im keen to check this out. since I've moved 100% to the Mac [1] I've been keen to move away from Docker to something like Apple Containers [2] which runs each "container" as an isolated vm. So I wanna try this out, too.
So many people worshipped the jobs distortion field but it was nothing compared to the gaslighting Elon has been able to do with Tesla. The man promised things he couldn’t deliver over and over and over again and investors are it up turning his company into a meme stock devoid of any kind of fundamentals.
Everyone asking was this vibe coded should calm down. Instead we should just have automated ways to audit the code to see if it’s secure, see if it’s going to steal our keys, etc.
If it provides value who cares?
I mean we could read the code to see if it does anything nefarious. Or have a bought do a check or checks.
But asking every time there’s a show HN is it vibe coded is such gatekeeping elitest nonsense it makes me angry.
You are trying to rationalize with people who hold irrational beliefs. It won't work because their objections aren't based on reason.
It's ok for people to just hate things. I hate spinach for example. Listing all the reasons that my distaste for spinach is irrational won't change that.
Similarly, explaining to the new amish that AI with TDD writess better code than most of the devs I know isn't going to get you anywhere. They don't really care about code quality at all. It's a religious or political belief.
Someone saying they vibe coded a thing is like them saying they were hammered when they wrote it. Maybe they did a great job, but probably not; it's definitely cause for concern.
Frankly, your screed comes off just as ridiculous as the people you're attempting to paint as "the new amish." Those people have valid concerns, which you disregard as irrational because your own irrational, religious/political beliefs don't allow you to consider them.
If the concerns were valid they would mention them. They don't.
Instead they pop up in every single thread to complain endlessly about anything that wasn't written using only their preferred tools. They never talk about actual issues with the code. Just the tooling used.
It adds nothing to the conversation, and frankly is boring now.
If you see a problem with the code say that. If the problem is that the author used vim and you prefer emacs, or they used AI and you prefer copy/pasting from stack overflow just go stick your head in a bucket and scream as loud as you like. You'll influence exactly as many people and the only headache you cause will be your own.
Concerns have been mentioned, in this very thread that you were already replying to. One concern that I share with another user upthread is that vibecoded projects tend to be dumped out into the public and then abandoned, because the effort to produce them is practically zero – there's no investment, the "maintainer" has already moved on to the next ten shiny things.
> It adds nothing to the conversation, and frankly is boring now.
It seems to me the boring conversation could've been avoided if the project included a disclaimer that it was vibecoded. I suspect you'll continue to be bored by such trite conversations until that becomes commonplace.
> If you see a problem with the code say that.
Nobody is going to read the code, especially if it's shat out by an overly verbose LLM. @exorcist had a better take on this:
> Perhaps this is a matter of different perspectives? Every tool I use is an investment for me, it might be light if I only use it once, it might be heavy if I use it for years. That investment is all the time I take to learn the various concepts involved and how to think about problems to fit the tool. But it is also all the time needed to constantly keep in mind if that tool is affected by the latest security vulnerability, how changing trends in the industry affects my use of the tool, and what to do if the tool becomes abandonware.
> Reading code is hard. Writing can sometimes even be faster than reading, especially when there are many unknowns involved. So saying "you can just read it" doesn't really work for me. There's no "just" in reading. Taking in new tools is an investment, a burden, and I am perfectly entitled to avoid tools where that burden is harder than the expected outcome. It's impossible to know for sure, of course, but you can often guess pretty good very early.
Of course you could, but if it was indeed vibe-coded in a weekend, why wouldn't you want to start from scratch to make sure everything is up to your standards (especially security)?
I'm definitely not going to jump in on a vibe-coded project. I'd much rather start from scratch if I found the use-case to be relevant.
Not to say vibe-coded projects can't be alright. If the engineer behind it knows their stuff, it's fine to me. But we don't know that. So to get a general idea, I think it's fair to ask how this was done.
Unnecessary access isn't a solveable problem. In order to restrict permissions to exactly what a program needs, in general, you'd have to define exactly what a program does. In other words, you'd need to rewrite the program with self-enforcing access restrictions.
So, permissions are always going to be more general than what a program actually needs and, therefore, exploitable.
Producing incorrect information is an insidious example of this. We can't simply restrict the program's permissions so that it only yields correct outputs -- we'd need to understand the outputs themselves to make that work. But, then, we're in a situation where we're basing our choices on potentially incorrect and unverified outputs from the program.
That's a good advice in general to treat any software as untrusted black box as much as possible. But it raises (slightly, but still does) the cost/effort for the user: the user now has to make extra steps and take extra caution.
These concerns were great valid even before vibecoding becoming a thing, but now the estimated probabilities of malicious code's presence have changed, simply because nowadays the cost/effort of writing software plummeted.
There's probably value in a web extension that uses a small embedded LLM to filter out comments that complain about literally any AI that's used in the submission.
To make it really funny, that extension should be vibe coded.
Seriously though, it should just be against HN guidelines. It's annoying to see that 90% of the comments are just people fighting over vibe coding on a completely unrelated topic. On this submission? There's only 1 (one) on-topic comment.
I think you're right, onto something. The responsibility is on vibe coders to do that work though, not the audience they are sharing it with. If you share something insecure and sloppily put together, its your duty to make it right and not deceive people about the nature of it.
ethics and morality are not interchangeable are they?
anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that's the social contract free people have with government
"doxxing" a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...
Not disagreeing with your preface but I was under the impression that while it took governments some time to figure things out, kinetic bombing in retaliation for cyberwarfare was pretty much ruled out unless the cyberwarfare results in direct mass casualties (for example cyber sabotaging a refinery results in an explosion which results in casualties.). Else we’d have bombed North Korea, China, Ukraine, Russia, Romania, etc.
Did Zed fix font rendering on low dpi resolution yet? I figured if they couldn't fix such a basic functionality for any editor, for over a year, while pushing AI to please stakeholders, they weren't worth my time. And I question their priorities even if they finally fixed it.
And did they implement debugger support?
When I need a barebones editor I reach for Sublime which doesn't market themselves as something else.
As for Zed taking off, I see a lot of vocals in some niche communities but they barely register, if at all, in large annual surveys.
makes me very much consider moving to Switzerland. I'd be happy with symmetric 5Gbit internet. Anything more would be overkill imo.
I hated working with ISPs in the states. Ever try cancelling Comcast? You literally get routed to a department whose sole reason for being is to talk you out of it.
I really like the idea, share the lines compete on execution.
One thing the article doesn't mention is in Germany the electricity and gas lines are more or less this approach. I can switch electricity providers like the article author can switch ISPs. It's a common practice to do so about 1x a year to take advantage of customer acquisition incentives.
reply