> Turns out we weren't opposed to bad metrics! We were just opposed to being measured! Given the chance to pick our own, we jumped straight to the same nonsense.

This seems like a distinction without a difference, unless there actually are any good metrics (which also requires them to be objectively and reliably quantifiable). I think most developers don't really want to measure themselves, it's just that pro-AI people think measurement is necessary to put forward a convincing argument that they've improved anything.

> Q2 category in the Eisenhower Matrix

I thought I was in the target audience for this post, but now I'm entirely confused.

Yes, I've been flagging a fair amount of them too.

Although generally I think the un-nuanced AI hype/doom articles are not nearly as damaging as the flood of one-shot LLM projects being presented under "Show HN" with apparently none of the framing text (HN post, project README, responses to feedback) being human-written.

How does stealing someone social media accounts not slot into "organized identity theft"?

... actually: how is XSS not a form of RCE? The script is code; it's executed on the victim's machine; it arrives remotely from the untrusted, attacker-controlled source.

And with the legitimate first-party's permissions and access, at that. It has access to things within the browser's sandbox that it probably really shouldn't. Imagine if a bank had used Mintlify or something similar to implement a customer service portal, for example.

> They know all the flags and are generally better at interpreting tool output than I am.

In the toy example, you explicitly restrict the agent to supply just a `host`, and hard-code the rest of the command. Is the idea that you'd instead give a `description` something like "invoke the UNIX `ping` command", and a parameter described as constituting all the arguments to `ping`?