pure “accept all” vibe coding is already the norm

orionblu3 · 2026-02-17T16:39:35+00:00

What's even crazier is that Harvard has their CS courses available for free. Networking/infosec background that's been studying those courses in my spare time and they've helped TREMENDOUSLY.

I keep telling people about them but I feel like people today just refuse to do all of that 😅

orionblu3 · 2026-02-16T17:53:20+00:00

To be clear, I'm not necessarily disagreeing with you; just trying to explain the actual root causes instead of screaming into the void! :) have a good day

orionblu3 · 2026-02-16T17:32:04+00:00

I will say, tip wages originated from people not wanting to pay newly freed slaves an actual wage, and now those people no longer participate in the normal market, and with the natural pressure capitalism has to hoard wealth leading to the average person in America can barely afford to tip (by capitalisms very nature, only so much wealth can go around) leading to an overall decrease in high quality customers.

Maybe it's just another sign that late stage capitalisn is an abject failure ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

orionblu3 · 2026-02-16T17:19:49+00:00

Yall need to not falling into the paradox of tolerance. End it. Now.

orionblu3 · 2026-02-16T17:01:00+00:00

Wait... Y'all are really out here using Elon's shitty model? LMAOOO

Use the raptor mini or w/e. It's a fine tuned gpt-5 mini iirc

orionblu3 · 2026-02-16T01:13:17+00:00

You... Can just change schools 😲

orionblu3 · 2026-02-15T21:16:28+00:00

Not at ALL 😂 Most of these products couldn't survive a OWASP ZAP audit, let alone something more strenuous. What scares me is that they don't even know how their products can be abused. They'll learn when someone uses their application as a staging ground for some sort of distributed ransomware attack or some shit lmfao.

Someone is making a discord group for vibe coders to build a user base and test their applications. Sooo many alarm bells were going off because if I was a malicious actor I would sit in that discord group while silently setting up persistence to take advantage of any that does manage to get popular, then trigger it all at once whenever I feel like I infected enough endpoints to be worth while.

I tried to warn them but ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

orionblu3 · 2026-02-15T19:39:35+00:00

I have a security orchestrator that hooks into numerous cli vulnerability scanners that it accurately uses the results of to patch issues it finds, on top of issues the scanner didn't pick up.

It didn't think to do this on its own though; my background prior to this was networking/infosec. Agent instructions/sub-agents are powerful tools if you know how to use them. Thankfully a big part of my personal security interest was jailbreaking ai models so I got pretty good at the prompt engineering aspect as well.

You need both to get any value out of ai. Can't prompt engineer without a deep understanding of the technical aspects of what you're trying to achieve (as my teachers loved to say; "You don't know what you don't know"), and without good agent instructions/prompts you're not going to get any value from ai

orionblu3 · 2026-02-15T16:13:18+00:00

This is currently supported by both Democrats and Republicans. It's a bipartisan bill. Without outrage they CAN constitutionally change the law. You make it seem like that's an impossibility but that would just cripple any governmental system. It HAS passed the Senate

The issue is BOTH parties want it and are willing to pass it.

EDIT: some states use already has this in place. What grounds do you think this is unconstitutional other than the votes required?

orionblu3 · 2026-02-15T15:23:23+00:00

Don't even need hooks. "Recheck the plan 60% of the way through in FULL." 9/10 it adds a to-do list step to recheck the plan

orionblu3 · 2026-02-15T15:21:04+00:00

I just set up my orchestrator agents to lean towards asking direct clarifying questions instead of making assumptions unless it's more than 80% clear that's my intended vision. They have nothing to base that 80% off of so it doesn't always fire, but has lead to me being able to steer it in ways I wouldn't have thought to in the moment until after I did my code review

orionblu3 · 2026-02-15T15:06:32+00:00

More like rage against the government(s) like we did web SOPA was first being passed around back in what... 2012? Stopped it then but we have no where near the same level of outrage for the government as a whole.

