irelephant [he/him]Proton is vibe coding some of it's apps.
lIlIlIlIlIlIlThey’re cooked
hansoloBecause 1 coder used Cursor and a bunch of people on Mastadon immediately went to grab the pitchforks because reasons?
How much you want to bet not a single person having a huff about this pays a cent to Proton for anything, and likely doesn’t even use them?
How is this proof of vibecoding?
It doesn’t matter Proton is the whipping boy of the fediverse
If you were smart enough to look for an answer to the actual question being asked instead of assuming it’s a rhetorical that agrees with your bias you’d have learned something today.
Cursor is an “ai powered” code editor, cursorrules is a file it uses for configuration.
BombOmOmUnfortunately, so is Visual Studio and VS Code.
The presence of an AI assistant isn’t evidence of vibe coding. Even using that AI assistant to auto-complete lines or small sections of boilerplate isn’t vibe coding. To do that you need to ask the AI for whole swaths of code and then just accept what it gives you.
Proton’s repo here is open source. What portion of it presents issues? Any?
Sure, but cursor is different since it’s marketed as an Ai editor. VScode is just a general one.
Proton’s repo here is open source. What portion of it presents issues? Any?
Ai code is plausible bullshit, it may work, it may have bugs or vulnerabilities. It’s harder to spot these since its plausible bullshit.
This really depends on what their code review process looks like. When I review code, I honestly don’t care how it was generated, I look at the requirements and the code, and determine whether the code meets the requirements. How the code was generated doesn’t impact that at all.
but cursor is different since it’s marketed as an Ai editor. VScode is just a general one.
See, that is just the thing: VS Code is marketed as an AI editor. The homepage is literally an autoplaying video of an AI writing code with this title, big and bold, right at the top of the screen:
Visual Studio Code - The open source AI code editor | Your home for multi-agent development
Visual Studio Code redefines AI-powered coding with GitHub Copilot for building and debugging modern web and cloud applications. Visual Studio Code is free and available on your favorite platform - Linux, macOS, and Windows.
Poor choice of words on my part, The only appeal of cursor over vscode is the ai features.
this is, after all, why we review and trst code.
Dude, you’re flaming a company because one of the tools they use is marketed as using AI? You gotta be kidding me. If your bar for privacy requires you to dive down this deep into a company’s asshole, you might as well just become Amish
Poor choice of words on my part, The only appeal of cursor over vscode is the ai features.
Your opinion is based on your ideology of what’s wrong and good, but it is not factual
Why would you use Cursor instead of VS (the standard for decades) if you’re not going to use the AI features Cursor was specifically created for?
Cursor is an AI-powered code editor that understands your codebase and helps you code faster through natural language. Just describe what you want to build or change and Cursor will generate the code for you.
ShadowUsing cursor doesn’t mean you’re vibe coding.
I use ai all day at work for development, none of it is vibe coding.
Yeah there’s a big difference between in code quality between using cursor as an aid to write code and vibe coding which would be asking it to write and debug large swathes of code with little human input. AI is very good at correctly writing a couple lines at a time. It quickly loses the plot when trying to write hundreds of lines or more and the human user has no idea what it’s doing anymore.
OtterSure, but even VS code has been pushing Copilot pretty hard and from the screenshots the setups look fairly similar. It’s a recently released code editor with their own personal AI built in vs. VS Code which has the AI as an extension (or built in, I don’t know what the default install is like these days).
If they’re using it to auto complete lines of code or fill out boilerplate then I don’t see the problem. If they’re typing “make me a password manager” into the prompt window, hitting enter, and accepting it blindly, that’s a problem. Also the code is (at least in this case) open source, so there should be better evidence of bad vibe coded code than the presence of a config file
I think there are better things to criticise Proton for, and unless there is more to the vibe coding than using the Cursor, citing this as a reason will get those other criticisms ignored in the noise.
How far have the mighty fallen.
Thinking of moving my main e-mail address to tuta. Alas, haven’t been able to find a good provider that uses tried-and-true protocols like IMAP.
