[tomhow]

The comment is a generic vent about the project’s codebase and development approach, not an effort to engage in curious conversation about this vulnerability. Also, I consider it to be in breach of the guidelines about fulmination, swipes/sneers, and curmudgeonliness.

[globular-toast]

The comment doesn't even seem to contain opinion. It's simply objectively true. Let's be honest, you just didn't like the way it was directly calling out the author for writing shitty software. Responsibility is a thing and the author is displaying none of it.

[tomhow]

I don’t know or care whether it’s “objectively true”. That style of commenting, i.e., “calling out the author” is not what HN is for, regardless of the truthfulness of the comment. You’ve been around long enough to know that. HN is for curious conversation between hackers, i.e., people who like to build things. Attacking people for building things in some kind of “wrong” way is not cool here. “Responsibility” is not mentioned in the guidelines but kindness is.

[jamesjansson]

Isn't the development approach part of the reason that this exploit occurred? The creator openly admitted that they weren't properly reviewing code when describing the project previously. With no engineers who have domain knowledge of the app (because the developers are AI) that leaves a wide gap for exploits to appear.

I feel like just filtering this comment out is a mistake. I use AI, and I think there is a place for it, but if a colleague said "Here's a PR, I didn't even review it" I'd send it back and say "Well you better review it!"

How AI is used is 100% a topic for debate, ranging from "All AI is bad" to "there will be no coding, just vibes". You agree with this right? That there are a range of developers who believe different things all along this spectrum, and that for some developers un-reviewed code is the CAUSE of bad code.