You work around it

1. Get a hardware token

2. Install a TOTP desktop client

3. Only use the phone for 2FA

4. You understand the spirit of the exercise and don't get bogged down by silly rules.

There's no need to overcomplicate a silly exercise with rigid rules.

Focus on the intent of the exercise. If you really mentally cannot get past 2FA, then get a hardware token, or a TOTP client on your desktop. Lots of solutions if this is really the hangup.

> I agree. But what I'm trying to say is that we'll soon have automated agents that look for vulnerabilities, in agentic flows, ready to be plugged into ci/cd pipelines.

We already have that, and we can see it doesn't perform very well.

An agent that has no reasoning ability will not generate better code than what it was trained on.

https://garymarcus.substack.com/p/llms-dont-do-formal-reason...

> One of the more exciting aspects of LLM-aided development for me is the potential for high quality software

There is no evidence to suggest this is true.

LLMs are trained on poor code quality and as a result, output poor code quality.

In fact, the "S" in LLM stands for security, which LLMs always consider when generating code.

LLMs are great, but the potential for high quality software is not one of the selling points.

Exactly. Non-AI projects have always been easy to build without issues. That's why we have so many build systems. We perfected it the first try and then made lots of new versions based on that perfect Makefile.