Open Source Software Community - it's about ethics in Code of Conducts

Harvey Danger said:
It's real. Primagen covered it last week, he actually paid and used the service to test it out.

Click to expand...
Ok so it's a product created by the Stockton Rush of the tech world.
1775011589781.png1775011618546.png1775011647740.png1775011679379.png1775011694211.png1775011722699.png
or... it's an elaborate April Fools prank
 
Betonhaus said:
or... it's an elaborate April Fools prank
Click to expand...
It's likely something closer to what the +NIGGER license does. It exploits an absurdity in the license system, to create a situation where something has to break to resolve things. Malus makes it easy to demonstrate the flaw, and cheap to exploit it (as opposed to +NIGGER which is free to deploy but you have to create your own project to demonstrate it).
 
General Zoider said:
whenever I look at the list of data breaches I forget what year it is, because it feels like we are back in the early 2000s
Click to expand...
Remember when you used to have to install XP and the latest service pack offline, because if you did it connected to the Internet, it would be infected before it was even done installing?

Good times.
 
SCV said:
This is a non-sequitur. Unless you're assuming the LLM writes entirely perfect code it will have CVEs. I don't think they're saying that (although they are trying to imply it) but instead saying because the code is new and completely untested it won't trigger any CVE scanners. Think about that. The benefit is removal of the ability to check if your code is secure easily.

Hell if there is a breach of some kind, why pay someone to investigate it and patch it manually? Just fucking regenerate that part of the code. Then you don't know if there's a vulnerability in the new code so you're not liable! Problem solved!
Click to expand...
Some CEOs are literally that retarded, trust me.
 
SCV said:
Think about that. The benefit is removal of the ability to check if your code is secure easily.
Click to expand...

WielkiWapiesz2137 said:
I wouldn't be surprised if some burocratic faggot decided that untested code with 0 CVE's looks better than one that had plenty but is tested because it looks better on paper if you are retarded
Click to expand...

If you work for a corporation that isnt a tech company, you'll realize "security" is only about making the red box go away so the company can get certified.
 
It got overshadowed because of the Claude Code leak, but based korea proved once again why NPM and JS are The Raped™ of open source ecosystems. If you worked with NPM on the 30th, you should grep lockfiles for the affected packages.
https://venturebeat.com/security/axios-npm-supply-chain-attack-rat-maintainer-token-2026
https://ghostarchive.org/archive/ahkds

Not to be overshadowed though, Python and PyPi had their own recent The Raped™ moment last week.
https://www.bleepingcomputer.com/ne...e-compromised-in-teampcp-supply-chain-attack/
https://ghostarchive.org/archive/CCfbK
 
Ferryman said:
Is there any stable link leading to the entire leaked codebase? Useful or not, I want it in my collection.
Click to expand...
It's unlikely that any mirror is stable because Anthropic is currently going on a DMCA spree, but archive.org has a mirror of the original Xitter poster's upload (currently, as of the time of posting. It may be deleted when Anthropic employees wake up). archive.today, megalodon.jp and ghostarchive.org don't have working copies of the original source. OpenClaude is probably the most stable because it modifies the code slightly to accept non-Anthropic models. Null is having enough trouble with DMCA at this point, so I don't think any of us should post the source code here unless he gives us the clear.

Someone on Xitter made this diagram of Claude Code's flow if you're too lazy/unable to access the source code.

1775027134716.png
 
Goose the Redeemer said:
RIPgrep is written in Rust, so that means that it's faster, safer, and bug-free.

rg can be useful in some situations, e.g. obscenely large files, but it is definitely overhyped and a good example of why rust shills will never be real programmers. The only people who think rg is better either don't know how to use the tools that already exist, or are doing something very wrong.

- grep is a standard, not a specific implementation; rg is not a grep and has no business having grep in the name
- tools do not exist in isolation which is why specifications (and conformance) are important; I can't (easily) integreate rg into my toolset so it is less valuable, even if it were faster
- the multi-threading etc. has a "warm up" time so it's actually slower for "small" use cases (which is almost everything that I've tried it for)
- "it it has better defaults" ? alias
- "it reads .gitignore" ? git grep
- "it has full unicode support" ? no it doesn't
- "but I have six gorillion niggabytes of code in a mixed language repo and I need to search all files of one specific language only but they're all over the place and I don't believe in file extensions so I have to search by mime-type" ? ngmi
Click to expand...
If I'm going to use anything outside of the standard tools. It's usually fd rather than rg. fd does have some actual conveniences when used in an interactive shell, when you just want to simply find something, and even when setting aliases for find to try to replicate it, I do find fd's behavior a bit more convenient. If you're trying to do something more complex using the normal find is going to be better, because it does way more than show filenames that match a pattern. It does even more than I know about, because I've never bothered to actually fully go through the man page.

