>>108989557
I thought forcing 2FA up everyone's ass was supposed to make this impossible.

>>108989614
2FA is a meme. I'm so sick of these memes.

>>108989557
>Moshe Simon Tov Bustan
I felt my credit score go down just reading his name.

>>108989614
They directly use github's systems

I'm beginning to think these hacker boys are pretty rad dudes

>>108989557
it's kind of cold we are re-entering the era of 90's level exploits. shit hasn't been this exciting for awhile.

>programmersoys vibe coding bugs into software
>securitysoys vibe finding vulnerabilities in the software
it's only natural
AI is far better at reading, reviewing and debugging code than writing code, so if you vibe code then someone else can vibe hack your shitware

>>108989734
professionally nalt vibe code here. I use multiple agents in a round robin. A planner, an executer, a performance freak, a hacker, a security expert, and a repository maintainer. perfect code every time.

>>108989749
spending so many tokens to shit out slightly better code is not profitable unless you're using deepsneed
for some reason lazy vibe coders never use DS and always go for claude

>>108989734
it doesn't find vulnerabilities.
It just spits out one of the vulnerabilities that it scrapes from the web and hallucinates the rest.
When "AI" is tasked with finding bugs in freshly made code that's never been on the net it always shits the bed.

>>108989774
my 7 saas companies make way more than tokens cost. right now is the sweet spot where subsidized tokens are producing beyond their value. fuck buying depreciating hardware.

>>108989719
Vibe coding == PHP

>>108989611
/fpbp
god keep that shit in xitter

>>108989628
It's not useless but it should always be optional.

>>108989806
>When "AI" is tasked with finding bugs in freshly made code that's never been on the net it always shits the bed.
no it doesn't
nowadays I do almost no debugging. I write the code, if it doesn't work I tell AI to find the bug. works every time.
Only time I need to manually debug is if some undocumented or poorly documented system API is returning an "invalid parameter" error and I need to debug into it to find out why.

>>108990097
all these years and i still don't know what this is
someone has a bot that scans literally every image posted on 4chan to find barneyfag's signature?

>>108989614
2FA adds a 2nd completely redundant lock to the front door. Back door remains spread, gaped, and fucked.

>>108989557
Saaars...

>>108989906
what do you fags work on that ai debugs so allegedly well, some crudslop?

>>108990792
i wrote a TLS library
gave AI the specs, told it to find the bug. "oh you're supposed to include the message header in the hash". saved me from spending 30 minutes re-reading specs and checking the code. etc.

>>108990828
well you would have learned more about tls if you did it yourself, now you're just rotting your brain playing casino with ai lol. use case for reimplementing tls tho?

>>108990875
>well you would have learned more about tls if you did it yourself
I did do it myself. I just used AI to find the bugs. It's not like I vibe coded and told AI to write all the code.
There's no difference between the AI saying "you need to do this" and me wasting hours staring at code I've already rewritten.
>use case for reimplementing tls tho?
I have special requirements which would make any open source TLS library inefficient for my use case since the Windows OS already provides all crypto and certificate handling functionality.
I tried using wolfssl anyway because I believed that a third party library would be better tested and have less bugs, but I found a serious memory corruption bug (which I reported to them). They sent me a fix and the fix broke connections with 90% of websites because they had a rounding error in converting bits to bytes. (521-bit ECC keys caused it since it's not a power of 2).
After seeing how shit their code was I decided to just diy it instead of playing casino with downloading random open sores garbage from github.

What's causing this?
>https://news.ycombinator.com/item?id=48422262
>Reminds me of the whole "Python is for Brahmins" stuff at Microsoft India office.

>>108990904
>There's no difference between
There's no difference in what I learn between*

>>108990904
from my experience with debugging it often makes wrong assumptions on where the problem is, unless it's a fairly dumb bug which i make rarely. But i guess that could save time in some cases if you win the ai casino.

Maybe for some clear cut cases with very good specs in context it might work better.

>>108990928
for me it actually solved every bug in 1 try (rarely 2) because i gave it locations of all tls specs and applicable API docs in txt format
i used deepseek v4 pro, it's pretty good. definitely worth it because it's cheap as fuck. costs about 2 cents every time i proompt it.
also it benefits from detailed information about the error, just like humans do, don't just act like a tech illiterate normie and say "waaaah it doesnt work" and expect it to magically figure things out

>>108990936
also none of my bugs were "code" bugs e.g. memory corruption or buffer overruns, all the bugs were just due to not reading the specs properly kek

>>108990139
It's a samefagging discord

>>108990940
>all the bugs were just due to not reading the specs properly kek
yeah i figured this sort of thing ai would be good at.

>>108989614
>I thought forcing 2FA up everyone's ass was supposed to make this impossible.
2FA works well as long as your computer isn't hacked and your mobile phone and email account haven't been compromised. If anything, 2FA made it easier for some hacks to work. And social engineering is still a thing in 2026.

>>108993520
2FA ignores the fact that there is always another auth flow that bypasses it. Always. I tried explaining this to retards at my work as I demonstrated 2FA was meaningless when the source of truth is a Kerberos ticket with the appropriate UPN, but whatever. CI/CD retards are finding out real fast that they should probably stop letting computers run arbitrary code automatically and go back to dev builds. Of course having reproducible builds would also be good, most most software devs are incompetent and most build systems are insane.

>>108989614
>I thought forcing 2FA up everyone's ass was supposed to make this impossible.
The spread happens because NPM still allows publishing packages without 2FA. You still have persistent tokens for automated workflows.
They just don't persist *as long* - but since it's the Github automation workflow itself that is being attacked and compromised here, the compromised workflow can just be made to get hold of a legit publishing token in an automated fashion.

The real solution?
Kill off automated publishing flows.
Every publishing action MUST be manually authorized. PERIOD.

Valve did the same with Steam. They started on that back in Oct '25.

>>108990139
>Guy posts image with timetable in eye
>Same guy posts himself "finding" it
That's all it is. Pretty dull.