HackerTrans
TopNewTrendsCommentsPastAskShowJobs

niros_valtos

no profile record

comments

niros_valtos
·el mes pasado·discuss
I think that the cost of Opus is already prohibitively expensive, so not sure how that would compare to Mythos. Check this calculator- it shows that a company with 100 devs can hit ~2.5M cost on tokens annually, which is wild! https://ai-cost-calculator.arnica.io
niros_valtos
·el mes pasado·discuss
[flagged]
niros_valtos
·el mes pasado·discuss
[flagged]
niros_valtos
·el mes pasado·discuss
This is the supply chain problem climbing up a layer. We spent a decade learning not to pipe random scripts into a shell, and now agents will happily read a repo's files as instructions. Better detection of malicious comments will not fix it. An agent reading a file should never treat the contents as commands, the same lesson SQL injection taught, relearned for LLMs.
niros_valtos
·el mes pasado·discuss
[flagged]
niros_valtos
·el mes pasado·discuss
[flagged]
niros_valtos
·el mes pasado·discuss
The line I'd draw is accountability: who owns it in prod at 3am. Vibe coding is fine for throwaway and prototypes, and it becomes a problem when the prototype quietly turns into the system and nobody can explain how it works. Don't get me wrong, there is a room for production systems coded completely with AI, it just needs to be more thoughtful in the way it is done.
niros_valtos
·el mes pasado·discuss
We hit this too, and what helped wasn't more reviewers. We pushed the trivial checks (style, obvious bugs, secret and other deterministic scanning) onto automation so humans only look at intent and design, and the trap to avoid is letting AI both write and "review" the code, since you want the review signal independent of what generated it. There is another way we are experimenting these days too - building a gauge of how much a human in the loop is needed based on our confidence on the changes AI analyzes.
niros_valtos
·el mes pasado·discuss
[flagged]
niros_valtos
·hace 5 meses·discuss
Definitely not a surprise they ship it. This is manageable for a small subset of repos scanned once. Reality is that code changes frequently and such rescans are expensive especially with thinking models. You can open a PR too, but then there are other missing workflows as rebasing when there are conflicts, finding the devs with the right expertise to review/test the fix, etc. bottom line - I see it is an interesting research tool but not more than that.