[giantrobot]

> We technical people always underestimate how fast things change when non-technical users can finally get things done without opening the hood.

This is good and bad. Non-technical users throwing up a prototype quickly is good. Non-technical users pushing that prototype into production with its security holes and non-obvious bugs is bad. It's easy for non-technical users to get a false sense of confidence if the thing they make looks good. This has been true since the RAD days of Delphi and VisualBasic.

[sally_glance]

Knowing the industry I'm pretty sure they will all push those AI prototypes to production - because they did the same with non-AI prototypes before. Now the question is once they inevitably pull in experienced folk for maintenance, refactoring and debugging, will it be easier or harder than working with that retired solo devs spaghetti codebase?

[giantrobot]

From looking at "vibe coding" tools their output is about the quality of bad body shop contractors. It's entirely possible for experienced devs to come in and fix it.

I think there's going to be the same problems as there are fixing bad body shop code. The companies that pushed their "vibe code" for a few dollars worth of AI tokens will expect people to work for pennies and/or have unreasonable time demands. There's also no ability to interview the original authors to figure out what they were thinking.

Meanwhile their customers are getting screwed over with data leaks if not outright hacks (depending on the app).

It's not a whole new issue, shitty contractors have existed for decades, but AI is pushing down the value of actual expertise.

[sally_glance]

Yeah, the current trend has lots of parallels to the low code/no code trend we had a couple of years back and the workflow engine trend we had about 15 years back... I'm curious why you think it would push down the value of engineering hours though, that didn't even happen in the past.

[nyarlathotep_]

> From looking at "vibe coding" tools their output is about the quality of bad body shop contractors.

Genuinely, it's a lot better.

[namaria]

I think this is just another correction. The software market is worth several trillion dollars now. Enterprise is pushing against the rise in labor costs. It will backfire as it did every single time and in a few years competent developers will be worth their weight in platinum.

For nearly 50 years now, software causes disruption, demand drives labor costs, enterprise responds with some silver bullet, haircuts in expensive suits collect bonuses, their masters pocket capital gains, and the chicken come home to roost with a cycle of disruption and labor cost increases. LLMs are being sold as disruption but it's actually another generation of enterprise tech. Hence the confusion. Vibe coding is just PR. Karpathy knows what he's doing.

[sally_glance]

50 years might be overstating it a bit, lookup tables/hash maps were a novelty back then and available compute resources increased by many orders of magnitude... So maybe we actually had some real enablers in the meantime. My gut feeling is the current AI hype is at least as revolutionary as search engines, marketplaces or social networks (not like recommendation engines or block chain). Though not as revolutionary as the loom or electricity

[yieldcrv]

I don't think its bad enough

Even us entrepreneurially minded technical devs cut corners on our personal projects that we just want to through a Stripe integration or Solana Wallet connect on

And large companies with FTC and DOJ involved data breaches just wind up offering credits to users as compensation

so for non-technical creators to get into the mix, this just expands how many projects there are that get big enough to need dedicated UX and engineers

[kangaroozach]

This suggests a strong need for AI powered code security review and patching as a compliment to Agentic coding platforms. Ideally, in parallel to your coding, it could scan your GitHub and output specific tasks for the Agentic AI to perform for you.

[sebastiennight]

> Non-technical users pushing that prototype into production with its security holes and non-obvious bugs is bad.

I beg to differ. Non-technical users pushing anything into production is GREAT!

For many, that's the only way they can get their internal tool done.

For many others, that's the only way they might get enough buyers and capital to hire a "real" developer to get rid of the security holes and non-obvious bugs.

I mean, it's not like every "senior developer" is immune from having obvious-in-retrospect security holes. Wasn't there a huge dating app recently with a glaring issue where you could list and access every photo and conversation ever shared, because nobody on their professional tech team secured the endpoints against enumeration of IDs?

[somebehemoth]

What about users who sign up for these insecure apps and have their data and possibly their identity stolen due to the misplaced trust? That this already happens is no excuse to encourage even less security by encouraging novices to believe they are experts.

I agree it is great that more people can build software, but let's not pretend there are zero downsides.

[conductr]

This is a contrived situation. Most of the apps in discussion see little to no use and go dead soon after launch. The vast majority are collecting little data of negligible risk.

If a user is confident enough about a no name company that they give them enough info to make identity theft a possibility, it was only a matter of time before a spammer/phishing attack gets them anyway

[Capricorn2481]

> Most of the apps in discussion see little to no use and go dead soon after launch

That's not convincing. Of the apps that do get used, the vibe-coded ones will likely be unsafe.

> If a user is confident enough about a no name company that they give them enough info to make identity theft a possibility

That's completely unrelated. You can give a company very little information. Any of it being leaked is unacceptable. You can find a lot from an email, or a phone number.

People are taught, by CNBC, by suits, by hacks, that you can trust the apps on your commercials and it will be fine. It likely won't be, and your response is exactly why. Many of you are apathetic to the idea of doing right by people.

So people are manipulated, and some of them are elderly and don't even understand how computers work. This is reason enough to care about what they are exposed to, not say "let's burn it all down with shitty vibe-coding because users are dumb anyway."

We're supposed to be better than this.

[conductr]

> Of the apps that do get used, the vibe-coded ones will likely be unsafe.

What's the threat though. As in, what's at risk. A leaked email address? Probably. Enough info to have your identity stolen as prior commenter had mentioned. Probably not.

> That's completely unrelated.

Umm, no, it's related due to the prior commenter claiming that was the risk in their contrived situation from prior post mentioning identity theft.

> Any of it being leaked is unacceptable. You can find a lot from an email, or a phone number.

Everyone's email has already been leaked somewhere. It's not private data. This is like saying your bank account number is confidential financial information and ignoring the fact it's printed on every check you write.

> Many of you are apathetic to the idea of doing right by people.

> We're supposed to be better than this.

I object by simply saying I'm just being realistic. Data leaks somewhere, everywhere, sometimes, always. You're choosing to live in a fantasy land where this doesn't happen as if it wasn't the very true state of the world long before vibe coding came along. Sure, it's not my ideal state. But it is the actual state of things. Get real.

[somebehemoth]

Vibe coded apps are by definition less secure. The more vibe coded apps, the more risk to users' data. Nothing you've said changes these facts.

That you think vibe coded apps may not collect PII, or that all PII has already been leaked is not at all realistic.

[sebastiennight]

My feeling is that this is similar to saying, "non-professional AirBnB hosts are a terrible security nightmare, and the fact that people are not much safer in regulated hotels is no excuse to encourage even less security by encouraging novices to play in the hospitality business".

I agree with you on the downsides.

[namaria]

AirBnB externality is not the safety risk for guests (although I personally ended up in some sketchy situations years ago, I don't use it anymore, mainly because:) the real externality is imposed on the inhabitants of popular tourist destinations.

There was a reason the industry was regulated, and circumventing these reasons with an app has been a net negative to society.