Comment by godelski
21 days ago
I'm a machine learning researcher myself and one of the things that frustrates me is that many of my peers really embrace the "black box" notion of ML models. There are plenty of deep thinkers too, but like with any topic the masters are a much smaller proportion. Just a bit of a shame given that I'm talking about a bunch of people with PhDs...
As for my experience vibe coding is that it is not so much vibing but needing to do a lot of actual work too. I haven't watched that video you linked but that sounds to reflect my actual experience and that of people I know offline.
Since the JavaScript and Python worlds are heavily polluted by LLMs, I start to look into Rust and Cargo ecosystem. Surprisingly it picked up the pace as quickly as possible.
Once Rust can be agentic coded, there will be millions of mines hidden in our critical infrastructure. Then we are doomed.
Someone needs to see the problem coming and start to work on the paths to solution.
The mines are already being placed. There are plenty of people vibe coding C programs. Despite C documentation and examples being more prolific than rust, well... C vulnerabilities are quite easy to create and are even in those examples. You can probably even get the LLMs to find these mines, but it'll require you to know about them.
That's the real scary part to me. It really ramps up the botnets. Those that know what to look for have better automation tools to attack and at the same time we're producing more vulnerable places. It's like we're creating as much kindling as possible and producing more easy strike matches. It's a fire waiting to happen.
I did a toy experiment on a pretty low level crate (serde) in Rust ecosystem, to run a simple demonstration from their website pulling in 42M of dependencies.
https://wtfm-rs.github.io/wtfm-serde/doc/wtfm_serde/
I know this is orders of magnitude smaller than npm or pip, but if this is the best we can get 50 years since 70s UNIX on PDP-11, we are doomed.
1 reply →