It's not like she is deciding if it will be or not. Booing her won't change things. And the people fearing job loss are acknowledging AI having effects like industrial revolutions themselves.

Models have knowlege cutoffs. So if there were vulnerabilities six months ago the model probably does not know about them yet. On the other hand, the premise of the post before was that curl is now bug-free after other tools scanned it. Why should it right now be bug-free and before not? The other scanners aren't that new either, they probably have to run them from time to time and may find new bugs or parts of code that can be improved to avoid potential bugs. Mythos is surely not identical to the scanners but would find other bugs, so why shouldn't it find some right now?

Of course it was/is. It's probably no bad model, but still overhyped by a large factor.

They hope CUDA stays the lock-in it currently is. But the communities are quick to build the required software once the promising hardware is there. If AMD builds consumer-grade cards with let's say 128 GB VRAM, then the interesting AI softwares will be adapted in a few weeks.

The water was used for construction, not for cooling.

If there is a human who can explain every line, I'd not consider it pure AI code. Even when it would be a unchanged output, you're the one to take responsibility. The problem are pull requests with content nobody knows what it really does.

I never understood how people let CI pipelines download the packages every time again. Shouldn't one just bundle the dependencies for the CI pipeline so it doesn't even need network access?

There is a lot of bullshit advice an even more people who refuse to even try a LLM mocking people with half-truths.

What does (of course) not work:
- Do not hallucinate
- Do not make mistakes

Let's laugh about these people together. If they LLM could know it does, it could avoid doing it first place.

What does have effect:
- Avoid code that allows SQL-Injections
- Avoid OWASP Top 10 Vulnerabilities
- ...

While these seem to be silly at first, you will notice for example in reasoning traces that the model actively does a second pass assessing if the code it thought about may have one of these problems. The difference in the prompt is, if the LLM just follows a simple user instruction "Write a HTTP server" or if the system prompt bullet point extends the instruction to additionally account for security (what the user did not ask for themselves).

They are also a real trade-off. If I ask for a 20 line python script to serve the markdown in the current folder as HTML, I do not want the script to become 150 lines for a good authentication. I'd like it to bind to localhost instead of 0.0.0.0, though.
In my experience, most LLM write such scripts concise and then comment at the end "You may want to add authentication and user input validation for production use". If you don't read that or don't care, it's your fault.

I am not talking about Recall here, but about local LLM and how they enable you to have data not leaving your device.

You need developers and architects. AI can code authentication very well. But you need someone who instructs it to do.

It's a double edged sword. What do you prefer?
- You wish for a simple thing and get an overengineered program with all features the AI thinks that may belong to it (i.e. authentication with OAuth instead of a MVP with IP whitelist)
- The LLM creates exactly what you tell it, but you need to know yourself if you want authentication

Option 1 leads to more bloat, possibly overengineering architecture before you know what you want, and possibly bugs in features that you didn't strictly need. Option 2 leads to you being in control, so you being responsible for knowing what you do, so people who are inexperienced may forget to add authentication.

Most LLM even enable both with the right system prompts you can switch on the fly. If you use usual "architect modes" you often get an architecture that has authentication, user management, etc. planned in. If you use "Code" mode for implementing features you get what you wish for. Not malicious compliance, but still compliance only to what you wish for without much proactive work.

Long story short: With many tools you are the coder and not the manager by default. If you want to be the manager you need other tools or use your existing ones in another way. If you want to be the developer you need to use your own brain.

It's "low code" all over again. This time not using drag and drop building blocks but English language.

Better than not having it there. Every token in the prompt is attended to by every other token. Even a single word like "Security" will lead the overall process to "think" more of security. That's one of the open secrets: Be aware how attention works and you can better steer AI toward something or away from something.

Exactly. And good AI coding is usually incremental. An AI knows good how to start with an MVP (and that does not have authentication) before adding LDAP, OAuth and MS Domain logins. But once the app has its core functions, the novice coder stops extending it and deploys it without asking for at least a minimal authentication feature.

If the big company cancels the order, the next smaller one is already waiting for their supply.

People even use the facebook app.