A story about a non-technical friend: friend vibe coded a SaaS last year and started generating revenue with almost no marketing; all word of mouth and inbound in a niche industry. Used Replit and Supabase to build the thing; I am still really impressed by what he was able to do given how complex the app ended up becoming as he interacted with customers.
What I think happened: there are two incumbents in this space that are not happy about him showing up and charging a fraction of their monthly cost for a better, more modern product (their products are Windows-based desktop software). So they hired hackers to hack his SaaS (because these hackers have never demanded money). Unfortunately, that vibe-coding resulted in some bad code that made it easy to hack. First, the user list was leaked on the FE of the code and the hacker emailed all of the customers. Second, the hacker got a hold of his Stripe key and issued every customer a refund. Third, the hacker has been trying to inject XSS attacks into app (we'll see a random `<script>alert()</script>` tag in some fields)
I think indeed, vibe-coded software in the hands of the inexperienced is instant tech debt. But at the same time, he was able to prove out a viable business in a matter of a few months with no engineering background and no technical capability.
Now he's hiring a developer to shore it up.
Was it worth it? Yes, it is terrible, shoddy, insecure code, but he proved out a viable business with just a few hundred dollars of investment.
WD-42 · 5h ago
I would not default to assuming it was his competitors, that sounds like scapegoating to deflect responsibility. What most likely happened is his site was scanned by one of the increasingly sophisticated exploit crawlers (anyone who runs an internet facing site and can view traffic knows what I'm talking about). His site got flagged as vulnerable, the hacker found out it was built like swiss cheese and had fun with it.
eddythompson80 · 5h ago
Who else would spend the time and effort to figure out you leaked your stipe key to your front end? Sure people have bots to do that, but it’s kinda unbelievable someone would run such a bot on their vibe coded website.
JackFr · 1h ago
I have a strictly hobby web app that I work on. 6-7 years ago I inadvertently pushed AWS email service credentials to GitHub.
Half an hour after the push I got an email and text from GitHub that I had exposed credentials. I quickly logged in to my AWS to turn off the service, to see that AWS had suspended that service because the bounce rate on the 80000 emails sent in that 15 minute period was too high. It was crazy just how fast it was exploited.
achierius · 5h ago
Why is it unbelievable? There is an entire industry of people trying to find vulnerable niche applications like this. There are bots which crawl the web, not to make an index, but just to find vulnerabilities. Nobody necessarily even had to 'point' anything at this at all, it just shows up on their dashboard one day and they get to dig in.
galleywest200 · 2h ago
I would not be surprised if Shodan.io ends up with queries for easily identifiable markers of vibe-coded software.
eddythompson80 · 5h ago
I was being facetious. Yes, there are millions of bots that are constantly searching every website for leaked keys, passwords, database credentials, crypto wallets, firebase endpoints, s3 buckets, email addresses, phone numbers, etc. the list is bottomless
hooverd · 2h ago
Nah, that's table stakes for a public facing website.
darepublic · 4h ago
Shame on this dude.
arrowsmith · 3h ago
Oh you sweet summer child.
CharlieDigital · 4h ago
It's def a hacker from a the incumbent because:
1) They took action after getting the Stripe key by refunding all customers
2) They drafted an email to all customers after a hack that got the mailing list and API route to send emails
3) Not once has the hacker asked for compensation of any kind nor a ransom
doix · 41m ago
Not sure how to word this, but are you "new" on the internet? People used to break stuff "for the lulz" since the dawn of time.
I remember when I was a kid running a tiny forum with phpbb or something, and some script kiddies from g00nsquad (can't remember exact spelling, but something like that) defaced it. They didn't ask for money, they just did it for fun.
Sure things have changed now and the internet has become more corporate, but I reckon there are still people out there doing this stuff l because they can.
chillfox · 3h ago
My understanding has always been that most hackers do it for the fun/challenge/sport of it and it's only a small fraction who are in it for the money.
Breaking things is just fun for them and the internet is their video game.
Also the vibe I am getting from places like reddit/etc... is that it's currently open season on vibe coded apps. Lot's of internet points to be had for destroying them.
SecretDreams · 3h ago
Breaking things is fun. Effectively stealing money (the refunds) is highly illegal, immoral, and malicious. Who knows who did it, but that aspect is just dickhead territory.
therein · 3h ago
I wouldn't call that stealing. It is a forced refund. A hacker could even justify it to himself that these people were unknowingly paying for a shitty product that was built like Swiss cheese, time to give them a refund. Another plausible one is "this guy shouldn't be allowed to run a website, I can't believe he made money for it, it is going back".
I am not saying it is the most likely case or even ethically justified but it is definitely not a super unlikely one. Anyone who thinks that's an impossible scenario has not been in the hacker's shoes.
throwaway422432 · 2h ago
Refund or chargeback? The processing fees for a chargeback on every transaction could put him out of business.
