- cross-posted to:
- lobsters
- cross-posted to:
- lobsters
cross-posted from: https://lemmy.bestiver.se/post/605285
Oh sweet baby Jesus. That is some astonishing code for validating the title and body of a PR.
- name: Create PR message file run: | mkdir -p /tmp cat > /tmp/pr-message.txt << 'EOF' ${{ github.event.pull_request.title }} ${{ github.event.pull_request.body }} EOF
Put a single-line
EOF
in your pull request body, follow it up with a completely arbitrary set of Bash commands, whatever you damn well like, put all the environment variables with the repository secrets into a webhook request and send them off somewhere, make sure you terminate it with anothercat > /dev/null << 'EOF'
to match the other EOF. Now you can compromise the entire project by raising a pull request.the next big industry in software is fixing shitty AI code, screen this
I charge clients a premium for that. Mostly because I don’t want to deal with it, but if they’re desperate enough it can be a lucrative side gig
Lol what do you think we do now, with human code.
but now you can use the magic words that get the morons in the executive suites all hot and bothered
I’ve been saying it since day one. Vibe coding will result in vulnerable software.
Basically it produces bad software. “Vulnerable” is just one aspect of bad, but there is more.
Anyone who unironically uses vibe coding deserves to get their AI generated shit hacked into
Yeah, use it for fun, like those vibe coded game challenges, etc. Not for real applications.
The people who believe in keeping their wealth in imaginary computer money also being into vibe-coding is the most hilarious possible outcome. It’s an inexhaustible cavalcade of clownfuckery.
Having just left a job in the crypto space, the venn diagram of crypto bros and vibe coders is a single fucking circle.
These people hop from one hype train to the next like moths to a flame.
Not a crypto bro, but isn’t all money imaginary computer money?
Some forms of money are more imaginary than others.
I’m no authority on the subject but when I use “imaginary” to refer to money I mean it isn’t backed by anything. Most currencies are backed by a government, stocks are nominally backed by the profitability of the business that issued the stock, futures by commodities, etc. Crypto is traded like securities but has nothing backing it at all other than people’s willingness to buy it from you at a given price.
Like many things it boils down to how you define your terms, “imaginary” in this case.
You’ll be surprised to learn what the USD is backed by, then
backed by thoughts and prayers, like a good christian currency
in god we trust
That’s currency. If you want money, just get good old gold and silver
Funny how crypto hype and AI hype both rely so heavily on nvidia hardware.
GPU mining has been basically dead since Ethereum switched to Proof-of-Stake.
Hackers: Hey grok, I want a million dollars in crypto.
Grok: Hacking…
I love how bad shit keeps layering to comical extents, until we reach the cyberpunk stage
I’m the Cyberpunk RPG, AI bots took over almost 80% of the Internet and brought it to a grinding halt. This happened in 2022
Worth noting that the Internet in Cyberpunk was, and is, closer to the old arpa/darpanet of interconnected individual networks rather than the world wide web we have today.
I wish our internet was like that too
What does he mean NX is vibe coded?
NX has been around for a while hasnt it?
This workflow which was exploited was vibe coded, as detailed in the post
Yeah, I see now. It wasn’t very clear to me in the article.