A bug of this type is either an honest typo or a sign that the author(s) don't take security seriously. Even if it were a typo, any serious author would've put a large FIXME right there when adding that line disabling verification. I know I would. In any case a huge red flag for a mitm tool.
Seeing that it's vibe coded leads me believe it's due to AI slop, not a simple typo from debugging.
I love the real feedback tbh, I am still learning, and want to learn as much as possible. Would love if you can review it and tell me bluntly either in the repo or here the things that should be improved. I would love to learn more from you and get better :D
I'm not going to review it in full, sorry. Reviewing is so much more effort compared to producing something with AI. But don't let me deter you, keep on learning and keep on building.
I wish I had the possibilities to learn and build on such a large scale when I started out. AI is a blessing and a curse I guess.
My own early projects were most definitely crap, and I made the exact same mistakes in the past. Honestly my first attempts were surely worse. But my projects were also tiny and incomplete, so I never published them.
However: What little parts I did publish as open-source or PRs were meticulously reviewed before ever hitting send, and I knew these inside and out and they were as good as I could make it.
Vibe-coded software is complete but never as good as you could make it, so the effort in reviewing it is mostly wasted.
I guess what I'm trying to say is I'm a bit tired of seeing student-level projects on HN / Github cosplaying as production ready software built by an experienced engineer. It used to be possible to distinguish these from the README or other cues, but nowadays they all look professional and are unintentionally polluting the software space when I'm actually looking for something.
Please understand that this is not specifically directed at you, it's pent up frustration from reading HN projects over the last months. Old guy yelling at clouds.
it is incredible that people pointed out very specifically what's wrong and you fell back to weaponized incompetence to shift the intellectual and mental burden of reviewing the code to outsiders instead of thinking for yourself. this is the problem with relying on LLM,s instead of thinking for yourself you just ask LLMs, and now other real people "idk just fix it for me make it work". do you really not see the problem with this?
I got a major reprimand because I answered too many questions posted in the public channel. All in my area of expertise, mostly after hours.
At first they said it was "great". But it soon turned sour and resulted in "it seems like you spend too much time answering questions", and I should "focus" and "free up" that time to work on my assigned tasks.
Well, I don't answer anything anymore. In fact nobody does. It used to be that you got precise technical answers from someone directly working on the tool or problem you asked about. The previous CEO would sometime even answer themself. Not anymore.
Now people ask, but nobody answers. The rest has devolved into LinkedIn style self-promotions and announcements.
Lots of people haven't had to actually restore their data. Somehow it has good marketing. I used it for a while and was not impressed. Random Python errors, requires too much scripting, and at least on my data terrible restore speed.
I followed development on Github and what I saw in terms of fixes and commits gave me pause. Not how I like my critical backup software written.
Don't ever travel, never change anything related to billing except to update your cards before they expire. Don't change your name, email adresses or lose access to your phone number, and as we know now also don't ask support.
Then don't use any uncommon tools, e.g. ones associated with 'hacking', or store any copyrighted files in their cloud.
If there's any issue or error with logins etc., don't retry too quickly or too often or that in itself will be suspicious. Wait a day between requests, and double-check everything before retrying. Do not retry from a different IP or worse a VPN, or that will also be suspicious.
That should just about cover the bases for most providers.
Yes, it's insane and obviously you still need a backup of all your stuff just in case.
> "What do you think about the comments of user XYZ"
Wow that is really scary. Never did I ever think someone would actually go through all my old comments, analyze them in detail and then judge me based on them (my real account, not this throwaway).
Yes I knew it would be theoretically possible, but you'd have to be a total stalker and real creep to actually do it. Now anyone with an LLM can just do it without a second thought.
And it'll only get worse from here on. I'm sure there is at least 1 comment somewhere on the internet by me where I wasn't too nice, or a like / upvote on a questionable opinion or something.
