Hacker News new | ask | show | jobs
by dartos 482 days ago
No gatekeeping. Anyone can write programs.

But to build something which could handle a customer’s credit card, password, or other PII and charge them for it, you better know what you’re doing.

It’s all fun and games until you’re the cause of someone’s identity or password getting stolen.

Anyone can use CAD software, but if you’re designing a public space, you better know something about safety.
2 comments
sbarre 482 days ago
To be fair, lots of "actual" programmers who don't know good from bad have been shipping insecure code to prod for decades.

AI is just another vector for this, not something entirely new.

When you have your amazing idea, instead of hiring an inexpensive low-skill developer (whose work you are also incapable of evaluating) to build and ship your idea in a low quality way, you're just paying AI to do it.

It's just putting they money into different (centralized) pockets.

link
Capricorn2481 482 days ago
No, people should not be knowingly half assing important things like PII just because "it's been done badly before." We make the good faith assumption that people who mess this up don't know better, not that they're willingly using a tool that will mess it up for them because they don't care.
link
sbarre 482 days ago
I think you misunderstood my comment..

When a non-technical person hires an incompetent developer (that they likely don't know is incompetent at the time of hiring) to build something that turns out to be insecure - because the developer didn't know any better and the non-technical person doesn't have the skills to evaluate the output - no one was trying to do a bad thing, but they didn't know what they didn't know.

The non-technical person got something that did what they asked, without understanding all the underlying deficiencies.

It's the same with AI, I don't think non-technical people using AI are thinking "I don't care that this is building garbage code full of problems"..

Just like the first scenario, they don't know what they don't know, and they end up with something that does what they want, and that's a good outcome based on their limited knowledge.

To be clear, I don't think either of these scenarios is excusable or acceptable if you're working with PII or other security-sensitive things, I was just pointing out that this isn't new.

link
geor9e 482 days ago
>Anyone can write programs.

Anyone can play the violin. Anyone can run a marathon. Anyone can …

People who spent their lifetime never quite able to sit down and write programs, for whatever reasons (time, focus, foundational knowledge, available mentors), have in the last year shipped working apps/scripts, by just saying in plain english what they wanted. That's exciting.

link