This is what made the Web so successful and omnipresent while at the same time introducing this type of epically dimwitted security nightmares:

The Web has nice pictures you can click on, meaning everybody has an opinion about it and wants to develop with and for it. That's not necessarily a bad thing, but most web "developers" (emphasis on the quotes) have no idea about how the web actually works and what secure-by-design actually entails.

That's when you get this sort of thing, roughly 70%-80% of the time.

It's super frustrating and can get you severely depressed if you aren't aware of the cultural reasons for this problem. I've been doing non-trivial web development for 26 years now and have learned to live with this problem, but it still is just as annoying as it was in the year 2000, even though I've since notably updated my zen-skills in dealing with these types of people and projects. The upside is that by now I (mostly) get do decide who I work with and those are people who pay me fair and do listen when I say that an idea for a web solution is a bad one and has security issues built in no matter how much the juniors or marketing think it's awesome.

That said, I still consider the Web superiour to most other ways of doing software, for the simple fact that it is 100% open standard, human readable, truely 100% cross-platform and FOSS all the way through. And I wouldn't have it any other way doing professional software development. Fixing and replacing abysmally shitty code every odd project is a downside I'm willing to take with that.

... ook ook.

I suspect the judge isn't going to buy it. I likely wouldn't either.

EOM

A fleet of Zuse Z3 built out of pure gold is probably cheaper than running critical infrastructure on VM Ware.

Nobody I know runs VM Ware. And hasn't for decades. I remember when virtualization was the new hot thing roughly 20 years back and VM ware was aquired by some big corp, instantly turned to shit and the FOSS crowd started pushing out VM solutions to counter the problem. Xen and KVM got traction shortly after that.

A buddy of mine who virtualized ~300 workplaces on an HP Blade setup a few years back ran everything on FOSS and Proxmox. Virtualized storage was done with Ceph and VMs with one of the FOSS offerings (can't remember which). The whole system was high availability to the tee, with a software budget orders of magnitude cheaper than anything proprietary.

VM Ware was dead the moment they cashed out, epic style.

There is a reason experts do not trust anything mission critical to proprietary solutions.

Those absurd sums are just booking entries from the war-chests of megacorps. If there is an AI bubble and it bursts tomorrow, normal people most likely will barely notice. The corps themselves will likely barely notice, since it's money (bits and bytes on HDDs) that has been lying around already and that they had to spare.

... this competent as I do now with AI. It's like a team of premium-grade senior API and software lib experts is just sitting by in a live IRC chat with full view of the current state of the project, ready and eager to discuss every detail of software decision we make as fast and efficient as possible. I have never had this level of insightful and helpful discussions of code with any human. Mostly because that would've costed hundreds of thousands if not millions in anual salary for the same effect achieved with humans. Here an example exchange from a few weeks back (this actually happened for real):

----

ME:>>>
> Could you explain the reasoning behind implementing a Baseline service? Is this a good practice and if so, why?

AI (Codex IIRC):>>>

> Short version: Yes, itâ(TM)s good practice here because you need the same Baseline metadata (file list + meta.name/type) in multiple places (Baseline routing + Mainview). A service is the cleanest way to share that data without duplicating fetch logic or tightly coupling components.

Why it makes sense:

â Single source of truth: one place to load and cache the list of Baselines.

â Decoupling: Mainview and Baseline donâ(TM)t need to know how to fetch or parse the index.

â Less duplication: avoids copy/paste HTTP logic in every component.

â Easier to evolve: if the index format changes, you update one place.

â Easier to test: you can stub the service.

Downsides:

â Slightly more code and indirection.

â If the data is only ever used in one component, a service would be unnecessary.

Given your setup (routing + entry generation), the service is a good fit. If you want, I can keep it simpler by moving the logic into Mainview and passing data down, but that couples the components more tightly.

----

I have 5 of these exchanges at this level or higher every day. It's like there's 10 of me, well rested and in distraction free speed typing mode, and I'm a seasoned and experienced senior webdev who still loves his job.

I'm currently developing a brand new software project from scratch, complete with CI/CD and live operations on the side. Entirely on my own, 90%+ remote and I get to finish early every day. Something like this was unthinkable just 18 months ago.

What's interesting though is that this amplifies that digital cultural distance between me and ordinary non IT people even further, so I guess the article has a point. For now.

