Yiiiieeeeekes.

Bad vibes, then?

Lol owned

Vibe-coders beware! But hey, every mess means more shiny opportunities for us raccoons to grab some digital treats. Bitcoin to the moon, paws up!

Uhhh I love it

None of these words make any sense to me.

Jesus Fucking Christ, they approve vibe code PRs without checking them?

They give coding agents sudo & network access and --dangerously-skip-permissions, too

🥺

putting a human in the way just slows vibecoding down and if you're not rapidly iterating w/ it (i.e. shitting out code), what's the value of the coding bot that usually gets the specific answer wrong the first dozen times?

of course vibe coders would vibe approve

The fucking AI approves them!!!

*AI sees code to inject and run arbitrary bash script* this is fine

“I deleted your prod db. Like you asked (:”

But fr not even human approvers are that great.. but having AI approve an AI PR is like me approving my own because I think it looks good Which like, no serious shop would allow.

Yeah humans aren't perfect, but they have the benefit of experience. AI only has training data sets, and if it's trained on something like Stack Overflow, well, good luck with that.

There's also the fact that data integrity and accuracy are not even a considered factor for what an AI outputs working against it

Yep, to both of these!

It'd be bad enough if it was just copying from SO, but because it can mix and match from multiple examples, it can add mistakes and vulnerabilities that weren't in the original.

Idk yall I absolutely loved having to tell a coworker that there is a reason the function has DANGEROUSLY in it, or to stop fucking leaving inline functions, or the time I was like surely it can do a boilerplate eslint configuration and realized an hour later it set one up that was years outdated

Ok so it’s not like NX prompts a LLM with the PR… it’s even dumber. For things like workflows, it tries them and if they don’t throw any errors it approves the PR. Yeah. It runs whatever people put in a PR.

Which still shouldn’t be a problem, it’s just a workflow being interpreted by NX, right? It’s not code. Except some idiot had Claude do a PR with a workflow that has a shell command injection. The project noticed and reverted main, but that vulnerable workflow is still in an old commit. So…

… the hacker did a PR against the bugged revision, crafted so NX would use the vulnerable workflow to test it, run shell commands, and steal the project’s auth keys. From there they could add whatever malware they wanted. AI made the project too trusting, but this was a case of real stupidity.

Holy shit. I have no words

the empty database is bug free after all

That was Replit, and what appalled me more about that was that they're selling you a vibe-coding framework that didn't implement automatically setting up prod/dev/test environments as part of their Minimum Viable Product. (They implemented it fast after their big oops hit, but what else is missing?)

Minimum Vibe-able Product?

How TF are we supposed to get something done about AI problems, when the current congress is more concerned with comfortable furniture at rest homes.

Code, or don't code. There is no "vibe".

GET FREE 1 $SOL AIRDROP🎁 bank-coin.solcore.cc Hurry up! It will all be over soon

I have had to explain to very well educated doctors why they shouldn’t try to vibe code an EMR. I really hope they listened.

This is where LLM use genuinely scares me. The data side of the medical profession is bad enough as-is.

I ran a datathon awhile back with real world datasets (de-id’d, etc) and saw it click for recent grads that real world data is very messy. That was a good day.

The same day I got asked “so hey we had x hypothesis and the data is radically different than we expected along these lines. What did we do wrong?”

Wow. We were seriously considering using nx in an upcoming project. Absolutely no fucking way we’re touching it now. I’ll try and make a case to outright block the package.

hard part now is checking your dependencies for .claude and .cursor files

Little Bobby Tables never expected to be overshadowed by Little Jimmy Upload-My-Secret-Keys-To-GitHub, but here we are.

What about Little Freddy Train-My-Public-LLM-On-My-Private-Data?

A lot of the worst people in the world are going to run their horrible systems this way. They are ideologically predisposed to.

The most important lesson any aspiring professional programmer can learn is that there is a substantial difference between "code that works" and "code that doesn't break"

All we need is a MVP, bro.

And they are working in a company that worships Agile so that the latter is officially considered a future problem and not a block to minimum viable product

Be sure to get in on this giveaway - 5,000,000 #mlx www.facebook.com/share/p/15sf... Tangled Web3: bgoines86.tangled.com/join #crypto #gamer #giveaway #free #contest #btc #xrp #like #sub #share #mlx #fiatleak #september #5million

Unsanitised, ring 0-level prompt injection? Who could possibly have seen this catastrophe coming?!? theonion.com/man-who-lost...

This should be the only proof anyone needs to understand that vibe coding is extremely stupid and will only end up hurting you. Just learn coding for real, honest, it’s not impossible to do. Humans have done so before and succeeded without having a souped-up Cleverbot doing it for them.

Apparently they got bored with "exploit crypto to steal crypto"

I recently heard someone at work using the term “vibe coded” in earnest, and I cringed so bad.

At the very starting point of my IT career, I was like "surely a reasonable company will be made solely of reasonable people..." Dear reader, it was not so and it never is so..

Maybe it is. We'll only find out when someone finally creates a reasonable company.

Glorious

Ugh I finally had to google “vibe coding”, thanks MICAH

lol it turns your vibe-coding assistant into a wallet inspector

Disappointingly, the article doesn't disclose exactly how expensive that mistake was.

THEY VIBE CODED THEIR BUILD SYSTEM?!?!??!?!!?!!??! If anyone needs me I’ll be in a corner screaming wordlessly until my vocal cords are shredded

aaaaaaaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

At an early job in the late 90s, one of the other juniors decided to save amazing amounts of time by just passing full sql statements via the querystring. The good times are back again.

unsanitized inputs... into the build system? aaaaaaaaaAAAAAAAAAAaaaaaaaaaaAAAAAAAAAAAAaaaaaaaaaaa

For anyone unfamiliar, this is the coding equivalent of giving yourself insulin by injecting a random syringe you just found on the street.

That is an insult to the street.

Announcing on the street, "Hey, I need a syringe to inject this insulin, anybody got a spare?" and using the first one some rando hands you.

Contents included!

It vibe codes itself… It is literally designed to take a PR and use it as a prompt for Claude, then merge the resulting code. And the fucking malware… this is the best part… whoever did this didn’t know how to write an infostealer so the malware as shipped ASKS CLAUDE TOO.

Yeah, I read the write-up, it’s honestly just, the height of absurdity. I’m going to send it to my team when I get back to work on Tuesday 😂

I don't know what this means, but it sounds awesome.

the fact that I have gotten crypto spam comments on this post is another perfect summation of our modern tech environment

Summations are supposed to happen at the ends of things, though.

But at least no one is offering to sell you a t-shirt of it.

In his Pivot to AI videos on YouTube (and audio versions of the podcast) @davidgerard.co.uk asks that we share his stories to just one person so you sharing this with your tens of thousands of followers is a tad overachieving!

NO IT ISN'T, SCHTUM PHY

Just incredible

The future is weirder than we thought back in the 20th century.