I happily got rid of a legacy application (lost the pitch, another agency now must deal with the shit) I inherited as a somewhat technically savvy person about a year ago.
It was built by real people. Not a single line of AI slop in it. It was the most fragile crap I had ever the misfortune to witness. Even in my wildest vibe coding a prototype moments I was not able to get the AI to produce that amount of anti patterns, bad shit and code that would have had Hitchcock running.
I think we would be shocked to see what kind of human slop out there is running in production. The scale might change, but at least in this example, if I had rebuilt the app purely by vibe coding the code quality and the security of the code would actually have improved. Even with the lowest vibe coding effort thinkable.
I am not in any way condoning (is this the right word) bad practices, or shipping vibe code into prod without very, very thorough review. Far from it. I am just trying to provide a counter point to the narrative, that at least in the medium sized business I got to know in my time consulting/working in agencies, I have seen quite a metric ton of slop, that would make coding agents shiver.
DigitalOcean version 1 was a duck taped together mash of bash, chron jobs and perl, 2 people out of 12 understood it, 1 knew how to operate it. It worked, but it was insane, like really, really insane. 0% chance the original chatgpt would have written something as bad as DO v1.
To me, built and written are not the same. Built: OK, maybe that's an exaggeration. But could an early "this is pretty good at code" llm have written digitalocean v1? I think it could, yes (no offense Jeff). In terms of volume of code and size of architecture, yeah it was big and complex, but it was literally a bunch of relatively simple cron, bash and perl, and the whole thing was very...sloppy (because we were moving very quickly) - DigitalOcean as I last knew of it (a very long time ago), transformed to a very well written modern go shop. (Source: I am part of the "founding team" or whatever.)
AI doesn't overcome the limits of the one who is giving the input, like in pre-ai era SW, if the input sucks the output sucks.
What changed is the speed: AI and vibe coding just gave a turboboost to all you described. The amount of code will go parabolic (maybe it's already parabolic) and, in the mid-term, we will need even more swe/sre/devops/security/ecc to keep up.
Yeah - for a lot of people deduplication would probably make sense. I have - for example - four feeds on my private page (blog posts, quotes, photo-galleries and a roll-up feed containing everything). So whenever I post anything, two of those feeds get populated. But I wanted to give people the option to only subscribe to the categories of content, they are interested in.
Look at what YT loads in terms of tracking, when opening a page with an embedded YT video - even if you do not play that.
Or install something like pi-hole and watch how many analytics calls to Adobe Analytics the Adible app is sending out. Even if just idle in the background. Given the fact that you pay Adobe by the server call, Audible clearly must earn a shitload of money, if they can burn tracking calls like this.
If you are on a Mac, try Little Snitch and see where your data is going while surfing the net. No wonder in the US there are companies, that can sell you a clear image of all relevant data on nearly any person to enable algorithmic wage discrimination [1].
I know, that industry is trying to push EU further and further towards less consumer protections. But we have a great example of what that means for workers, consumers and all of us in the US.
And by that they are actually in violation of GDPR. But hey - since when was Musk interested in following regulations. And since when has a governmental or supra-governmental entity been able to curb that tendency of the super rich and biggest cooperations.
Like with meta: They know they mke 7 billion annualy from serving 15 billion scam ads daily. They calculated that they will have at most have to pay about a billion in governmental fines all over the world, if they should one day be regulated for that.
So it is a clear business decision to go on shoing 15 billion+ scam ads per day to their "users". Were some interesting journalistic pieces on that a few days ago.
And exactly those companies are the reason we need stronger protection. And these protections more heavily enforced.
Don't mix PII data and cookies (or any other similar tech). There are different regulations in place here.
If you want to use ddata that can identify me (even in theory), you need to ask me, if I am fine with that. If you want to store data on my computer, you also need to ask me, if I am fine with that. Because, if I request a download, I expect to download the file. If I request a website, I expect the website content. I do not expect data that you or others can use to see how often I visited your site. Like meta-shit, or google-crap, or linkedin-slop...
If you want to do that, just ask m. And explain in clearly understandable words, what you do and why. That is just human decency.
