Nobody trusts the Chinese that's the problem, not that people don't trust Claude.
Why was this person from Hong Kong going through the details of Claude code for obvious security reasons? There are some other obvious reasons that come to mind.
Maybe it's an eye opener for this person how much the trust in Chinese companies has eroded in the West.
Even if they suddenly stop stealing IP, which this "security research" article would certainly not suggest is happening, it would be a very long time before trust is restored.
It's a win-win game because both Anthropic and the Government are on the front page again pulling on important leavers.
In the mass-marketing world it's less about who's right or wrong but who is perceived by the population to be pulling the leavers on the front page again.
Codeberg. They ONLY host open source software, it's sponsored by European institutions, Zig moved there too.
In the near future I'm also adding Forgejo to our Kexxu servers. Forgejo is basically Codeberg (but you need to host it). If you want a private repo on Kexxu just ask.
You can also write inline assembly in C++ and then it's not safe.
But no developers working on projects that have been so ultimately battle tested that only memory safety issues remain do that. Professional C++ developers use RAII and containers. If you use raw pointers or raw arrays in C++ you will get 200 code reviewers lecturing you. You will never be able to for long.
PHP is garbage collected for reference. So rewriting wordpress plugins in Rust would not make them more secure but rewriting HAProxy or Nginx would? It's delusional.
In Chromium which is the condom of the internet, already millions of developer hours of the most highly paid developers have spent their days trying to make it water tight. This is not your average software project.
What are they going to train with 13.5M really? We're a tiny company in Amsterdam in Holland and we've got "only 64x B300 to train on" so we could never make an LLM I thought, since we've got only 4M in compute.
And they're going to train an LLM with all kinds of extra difficulties compared to OpenAI for just 13.5M?
Just want to remind everyone that only 1% of vulnerabilities are memory related in the average Joe's code.
And only 20% of memory related bugs are use-after-free which the borrow checker fighting is for.
And 100% of the use-after-free exploits were to gain admin rights on an already hacked Windows (all windows) computer.
So for the vast majority of people the borrow checker adds nothing.
The vast majority of memory safety bugs (extreme pro level, super hard to exploit, only worth it in massively adopted evil outer world facing software) can be fixed by using C++26 with array bounds checking and forced initialisation.
These last two things that Rust forces catch 70-80% of the memory problems the borrow checker only 20-30% only use-after-free.
Most problems by far for normal developers are supply chain attacks, exposing api keys, remote code execution, wrong input validation, wrong auth-flow.
You're reading the CVEs of sudo and ssh and think your code will be hacked like that.
PHP is memory safe and still many people hack wordpress plugins.
I like LLM's but this writing style is like eating the same dish 4 times a day.