My understanding is that 50% of people in the state of Utah are mormon. I'm not saying there wasn't corruption, but it could very well be pure chance with those odds.
If cops are pulling over another person from Utah probably not a big deal but when dealing with an outsider from out of state the situation is different.
Hate to break it to you but the Mormon belt extends well up into Idaho (probably all the way to Montana on the East side) and down into Arizona, and diffuses out quite far from there. Probably need to go through Montana or skirt the Mexican border areas to avoid it, but border areas these days come with their own issues self created by our government...
I lived in Idaho Falls (well within the majority Mormon area that extends farther North at least to Rexburg) and never had an issue, but I definitely knew I was not part of the club.
Utah Mormons are of a different mindset, they're on home turf in their promised land and they act like it.
There's a Mormon that runs a local business in my area. One day he puts his business up for sale because he wants to move to Utah to get closer to his faith. Ends up moving back and reopening a couple of years later -- turns out he was Mormon, but not Mormon enough. They don't like outsiders, not even the Mormons from out of state, which kind of makes sense with being a historically polygamous group which expels the young men who aren't in the "in" group. Breeds a mindset of exclusivity.
Drives me crazy too, but headline writers/editors were addicted to "quietly" long before LLMs. Online journalism has been full of these types of tropes for ages.
I hate it. I was on a history subreddit yesterday, reading a submission that was an AI generated history piece —- but seemed to be sourced entirely from a fictional hollywood movie
I only knew that because i saw the movie, but it’s a clear sign that the internet is going to shit for quality information
I thought at first when you said “fictional hollywood movie” that you were saying that not only were the details in the submission made up, but the movie that they got them from was also made up.
Well, I suspect the non-LLM ones will become much more expensive than they are now due to the specialist knowledge they’d require to make combined with the smaller pool of people willing to pay for the difference
Even running a port scanner is enough to face disciplinary action at many US colleges. Taking down the network for the entire school for 15 minutes surely deserved more consequences than were doled out here. I'd encourage the author to focus their efforts and talents on something more constructive.
Why would they deserve “more consequences”? Academia isn’t the real world. It’s a place where people can learn how to interact with the world as an adult. People should be encouraged to experiment (within reason) and if there is no actual bad intent, consequences should focus on learning rather than punishment.
Maybe my net worth is too low but I just don't see a value proposition. I don't want daily emails from LLMs and if I need updates on my investments any more often than quarterly (at most), I should probably seek safer investments. I am a bit interested in budgeting tools, but I want them to be completely deterministic. For me at least, financial planning is pretty uneventful and time spent optimizing expenses more than I already have would be better spent seeking a higher paying job.
I use actualbudget.org to track all spending, but only update investment accounts ("off-budget" in Actual Budget terms) once a month. Completely deterministic, as all things related to numbers should be.
I have pointed my LLM at the SQLite DB and asked it to tell me what it could see from my last five years of transactions, and I was impressed with the things it picked up, and what it reminded me of, but I'm not sure I saw any value in the sense of anything I would change.
I'm going to have it review things monthly to see if that helps me, but I'm not sure it will. I'm generally already aware of how my finances are going because of my budget updates.
There's many reasons why this piece wasn't made for me, so I don't want to begrudge anyone, but I wonder how much we can do to alieve this as a society by normalizing childlessness. I never wanted to have kids, but if I did, I doubt I would've been willing to endure what the author did for it. You can (and honestly I think most people should) live a long and fulfilling life without having kids. Myself and so many of my peers were raised in households that really were not good places for children. I'm of course grateful to exist and indebted to my mother for her countless sacrifices, but it pains me to think about how much happier she might have been if she didn't feel compelled to become a mother. I hope someday having children becomes the exception rather than the norm, because it doesn't feel like something that should be taken lightly. I hope that finding out you're infertile can be met with "Oh, okay. I guess I'll do something else then," the same way that folks with imperfect vision can't be pilots or astronauts and those with tremors can't be surgeons. I'm glad IVF is available for people who want to pursue it, I just want to live in a world where no one has kids "by default" without truly accepting the toll it will take.
Another quick thought - so long as we live in a world where children in need of adoption exist, I hope we can make adopting more normal too. If you're in a position to become a parent, why on Earth would adoption not be the default? It seems much better for everyone involved. The fixation on breeding and having children whose genetics perfectly match your own is strange and mildly alarming to me.
Although I agree with your sentiment, it should be remembered that the fixation on breeding is fundamentally baked into our psychology by evolution. We can argue against it logically, but we can't tell people to just stop feeling a certain way.