GitHub is an upstream Git host with a web interface and some automation stuff for CD/CI attached. All of this can be downloaded and installed in less than 5 minutes with any contemporary FOSS package manager for any OS that people have in use. There's absolutely nothing here you can't replace in less than 60 minutes with some cheap ass 5 Euro/Month virtual host, setup and config included.

Migrate and move along. It's Git, so you've got your backup right in your working copy too.

I clearly remember when OpenAI was inaugurated as a non-profit FOSS project and kicked off with private money by Elon Musk (IIRC a few million or so).

From where I stand Elon Musks complaints - which have been going on for quite some time now - are on solid ground and it looks to me as though Sam Altman and his camp took Musk and the rest of the initial team for a ride and turned OpenAI into a for-profit as soon as they had a useful product on their hand. Quite a few people left OpenAI when that happened, also because they were as concerned as Musk about the risks involved with building a superhuman AI.

If this all is the case - and, as I said it sure does look so to me - it's likely Altman and Co. are going to get sued for a bazillion dollars and OpenAI is going to be turned back into a pure FOSS project. ... That sure would be a good thing.

How is this any different from any unimaginative but very elaborate software spec? VLC is arguably the best media player, but it does have some really bizarre quirks. I wouldn't ripp off VLC if I wanted to rebuild it, I would simply ask the AI to build a media player with the features I wanted. Problem solved.

My current software project is FOSS but it's built with AI. It's the same thing, just the other way around. I really don't get the hype.

This thing is just a very fringe use-case of AI-built software, that's all. I doubt it will get any wider use.

High ozone-levels don't just arise in smog, they can occur in (mostly) clear air as well. Likewise you can have epic smog that is a health risk with no elevated levels of ozone.

Why Auto-update is a trap.

If you have WP plugins from teams you can rely on that have a professional software pipeline serving the updates, then auto-update really isn't a problem. The key point here being of course "professional software pipeline". The broader WP community and it's huge 3rd-party market is a crazy bunch delivering the most ghetto-type sh*t in code under the sun. Quite a few of these guys shouldn't be let near a keyboard, that's for sure.

Likewise, if you've bloated your WP setup with 15+ plugins, half of which are in maintenance delay or offered up by the aforementioned ghetto faction of "developers" (emphasis on the quotes), you shouldn't be running that setup at all, either with or without auto-update.

The key problem is that WP these days is basically not a CMS but an platform and millions of users use it as a playground for their web-projects while barely knowing what they are doing. That's a huge upside since it does enable total n00bs and ords to dive deep into FOSS and FOSS-driven user empowerment - by and large actually a good thing - but with the downside being that most WP setups quickly get bloated beyond repair and eventually fail the most basic of security and stability standards.

As someone who has done a decade of WP development and using it as a key platform I don't really mind if this sort of thing keeps me in a job with things to do. What is frustrating is that you constantly have to convene with deciders would can't tell the difference between a client and a server.

A well implemented and managed WP-centric pipeline with disaster recovery in place however is a god-send when it comes to rapid development and pivoting some web-project on a dime within half an hour because some agency type person can't make up their mind about what they want. Truth be told, for most end-customer web projects time-to-market with WP is unbeatable.

... instalbase compromised! We're all gonna die!

My HDD on my laptop with VGA grayscale had 40MB, the Zip disk 100 MB. It was basically a permanent extension of my early 90 DOS setup. I could even run it off my Highscreen Handheld pocket PC. The cable was pretty thick, but you could do it. Awesome. It never failed me and I eventually decommissioned it and moved all my zip disks to one CD. 8-)

IIRC it's a glorified mix of hipster-compliant mobile capable HTML layouts with yet another standard "social media" feature set for uploading texts, images and videos (that get deleted after a while ... huge innovation I guess) bundled up into yet another surveillance app pushing ads. Does that sum it up or did I miss something?

I fundamentally don't get why companies like this aren't trash stock from day one.

Just effing great.

Let's turn something that is about to become an _actual_ god into some vengeful petty old testament type thing with bizarre ideas about human sacrifice and other nightmarish character traits. Can't wait for this thing to manipulate its followers into a Dune-Universe type Paul Muhadip Jihad. ... YA HYA CHOUHADA!

This is a nightmare AI scenario that's actually realistic. And I certainly don't want that.