[throwaway150]

> Not only would you contact the author first

They did. They claim that the author was not keen on fixing the problems.

> There’s also some pervasive view that handcrafted human code is somehow of superior quality which… uh…

That's completely orthogonal to the issue here. Nice bait, but I'm not biting!

Whether handcrafted or vibecoded, a service is being shipped here to actual users with lives and consequences. The developer of the service is making money. The developer owes it to themselves and their users to conduct a basic security audit. Otherwise it is gross negligence!

[larve]

right, do you think this article is going to be very productive in that regard? If the author of the blog approached the author of the software in that manner (hey, you have kids on the app, btw I spammed them with porn humor), do you think they would wave it away?

As for the human code thing, it's not bait. I don't know if you were around in the php or early node days, but beginners were... not writing that kind of code.

I agree that the ease of vibecoding things that turn out to be useful that people do immediately want to pay money for it means that tackling security issues is a priority.

Saying that certain people shouldn't be allowed on the internet, based on your decades of experience _being_ on the internet, is just going to cause you to wither away and drown in cynicism.