Hacker News new | ask | show | jobs
by sebastiennight 425 days ago
> Non-technical users pushing that prototype into production with its security holes and non-obvious bugs is bad.

I beg to differ. Non-technical users pushing anything into production is GREAT!

For many, that's the only way they can get their internal tool done.

For many others, that's the only way they might get enough buyers and capital to hire a "real" developer to get rid of the security holes and non-obvious bugs.

I mean, it's not like every "senior developer" is immune from having obvious-in-retrospect security holes. Wasn't there a huge dating app recently with a glaring issue where you could list and access every photo and conversation ever shared, because nobody on their professional tech team secured the endpoints against enumeration of IDs?
1 comments
somebehemoth 425 days ago
What about users who sign up for these insecure apps and have their data and possibly their identity stolen due to the misplaced trust? That this already happens is no excuse to encourage even less security by encouraging novices to believe they are experts.

I agree it is great that more people can build software, but let's not pretend there are zero downsides.

link
conductr 425 days ago
This is a contrived situation. Most of the apps in discussion see little to no use and go dead soon after launch. The vast majority are collecting little data of negligible risk.

If a user is confident enough about a no name company that they give them enough info to make identity theft a possibility, it was only a matter of time before a spammer/phishing attack gets them anyway

link
Capricorn2481 425 days ago
> Most of the apps in discussion see little to no use and go dead soon after launch

That's not convincing. Of the apps that do get used, the vibe-coded ones will likely be unsafe.

> If a user is confident enough about a no name company that they give them enough info to make identity theft a possibility

That's completely unrelated. You can give a company very little information. Any of it being leaked is unacceptable. You can find a lot from an email, or a phone number.

People are taught, by CNBC, by suits, by hacks, that you can trust the apps on your commercials and it will be fine. It likely won't be, and your response is exactly why. Many of you are apathetic to the idea of doing right by people.

So people are manipulated, and some of them are elderly and don't even understand how computers work. This is reason enough to care about what they are exposed to, not say "let's burn it all down with shitty vibe-coding because users are dumb anyway."

We're supposed to be better than this.

link
conductr 425 days ago
> Of the apps that do get used, the vibe-coded ones will likely be unsafe.

What's the threat though. As in, what's at risk. A leaked email address? Probably. Enough info to have your identity stolen as prior commenter had mentioned. Probably not.

> That's completely unrelated.

Umm, no, it's related due to the prior commenter claiming that was the risk in their contrived situation from prior post mentioning identity theft.

> Any of it being leaked is unacceptable. You can find a lot from an email, or a phone number.

Everyone's email has already been leaked somewhere. It's not private data. This is like saying your bank account number is confidential financial information and ignoring the fact it's printed on every check you write.

> Many of you are apathetic to the idea of doing right by people.

> We're supposed to be better than this.

I object by simply saying I'm just being realistic. Data leaks somewhere, everywhere, sometimes, always. You're choosing to live in a fantasy land where this doesn't happen as if it wasn't the very true state of the world long before vibe coding came along. Sure, it's not my ideal state. But it is the actual state of things. Get real.

link
somebehemoth 424 days ago
Vibe coded apps are by definition less secure. The more vibe coded apps, the more risk to users' data. Nothing you've said changes these facts.

That you think vibe coded apps may not collect PII, or that all PII has already been leaked is not at all realistic.

link
conductr 423 days ago
This is the same thinking that PHP is unsafe thus can't use PHP. Meanwhile, PHP is running countless billions of commerce just fine every day. Sure, vibe coding has most likely not gone through some common sense checks for security. SQL injection is likely higher risk, XSS risks, etc. But I just don't believe your assertation of risk is realistic either. There's always a risk.
link
sebastiennight 425 days ago
My feeling is that this is similar to saying, "non-professional AirBnB hosts are a terrible security nightmare, and the fact that people are not much safer in regulated hotels is no excuse to encourage even less security by encouraging novices to play in the hospitality business".

I agree with you on the downsides.

link
namaria 425 days ago
AirBnB externality is not the safety risk for guests (although I personally ended up in some sketchy situations years ago, I don't use it anymore, mainly because:) the real externality is imposed on the inhabitants of popular tourist destinations.

There was a reason the industry was regulated, and circumventing these reasons with an app has been a net negative to society.

link