Yeah, the main problem is that most companies / people don't give a f*ck about security because it is not a key feature. It's only a marketing stamp. You want it good enough to sell the products, but you don't want to spent too much on it. So instead you go vibe coding. The baby is dead born.
> This chart suggests an interesting security economy: to harden a system we need to spend more tokens discovering exploits than attackers spend exploiting them.
What's new?
It was always about spending more money on something.
Team has no capacity? Because the company doesn't invest in the team, doesn't expand it, doesn't focus on it.
We don't have enough experts? Because the company doesn't invest in the team, doesn't raise the salary bar to get new experts, it's not attractive to experts in other companies.
It was always about "spending tokens more than competitors", in every area of IT.
I understand the privacy argument. There are a few questions though:
1) Suppose there will be another shooting. Don't you want to know what exactly has happened before you go to the protest? Suppose your child will be hurt. Wouldn't you do anything to capture the culprit? How exactly would you feel if the police would tell you that they couldn't get the video with culprits face, because watching it would be a violation of someone's privacy?
2) Everyone has a camera in their pocket. Someone is filming all the time. Police can seize this video. Isn't that a privacy risk? Should we ban cameras in smartphones?
3) Should we even be private in the public? Doesn't privacy in public spaces encourage crime? I will die on a battle to keep the privacy in my home, but in public? I personally prefer to be safe, than private, in public.
4) What about private cameras near homes filming 24/7? Are those risks for privacy?
5) People in power will always be corrupt, have bad intentions, will use public goods for personal gain. Should we disregard broader benefits because there will be isolated cases where those benefits will be exploited?
1) If someone killed my child, I would probably want to kill them back. And yet we don't consider that sufficient reason to make revenge killing legal. The wishes of the victims need to be weighed against the cost it imposes on everyone else, including those who are innocent. The cost of violating everyone's right to privacy, the social impacts of mass surveillance, and the risk of that data being abused.
2) > Isn't that a privacy risk?
Yes, it is!
> Should we ban cameras in smartphones?
No? How about making it difficult for the police to seize everyone's videos without a good reason? We already do that for phone videos, it's called warrants. But Flock doesn't. They just ask cops to enter any arbitrary "reason" text into a HTML textbox and instantly get access to everyone's videos. And if the people explicitly said they don't want those specific cops to have access, like many people decided about ICE? Well, just ask the next county over and use their system, it's not checked in any way.
People don't have a right to privacy in public (at least in the US). Do people not realize anyone can photograph or film them in public at any time. Heck, photographers can even then around and sell the without the subject's consent. Case in point: https://en.wikipedia.org/wiki/Nussenzweig_v._DiCorcia
I'm really struggling to see the parallel between being filmed in public and committing revenge murder.
Sorry if I was unclear. My point was just that "if you were a victim, wouldn't you want this?" is not a very strong argument. What victims want does matter. But when it affects other people, their needs matter too.
Especially with mass-surveillance, which affects everyone. It's not possible to mass-surveil only people who would commit crimes, you need to surveil all innocent people too.
> My point was just that "if you were a victim, wouldn't you want this?" is not a very strong argument. What victims want does matter. But when it affects other people, their needs matter too.
Right and you used murder as an example. Do you think murder is even remotely comparable to putting up a security camera in a public space?
Yes, a victim might want some sort of response that is socially unacceptable, sure. But if you want to make a convincing argument you have to explain why the proposed response is unacceptable. Not some different, extreme, response of your own invention.
I'm really not sure how "committing vigilante murder is wrong" is supposed to be a good argument against putting up security cameras in a public space.
Privacy is not "convenience", I'm not sure how you arrive at that. And it's also not mine, it's everyone's.
I don't want children to die (obviously). I also don't want governments to track the movement of protestors and dissidents, police to stalk their ex-girlfriends, etc.
I don't think the effectiveness of mass AI surveillance in preventing crime is high enough to justify the drawbacks.
It's kind of good news, but it's also bad news -- with Linux popularity, crapware will be more popular. I kind of liked times when Linux was used only by power users. Today it's slightly different, and with more popularity... we get things like age verification in systemd.
But well, I can always switch to FreeBSD I guess. And that's my plan B.
He's just an idiot doing it in public, because there are people generating hundreds of posts a day for years now without committing it on github under their real name.
This post is added because it's so easy and to show that it's being done in real life. That we can't have nice things, because of mindless people like Nawaz Dhandala.
I'm quite sure in every passing second people are pumping more AI slop to the internet. I just don't see why this is something special (unless it's a well-known project among HN users that I'm not aware of.)
>The economy of the State of California is the largest in the United States, with a $4.048 trillion gross state product (GSP) as of 2024.[2] It is the largest sub-national economy in the world. If California were an independent nation, it would rank as the fourth largest economy in the world in nominal terms, behind Germany and ahead of Japan.
I mean, today it's possible to generate it in Tcl, Elisp, Windows BAT, Powershell.
The effort is just 1 prompt.
The WHY question is much more important today -- "because I can" no longer makes sense, because we all can do much, much more with minimum effort today than before LLMs.
Yes, c89cc.sh was definitely AI-assisted. However, I do carry extensive knowledge of the portable shell that was essential for the AI to complete it.
You'll find tricks inside c89cc.sh that don't exist anywhere, except in other code from me (like the ksh93 fix for local dynamic scoping or the alias/macro read -n1 polyfill).
The WHY is pretty obvious: I want to show that the portable shell is not a toy.
>The WHY is pretty obvious: I want to show that the portable shell is not a toy.
What does that mean? You sat down with the goal of showing that a decades old scripting environment can be used for large projects in production, with all its obscure hacks? I'd say it's more a novelty project made for the fun of it - and that's fine, it's a cool project.
It would be pretty interesting to read a blog post about the making-of: How to write a compiler in portable shell, what parts could be automated and where LLM-coding fell short, what rare tricks were applied, etc...
Most people think shell is just bash, and portability is impossible.
It is also common sense that shell scripts are just glue code, and it's impossible to do anything else with it.
I think they're wrong. Never said one should use this to write large production programs though.
The hacks I'm using are no different than JavaScript polyfills (set once, makes a feature more uniform). It's actually a clean design, the bulk of the program is POSIX shell.
reply