Lerajemailbox.org
Cat_Daddy [any, any]That’s what I’m in the process of switching to
NovalingLove mailbox.org, got the lite plan for €12 per year and works like a charm. Can use the secure mail address or the reg and just paste your public key into to use with Thunderbird.
I’ll be considering it, but if I have to deal with paid services in this good year of Arceus of 2025 I’d prefer them to at least deal with my national currency directly, or fall within my country’s jurisdiction.
I’ve made an exception for SDF simply because 1.- they’re awesome and 2.- the payment is one-time-only.
The D Quuuuuill- posteo.net
- mailbox.org
- disroot.org
Disroot is in my 👀 now because you guys reminded me it was already, some time ago. Let’s see how that one goes!
GalactoseHold your horses buddy it ain’t that bad, but if you want an alternative, Try Disroot
Tried that once, long ago, but I honestly don’t remember why I couldn’t complete the signup. Maybe an essay, or an issue with e-mail verification.
Might have to take a look at it again!
I would very much consider doing some actual research on tuta. Last I checked, they put a LOT of effort into preventing you from controlling your own inbox (Proton have their god awful sync program but it works). And their support forums were basically nothing but constant complaints of downtimes and outages.
My current approach, that I am slowly migrating everything toward (from gmail), is my own domain that I own and addresses at that. I then use (paid) services to manage the email server and just change my DNS settings so that said emails get routed to the right service. I keep a local copy of all my emails on my desktop (working on a solution to my NAS). So if the company goes to shit? I can migrate my entire existence to a new one within 24 hours (usually less because Cloudflare is really good…).
Currently I use Proton (and hate their sync program). I’ve seen a LOT of good word on Fastmail and like that they don’t have any special sync program at all. Main issue is that Proton still have the best VPN for torrenting (linux ISOs only, obviously) and I need to math out what it would cost to switch to just ProtonVPN and then Fastmail. But (Not That) Will Smith wrote up a really good blog post a few months back where he went into why he likes Fastmail and he (and Brad Shoemaker) tend to be my kind of “Yes, I am making my life harder but for a reason maybe”.
axEl7fB5not email but are there any good alternatives for cloud storage? i backup some of my passwords and pictures to my proton drive manually
Its not cheap to start with, but the best thing you can do is just go buy a 2 or 4 bay synology (I hear ugreen is also good. Fuck qnap) and set up a local home NAS. The vast majority of people will never need more than that and you can back up all your photos and documents in a form factor you can grab when evacuating a burning building.
For essential stuff where you do want/need an off site backup? All of these cloud services are backed up by Amazon et al storage. Do a bit of research (there are plenty of pre-rolled solutions but people get pissy and annoying) and figure out how to encrypt the important docs and push them to cheap storage. Not free but you are literally paying pennies on the dollar compared to any other paid back-up service and… if the storage is free then you are the product.
Or, if you really don’t care: Learn to encrypt your sensitive important data and put it in a google drive.
That is up to you how much you care and what encryption schemes you use (which I intentionally will not make a recommendation on). Best practices is to maintain your own off site backups but… good luck.
That said? If we reach the point that the “good” encryptions are trivially decryptable then the entire modern world is already collapsing as e’rybody goes after the banks and governments. Otherwise? That is going to cost significant compute resources. How important do you think you are that someone is going to track a random bucket to you and then focus on decrypting those tax documents?
алсааас [she/her]Posteo?
Looks paid, I prefer to discard any possible solutions on my country’s currency before I even take a look at having to deal with international KYC shit.
I’d bet they just added it to their global .gitignore where it should be, then removed it because they didn’t want their private dot files committed to a public repo.
I don’t think this user knows much about git works. I don’t think this is nefarious or “vibe coding” as it’s colloquially known to be. It’s a bit much to describe all LLM use blindly as vibe coding, when vibe coding usually means just blanket accepting AI content.
