> But the entire value is that it can be automated. If you try to automate a small model to look for vulnerabilities over 10,000 files, it's going to say there are 9,500 vulns. Or none. Both are worthless without human intervention.
How is this preferable or even comparable with using COTS security scanners and static code analysis tools?
> Microsoft has been going heavy on AI for 1y+ now. But then they replace their cruddy native Windows Copilot application with an Electron one.
This.
Also, Microsoft is going heavy on AI but it's primarily chatbot gimmicks they call copilot agents, and they need to deeply integrate it with all their business products and have customers grant access to all their communications and business data to give something for the chatbot to work with. They go on and on in their AI your with their example on how a company can work on agents alone, and they tell everyone their job is obsoleted by agents, but they don't seem to dogfood any of their products.
> Writing a CLI for an existing API is a fool's errand.
I don't think your opinion is reasonable or well grounded. A CLI app can be anything including a script that calls Curl. With a CLI app you can omit a lot of noise from the context things like authentication, request and response headers, status codes, response body parsing, etc. you call the tool, you get a response, done. You'd feel foolish to waste tokens parsing irrelevant content that a deterministic script can handle very easily.
For your hypothesis to hold, you need to explain how your 1-person unicorn expects to get funded for their app when some guy with a $20 subscription can just as easily churn the same app or better.
Unicorn is indeed an exaggeration but 1-5M ARR doesn't need funding. Most in that range weren't VC funded, as by VC metrics that's considered a failure and they shut down if they can't get past it.
The problem still holds: how do you expect to make money by putting together something that anyone with no software development expertise and a $20 subscription is also able to put together?
So I’m in this situation. For the last nine months or so, I’ve been growing a super niche SaaS app in a non-technical industry. I’m right around $325k ARR right now, and I’m quite worried about defensibility. Not really worried about my customers vibe coding their own solution, or vibe coding competitors, because there are some non-trivial parts of the application that they probably couldn’t do yet. I’m more worried about other senior software engineers who might be able to catch me with AI now in a way they couldn’t have a few years ago. How do you build a software company if software becomes a low-value commodity that an experienced engineer can recreate in a month with $10k in tokens? I’m still trying to figure that out. I think sales and marketing are still pretty key skills that many engineers lack, but is that enough when you suddenly have a dozen competitors trying to undercut you on price and features? I don’t know, but I’m doing all I can to stay ahead on AI while grabbing as much market share as possible.
Among all apps that do $1M ARR, the share that got there through particular software expertise that only few people had, has been exceedingly small for a very long time now.
Another similar but different point: no software development expertise doesn't mean no other expertise. As an extreme example, good luck building tax software with zero tax expertise. This applies to tons of niches.
A third point - lots of this increase in apps is from people who do have software expertise. They're now just able to create things they didn't have the time for, despite their expertise.
I think the counterpoint to that is if a tax expert and 1 coder that vibes can now compete against TaxActOnline or FreeTaxUSA (or any number of large ones out there today), whereas those existing companies built their solution with hundreds of developers.
I mean someone can literally make a tax app now asking the user to just snap a picture of their w2 and any other tax forms from banks they received, and submit in 15 seconds.
But that's not a counterpoint at all, that's exactly what I'm saying:
"Among all apps that do $1M ARR, the share that got there through particular software expertise that only few people had, has been exceedingly small for a very long time now."
There are basic flashlight apps, file explorer apps, qr code scanner apps and so on making lots of money. Note taking apps, calendar apps, a billion tile-matching games, we can go on and on. The fact that they're easy to code and lots of SWEs could code one, doesn't mean none of them are making good money. LLMs change nothing about that concept, it just expanded it to more fields.
> I think the counterpoint to that is if a tax expert and 1 coder that vibes
Sure, tax is one where there is a huge population of "tax experts" who could help with this, though I don't think that combination is even close to being enough FWIW. Plenty of niches where this population isn't this big and the pie is a lot smaller, yet still big enough for one person to earn a very sweet living.
> The US just forced Iran to stop launching missiles at ships in the Straight in exchange for halting bombing operations.
Interesting choice of words.
Let's try this again: the US implored for a ceasefire in exchange for Iran to stop destroying the economic base of US vassal states in the region and allow ships to go through the strait to mitigate the impending economic disaster this will have on the US economy.
Which one explains Trump abandoning all original demands regarding regime change and even threats to destroy civilian infrastructure?
> (...) another way to look at things is that the US can essentially destabilize a region while facing mild commodity price increases.
I'm afraid you are yet to experience the real impact of this war. The actual effect of closing the strait hasn't hit your wallet yet. It's a repeat of the same old tariff bullshit.
Also, Iran did inflicted heavy damage on some of the infrastructure of US's allies. You will start to feel that in a few months.
The only party that clearly stood to benefit from this event was Putin's regime. Orban is not the only vassal at his command.
> And? Reduced capacity for awhile raises prices, the Saudis can sit on some oil and have the US get rid of their geopolitical and economic rival.
That pipeline is a strike away from being out for months, if not years.
> Because the Iranian 10 point plan is so ridiculous even Trump isn't dumb enough to take it.
The whole situation is ridiculous, and Trump is overtly desperate to stop the nightmare at any cost. Calling something ridiculous is no argument, particularly when we are living in a timeline where stupidity reigns.
> So I think there will be another leader elected soon.
That alone is another clear sign of Iran's ruling regime emerging as the clear victor. Not only there was no regime change but also their primary regional and global antagonists tried their hardest and completely failed to overthrow them.
Moreover, some neighboring countries who were in the US sphere of influence were very quick to fold and remove themselves from the conflict, while others saw their primary economy attacked by Iran and helplessly so.
Forget about Iranian regime's internal opposition. So did the US.
Is there any question on who emerged the clear winner?
1. A power struggle is more likely than an election. Even if an election, it would be a bit Putinesque considering the IRGC has killed 30k protesters this year, that likely included any viable opposition leaders.
2. Only Qatar, and it is speculated because it was one of 3 countries in the region not intimated by the US about the attack, and they aren't very happy about that.
This is mostly true, but I have to push back against the 30k number. That's a number that only the US regime has been touting. HRANA has verified about 7000.
How is this preferable or even comparable with using COTS security scanners and static code analysis tools?
reply