this is definitely a backdoor, not necessarily that they use it to infiltrate users but definitely they put them at risk.
reminds me of a bug I found in some tplink router it compared passwords of 3 different users but that table was empty so basically 15 NULL bytes would log you in as admin lol
in the olden days (pre-LLMs) we would write high-level code.
the entire layer was high-level code and rarely would we ever need to peak into the assembly:
writing, debugging, architecting, reviewing, testing - all were done in the high-level language layer.
---
welcome to present day:
since we don't write code - we write intents, we also shouldn't review code either - we should review intents.
I don't review my code anymore. I ask the agent to generate markdown docs, graphviz diagrams, changelogs, audit reports, etc. I only review that.
I also ask it to write test and evaluate by whether the tests passed or not. I don't need to peak into the tests code - I can also ask plain english, pseudocode, control flow graph, whatever it is I want.
I can ask it to find errors or missing tests and improve that too!
code is like assembly now.
rare are the cases you would need to peak into that level.
"the code review: if you can’t review code, you can’t direct AI tools. You cannot lead a team. You cannot even trust your own work."
I would revise that a bit
since we don't write code, we write intents - we shouldn't review code either, we should review intents.
I don't review my code anymore. I ask the agent to generate markdown docs, graphviz diagrams, changelogs, audit reports, etc.
I only review that.
I also ask it to write test and evaluate by whether the tests passed or not.
I don't need to peak into the tests code - I can also ask plain english, pseudocode, control flow graph, whatever it is I want.
I can ask it to find errors or missing tests and improve that too!
so yea - code is like assembly now. rare are the cases you need to peak into that level.
I am using cursor on auto and I got the exact same experience.
installed quartz, used accessibility and screen recording api, all that.
initially it managed to do it on another desktop space somehow, opening safari in the background without me even noticing. but then it actually started using my own mouse while I was using it lol
reminds me of a bug I found in some tplink router it compared passwords of 3 different users but that table was empty so basically 15 NULL bytes would log you in as admin lol