Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@whimsical Exactly. I remember in 1990 being told in my earliest college-level computer programming courses that "someday" we'd have an nth-generation language system that we could make programs in with natural language English. Nobody could describe just how that would work since, as everyone knew, anything resembling artificial intelligence was decades, or hundreds, maybe thousands of years away. I feel like I've been waiting for this moment my whole career, where I can get shit done and finally go outside and touch grass. Being locked in a lab, a cubicle maze, or a room in my house, slaving away at a keyboard over some damn missing semicolon is so yesterday.
-
@stackodev
> where I can get shit done and finally go outside and touch grass.
Can you though?
Most dev jobs don’t allow you leave early when you are faster.
There is no such thing as finished with the work. You are payed by the hour.
Is your job different? -
Yeah this works until something subtle goes wrong (which happens to be the MOST common type of issue that LLMs produce) and you're dead in the water.
You're right - you deserve to be roasted for falling short of expertise your entire career and celebrating the offload of cognitive work to an unreliable machine.
If you never got good at programming, maybe you should have stopped trying.
If you work with a new framework, tool, whatever - your job is to be able to learn it, and quickly. This doesn't happen naturally and requires research and practice. Maybe you did these things and had a hard time for reasons beyond your control. Who knows.
Bottom line is, if it never worked for you before, this solution might seem good now but you're BONED the moment it doesn't work right. -
@Lensflare I'm the owner of my business. I'm trying to be a better boss to myself and let myself out to play more. And that's the reason I started this business...to escape the tyranny of the typical dev shop.
-
@YourMom GPT is terrible. Claude is so much better. I just tell it to write the tests (and dozens of other things I never used to bother to do because it was so tedious).
-
@YourMom Nobody should use GPT for coding. It's not good at it. At all. Claude 4 is the best I've found so far. Here's a good (and long) article about someone else's experience. https://wordfence.com/blog/2025/...
-
@AlgoRythm That's an opinion, but not my actual experience. I've never found a situation I haven't been able to get out of using vibe coding. In many ways, it frees up my wetware compute cycles to see the bigger picture and understand the root cause. Sometimes you're staring into the abyss of mismatched brackets when you need to stare into the abyss of the architecture.
-
@stackodev honestly, if writing tests is tedious, you are probably doing it wrong.
Like trying to achieve a specific % test coverage and writing completely useless test cases. -
@stackodev Modern models make less mistakes but they're almost always difficult to spot. Ask me why I know so much about two-way binding in Blazor. Too late, I'll tell you. It's because an LLM gave me code that looked right, I didn't bother to read about two-way binding in Blazor beforehand, and I wasted a few hours and STILL had to learn it myself anways.
Granted, this was GPT and GPT is much worse at code. But all LLMs fall into the same traps, just at different rates. They're all the same tech with different datasets.
Funny you should mention architecture - LLMs are so awful at it that I don't think any LLM has successfully generated something more complex than a chat app on its own. It also has some trouble following existing architecture, though that is generally not as big a problem as other problems with vibe coding. -
@stackodev in a similar way to how leaded gasoline lowered the global IQ of humanity, I think vibe coding is going to increase the global number of vulnerabilities/ hacks globally as code that was written without any organic intelligence meets the market. Not to mention an enormous increase in shitty bloatware and enshittification of existing products.
The tragedy - even if you don't use crappy LLM code in your product, it might appear somewhere in your supply chain anyways. What a shame. -
@whimsical I actually agree with LLM as an assistant. Boilerplate code has almost never really been written by good devs. Either it comes from your IDE or it comes from stack overflow, but I hardly ever fucking write the small, self-contained code that LLMs spit out very well.
The process of learning tools, commands, and frameworks is FUN for me and what I assume to the be the majority of other devs that are devs because they LIKE programming. OP has flipped that idea on it's head which is probably why I'm so personally upset by the idea. -
@whimsical I do feel threatened by it, but would feel moreso if I was a junior. LLMs can pass for junior devs mostly because thinking back to my first internship and first year of my first job, I was a fucking bonehead. LLM could probably out-perform me on my best days back then.
It would take a lot for an LLM to out-architect me these days. It would need to be an extraordinarily lucky day for the LLM with a prompt that basically give it the answer.
