[mwkaufma]

Even when they're not AI slop, these kinds of "paranoid sanity checks" are the software equivalent of security-theater.

[bwfan123]

Form over function is what they are trained for. So, verbose commentary, needless readmes, and emojis all serve that purpose.

[mwkaufma]

Coding for the reviewer, not the user.

[dwd]

Sometimes security theater is what you need to not trigger a false positive on a static code analysis.

I haven't needed to use a service like Fortinet recently and am now wondering if a LLM is part of their tool and if it's better/worse?

[simonw]

Yeah, I really hate code like this because it generally ends up full of codepaths that have never been exercised, so there's all sorts of potential for weird behavior and unexpected edge cases. Plus it's harder to review.