Yes, I can (and strongly do) protect myself against this (and I am working in that business, I know the tricks and tools and stuff). But my late mom can't. Or her 80+ year old neighbor. Or SO#s my 19 year old niece that only uses a tablet and a crapload of apps that target her and spew a shitload of targeted ads for wheightloss onto her since she was an early teen...
So no -> Those companies need to be highly regulated. To me, those companes need to rott in hell, but that is my take. I want people to be protected. From business, from government. Thst is the basis of European privacy law - protecting the small person from the big entities. And rightly so. We have our history from which those protections originated.
If you want to do business in the EU, just follow the law.
You are not allowed to sell Heroin to anyone in Germany. I don't see you making the argument, that we should - in the same fashion as with digital spyware using companies - not target drug dealers. Becase hey, people can just decide to not buy drugs.
Fingerprinting is actually covered by the regulations and needs to be "consented" to.
There are different regulations, but basically they are technology agnostic (a good thing). If you as a compnay want to use data that could theoretically be used as an identifyer for me, you need my consent. For any type of use. Except if it is absolutely necessary to provide the basic service. Or if we have a contractual relationship, but there are also protective rules in place to protect the customer.
Different regulations handle storing data (like cookies, but also local/session storage and similar things on the devices of your users. But those are separate from GDPR.
GDPR is - as said - only concerned with data that could be theoretically linked to me as an individual. Regardless what this data is. Could be an id in a cookie, could be a fingerprint, could be smoke signals. It could even be the combination of different data points, that taken together allow for an identification.
Theoretical example:
Imagine I live in a village with 500 people. The company tracks the location and that I am male (so roughtly 50% of the population), that I am between 45 - 50 (say about 10% of the population), have multiple cats (say maybe only three people now in that village, use a Linux based machine - bingo: You found me. And now you have a set of data that falls under the GDPR. Welcome in having to ensure you only use this data in a way that I gave consent to.
See: The law doesn't even just look at marketing or tracking data. Or what happens in an app or a browser. It covers all data that is either pointing ti me as an "ID" - like a cookie ID, or at personal identifiable data - like bei combination in my example.
I recently registered a complaint with my local data protection authority. This then got routed to their colleagues in North Rhine-Westphalia that are responsible, as the company in question had their business location there.
What the company did? They showed a consent banner - but already sent my data to all manner of analytics and marketing companies. Before I even denied consent. They also did not mention all of those trackers/companies/cookies in their consent solution nor on their privacy page.
The result from the authorities was a clear: Go f*k yourself e-mail to me (I had screenshots attached in my complaint). Basically stating: We do not see any way you are personally affected and we also have too much to do, so we won't go after a company, just because they tracked you and sent your data to a bunch of marketing companies and tracking firms, even as you denied consent. And we also don't care, that they actually did not mention quite a bunch of those receivers of my data in their data privacy page.
So yeah - when governments actually have no interest in enforcing the rules in place to protect citizens, I am lost for words. Might have been, because the company in question being in violation of the law here was a former state-owned business, that while privatised is still run by politicians (like currently by the Chairman of the FDP Federal Committee for Justice, Home Affairs, Integration, and Consumer Protection to be precise).
What pisses me off about this the most, though is, that companies that actually follow the regulations, treat customers well and respect their data privacy concerns, they are at a disadvantage. It is not that our government and those EU conservative ars**es are for a free market. They want a market in which their buddies and the ones providing the juicy jobs after governmental terms come to an end, to win. As always, conservatives follow Wilhoit's Law.
It was built by real people. Not a single line of AI slop in it. It was the most fragile crap I had ever the misfortune to witness. Even in my wildest vibe coding a prototype moments I was not able to get the AI to produce that amount of anti patterns, bad shit and code that would have had Hitchcock running.
I think we would be shocked to see what kind of human slop out there is running in production. The scale might change, but at least in this example, if I had rebuilt the app purely by vibe coding the code quality and the security of the code would actually have improved. Even with the lowest vibe coding effort thinkable.
I am not in any way condoning (is this the right word) bad practices, or shipping vibe code into prod without very, very thorough review. Far from it. I am just trying to provide a counter point to the narrative, that at least in the medium sized business I got to know in my time consulting/working in agencies, I have seen quite a metric ton of slop, that would make coding agents shiver.
reply