Genuine question - can we even make a convincing argument for security over convenience to two generations of programmers who grew up on corporate breach after corporate breach with just about zero tangible economic or legal consequences to the parties at fault? Presidential pardons for about a million a pop [1]?
What’s the cassus belli to this younger crop of executives that will be leading the next generation of AI startups?
As ethical hackers and for the love of technology, yes we can make a convincing argument for security over convenience. Don't look too much in to it I say; there will always be people convincing talent to do and make things and disregard security and protocol.
Those younger flocks of execs will have been mentored and answer to others. Their fiduciary duty is to share-holders and the business' bottom line.
Us, as technology enthusiasts should design, create, and launch things with security in mind.
Don't focus on the tomfoolery and corruption, focus on the love for the craft.
Looks compelling from the app store page! Because I might use it I have to ask - how do permission work around messages? I'd assume something like this:
* Install App
* App cannot passively READ messages
* When I need to use the app, like in a group chat where we are spontaneously planning an event, I can invite it into the chat so that the group can input their preferences
* Other group members (who may also need to install the app) can interact with the widget to submit their planning prefferences
* Widget then WRITES results back to the chat
Does it ever read my messages? Does it ever write messages to the chat? Does my entire group chat need to install it?
Great work. Seems well targeted and that it could help a lot of folks.
this app never reads any messages. the iMessage framework is very strict around privacy...so much so that you are unable to get user information of. This is why you will see Participate 1, 2, 3 instead of the person's name. There is no way to get this information of who the sender is! Kudos to apple for this.
The only message that is written to the chat is when you hit submit. There is no external service as all information is stored as metadata on the message itself. I did not want to have an external server (which has its own challenges, see in another message around collisions).
Your entire group can see the message but in order to interact with the poll they will need to download the app. They will be redirected to the app store if they do not have the app after clicking.
And IMO it has a long way to go. There is a lot of nuance when orchestrating dependencies that can cause subtle errors in an application that are not easily remedied.
For example a lot of llms (I've seen it in Gemini 2.5, and Claude 3.7) will code non-existent methods in dynamic languages. While these runtime errors are often auto-fixable, sometimes they aren't, and breaking out of an agentic workflow to deep dive the problem is quite frustrating - if mostly because agentic coding entices us into being so lazy.
"... and breaking out of an agentic workflow to deep dive the problem is quite frustrating"
Maybe that's the problem that needs solving then? The threshold doesn't have to be "bot capable of doing entire task end to end", like it could also be "bot does 90% of task, the worst and most boring part, human steps in at the end to help with the one bit that is more tricky".
Or better yet, the bot is able to recognize its own limitations and proactively surface these instances, be like hey human I'm not sure what to do in this case; based on the docs I think it should be A or B, but I also feel like C should be possible yet I can't get any of them to work, what do you think?
As humans, it's perfectly normal to put up a WIP PR and then solicit this type of feedback from our colleagues; why would a bot be any different?
> Maybe that's the problem that needs solving then? The threshold doesn't have to be "bot capable of doing entire task end to end", like it could also be "bot does 90% of task, the worst and most boring part, human steps in at the end to help with the one bit that is more tricky".
Still, the big short-term danger being you're left with code that seems to work well but has subtle bugs in it, and the long-term danger is that you're left with a codebase you're not familiar with.
Being left with an unfamiliar codebase is always a concern and comes about through regular attrition, particularly if inadequate review is not in place or people are cycling in and out of the org too fast for proper knowledge transfer (so, cultural problems basically).
If anything, I'd bet that agent-written code will get better review than average because the turn around time on fixes is fast and no one will sass you for nit-picking, so it's "worth it" to look closely and ensure it's done just the way you want.
The agents will definitely need a way to evaluate their work just as well as a human would - whether that's a full test suite, tests + directions on some manual verification as well, or whatever. If they can't use the same tools as a human would they'll never be able to improve things safely.
> if mostly because agentic coding entices us into being so lazy.
Any coding I've done with Claude has been to ask it to build specific methods, if you don't understand what's actually happening, then you're building something that's unmaintainable. I feel like it's reducing typing and syntax errors, sometime it leads me down a wrong path.
I can just imagine it now, you launch your AI coded first product and get a bug in production, and the only way the AI can fix the bug is to re-write and deploy the app with a different library. Your then proceed to show the changelog to the CCB for approval including explaining the fix to the client trying to explain its risk profile for their signoff.
"Yeh, we solved the duplicate name appearing the table issue by moving databases engines and UI frameworks to ones more suited to the task"
Mind sharing some of your operational choices for hosting/deployment? Which Azure services are you using and what configurations? What kind of throughput are you getting? Any tips regarding migrations? Are you using a dedicated server or VPS?
I'll be doing a similar deployment later this year and enjoy reading on the topic.
Sure, but is that relevant? I'm not sure people below the poverty line are acquiring SV companies.
In this case as I understand it, no money is being paid - it's a stock deal. For stock that isn't yet publicly trading, thus 'priced' pretty speculatively. So it is pretty abstract, and unreal.
Oh there's a lot of sex cults in the SV investor sphere I assure you. Those "conquests" are happening too. Ask young women who have spent sufficient time and had exposure to the space.
You're coming awfully close to defending Comcast haha. GP's point is more that they're Comcast-like, director level incentives have become the primary focus of the company such that they will ram down dark patterns for short term profit at the cost of long term growth and product excellence - just as Comcast has done for the last two decades.
Throwing the baby out with the bathwater, Google crumbles but a few more vacation homes get purchased and a larger inheritance is built up for the iPad-kid progeny of the Google management class.
I have the same concerns. To push people to the ultra tier and get their bonuses their going to use dark patterns.
The only reason I maintain Claude and OpenAi subscriptions is because I expect Google to pull the rug on what has been their competitive advantage since Gemini 2.5.
Have you also noticed a degradation in quality over long chat sessions? I've noticed it in NotebookLM specifically, but not Gemini 2.5. I anticipate this to become the standard, your chat degrades subtly over time.
What’s the cassus belli to this younger crop of executives that will be leading the next generation of AI startups?
[1]: https://www.cnbc.com/2025/03/28/trump-pardons-nikola-trevor-...