[ahwelatif]

I'm relatively confident this critique is AI-powered. The dead giveaways:

1. Verbosity. Developers are busy people and security researcher devs are busy even moreso. Someone so skilled wouldn't spend more than 2-3 sentences of time in critiquing this repo.

2. Hostility. Writing bug free code is hard, even impossible for most. Unless your name is Linus Torvalds, Richard Hipp, or maybe Dan Abramov, most devs are not comfortable throwing stones while knowing they live in glass houses.

3. Ownership. "Killshot" comments like this are only ever written by frustrated gatekeepers against weak PRs that would hurt "their baby". Nobody would get emotionally invested in other people's random utility projects. This is just a single python file here without much other context.

4. Author. The author is still an aspiring developer. See their starred repo highlighting adherence to SOLID/DRY principles as a primary feature of their project. Not something you'd expect to see from a seasoned security researcher. https://github.com/SSD1805/EchoFlow

5. Content. The critique is... wrong. It says the single file, utility repo is "awful" for being a "less maintainable" monolith. Hilariously, it calls the code bad because it does not need dependency injection. This was a top critique in the comment!

--

Regardless of political persuasion, I hope this trend of using AI to cyberbully people you don't like goes away.

[DonHopkins]

I hope this trend of DOGE using the US Government to cyberbully people they don't like goes away.

[arrowsmith]

Once you've read enough ChatGPT slop, you know it when you see it:

- Massive verbosity.

- Flawless spelling and grammar.

- Grandiose tone.

- Robotic cadence where every paragraph and sentence has similar length (particularly obvious in longer text.)

- Em dashes everywhere.

- The same few stock phrases or sentence structures used over and over - e.g. "This isn't X—it's Y", which that issue uses twice in two paragraphs:

    There is nothing "hardcore" about writing fragile, insecure, and unscalable code. This isn’t pushing boundaries—it’s demonstrating a lack of engineering fundamentals.

    If this is what was learned at previous jobs, then it’s time to unlearn it and start following best practices. Because right now, this is not just bad engineering—it’s reckless.

If AI didn't write that snippet then I'll permanently retire from internet commenting.

(None of what I just wrote is intended as a defence of DOGE.)

[Shocka1]

These are all good points, and I agree. The Em dash I've noticed a lot. One additional is over usage of adjectives like "robust" or something that came out of the third option in a thesaurus.

As someone who has been using regular dashes and words like "robust" for years, I've had to purposefully dumb down things like my resume/CV and internet comments. Like many of us here, I'm coming from a generation that actually had to write 100% of the research paper instead of an AI generating it for me. So I always took great care to aim for something close to perfection in writing.

[watwut]

The point 2 makes me think you did not read what developers write on the internet, in particular in flame war, in particular when they have beef with whoever they argue with.

Verbose hostility of that kind and throwing stones, even nitpicking with exaggerated outrage are no exception. And lack of experience never stopped people from feeling and behaving like god given gift to programming profession.

[bryanrasmussen]

a propos number 2, I think this is only a feature of seasoned developers who have managed to outgrow their own high opinions of themselves. I've met plenty of younger devs who would totally write something like this taking down the work of someone whose style did not align exactly with what they considered "good".

[paulgb]

I agree on all counts. The readme of the repo you link also smacks of an AI generated summary of the codebase. (Frankly, I don’t think the AI was able to understand what the code in that repo does, which is my guess as to why it talked much about form rather than function.)

[dragonwriter]

> Developers are busy people and security researcher devs are busy even moreso.

Neither the critique, the critiquer's profile, nor even the Krebs article says that the critique is a security researcher, and it definitely isn't the case that all devs are particularly "busy people". You yourself argue later, in fact, that the signs are that the author is not an experienced dev or security researcher, so it is nonsense (even more than assuming an average rules out an exception in the group) to argue that the code is AI-written based on the assumption that normally, a security researcher would be too busy to write it.

> Hostility. Writing bug free code is hard, even impossible for most. Unless your name is Linus Torvalds, Richard Hipp, or maybe Dan Abramov, most devs are not comfortable throwing stones while knowing they live in glass houses.

If you've been online more than about 5 minutes, you know that there is no shortage of hostility, and that even if it isn't most of any given community, its a highly visible subset of any community online.

> "Killshot" comments like this are only ever written by frustrated gatekeepers against weak PRs that would hurt "their baby". Nobody would get emotionally invested in other people's random utility projects.

The only reason we are talking about this on HN is that this isn't some random "other people's random utility project". The critique was posted while the author of the code being critiqued was a high profile figure in current news stories, and the critiquer posted a more explicitly political followup the day after the original critique addressing the author's highly-publicized resignation due to the news coverage.

> The author is still an aspiring developer. See their starred repo highlighting adherence to SOLID/DRY principles as a primary feature of their project.

That...doesn't support the critique being AI. In fact, it undercuts it because it provides a simpler explanation than AI as the explanation for your next bullet point, that the critique is wrong (especially, the SOLID/DRY focus is particularly consistent combined with the "aspiring dev" status you describe is particularly consistent with the specific things you focus on the critique being wrong about.) It also undercuts your first bullet point, as already discussed, which hinges on the assumption that the critique was written by an very busy experienced security researcher, and not an aspiring dev..

I mean, if excess verbosity, a more regularized format than is typical for the venue, and being wrong together are hallmarks of an AI written critique, then I'd say your post is at least as much AI-suspicious as the critique under discussion.