As the LLM race cools down, I'm accepting LLMs into my workflow as code reviewers, rubber duckies, and boilerplate generators. I do not give it any further tasks because I do not trust it with further tasks, based on both my emotions and genuine experience. -
@YourMom The assumption was that you use a tool that uses gpt like co-pilot rather than the webinterface
But yes, it does clear up the boilerplate wonder if it can create a basic vulkan renderer -
@whimsical you might be right about that, but largely on a superficial level. Yes, LLMs tend to do the grunt work that (myself included) organic programmers tend to avoid such as validation. But this is just the basics of security, the really important security is almost always architectural, which LLMs fail at spectacularly in general.
-
@whimsical again, I agree to some level and disagree at another. Security at it's core is a difficult thing. Look at SSL/ TLS and the fact that you really aren't supposed to roll your own encryption unless you're an EXPERT.
The *core* of security is a complicated science, and is currently a subset of math more than anything else.
Things like session, federated identity, JWT, and encryption at rest are the most complicated things a typical organization should need to deal with. I can tell you from implementing these things across 2 different tech stacks and 3 different frameworks, that this is a heavily architectural task and leaks in the boat can be devastating. -
@whimsical JWT is great - simpler than SAML with its XML tokens, and more secure with a signature already in the basic spec. What's wrong with it?
-
@whimsical is that not the point? You're gonna need to be less cryptic
-
@whimsical I think you're confused about the purpose of JWT. It doesn't replace or compete with the typical web token (which could be as simple as 32 bytes of entropy that is handled 100% of the back-end)
JWT is about storing identity information in a way that you can validate the SOURCE of the token. It's a beautifully simple design that includes only three parts: the header (format info about the token itself) the payload (JSON encoded freeform data) and the signature.
Play around with it on this great site, maybe your mind will be changed: https://www.jwt.io/
Here's a cool tip: with JWT, your web server can validate the identity of a user WITHOUT calling the user info and/or session databases. -
@whimsical The one biggest downside of JWT is that you cannot invalidate a token without also completely removing the efficiency gains that JWT has to offer. I mean, if you want the ability to invalidate tokens after they're issued, you'd need a database call on EVERY JWT validation, which totally defeats the purpose of JWT in the first place. The most common resolution to this is short expiry dates (1-15 minutes)
-
@whimsical Well, I do agree with what you're saying, but all systems fall victim to this to a certain degree. Whether it be a one-step process (gaining access to the token) or a two-step process (gaining access to a token and then using the token to gain access to data)
But choosing traditional tokens for auth/auth has its merits in security, I surely think. -
@AlgoRythm it becomes a big attack surface =]
-
@jestdotty I feel like you'd need to significantly misuse JWT for it to become an attack surface. It's cryptographically signed, so it's essentially read-only. The only possible attacks are by using the data included in the token, which should be limited to essential information like a user identifier and roles. Unless this information can be used to attack the system, it's benign.
-
@whimsical A lot of the over-the-top security principles like key authentication or 2fa protect the least common denominator, not actual security-minded individuals.
I've seen production databases where the password is three letters and was just the name of the schema.
It was behind a firewall, but still. THAT is the type of person that these security best practices justify. -
"Vibe coding" is essentially trading your title from developer to product manager. You are asking someone/something to produce something for you. You don't know how it works under the hood, you just observe the outcome. When something is wrong or doesn't work as intended, you ask someone/something to fix it. You don't understand the inner workings, and don't really care much about it either. You're a product manager.
Make a decision. You can be a developer that takes advantage of AI but at the same time understand what's going on, know how to get what you need out of it to increase your productivity and consider it what it really is: a tool. Or, you can give up your title, become a person that asks for stuff to be made for you. You can't be both. -
@whimsical But then you ARE using it as a tool...
You can see and understand the difference between throwing out a simple prompt and be amazed at what is created, and actually instructing this tool in a way that gives you the right outcome. I bet you would also understand the code generated? You could fix something that doesn't end up quite right if you had to? You give me the impression you would know that the stuff you get handed by AI might need you to still make sure you implement property security, not open the app up for potential hacks?