I don't think the concern is as much with the purity of their vibe coding, but rather that they're using an AI-first editor. This will almost certainly mean everything they're coding is being shared with AI provider(s) during the process, which some would view as at odds with Proton's stated emphasis on privacy.
Is the privacy of their code that much of an issue at this case given its a public repo? Its going to get scraped by the bots regardless.
Yeah, this logic would encompass all open source projects. Hell, my comment right now will be read by an AI. Why? I’m posting it in a public place.
Because every interaction with the monster is an influence on its next iteration.
The committed code in the repo will get scraped anyway, but the data used in testing is a different story. Not that anyone's ever tested with prod data.
I don't think the issue is a practical one though. It's more the company that stands on promises of privacy using tools that are overtly share-happy that seems to be a ideological discrepancy.
But in case my initial comment's "I don' think..." wasn't clear enough, this was my attempt at understanding why this might be a concern (or at least of interest) to folks in this community, not a personal statement of condemnation or anything. I personally could not give less of a shit what code editor they use.
But isn’t this a public repo?
Are we really shitting on companies because they have a config file for the wrong editor? Sorry, a config file for the wrong editor (excluding emacs because be as prejudiced as possible against those folk)?
Do I like “AI First” editors? Hell no. But VSCode is rapidly making that pivot and I don’t know the lineage of Cursor well enough to know if it also used to be “just any other editor”. And, from a quick google, it supports local LLMs (e.g. ollama), so the “Big AI is going to have all your code” problem is mitigated…
Also, the repo is on Github. Big AI (Microsoft) already HAS all their code. And before we have “Well you should selfhost a gitea!”: If your website is public facing, it has been scraped by “AI”. And if your open source project is hidden behind ten paywalls? I am not gonna finish that joke because people get really pedantic and pissy when you try to define “Open Source”.
At the end of the day: At a project level? If active code review by qualified developers is going on, I really don’t care how the code was written. I DO care about those individual developers and their abilities as they continue to use “AI” based tools but… that is a different discussion.
I wasn't shitting on anybody. You're ranting is misdirected.
Privacy for a codebase is not the same as privacy for me. Security through obscurity would be more at odds with privacy for the end user.
Pretty on point, the .gitignore in the repo has a CLAUDE.md
galoisghostUm, it’s a public repository. You can view the code that’s been added. Even if it IS AI generated, you can review it yourself.
I’m as anti-AI as anyone but this is misplaced AI-alarmism.
Does anyone here actually review code?
CrazyHorseOnly my own code and so far most of it has been unacceptable.
Pure, unabashed honesty. I love it. 🫶
Swednecki once wrote a script to launch a program with specific flags that i think was mostly correct, it holds center place on my CV
Uh yeah? You’d be stupid not to review code, whether written by an AI or a human. I don’t trust either.
MalReynoldsI’m guessing OP means code you use rather than code you write, in other words auditing. Likely very few of us do that with any thoroughness. IIRC proton does have some independent auditing.
That’s what I mean too. Y’all don’t just copy-paste from stack overflow praying it works do you?
No, like proton mail app. Have you reviewed it? Or Signal or Veracrypt or TheNewHotness.
That obviously not what they meant. They mean, do you review the code for every open source application you use? Do you review every library you utilize? I’m willing to be it’s a no for both of these, because no one has time for that.
Does anyone here realize that one person using Cursor doesnt mean “tHeY’rE vIbE cOdInG aCrOsS tHe wHoLe pLaCe!”
Then why didn’t they just say that instead of being g shady and rewriting history?
Because it’s also not a great idea to expose your rules files, and tell people first “oh shit, we mentioned rules files. Please don’t look!” before
I’ll be honest here, I’ve had less dogmatic conversations with conspiracy theorists about COVID. If you just need to make this a huge problem that later turns out to be a nothingburger and you’ll never look back and grow as a human, then hey, you do you. But know that you’ll look like a fool to anyone that isn’t a goldfish and remembers more than 3 months at a time. Because you clearly don’t know what’s a big deal and what’s not, and this is a Grade A waste of all our time to pitch a fit about.