it was always a risk in stack overflow so i dont see why suddenly the world needs to exclusively create safe spaces for all the ‘down with safe spaces’ crowd.
The code YOU run. If your code runs other code, that doesn’t fall under this.
“Don’t ride a car unless you know how driving a car works” doesn’t mean you need to understand the chemical composition of the metal in the motor parts
Well, I think it’s legit to use software without understanding the code or use hardware without understanding the specifics of the logical mechanisms of the silicon. But when you’re writing software, you really should know what’s in your own code. Anything else is bad form in my opinion.
I don’t like to use libraries I don’t understand. Probably part why I’m not a professional developer, but it’s the principle of the thing - don’t put out code you can’t vouch for.
I mean, yes, it’s way easier to just use the library, trust it works; but by that logic, it’s also way easier to just let an llm code for you.
…but do yoz “understand libraries” by reading every line of their code, or by reading the documentation? And only in the parts you’re actually interested in?
Probably part why I’m not a professional developer, but it’s the principle of the thing
There’s no ‘principle’ here, that’s something that simply would not be possible in any sort of large project. To suggest all professional software developers read every line of every library before using it is ridiculously unworkable.
Any library with a critical user mass is auditable, because a fraction of those users would take the time to do so, whereas all LLM generated variations of the same library cannot and will never be auditable.
I mean, my thought would be “Don’t fucking run code that you don’t understand”.
it was always a risk in stack overflow so i dont see why suddenly the world needs to exclusively create safe spaces for all the ‘down with safe spaces’ crowd.
If we all followed that rule, we’d be using nothing more complex than an 8080.
The code YOU run. If your code runs other code, that doesn’t fall under this.
“Don’t ride a car unless you know how driving a car works” doesn’t mean you need to understand the chemical composition of the metal in the motor parts
Well, I think it’s legit to use software without understanding the code or use hardware without understanding the specifics of the logical mechanisms of the silicon. But when you’re writing software, you really should know what’s in your own code. Anything else is bad form in my opinion.
It’s an imported library, since when are devs expected to be inspecting the source code of every library they import?
I don’t like to use libraries I don’t understand. Probably part why I’m not a professional developer, but it’s the principle of the thing - don’t put out code you can’t vouch for.
I mean, yes, it’s way easier to just use the library, trust it works; but by that logic, it’s also way easier to just let an llm code for you.
…but do yoz “understand libraries” by reading every line of their code, or by reading the documentation? And only in the parts you’re actually interested in?
There’s no ‘principle’ here, that’s something that simply would not be possible in any sort of large project. To suggest all professional software developers read every line of every library before using it is ridiculously unworkable.
deleted by creator
? Do you have me confused with somebody else?
That’s fair, I made an assumption there. I’ll just delete the comment.
Libraries can be audited. LLM generated code cannot.
Yes it can, its literally still code.
I know it’s code. You are missing the point.
Any library with a critical user mass is auditable, because a fraction of those users would take the time to do so, whereas all LLM generated variations of the same library cannot and will never be auditable.
That’s literally not what you said, you said “LLM code can not be auditable” which is demonstrably wrong.
Go ahead and move the goal posts though.
True, but I would think developers should at least be following it with the code they’re actually working on.
It’s an imported library, since when are devs expected to be inspecting the source code of every library they import?
it used to be a thing but javascript npm brainrot happened
Reminds me of https://www.youtube.com/watch?v=OPKGbg16ulU (and also https://www.youtube.com/channel/UCS0N5baNlQWJCUrhCEo8WlA)