He's lucky they didn't find a way to use it for card washing.
daveguy · 2h ago
It would have had to be refund. The hacker could t initiate a chargeback from knowing the merchant's stripe keys. Seriously doubt it was a competitor. The risks of hiring someone to commit felons against your competitors just isn't worth it. Especially since the vibe coder seems to be bungling things on their own just fine.
anamexis · 4h ago
I don't see how any of that implies that an incumbent did it.
YokoZar · 4h ago
If you were a criminal trolling the Internet for vulnerable servers and found stripe keys... would your first instinct be to refund customers rather than do some other sort of crime? Like what's the motivation you envision here?
WD-42 · 3h ago
"Because I can" or "Because it's funny" are more than enough reason for most people. The fact that the hacker refunded all the customers, then emailed them to warn them that they were using a terrible app actually sounds like a pretty tame troll to me. If the hacker was truly hired by the competition to act maliciously, they could have done far, far worse.
Your friend should take this as a lesson instead of trying to deflect blame to their competitors.
wlesieutre · 2h ago
> Because it's funny
I think you mean “for the lulz”
anamexis · 4h ago
There are black hat hackers that take great joy in just causing as much chaos as possible, particularly with such vibe-coded apps. Even with stripe keys, it's not like they could direct money elsewhere.
roywiggins · 3h ago
Maybe a blackhat hacker decided that the software was so shoddily built that the company didn't deserve to continue existing, and decided to try to make that happen as a sort of vigilante justice against crappy vibe-coded apps.
Definitely not a good idea but it's not an unreasonable motivation.
dijksterhuis · 3h ago
Some people just want to watch the world burn :shrugs:
chillfox · 3h ago
Fun and internet points!
8note · 3h ago
what was in this email though?
WD-42 · 2h ago
Hey all I’m an independent security researcher and I found that you are paying for an app that is shoddily built and doesn’t respect your privacy or security so I decided to give you all a refund. Have a nice day!
CharlieDigital · 2h ago
Telling customers it was built with AI and insecure.
Ferret7446 · 1h ago
This is morally equivalent to building a house with no engineering experience and someone coming around and kicking it down. The problem isn't vibe coding per se, but lacking some key knowledge to be able to make important judgements which may (should) result in legal liability
zerotolerance · 4h ago
Did he need it to prove a business viable if there were already players in the market? No. Do you ever need to validate that people would switch providers of a commodity product or service if presented with a cheaper option? Also no. What did he learn then, that he can create a partial solution that people might pay for initially (no data on renewals) but will ultimately have to actually hire people to build a real product which will eat at his differentiator (price). Wait until he decides he actually has to spend money on marketing.
The good news is that with each of these we get to "validate" that having an idea still isn't worth much without the ability to actually execute.
phyzix5761 · 4h ago
As a business owner I can tell you that price is not the only factor people look at when choosing to engage with a business. I've tried the whole "cheapest offer in the market" thing and its backfired terribly. The main insight I've gained is that customers have a perceived value of a product that aligns with things like branding, marketing, previous experiences, and perceived popularity. People are willing to pay more for these things.
doesnt_know · 5h ago
The fact your friend is suffering no consequences and is able to just carry on is exactly what is wrong with this industry.
In a perfect world the creation of software would have been locked down like other engineering fields, with developers and companies suffering legal consequences for exposing customer information.
woooooo · 3h ago
The 80s and 90s devs who built our current software infra were, on average, FAR less credentialed than today's juniors and mids who mostly don't understand what they're building on.
api · 3h ago
In that world we’d just be transitioning to 32-bit software and still running MS-DOS since it’s certified. Linux would never ever have broken through. Who can trust code developed by open source cowboys? Have we verified all their credentials?
There are some industries where the massive cost of this type of lock down — probably innovation at 1/10th the speed at 100X the cost — is needed. Medicine comes to mind. It’s different from software in two ways. One is that the stakes are higher from a human point of view, but the more significant difference is that ordinary users of medicine are usually not competent to judge its efficacy (hence why there’s so much quackery). It has an extreme case of the ignorant customer problem, making it hard for the market to work. The users of software usually can see if it’s working.
majormajor · 2h ago
You, of course, say that like it's a bad thing.
I'll say video games would certainly be worse.
I don't know if we'd be worse off with a lot of other software and/or public internet sites of 20-to-30 years ago. A lot of people are unhappy with the state of modern consumer software, ad surveillance, etc.
Probably a lot less identity theft and credit card/banking fraud.
For social media, it depends on if that "regulate things to ensure safety" attitude extends to things like abuse/threats/unsolicited gore or nudes/etc. And advertising surveillance. Would ad tracking be rejected since the device and platform should not be allowed to share all that fingerprinting stuff in the first place, or would it just be "you can track if you check all the data protection boxes" which is not really that much better.
I'm sure someone would've spent the time to produce certified Linux versions by now; "Linux with support" has been a business model for decades, and if the alternative is pay MS, pay someone else, or write your own from scratch, there's room in the market.
(Somewhere out there there's another counterfactual world where medicine is less regulated and the survivors who haven't been victimized by the resulting problems are talking about how "in that other world we'd still be getting hip replacement surgery instead of regrowing things with gene therapy" or somesuch...)
