I thought modern science doesn't reject anthropomorphism anymore? That's it's more nuanced and that it caused more problems than it helped by rejecting it out right?
I think we were taught anthropomorphism was wrong and that wasn't truly settled.
Anthropomorphism between animals though, not machines.
It's the exact same logic people used for Apple computers back in the day. The idea that Macs didn't get viruses because they were inherently more secure.
But that wasn't true. It was purely a numbers game. Windows' popularity was so far off the charts that hackers naturally targeted Windows users instead of Mac users; it was just a better use of their time.
The same thing is happening here. Other package managers do get compromised, but the sheer frequency of npm incidents just reflects how overwhelmingly popular Node.js and web apps are right now. JavaScript simply has a much higher usage rate than most other languages.
The problem is compounded with NPM though thanks to lifecycle scripts: yes, any and all package managers create a risk of supply-chain attack, but NPM makes it dangerous to merely open a project up in an IDE.
> but NPM makes it dangerous to merely open a project up in an IDE.
It does not. Opening a project in an IDE has always been dangerous because there are about a thousand language server and analysis tools that run in the background. This is why IDEs ask you whether you trust the contents of a repository.
An even if some automated background execution initiated by the IDE doesn't get you, running `npm run test` 15 seconds later will.
It is the same for Crates.io and PyPI they also supply scripts without asking the user so opening an IDE will run them. For PyPI you need to even execute scripts to discover the dependencies!
That's a good point. For me it's getting people to realize they need to take up practice that help minimize these things. It's kinda us and them problem.
We need to ensure we don't just blindly install the latest, patch every CVE by just bumping everything to the latest even if the vulnerability has nothing to do with their system or use of said library.
We should have rules that we install the latest that's older than three days.
We should be running "npm audit" and other stuff like Trivy.
That being entirely unfair. It is still a skill. They still learning stuff. It does not help them to be trapped in a bubble. But nothing is not transferrable. Things we learn, even if they are only a React can't write vanilla JS, it's still unfair to say they have no skill.
Just not a correct interpretation. Many skills start that way and even some people make a whole career mastering one thing and one thing only.
Not saying being trapped in React land unable to break out is good. But being able to create something, even if it's just with Nextjs is still a good thing.
We should hate on the businesses that force us to take shortcuts, value quantity over quality. They wanted boot camps with code monkeys.
I've tried these with Claude various times and never get the wrong answer. I don't know why, but I am leaning they have stuff like "memory" turned on and possibly reusing sessions for everything? Only thing I think explains it to me.
If your always messing with the AI it might be making memories and expectations are being set. Or its the randomness. But I turned memories off, I don't like cross chats infecting my conversations context and I at worse it suggested "walk over and see if it is busy, then grab the car when line isn't busy".
Even Gemini with no memory does hilarious things. Like, if you ask it how heavy the average man is, you usually get the right answer but occasionally you get a table that says:
- 20-29: 190 pounds
- 30-39: 375 pounds
- 40-49: 750 pounds
- 50-59: 4900 pounds
Yet somehow people believe LLMs are on the cusp of replacing mathematicians, traders, lawyers and what not. At least for code you can write tests, but even then, how are you gonna trust something that can casually make such obvious mistakes?
> how are you gonna trust something that can casually make such obvious mistakes?
In many cases, a human can review the content generated, and still save a huge amount of time. LLMs are incredibly good at generating contracts, random business emails, and doing pointless homework for students.
And humans are incredibly bad at "skimming through this long text to check for errors", so this is not a happy pairing.
As for the homework, there is obviously a huge category that is pointless. But it should not be that way, and the fundamental idea behind homework is sound and the only way something can be properly learnt is by doing exercises and thinking through it yourself.
Yeah, ChatGPT's paid version is wildly inaccurate on very important and very basic things. I never got onboard with AI to begin with but nowadays I don't even load it unless I'm really stuck on something programming related.
So what? That might happen one out of 100 times. Even if it’s 1 in 10 who cares? Math is verifiable. You’ve just saved yourself weeks or months of work.
