In this case, there was file a, which is the backend file responsible for intake and sanitation. Depending on what's next, it might go on to file b or file c. He modified file a.
His rationale was that every single backend file should do sanitation, because at some future point someone might make a different project and take file b and pair it with some other intake code that didn't sanitize.
I know all about client side being useless for meaningful security enforcement.
Yes, recently we got a security "finding" from a security researcher.
His vulnerability required first for someone to remove or comment out calls to sanitize data and then said we had a vulnerability due to lack of sanitation....
Throughout my career, most security findings are like this, useless or even a bit deceitful. Some are really important, but most are garbage.
I think the missing part in that is the "Miata"-ness. A fun little car with a bit of oomph to it and being ok with short range for the sake of a more fun/light drive. That has the light and affordable down, but doesn't really approach the 'fun' part of the miata appeal.
Another facet I hope the H shaped battery would mitigate is the weight. Might have to further wait for viable solid state batteries to match the ICE for cornering. Yes the reving and shifting fun is lost, unless you go like the Ioniq N and just give the driver the toys to feel like they have revving and shifting...
I too would probably be fine with 100 miles for a 'fun' car or even commuter car. Though that's a luxury many households can not afford, a designated car for 'road tripping', so I'm not going to expect too much attention to this scenario...
The thing is they do make the parts, but it's a custom job and generally changing from a mass-manufactured EV to a hand-crafted car. The savings in reusing the reusable portions of the car are more than offset by the labor associated with putting them in. So it's only really reserved for 'classics' with some iconic design, and even then the person risks enraging fans of the car who find it heretical to rip out their engines.
Problem with the theory is that people believe in LLM strongly enough that whatever pressure there is within a market to be vaguely similar evaporates. SQL certainly has dialects, but at least the basics are vaguely similar, as an example.
Working with a vendor that is oddly different from every other vendor in the space and we applied pressure to implement more typical interfaces. Their answer was "just have an LLM translate for you and use our different and frankly much weirder interface". When we did cave and use it and demonstrated the biggest LLMs failed, they said at least they give you the idea. Zero interest in consistent API with LLM as an excuse.
On the write your code for you, it has to be kept on a short leash and can be a nightmare if not overseen, though it can accelerate some chore work. But I just spent a lot of time last week trying to fix up someone's vibe coded migration, because it looked right and it passed the test cases, but it was actually a gigantic failure. Another vibe coded thing took 3 minutes to run and it was supposed to be an interactive process. The vibe coded said that's just how long it takes, if it could be faster, the AI would have done it and none of the AI suggestions are viable in the use case. So I spent a day reworking their code to do exactly the same thing, but do it in under a second.
For the jira ticket scenario, I had already written a command line utility to take care of that for me. Same ease of use instead of using jira GUI and my works torturous workflows, but with a very predictable result.
So LLM codegen a few lines at a time with competent human oversight, ok and useful, depending on context. But we have the similar downside as AI video/image/text creative content: People without something substantial to contribute flood the field with low quality slop, bugs and slow performance and the most painful stuff to try to fix since not even the person that had it generated understood it.
Just a small correction, 120v.
But charging at home is a game changer compared to gas, cost and convenience both. If you can't charge at home though, it's rough as the commercial charging stations are pretty pricey, before Iran or was generally more expensive to fast charge than gas per mile. Home charging for me is like getting 1.25 a gallon gas. Except without the oil changes, the belts...
Yeah, my personal experience and watching mechanics online... The turbo engine with a cvt is going to be as big a nightmare down the road as an EV battery. EV motors with a single gear is so much easier to make reliable except the trickiness of battery chemistry.. AWD by having independent motors front and back....
Don't forget the obsession with having any way to open a door except a boring normal way.
I'm really really hoping EVs get over the Tesla envy and just make sensible cars with EV drivetrains.
It's probably a wildly unpopular idea, but I personally would love a Miata with an H shaped battery pack to let the passengers ride low in the car at the expense of some range, with the traditional driveshaft tunnel becoming battery.
But failing that, straightforward door opening, actual buttons and knobs for HVAC and volume, and a reasonable expectation of serviceable battery pack over time and I'm totally there for it.
I wonder how common this is for evs in general. My vehicle has only gone in once for a recall on the windshield wiper motors, nothing else gone wrong.
The last car I had got off that brand needed quite a few repairs, so it's remarkably refreshing to have a car that is just working along.
EVs just seen to be an easier thing to make reliable. Temperatures run much lower, fewer fluids in play, not having to deal with thousands of little explosions every minute...
The battery seems to draw all the headache, but even then reports suggest that conservative battery management systems have made those more reliable than people thought they would be. Probably thanks to the mandatory 100k warranty on batteries, the vendors took it seriously.
Fun fact, while shopping for a car in 2022, we looked at a used 2021 bmw x5. I wondered what they replaced it with and the salesman said "oh, he traded it in for a 2022 x5 of the exact same trim". They know him well because every year he comes in and trades in to make sure he is never driving "last year's model".
Particularly stupid because that was the year of shortages where they actually made the new model worse by removing features they couldn't get supply for, other than removing features, the new car was unchanged from prior year.
He had the persosctive that once you hop between source code files that constitutes a security boundary. If you had intake.c and user data.c that got linked together, well data.c needed its own sanitation... Just in case...
I suspect he used a tool that checked files and noted the risky pattern and the tool didn't understand the relationship and be was so invested that he tortured it a bit to have any finding. I think he was hired by a client and in my experience a security consultant always has a finding, no matter how clean in practice the system was.
Another finding by another security consultant was that an open source dependency hasn't had any commits in a year. No vulnerabilities, but since no one had changed anything, he was concerned that if a vulnerability were ever found, the lack of activity means no one would fix it.
It's wild how very good security work tends to share the stage with very shoddy work with equal deference by the broader tech industry.