see the same approach is taken by Trump and other people.
“You have TDS!! He is actually doing good. He doesn’t follow rules because the system is rigged etc.”
These arguments border on religion because it is predicated on you believing their ignorant point of view in the first place.
Engineering and science is built on rigor and empirical evidence, it is not built by scammers/businessman/ignorant-people/politicians because that is just not how it works
For every argument against AI slop, you will get a variation of it's the future, or I'm 10x more productive now, I've shipped 3 applications in 2 days, etc.
They won't stop talking about it and defending it. But I can't get anyone to share their amazing work with me.
There is a reason the Show HN projects that are mostly vibecoded don't get much response. It's because they aren't any good. Comments that are AI generated are hollow. Videos that AI generated a shell of their sources.
Obvious slop still makes it to the front page of HN, and sometimes farms GitHub stars.
These posts also usually get all these glowing comments from users who clearly haven't checked the code. It's even worse when authors get busted and claim "Okay, Claude wrote it, but the design is mine" despite clearly not understanding the output themselves.
Unfortunately, that makes high-effort projects less visible. The SNR will probably keep getting worse until slop can be flagged on HN.
One thing I learned is that AI written text is not hard to spot. Usually, when I meet slop, I close it one or two paragraphs in. Although tools like this will become more common, they usually serve to win an argument, or confirm what you already believe.
Also, it was painful to learn that my very first blog post I wrote in 2013 is AI generated. But I'm fine with it because I read this:
> A short punchy opener (≤10 words) followed by two or more substantially longer elaboration sentences — the LLM "hook then evidence pile" rhythm.
... and realized that the entire app is AI generated.
If you can spot it, an AI can spot it too. We have a website with some AI generated content (about AI). I added a skill to correct AI slop. Content got a lot better when I put that in place. I actually made codex research slop patterns and it came up with a list of known AI slop linguistic anti patterns. It now fixes its own content using that list. I also put a guard rail in place to do a critical review of all produced content as a final quality gate. That actually catches a lot of baseless claims, and other slop. And there's another skill that ensures we use the right SEO relevant language (a list that is produced by a separate agent).
It's actually starting to generate interesting content based on me giving it a few bullets and ideas. I won't claim it's perfect but it does a decent enough job.
I have my reasons for doing this (we help people set up agentic work flows) and I appreciate that not everybody likes the idea of AI generated content. But I think it will start getting harder and harder to spot AI slop. Basically slop is what you get without guard rails and quality gates. Of course, most people still lack the skills to configure their AI tools properly. Particularly non technical people. But it's not that hard and I bet there are a few handy journalists out there getting better at this. Also, for technical writers this is not going to be optional.
Since voting is that power we say we have in the US. Does the public get to vote on this? If not...
> Voting, we might even say, is the next to last refuge of the politically impotent. The last refuge is, of course, giving your opinion to a pollster - Neil Postman
The US is a representative democracy, not a direct democracy. You don't get to vote on specific federal policies, you vote on the people who vote for those policies.
Voting with your wallet doesn't exist. Try to boycott Amazon by blocking the AWS IP ranges and see how unusable the internet becomes for everyday tasks. Corporations continue to push the personal responsibility narrative so they can externalize costs of unethical business practices.
how are you making them lose money by blocking their ip ranges? Your are pretty much giving them money because now they dont need to pay for bandwidth.
We can also engage in direct action the other 364.9 days of the year. Call/email your representatives, go to a town hall, call the leaders of both parties of both senate and house, go to a march or protest. There are other ways we can be heard, be substantive and thoughtful, they tally and track messages which are not hyperbole or copy-paste. If you can make it personal, even better. It only needs to be a few sentences.
You can look up Maroun Al-Ras [0] and it's map coordinate [1]. If you search for the name, you find a garden of the same name, but not the village. The instagram reel that was posted earlier had more context [2].
From wikipedia:
> In October 2024, IDF forces operated in the village as part of its invasion of southern Lebanon. The Israeli flag was raised, after the victory.
Which Apple might use as a justification. There is a Israeli flag, so it must belong to them.
One thing that will be incredibly useful is to limit comments from brand new accounts. A combination of vouching, limiting the posts velocity (5 daily limit), clear rules for new accounts, etc.
I understand we often see insightful comments from new accounts, but I always find it suspicious when non-throwaway accounts are created just in time only to make a quip.
This was discussed before. People will age accounts and buy/hack inactive ones. Meanwhile, often a link gets posted, the project owner (or someone affiliated) finds out, and they make a new account to comment; it would be a shame to lose these people.
The applications run just fine, but I don't even know where to start. Apparently I coded them directly into the server, no dev machine!
[0]: https://cdn.idiallo.com/images/assets/daily/98/old_servers.j...