hopefully I have a little credibility here.
LLMs do make decent first-pass code reviewers
hahahaha nope
I saw that! fortunately once iocaine is configured it seems to just work, but it's also very much software that kicks and screams the entire way there. in my case the problem wasn't even nginx-related, I just typoed the config section for the request handler and it silently defaulted to the mode where it returns garbage for every incoming request.
nope, you’ve been getting caught in the fallout from us not having this yet. the scrapers have been so intense they’ve been crashing the instance repeatedly.
oh wow you’re just like this all the time huh
no wonder you came in here to ~~scream for a disgusting chicken sandwich~~ incorrect one of my posters about their use of a common English phrase and post yet more LLM apologia barely disguised as critique
yeah nah we don’t need this centrist AI booster crap here but thanks anyway
But from all sides really, also wild to just claim they don’t know what a zero day is and that’s just made up.
some motherfuckers really see a security vendor claim a zero day can’t be exploited at scale for a local application, ignoring gigantic classes of vulnerability enabled by misconfiguration, combined exploits, or malware, and go “woof, maybe it’s true! they do make my favorite password manager after all, who are you to say they’re wrong” as a bunch of Russians walk off with their bank info
you like 80% of the claptrap keepassxc posts? no wonder you came into this kfc asking for a double down. we haven’t even served those since, like, the mid-2010s
the project’s sudden commitment to code review excellence is the exact same shit every other project pulls when there’s justified backlash in response to a policy that allows, and therefore encourages, slop code. that keepassxc keeps officially posting through it, defending code-oriented LLMs as “generally accurate”, and fucking up and showing that they don’t understand their own threat model, is the double down. I don’t particularly give a fuck that they’ve remained remarkably consistent in their policy of accepting garbage into their codebase, or that their blog’s response to the backlash has been, golly gosh, so measured! if this is how their team conceptualizes risks to a piece of software whose breach would constitute a catastrophic event.
“blackjack”? kfcs don’t allow gambling, what the fuck are you on about
And it might be debatable whether that’s a risky game.
debate the merits of slop code in a password manager elsewhere, thx
it’s only a double down if it’s a kfc sandwich where the bread is replaced by chicken. i see no chicken sandwich here, alleged posters, unlike in fuck ai where it’s chicken sandwiches all day
itt some fucker thinks slop code in a security-critical project is justifiable
froztbyte’s criticism crossed the line by a bit for a couple of admins who weighed in, and they’ve been warned to ease up. reporting a post like that isn’t bannable; we’ve got more context for a report like that than we do for some rando doing a drive-by report for a tone rule that doesn’t exist, for example.
blue misused the report system in a way that wasn’t accidental or incidental, and we felt the best course of action was a cooling off period. given that they’re welcome back in less than 4 days, I’d prefer to leave it at that.
gonna have to start cleaning up some of the posts from the more long-winded assholes with opinions that aren’t more complex than “well I trust them to not let the technology known for creating security vulnerabilities run wild on their codebase, because they made the exact same promises every other project makes when they go all-in on slop”
for a fucking password manager of all things