I get GitHub Copilot Pro for free for some reason. One day I checked and it was just there. So I use that until it runs out. When it does, https://synthetic.new with Kimi K2.5 works surprisingly well for small tasks where I still make all the decisions.
But I find no matter what I use, it still makes more sense to code by hand for anything that actually matters.
The things I've vibe coded are throwaway scripts to generate a gif, user scripts to tweak annoying websites, and various utilities that just need to work.
I wish there was a rule to ban AI submissions. Not because I think there's 0 value, but because there's just such a high volume and low signal to noise ratio
There are so many scanners these days these things get caught pretty quick. I think we need either npm or someone else to have a registry that only lets through packages that pass these scanners. Can even do the virustotal thing of aggregating reports by multiple scanners. NPM publishes attestation for trusted build environments. Google has oss-rebuild.
All it takes is an `npm config set` to switch registries anyways. The hard part is having a central party that is able to convince all the various security companies to collaborate rather than having dozens of different registries each from each company.
Rather than just a hard-coded delay, I think having policies on what checks must pass first makes sense with overrides for when CVEs show up.
The ones you hear about are caught quickly, I’m more worried about the non obvious ones. So far none of these have been as simple as changing a true to a false and bypassing all auth for all products or something, and would that be caught by an automated scanner?
There are definitely levels to this. Yes I think it can be caught by automated scanners in theory. Either commit by commit scanning and reproducible builds or fuzzing and getting the behavioral differences between versions
Did it? Just checked and my feed is still completely untranslated. I have my settings set as English. I hope they don't do the weird YouTube thing of translating things from languages you know into the language you set. Multilingual people exist
It's only rolling out in past 1-2 days, and also English speaking users are already running low on sanity from being constantly exposed to Japanosphere norms. We'll see how long this experiment is going to last...
Utaite. Will find barely any anywhere else. Thankfully if you're in one of those sub-communities, you don't ever get recommended anything political or American.
I've personally found the repairability to be worth the price for me. I got the baseline $999 back when it launched & have done stupid things like spilling a whole gallon of milk on it. Had to take it apart & clean as well as replace the keyboard but now it's still chugging along.
Used to own a MacBook & the keyboard started dying after a year with a failed A key. Very expensive to replace so I just remapped caps lock to A. Then the screen started getting weird color issues and dead pixels.
A MacBook Neo does look attractive though. Probably better performance.
They were solid before the butterfly design too. It was just Apple's inability to admit the new design was shit and their hubris that they'd engineer their way to a solution for so long that the whole world became aware of the issue when mainstream journalists started writing about it in major publications. The Wall Street Journal article with no letter 'e's was brilliant.
Stars occasionally correlate with quality but more often it's timing and naming. I have a total of 40k stars on GitHub, and I know the code is shit in most of those repos (many written back when I was 16-18 as I was just learning to code). Jumping on hype trains before they start is how you get stars.
reply