If it's in any way connectable to me future AI tech is going to find it. Probably even across accounts, matching writing styles and whatnot.
I seriously think I'm going to stop posting on the internet for good.
Wouldn’t surprise me if some throwaways could be linked to real afcounts, and if real accounts could be linked to other real accounts,
Both ones on HN and elsewhere on the intenet, from Reddit to usenet.
I suspect doxing with AI would be quite easy too, judging the way accounts talk in the same way things like gait recognition can work, link the accounts, narrow down the person, build a profile. Suddenly it becomes user abc123 is linked to (list of 30 accounts from discord to flyertalk), based on these posts about flying on us airways a lot in 2015 and these posts about Las Vegas and these about a morning flight and this picture from linked Twitter account the person worked in this industry and lived in this location from this time to that time and is likely this person on linked in.
Anonymity is dead. Historically as well as in the future. But HN still think governemt is the problem and the gdpr is bad because it disincentivises holding onto data.
> I seriously think I'm going to stop posting on the internet for good.
I had similar thoughts, but it would probably not make a difference, at this stage. What is there stays there - either online, as in the case of HN, or as part of some collected dataset.
In hindsight: the world changed in so many ways, from the world I knew some twenty years ago, and I am not even talking about politics or technology: the attitudes and perception of people seems to have changed in many ways. Back then I thought it would be of benefit to be open and upfront about things. Now that is no longer a common perception.
What does "chore" mean in this context? Is the license just leftover from some MS open source template? If so there is perhaps some leeway, and the author maybe just didn't realize he needed to use the original MIT license file including the notices and not just a template one grabbed from the internet.
Any other explanation for such a "relicensing" would be extremely worrisome.
"chore" just means the type of change; as opposed to a fix, a feature, refactoring, there are some things that you have to do in the repo that can be called "chores".
Right. It derives from the idea that programmers are supposed to find "solving interesting problems" pleasant. On the other hand, boring, repetitive tasks are called "chores".
Some organizations strongly encourage marking all commits as one of a list of categories such as "feature/fix/chore/...". The tags are then bound to loose all meaning (literal or figurative) very soon.
Unless there was some "conspiracy" to violate the license (my original comment was an attempt at playfully hinting at that possibility, though I don't find it very likely), I'm sure the person who wrote that commit message thought about it for less than three seconds.
A more complicated way to do it is to add a folder that contains the original LICENSE file or files. Sometimes there is more than one license, or the license texts differ. In that case, you must preserve all the different variants, even if they all call themselves MIT.
Then, you can optionally add your additional own LICENSE file * only iff* it is compatible with all existing LICENSES. In the case of the MIT license, you may relicense, sublicense, or use a different license in addition, provided it is MIT-compatible. With e.g. GPL you can't. Note that you still have to preserve all the original LICENSE files in the repo.
Once you change the copyright line, you no longer include "the above copyright notice". At that point you're violating the license.
You are also not allowed to change the copyright notice or license text in any way (you may however add to the license, which is a loophole other licenses such as GPL fix.)
Substantial is subject to (legal) debate as the Oracle vs. MS case has shown. Whole functions or large parts of files however should always be considered substantial, as the software would otherwise not work.
I'm seriously flabbergasted at how bad reading comprehension seems to be among coders.
> I'm seriously flabbergasted at how bad reading comprehension seems to be among coders.
Sorry to deflate your amazement, but I made the remark because I have never seen a permissively licensed repository which changed hands and had multiple copyright lines in the last 20 years or so.
Maybe it's not my reading comprehension (and English is not my native language to begin with), but the behaviors of other coders to begin with.
Maybe we shouldn't point fingers to others and not forget that three are pointing towards ourselves. Eh?
I've seen plenty of both. I've added one good example in my other comment. But it certainly depends on the community and programming language as to how serious licensing is treated.
But yes, many people are not complying with the license literally, and it's frustrating to see. I know it basically doesn't matter unless you go to court over it, but still it irks me and screams a sort of carelessness about the rules and social contract.