You are using it as a tool. Vibe coding (to me) is in the name: you give it a vibe of what you are after, and trust that what you get back is good. -
@AlgoRythm Try using .md files to define architecture, if you haven’t already. It’s life changing.
-
@AlgoRythm Re: vulnerabilities, I’ve started a side hustle using Claude to track down vulnerabilities for bug bounty programs. Too early to tell if it’ll be productive, but so far it found 5 in just one go at one piece of software.
-
@devdiddydog Yeah, I don’t care about titles. That’s stuff that I cared about once but it never amounted to anything. I still got laid off multiple times through no fault of my own due to quarterly earnings being low or some stupid shit. People VP and above all kept their jobs, though. In the end, title is about ego. I just want to ship software. And, like you said, if I need a coding purist to tsk tsk over the code later and fix it, there’ll be plenty of unemployed ones to choose from. And I’ll finally have revenue from my software sales to hire one vs. trying to wear the dev and the owner hat at the same time.
-
One of my problems with vibe coding is that you not longer go to official documentation. A lot of documentation has warnings about cybersecurity or best practices or the reason why it is done this why or you stumble upon something you will have to use later.
I kinda worry about the new programmers in education or the ones who just enter the workforce. -
@n1cK1337 good one 😂
-
Here's a way to keep all the agents straight and in one file. https://ampcode.com/AGENT.md
-
@stackodev Oh that's smart getting ai to do the security checks, tempted to do the same now
-
@Lensflare > 'I like to offload boring/tedious tasks to AI'
A few years ago I'd kill for a good automated listing of all the emoji that would then store them in a text file.
/jk
!kill, but yeah... did that thing manually. _Every_ _fucking_ _emoji_ that was available, entered by hand.
Well... did it once, then reused it across the projects by copy-pasting. The effort was well worth it in the long run. -
@YourMom > 'probably definitely'
The confidence in that statement is delicious.
/jk
But seriously, hopefully something innocuous is going on. -
@D-4got10-01 Have you considered [meta/win]+[.] ;P
-
@BordedDev Those were the days of Windows 7.
...also, we were testing on Android && iOS devices, so... -
@D-4got10-01 Ah the better windows days
-
@BordedDev Yup. Same for Android && iOS.
One of the issues revolved around PM's: 'why my emoji on iOS look different on your Android?'
Had to dig deep to find info about the support per platform, per OS version, etc.
Roughly at the same time I learned about this little fella: �.
We used that one for a lot of unsupported emoji, especially the Kindle Fire 2nd gen. -
@D-4got10-01 Ah yeah, it's even font dependent now
When you wanted to know deep learning immediately
That's not AI.
I fully expect to be roasted here, but I, for one, welcome our new vibe coding AI overlords.
I've never been good at coding for one major reason: I cannot commit to memory or manage to effectively use enormous sets of commands, principles, techniques, frameworks, etc., that are often required for this work. I've always been a huge source of frustration for team members who have that innate ability, in that I slow them down, make lots of mistakes, and generally don't know what I'm doing in the context of everything available to me to use. Especially in comparison to them. The only good ability I seem to have is picking through code others wrote, updating it, debugging it, and generally comparing it to best practices to either ask them to fix it or figure out a way to get it done myself. But it takes me a long time, and it's super frustrating.
"Vibe coding" has been world-changing for me in that regard. I know. It's not "pure coding". I know. It's "stealing our jobs". I know. "It's making us all dumb and dependent".
I don't care. I'm trading that for FINALLY being able to realize the vision of all the projects my right brain WANTED to do for so long, but that I never tried because I knew my limited left brain couldn't manage it. I knew the UI and the requirements, but I just couldn't get started. Or, if I got started, I couldn't figure out what to do next. I knew how to explain it, but it would take me many more hours than necessary to write the first working class and functions.
I'm in this to make money. I'll leave the "coding poetry" to the purists. I need an MVP, then a v1, then a v10+ as soon as I can possibly get them done, so then I can get the software to market before some other competitor.
If that makes me some kind of terrible person or shit coder who's "ruining everything" (really?), so be it. I'm due to retire in the next 5-7 years. If I can make that happen earlier with more sold software, all the better.
rant
vibe coding
ai