Transcript
A post by [object Object] (@[email protected]) saying:
courtesy of @[email protected], Proton is now the only privacy vendor I know of that vibe codes its apps:
In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!
I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957
It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f
given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
Um, it’s a public repository. You can view the code that’s been added. Even if it IS AI generated, you can review it yourself.
I’m as anti-AI as anyone but this is misplaced AI-alarmism.
Does anyone here actually review code?
Only my own code and so far most of it has been unacceptable.
Pure, unabashed honesty. I love it. 🫶
i once wrote a script to launch a program with specific flags that i think was mostly correct, it holds center place on my CV
Yes, and it's one of the most important things I do. Given the AI codegen boom we're seeing, it's also the skill I have that is increasing the fastest in value.
yes as a consultant/freelancer THIS is where the majority of my work is coming from now. if you're good at this SERIOUSLY consider consulting and freelancing for various companies that are now desperately trying to fix their AI tech debt. It's the ONE thing that is completely in demand right now due to the sheer incompetence of all these places that decided vibe coding and AI was the way to go.
you have no idea how much money you can potentially be making right now doing this. I'm booked solid for the rest of the year purely because of this.
Not gonna really be thing long-term. Up front savings vs customer long term retention. The up front savings are what business cares about. So yeah you'll get some companies who fucked up. Most just double down on the a. I.
What you're doing is entering the bargain-phase
Uh yeah? You’d be stupid not to review code, whether written by an AI or a human. I don’t trust either.
I'm guessing OP means code you use rather than code you write, in other words auditing. Likely very few of us do that with any thoroughness. IIRC proton does have some independent auditing.
That’s what I mean too. Y’all don’t just copy-paste from stack overflow praying it works do you?
That obviously not what they meant. They mean, do you review the code for every open source application you use? Do you review every library you utilize? I'm willing to be it's a no for both of these, because no one has time for that.
No, like proton mail app. Have you reviewed it? Or Signal or Veracrypt or TheNewHotness.
Does anyone here realize that one person using Cursor doesnt mean "tHeY'rE vIbE cOdInG aCrOsS tHe wHoLe pLaCe!"
Then why didn’t they just say that instead of being shady and rewriting history?
Because thier bosses aren't accounta le to you and I? That don't have to say a dn thing
that would make sense if it wasn't a fucking business selling the promise of security lol
Again. They don't answer to us. They don't have to say anything
Now. I agree that they SHOULD. It would be not only be better buisness, BUT its the right thing yo do
But no, they don't. The should.
oh so you just want to be annoyingly pedantic, cool
No. I'm saying quit bitching and switch f you don't like it. I have
Because it's also not a great idea to expose your rules files, and tell people first "oh shit, we mentioned rules files. Please don't look!" before
I'll be honest here, I've had less dogmatic conversations with conspiracy theorists about COVID. If you just need to make this a huge problem that later turns out to be a nothingburger and you'll never look back and grow as a human, then hey, you do you. But know that you'll look like a fool to anyone that isn't a goldfish and remembers more than 3 months at a time. Because you clearly don't know what's a big deal and what's not, and this is a Grade A waste of all our time to pitch a fit about.
You're a supervisor and you have 2 employees: Bill and Jim. As a supervisor your job is to ensure the work is being done correctly.
Bill is competent and rarely makes major mistakes. Jim does a decent job most of the time ... but he's also a savant at screwing up -- he regularly fucks up in ways that aren't immediately obvious but are guaranteed to cause serious problems days to weeks from the screw up.
You can glance over Bill's work and be fairly certain it's fine. You need to go over every single piece Jim's work to check for problems, and even then some are probably going to slip through.
AI is currently Jim, and Jim has no business writing code for anything privacy or security focused.
This is a great example since AI isn't taking on the role of an independent software engineer here, so there is no "Jim" and this is much less of an issue than y'all are making it out to be. You know that auto-correct is also a form of ML right? Have you considered that tools can be used responsibly and that standards for software developers still apply even when they use new tools?
Yeah, and I don't fuckin use it.
Also, my auto-correct is saying that sentence is missing a comma, so I guess you don't either.
Cool that's great. Can you tell me that none of the software you use has been developed by software engineers making use of machine learning methods?
I can: I do not use any software.
Hahaha
That is pretty immaterial to the issue. The issue is that when it comes to security, it's extremely poor form to rely on unintelligent mimicry.