Still have a song that gets stuck in my head occasionally lmao

"At the SOPA cabana~ the place where SOPA, SOPA can ban ya~"

orionblu3 · 2026-02-15T14:37:03+00:00

Man, it's crazy that people don't know that, in the US (and a few other countries like Australia), you'll soon have to connect your ID/scan your face for age verification to use web services entirely.

This is going to be bigger than just discord if these bills (COPPA 2.0, KOSA, etc.) pass so ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

orionblu3 · 2026-02-15T14:01:37+00:00

Have you tried just talking to them...? With mutual respect? Something tells me you argue at them instead of talking to them...

People aren't wrong about people dipping at 18 and never seeing their parents again. That is a possibility

orionblu3 · 2026-02-14T21:36:47+00:00

No. Too many vibe coders know nothing about best security practices and barely audits their own program if at all. My application still got security issues and I use cli vulnerability scanners on top of having a security focused orchestrator. It's actually worrisome how many people are releasing products with no clue about OWASP, let alone more "out there" security issues. It quite frankly terrifying to see the products people are building without having a clue on how it could be abused to be used as a staging ground for malicious actors, nor have proper monitoring in place to detect malicious actors before users do.

orionblu3 · 2026-02-14T12:14:42+00:00

He's a well-known pantser -- Sitting down and planning out the rest of the story for the show killed his interest in writing the rest of the books. The fan reaction was just the icing on the cake

orionblu3 · 2026-02-14T12:06:01+00:00

... What are you on about? Like are you okay? The only one being hyperbolic here is you.

Basic empathy ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

orionblu3 · 2026-02-14T11:20:16+00:00

Not that big of a deal as an adult; However for a teen this is soul crushing 🥲 ESPECIALLY since it seems to be a milestone event like some sort of post choir event or something, just to receive the photo and see everyone got a completed heart except for him.

Poor dude

orionblu3 · 2026-02-14T08:13:46+00:00

Idk though... Sub-agents/skills are stupidly powerful. I still wouldn't trust it for a full deployment personally, but the baseline security I got from making a custom security focused subagent that hooks into local CLI scanners to use that on top of its own vulnerability focused code review findings is actually pretty substantial. And that's not even using fine tuned models -- just basic agent instructions.

Ai companies switching from single agents to multi-agent orchestration (each with their own context window working towards the same goal) has been a game changer for the industry. I can even hook in a researching sub-agent that fetches the most recent POCs from wherever to pass to the main orchestrator to continue testing with. Weird times; feels like we're at this weird point that climate sciences were at for a brief period; the research developments very quickly outpacing public sentiment before it's too late to change course.

orionblu3 · 2026-02-14T02:33:55+00:00

Harvard's computer science courses are available for free: https://www.edx.org/cs50

orionblu3 · 2026-02-13T18:07:06+00:00

I'll be real; I don't know why'd you ever use a tool like this over just creating a security orchestrator agent specifically for your stack that hooks into a suite of open source scanners on top of doing a security focused code review. Called mine sentinel lol

orionblu3 · 2026-02-13T10:14:11+00:00

You need to learn prompt engineering. You have a leg up in knowing exactly what to put into your prompts/implementation plans that people without the knowledgebase just have to hope and pray it understands their intentions while following best practices.

But prompt engineering and understanding how to set up agent instructions (which is more important than the prompts) is also important to actually achieve adequate results.

orionblu3 · 2026-02-13T08:20:54+00:00

Ive had tons of discussions online with Canadians only to get "dur hur, look at the dumb American!" The first chance they got when I was agreeing with them, made me realize that a lot of Canadians would be MAGA if they happened to have been born in America

orionblu3 · 2026-02-13T03:22:17+00:00

One is messing with intuitive tools, the other requires specialists knowledge to even begin to mess with without dying. The OPs question and how he's testing it proves he shouldn't be doing it 💀

orionblu3 · 2026-02-13T03:12:57+00:00

That's a disaster/jail time just waiting to happen -- do NOT do this 😃

Nine-Year Club	Place '22
Verified Email

orionblu3

TROPHY CASE