Comment by hypfer
13 hours ago
> But… the models will fall behind.
Yes but why does that matter? If I am happy with its capabilities now, I will continue being happy with its capabilities in the future.
Yes, it cannot do the newest magic shit, but why does that matter? It can still do everything that existed up until that point, which is _a lot_.
Eventually, you might also need something new, but it's not like the world shifts over all problems that exist from <old> to <new> and any tech for <old> problems suddenly becomes obsolete?
ideally, the software produced should include the latest security patches.
If the model prefers a version of Ruby or node with an RCE, I guess you can burn tokens to teach the model how to avoid the introducing the vulnerability into your code?
That feels quite tedious and token inefficient..
I'm sorry, but.. are you being serious?
Yes. Yes. The only way one can write secure software is by always using the latest SOTA model. Anything else is inefficient and vulnerable.
I hate this platform
https://news.ycombinator.com/item?id=46809708
Maybe you missed this article, but vercel found it quite annoying to teach AI about the latest updates in the React Framework.
I think you’re confusing my point. I’m not saying that only SOTA models can write secure software, I’m saying that the models produced today will write software that’s considered insecure by 2034 standards, thus you would require to burn more tokens in AGENTS.md or burn more of your time to hand write code.
For example, you’re more than welcome to run Windows ME if it does everything you need it to, but that doesn’t mean Windows ME is a secure environment.
1 reply →