Comment by operatingthetan
1 day ago
It's interesting how many of the low-effort vibecoded projects I see posted on reddit are on vercel. It's basically the default.
1 day ago
It's interesting how many of the low-effort vibecoded projects I see posted on reddit are on vercel. It's basically the default.
Reddit vibecoded LLM posts are kind of fascinating for how homogenous they are. The number of vibe coded half-finished projects posted to common subreddits daily is crazy high.
It’s interesting how they all use LLMs to write their Reddit posts, too. Some of them could have drawn in some people if they took 5 minutes to type an announcement post in their own words, but they all have the same LLM style announcement post, too. I wonder if they’re conversing with the LLM and it told them to post it to Reddit for traction?
I find that often the developers of these apps don't speak English, but want to target an English-speaking audience. For the marketing copy, they're using the LLM more to translate than to paraphrase, but the LLM ends up paraphrasing anyway.
I think they simply just haven't figured out that the barrier to entry is so low, that no one really cares what their app can do, even if does something genuinely useful.
> For the marketing copy, they're using the LLM more to translate than to paraphrase, but the LLM ends up paraphrasing anyway.
What do you see as the distinction between "translating" and "paraphrasing"? All translations are necessarily paraphrased.
2 replies →
They are not exclusive to reddit. HN has also been full of vibe submissions of the same nature.
It's insane how most of the dev subreddits are filled with slop like this. I've thought the same thing - why can't they even spend 5 minutes to write their own post about their project?
Yeah, in the last 6 to 10 months /r/rust has become littered with this stuff. There's still some good discussion going on but now I have to sort through garbage. The signal to noise ratio is out of whack these days that I generally avoid platforms like Substack, Medium and so on too.
next, vercel, and supabase is basically the foundation of every vibecoded project by mere suggestion.
If this kind of vulnerability exists at the platform level, imagine how vulnerable all the vibe-coded apps are to this kind of exploit.
I don't doubt the competence of the Vercel team actually and that's the point. Imagine if this happens to a top company which has their pick of the best engineers, on a global scale.
My experience with modern startups is that they're essentially all vulnerable to hacks. They just don't have the time to actually verify their infra.
Also, almost all apps are over-engineered. It's impossibly difficult to secure an app with hundreds of thousands of lines of code and 20 or so engineers working on the backend code in parallel.
Some people are like "Why they didn't encrypt all this?" This is a naive way to think about it. The platform has to decrypt the tokens at some point in order to use them. The best we can do is store the tokens and roll them over frequently.
If you make the authentication system too complex, with too many layers of defense, you create a situation where users will struggle to access their own accounts... And you only get marginal security benefits anyway. Some might argue the complexity creates other kinds of vulnerabilities.
the vibe coders don't know what they don't know so whatever code is written on their behalf better be up to best practices (it isn't)
They’re all shit too. All three decided to do custom auth instead of OIDC and it’s a nightmare to integrate with any of them.
Maybe that's why all these vibe coded slop apps also use Clerk for auth alongside Supabase etc
I've done a ton of low-effort vibe-coded projects that suit my exact use cases. In many cases, I might do a quick Google search, not find an exact match, or find some bloated adware or subscription-ware and not bother going any further.
Claude Code can produce exactly what I want, quickly.
The difference is that I don't really share my projects. People who share them probably haven't realized that code has become cheap, and no one really needs/wants to see them since they can just roll their own.
The kind of code, with the kind of quality, that LLMs can output has become cheap. Learning has not, and neither has genuinely well designed, human designed, code. This might be surprising to the majority of users on HN, but once a really good programmer joins your team, who is both really good, and also uses LLMs to speed up the parts that he or she isn't good at, you really learn how far away vibe coders are from producing something worth using.
10 years ago it was Heroku and Three.js.
10 years ago it was Heroku and Ruby on Rails*
but now Ruby on Rails is not a circus like how Next.js is.
see [0]: Rails security Audit Report
[0]: https://ostif.org/ruby-on-rails-audit-complete/
More like 15. By 2016, Rails was supposedly dead and we were all going to be running the same code on the front end and back end in a full stack, MongoDB euphoria.
New one coming in 5 years. Cycle repeats itself.
I don't think so, AIs are going to freeze the tooling to what we have today since that's what's in the training corpus, and it's self reinforcing.
1 reply →
There's a push and pull here, Typescript + React + Vercel are also very amenable to LLM driven development due to a mix of the popularity of examples in the LLMs dataset, how cheap the deployment is and how quick the ecosystem is to get going.
Another Anthropic revenue stream:
Protection money from Vercel.
"Pay us 10% of revenue or we switch to generating Netlify code."
Wouldn’t Vercel still make money in that scenario since Netlify uses them?
Netlify uses AWS (and Cloudflare? Vercel def uses Cloudflare)
4 replies →