Comment by gigatexal
8 hours ago
Everyone asking was this vibe coded should calm down. Instead we should just have automated ways to audit the code to see if it’s secure, see if it’s going to steal our keys, etc.
If it provides value who cares?
I mean we could read the code to see if it does anything nefarious. Or have a bought do a check or checks.
But asking every time there’s a show HN is it vibe coded is such gatekeeping elitest nonsense it makes me angry.
There's probably value in a web extension that uses a small embedded LLM to filter out comments that complain about literally any AI that's used in the submission.
To make it really funny, that extension should be vibe coded.
Seriously though, it should just be against HN guidelines. It's annoying to see that 90% of the comments are just people fighting over vibe coding on a completely unrelated topic. On this submission? There's only 1 (one) on-topic comment.
You are trying to rationalize with people who hold irrational beliefs. It won't work because their objections aren't based on reason.
It's ok for people to just hate things. I hate spinach for example. Listing all the reasons that my distaste for spinach is irrational won't change that.
Similarly, explaining to the new amish that AI with TDD writess better code than most of the devs I know isn't going to get you anywhere. They don't really care about code quality at all. It's a religious or political belief.
I do. I care. And there are dozens of us.
Lots of infected programs provide value. It has nothing to do with being or not being infected.
If a project was vibecoded in a weekend - there are less chances that it will still be maintained in a, say, year or two.
But if it is open source you could maintain it? It could be "done" for a given state of affairs (protocol/API versions etc)?
Of course you could, but if it was indeed vibe-coded in a weekend, why wouldn't you want to start from scratch to make sure everything is up to your standards (especially security)?
I'm definitely not going to jump in on a vibe-coded project. I'd much rather start from scratch if I found the use-case to be relevant.
Not to say vibe-coded projects can't be alright. If the engineer behind it knows their stuff, it's fine to me. But we don't know that. So to get a general idea, I think it's fair to ask how this was done.
Such action has non-zero cost/effort. Do I really want to pay it? I am not sure.
Don't give programs unnecessary access - problem solved
That's a good advice in general to treat any software as untrusted black box as much as possible. But it raises (slightly, but still does) the cost/effort for the user: the user now has to make extra steps and take extra caution.
These concerns were great valid even before vibecoding becoming a thing, but now the estimated probabilities of malicious code's presence have changed, simply because nowadays the cost/effort of writing software plummeted.