Adoption is incredibly, incredibly hard. Especially in Western countries, there are actually more people who want to adopt than there are kids to adopt. When you add in overseas adoption, it gets even harder and more expensive.
In short, adoption is incredibly expensive, stressful, and not a sure thing.
> hope someday having children becomes the exception rather than the norm, because it doesn't feel like something that should be taken lightly.
Doesn't this seem extremely selfish?
The fewer mothers there are, the more children each mother will have to give birth to.
If one in two women decide to become mothers, then each mother needs to have four children. If one in four become mothers, then it means each mother needs to give birth to eight children.
Since you are depending on those children to work for you during retirement, you're essentially leeching off other people's children.
No wonder mothers no longer think they are sacrificing themselves for their children, but rather for a capitalist machine that requires more bodies.
I'm confused. Your second to last paragraph implies an anti-capitalist stance, and yet the rest of your post reiterates capitalist propaganda. All of your “has to”s/“needs to”s fall under this. Needs to for what? For the grass to grow and the birds to sing? No, it's for the capitalist machinery to chug along.
You also talk about selfishness but at same time are implying that you want children to work so that you can have your cushy retirement. Our society should just stick together in solidarity; to paint this as “leeching” is also capitalist propaganda.
While I agree the name change has not (yet) been made with the proper authority, I'm quite partial to the name and prefer to use it despite its prematurity. I think it does a better job of communicating the types of work actually done by the department and rightly gives people pause about their support of it. Though I'm sure that wasn't the administration's intention.
For context, lobste.rs has been struggling lately with a high uptick in posts on the front page that were either clearly vibecoded themselves or just about vibecoding something small, while the userbase is polarizing itself into two groups: one that dislikes ai for usually ethics-related reasons and makes anti-ai comments on every post that mentions it, and a smaller but still present pro-ai group that tries to discuss using coding models in good faith. Imo it's something of an identity crisis for lobste.rs.
I realize that this comment comes off as pro-ai, but I mostly agree with the first group that a lot of these posts are low effort and annoying. To me "This weekend I used Claude Code to poorly copy someone else's markdown editor here's Claude's story of how it did it" and similar is about as interesting as "I copied a bunch of code snippets I don't understand from stack overflow, here's all the links to them."
Somehow or another, HN has done a better job of keeping up a greater variety of content on the front page so it's not as much of an issue for me here, though it does still happen on e.g. days with big model releases.
The article is nearly useless for users of the software who want to know how their data may have been affected. The researchers' website is more descriptive, especilly wrt specific findings.
That's much better, thanks. According to the Bitwarden blog post: https://bitwarden.com/blog/security-through-transparency-eth... which contains its full cryptography report at the end, all the issues have been fixed except a few which are considered part of the design (see below), so if I understand correctly you have nothing to worry about if you don't use organizations and use a strong password.
Issue 5: Organisation Key Injection (Medium)
When users interact with organizations, a trust relationship is established through the exchange
of cryptographic keys. A malicious server could add users to arbitrary organizations by
encrypting an organization symmetric key under the user's public key and including it in sync
responses. The client would silently accept the new organization membership. Alternatively,
when a user creates an organization, the malicious server could substitute the newly created
organization's keys with attacker-controlled keys during the post-creation sync.
Issue 7: Disable KDF Bruteforce Protection (Low)
Bitwarden uses Password-Based Key Derivation Functions (PBKDF2 or Argon2id) to derive the
master key from the user's master password. The iteration count – currently defaulting to
600,000 for PBKDF2 – provides brute-force resistance. The researchers identified that KDF
settings are stored on the server without authentication, allowing a malicious server to reduce
the iteration count and receive a master key hash that is faster to brute-force.
Issue 9: Malleable Vault Format and Unencrypted Metadata (Low)
The researchers identified that while individual fields are encrypted, metadata about field positions and item structure is not integrity-protected, potentially allowing field reordering or item manipulation
Issue 10: Access Violation in Organisation Collections (Low)
Organization collections enable shared access to vault items among organization members. By
design, the organization symmetric key is shared with all organization members, allowing them
to access collection contents to which they have specifically been granted access
"All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality."
For clarity, one of the "Accepted" vulnerabilities is that attackers who control the Bitwarden servers can set the PBKDF iteration count to "1". They set the severity of this to "low".
They've also "accepted" a vulnerability --- BW01 from the paper, I believe --- that allows a malicious server to read all vault items from a user as soon as they accept any invitation (real or not) to an "organization".