The kind of mistakes it makes are usually strange and inhuman though. Like getting hard parts correct while also getting something fundamental about the same problem wrong. And not in the “easy to miss or type wrong” way.
I wish I had an example for you saved, but happens to me pretty frequently. Not only that but it also usually does testing incorrectly at a fundamental level, or builds tests around incorrect assumptions.
I've seen LLMs implement "creative" workarounds. Example: Sonnet 4.5 couldn't figure out how to authenticate a web socket request using whatever framework I was experimenting with, so it decided to just not bother. Instead, it passed the username as part of the web socket request and blindly trusted that user was actually authenticated.
The application looked like it worked. Tests did pass. But if you did a cursory examination of the code, it was all smoke and mirrors.
Yeah recently it had an issue getting OIDC working and decided to implement its own, throwing in a few thousand extra lines. I'm sure there were no security holes created in there at all. /s
yes i wished i had safes some of my best examples too. One i had was super weird in chatgpt pro. It told me that after 30 years my interest would become negative and i would start loosing money. Didnt want to accept the error.
Errors compounding is a meme. In iterated as well as verifiable domains, errors dilute instead of compounding because the llm has repeated chances to notice its failure.
> So based on the article's own observation: no, of course not.
This had very little to the discussion. Of course it can't be replaced. Code is created by humans, and as long as we have opinions nothing gets truly replaced. Just decreased usage over time.
> C++ and Switft just became "more dominant".
Yup, like this. Of course a general statement is no.
I have very little interest in this topic. But I seen this SAME comment a million times on anything thats new that attempts to challenge something. And as usual whether something "dethrones" something is less interesting than what changes or ideas that it offers.
Just like ALL those you listed, they didn't replace any of those, but they definitely challenged the ecosystems, or improved the old ones.
Naunce discussion is far more interesting.
For example, why do you think Carbon won't be able to gain dominance over time? I mean I think thats a huge hurdle too.
You've apparently read the reverse of what I said. I said the new thing didn't replace the old thing, and that therefore the idea that "we are doing the same, and it will replace the old thing" is nonsense. I did not say that because it can't replace it, it is therefore not worth doing. It absolutely is, like all attempts at making things that "solve the problems that C++ has" have been varying degrees of worth it. But the idea that it can, let alone will, replace the original is such an obvious "no" that the title is clickbait. Or slide-bait (since it was originally a conf. talk)
The way that company has posted blog where they seem to have complete lack of understanding what graphql is and their comments on dev.to show a huge amount of disrespect.
The blogs posts comments themselves shows the company's author of these seems dense, rude and unknowledgeable in what they argue. Which also means their product they are making is likely being made by the same mindset.
Definitely wouldn't trust them.
It seems also like a ploy to get attention, which is definitely gonna keep me away from their product.
Seriously, check out these comment section. It's like they posted about something they have no clue about and then are gonna defend it to their grave regardless if they are wrong.
Wait until some security flaw comes out and this attitude makes them unwilling to admit they are wrong. Gross.
> Even if that was true, the above is 7 lines of code. That is 3.5 times as many LOC as my 2 liner. Science shows us that the amount of resources required to maintain code is proportional to the LOC count. Your example is hence 3.5 times more demanding in both initial resources to create it and resources required to maintain it. One of OOP's sales pitches was "that it makes it easier to maintain your code". You just scientifically proved it wrong ...
I think it has to be trolling, right? I haven't seen mention of LOC as a useful metric since the oughts.
Anyone who's been in the game long enough will tell you that, outside of tight performance-critical loops, developer experience trumps everything. And you cannot reduce devX down to a single number.
> If OOP was a solution to anything really, we wouldn't need design patterns, clean architecture, or SOLID design principles.
He's not wrong. I loved moving from C to C++ polymorphic code is such a cool concept but after a while you realise it really doesn't solve anything on its own.
Then you start to encapsulate everything in an attempt to separate concerns then you realise that separation of concerns is actually quite easy if you separate data from function and make sure functions have no side effects, something OOP encourages the exact opposite of.
I think we were taught anthropomorphism was wrong and that wasn't truly settled.
Anthropomorphism between animals though, not machines.
reply