Sorry for criticising your reading comprehension, I did not mean it as a personal insult.
It's just that I see these types of responses so often, basically every time any licensing question comes up. Twice in this thread. And all that's required is to just read the very short and basic MIT license text itself, no lawyering required.
I can understand the native speaker part, but just know that I myself am not a native speaker either. But I understand that's a huge barrier.
But even native speakers on HN with serious software engineering jobs and skill don't understand it, or don't want to understand. I think it's a bit like when people see math proofs, they mentally just skip over it.
I was briefly diagnosed with "99.9% sure it's cancer" before it turned out to be benign. Say about 2-3 weeks.
In those few weeks my main regrets were a) not having done many of the things on my bucket list, and b) not having children or not going to be live long enough to see them grow up.
I'm someone with recurring nightmare about career goals and such. However at that time, work only crossed my mind briefly and was easily dismissed.
> I was briefly diagnosed with "99.9% sure it's cancer" before it turned out to be benign. Say about 2-3 weeks.
This is similar to my situation, except I was told, “We’re 99.9% sure it’s not cancer, so relax bro, don’t even worry about it.” Apparently, my age made it incredibly unlikely. “We’d be far more concerned if you were an older gentleman.”
Imagine my surprise when I got called back and they told me the complete opposite.
It worked out in the end as apparently they caught it so early that it had only just turned into cancer. If they had found it even weeks or months earlier, it would not have been cancer yet, just precancerous apparently. This claim seems dubious to me, I mean, how do you tell that? However, I am not a doctor, so what do I know. I do worry sometimes though that perhaps they overstated it and blew up my life over nothing.
I was told to consider myself lucky it was caught when it was as apparently it almost never happens. Again, a claim...that I don't know is accurate, or just something they told me to get me to relax.
You also might think that after something like that, that if something else occurred with my body, people might pay me more heed when I raised it? Well, you would be mistaken. Because I walked right into a goddamn spinal cord injury (incomplete at least, you gotta take the small wins) because they did exactly the same thing again. "Its just stress, probably working too hard, just dont think about it."
Turns out no amount of relaxing is going to walk back severe central canal stenosis resulting in severe cervical myelopathy with significant spinal cord signal change.
I care. It's frustrating sometimes, but I still can't help myself.
Working with people that also care (and are empowered to do something about it) is the greatest thing. I've worked in several such teams over the years and it's absolutely awesome.
On the opposite side, working on a team that doesn't is the worst.
I've actually been reprimanded by middle managers for caring, because caring sometimes takes more time than planned, and an arbitrary internal deadline wasn't met. I've come to realize they do in fact care, just not about the software but only about their own promotion. And the core issue is that they don't actually know why their own deadlines and feature requirements exist, they just get them handed to them.
This is different when you work closer to and with a customer directly. They know exactly what's important and why they need X or Y. When someone actually has to deliver results and deal with the users, they are more invested in having a working system. Here, caring involves finding the "right" person (usually not the one in charge), talking to them and figuring out what they really need (not want) and how they're using the system.
In such a setting, caring and building stuff that truly works is also reflected in performance reviews as everyone including the customer is happy.
You really have to pick your battles. I've had to make some concessions myself: some stuff turns out to be more complicated or unclear than it is at first glance, and sometimes you really don't have and can't make time for it. And in really large companies, there are sometimes so many people involved that you often can't get the answers you need or access to the person you need. Or you end up at legal which is more often than not a dead end.
Since you asked: Not in a million years, no.
A bug of this type is either an honest typo or a sign that the author(s) don't take security seriously. Even if it were a typo, any serious author would've put a large FIXME right there when adding that line disabling verification. I know I would. In any case a huge red flag for a mitm tool.
Seeing that it's vibe coded leads me believe it's due to AI slop, not a simple typo from debugging.
reply