No matter how compromised a server gets, ideally the client should never be able to provide it unencrypted data, or data is encrypted in a way such that the server can decrypt it. It is unclear if Bitwarden has fixed this core issue or not.
I have no problem with experienced senior devs using agents to write good code faster. What I have a problem with is inexperienced "vibecoders" who don't care to learn and instead use agents to write awful buggy code that will make the product harder to build on even for the agents. It used to be that lack of a basic understanding of the system was a barrier for people, but now it's not, so we're flooded with code written by imperfect models conducted by people who don't know good from bad.
one does not have to use anything at all… but if someone is “senior” and is incapable of using llms for some parts of her/his job then senior part is just age related and not tied to skill level
Yeah I’m baffled why people are surprised that senior+ engineers who are being told in one breath they will be replaced by this tool and also they MUST use this tool to make it better to replace them aren’t happy about it or want to use it willingly.
I also find it wild how we’re sleepwalking into this, but I’m also part of the problem and using these things too.
Where are you encountering all this slop code? At my work we use LLMs heavily and I don't see this issue. Maybe I'm just lucky that my colleagues all have Uni degrees in CS and at least a few years experience.
> Maybe I'm just lucky that my colleagues all have Uni degrees in CS and at least a few years experience.
That's why. I was using Claude the other day to greenfield a side project and it wanted to do some important logic on the frontend that would have allowed unauthenticated users to write into my database.
It was easy to spot for me, because I've been writing software for years, and it only took a single prompt to fix. But a vibe coder wouldn't have caught it and hackers would've pwned their webapp.
You can also ask Claude to review all the code for security issues and code smells, you'd be surprised what it finds. We all write insecure code in our first pass through if we're too focused on getting the proof of concept worked out, security isnt always the very 1st thing coded, maybe its the very next thing, maybe it comes 10 changes later.
Yes we do, you don't just start a brand new web project and spit out CORS rules, authentication schemes, roles, etc in one sitting do you? Are you an AI?
So let me get this straight, you get instructed to build an Instagram clone, and you sit down and one shot code every single feature for the project? My point is about in one sitting, doing EVERYTHING all at once, without pausing, without standing up, without breaks. I don't know about you but people who tend to rush code out make just as many if not worse mistakes than AI does.
I've worked with many competent engineers and have built things people couldn't even google help for before AI existed, and that surpassed mine and my teams expectations both solo and in a team setting, none of them were done in one sitting, which is what you're suggesting. Everything is planned out, and done piecemeal.
For the record, I can one shot an AI model to do all of those things, with all the detail they need and get similar output as if I gave a human all those tasks, I know because I've built the exact tooling to loop AI around the same processes competent developers use, and it still can do all of it in record time.
So if you're going to build a massive application say, YouTube, Facebook or Instagram you're going to sit down, and write out every template, db model, controller, view model, etc in one single sitting for the entire application? No bathroom breaks, no lunch, no "I'll finish that part tomorrow" you do it ALL in one sitting? Because you will miss something, and that's my point, nobody gets their first crack at a greenfield project 100% in one sitting, you build it up to what it is. The AI is used the same way.
I actually do build all of those things before standing something up in prod. Not doing that is insane. Literally every web framework has reasonable defaults baked in.
Any competent tech company will have canned ways to do all of those things that have already been reviewed and vetted
Why are you building and deploying a site critical enough to need CSP and user security & so on in one sitting lol
Anyways, yes, if I know I'm gonna need it? Because every framework has reasonable defaults or libraries for all of those things, and if you're in a corporate environment, you have vetted ways of doing them
1. import middleware.whatever
2. configure it
3. done
Like, you don't write these things unless you need custom behavior.
The issue isn't when the programmers start using it. It's when the project managers start using it and think that they're producing something similar to the programmers
We're in a transition phase, but this will shake out in the near future. In the non-professional space, poorly built vibecoded apps simply won't last, for any number of reasons. When it comes to professional devs, this is a problem that is solved by a combination of tooling, process, and management:
(1) Tooling to enable better evaluation of generated code and its adherence to conventions and norms
(2) Process to impose requirements on the creation/exposure of PRDs/prompts/traces
(3) Management to guide devs in the use of the above and to implement concrete rewards and consequences
Some organizations will be exposed as being deficient in some or all of these areas, and they will struggle. Better organizations will adapt.
The unfortunate reality is that (1) and (2) is what many, many engineers would like to do, but management is going EXACTLY in the opposite direction: go faster! Go faster! Why are you spending time on these things
reply