When I grep, I usually just use grep. The place where I see rg as an often used alternative is for a specific kind of script. Usually it's in combination with a fuzzy finder. it give you "interactive ripgrep". When you have the finder open, and it updates the regex with every character you type. Which is why I keep it on my system. It does seem to do pretty well in that situation.
 
Someone did a AI agent created clean room reverse engineer of Claude Code in rust lmao. Now baiting anthropic to DMCA him.
some guy with an opinion said:
When are people ever going to learn that if all you do is smash libraries together, then you're not a programmer and the bloated garbage you write is guaranteed to be full of CVEs and other soy?
Click to expand...
When NIST makes HolyC manditory and retards keep bricking devices via the JIT compiler.
 
some guy with an opinion said:
When are people ever going to learn that if all you do is smash libraries together, then you're not a programmer and the bloated garbage you write is guaranteed to be full of CVEs and other soy?
Click to expand...
When schools stop teaching that you should maximize code re-use. When the graybeards stop telling horror stories of copy-pasted code blocks, then enforcing architectures to prevent their PTSD. When "efficiency" stops meaning your Sonarqube scan came back with 0 duplicated lines.

I used to end this rant with "real programmers implement everything themselves in half a day", but we're now in the era of AI. So maybe your AI implements it for you, or maybe we're fucked and nobody will ever implement their own utilities again, because they don't know how. Maybe both.
 
some guy with an opinion said:
When are people ever going to learn that if all you do is smash libraries together, then you're not a programmer and the bloated garbage you write is guaranteed to be full of CVEs and other soy?
Click to expand...

The natural conclusion to this line of thinking has you wanting to write an app that stores data in a database, so you write your own database driver which connects to your own database which stores data on a filesystem you wrote which runs on the operating system you wrote and it all compiles using the compiler you wrote. Say all you want about Saint Terry's genius in being able to build everything from the ground up but there's a reason why nobody outside of researchers and students is using TempleOS for practical purposes (remember that he did all his streams from a box running Ubuntu). At some point you have to assume that most other people care about shipping quality software at least half as much as you do or else you'll never get anything practical done.
 
Honestly, the most tiresome thing about this whole bullshit is that the news feeds are full of "CLAUDE LEAK CLAUDE LEAK OMFG" when it's really just the cli
Like, for the normal user, there's nothing of substance being gained
 
XL xQgg?QcQCaTYDMjqoDnYpG said:
why the disrespect towards @CrunkLord420?
Click to expand...

I doubt he has access to those numbers, but if we graphed the number of people who played Crunk's games on a dedicated TempleOS box, the number of people who played them on TempleOS via an emulator running on a mainstream OS, and the number of people who played the WebAssembly versions in a mainstream browser on a graph, the curve would assuredly be exponential.
 
Least Concern said:
The natural conclusion to this line of thinking has you wanting to write an app that stores data in a database, so you write your own database driver which connects to your own database which stores data on a filesystem you wrote which runs on the operating system you wrote and it all compiles using the compiler you wrote.
Click to expand...
You're acting like the situation is people are using libraries for reasonable things when the reality is that they aren't. Besides, libraries are always a compromise with the compromise being "I am sacrificing my understanding of my software for the sake of faster development speed" or in the average retards case, "I am sacrificing my understanding of my software in exchange for even slower development speed".

I would much rather trust a sperg who put the time into fully writing out most of everything in his project compared to someone who has 80+% (aka most web shit with frameworks on both ends) of their program written by someone else.

People should also do less web shit in general because it requires this tower of shit to work on top of instead of just building simple and high quality software.
 
Least Concern said:
The natural conclusion to this line of thinking has you wanting to write an app that stores data in a database, so you write your own database driver which connects to your own database which stores data on a filesystem you wrote which runs on the operating system you wrote and it all compiles using the compiler you wrote.
Click to expand...

Come on, dude, this is dumb. It's like seeing someone say that the average OOP maniac's 64-level deep inheritance tree is an outrageous amount of subtyping, and responding that the "logical" endpoint of that is to avoid subtyping altogether, even in such benign forms as Pascal's variant records or your average functional language's "algebraic" types (both of which are essentially a single abstract type with a fixed number of concrete subtypes in a single level of inheritance). Being against obscenely excessive overuse of a thing doesn't LAWGIC TRAP you into avoiding it altogether, it just means to only use a modest and appropriate amount of it.

No one is complaining about libraries in general, they're talking about the abominations that "package managers" encourage, which either try to do everything for you (but have a dependency tree that's 64 levels deep and each library has an average of 8 dependencies, which nobody would put up with if they had to install each library manually) or do almost nothing (like that Node package that just padded strings out to a given length, which somehow managed to fuck a lot of websites when it got deleted, when it never should have been used at all because writing your own would be faster than searching for a library to do it and would have spared you an external dependency).
 
You must log in or register to reply here.
Back
Top Bottom