0xEF · 3h ago
A reliable, un-bloated OS? Sign me the eff up.
RogerL · 2h ago
Go check out VxWorks or the like. only 20K a seat, build tools at a similar price, and then oh joy, runtime licenses required to deploy the sw you wrote.
Which are reasonable prices when lives are at risk.
Yes, I know RTOS are not general purpose, this is NOT apples to apples, but that is what that kind of reliability, testing, safety certification, etc. costs.
Zopieux · 3h ago
how dare you stifle innovation with your communist laws, I thought this was America
raincole · 3h ago
People really want to bring down the growth of the USA's software industry to EU level.
majormajor · 2h ago
Letting another country be the wild west and then cherry-picking the good stuff while regulating the nasty stuff doesn't seem like a terrible place to be for the, what, 99% of people who aren't Silicon-Vally-bigtech-execs-and-engineers getting all those profits?
Even in the US most software jobs are lower-scale and lower-ROI than a company that can serve hundreds of millions of users from one central organization.
But for the engineers/investors in other countries... I think the EU, etc, would do well to put more barriers up for those companies to force the creation of local alternatives in those super-high-ROI areas - would drive a lot of high-profit job- and investment-growth which would lead to more of that SV-style risk-taking ecosystem. Just because one company is able, through technology, to now serve everyone in the world doesn't mean that it's economically ideal for most of the world.
randmeerkat · 3h ago
> People really want to bring down the growth of the USA's software industry to EU level.
The EU is the only place hiring software engineers right now. Everyone in the U.S. just keeps laying them off.
B-Con · 3h ago
That hiring is by US companies moving at US speeds, who greatly eclipse the growth rate of EU companies, which is the point OP was making.
woooooo · 2h ago
I think "innovativeness" is massively overrated compared to network effects and consolidation.
Spotify is European. Any innovative SV companies going to unseat them with sheer pluckiness? Same goes for Meta or Amazon going the other way.
China and to some degree Russia have their own ecosystems due to anti-innovative barriers they put up.
api · 3h ago
Some of that is US companies hiring in the EU because the salaries are lower. Source: I know of multiple companies, even on the smaller side, doing this.
dashdotme · 5h ago
> Was it worth it? Yes, it is terrible, shoddy, insecure code, but he proved out a viable business with just a few hundred dollars of investment.
This feels like less of a win for the customers though. They're paying money and exposing their data insecurely, all for a product that maybe does what it's trying to do.
> Now he's hiring a developer to shore it up.
This is going to be way harder than it sounds...
I'm all for AI as a reference or productivity/learning aid, but the results without a human in the loop quickly get horrific.
CharlieDigital · 4h ago
It's a win for the customers. From what he's told me, there's zero churn so far despite the hacks (including one where the hacker emailed every customer about the hack).
It's because the software is that much of an improvement over the incumbents at a fraction of the cost. Better features, more flexible, easier to use, faster, etc. Everything about it is better than the two major vendors.
The rebuild will likely end up easier, IMO, because the screens and the logic is all done. Most of it just has to be moved to strict backend and then have the APIs secured correctly.
randmeerkat · 3h ago
> The rebuild will likely end up easier, IMO, because the screens and the logic is all done. Most of it just has to be moved to strict backend and then have the APIs secured correctly.
How to draw an owl…
Step 1. Draw a circle.
Step 2. Draw the rest of the owl…
rainonmoon · 29m ago
That’s not a viable business, it’s a walking liability. Besides which, why would anyone trust your friend (as an investor or customer) ever again when they’ve shown such profound disregard for user data and their IP? If your metric of success is “I have no idea what I’m doing and still made money from it” your friend would have a better time starting a podcast.
mschild · 23m ago
> Why would anyone trust your friend (as an investor or customer) ever again when they’ve shown such profound disregard for user data and their IP?
Plenty of people probably. There are hundreds of businesses that constantly get exposed for massive leaks and/or horrendous business practices yet they're doing just fine. I'd imagine the killing blow in this case would be the stripe key but beyond that they would've likely had no massive issue.
bschwindHN · 24m ago
> Was it worth it? Yes, it is terrible, shoddy, insecure code, but he proved out a viable business with just a few hundred dollars of investment.
Thank god that someone, somewhere, was able to make some money out of irresponsibly releasing software into the world!
roywiggins · 3h ago
> Was it worth it? Yes, it is terrible, shoddy, insecure code, but he proved out a viable business with just a few hundred dollars of investment.
and the vital ingredient? complete contempt for his customers
Gigachad · 4h ago
This is why we need strong financial penalties for data leaks. A company that plays fast and loose with security should be shut down the same way a restaurant would for vibe hygiene. “Oh well we poisoned some people but look how fast we set up”
bravesoul2 · 3h ago
It's also "worth it" to start a burger stand and make $1000 a day by vibing and not wasting time on food hygiene training or practices. Gotta move fast and test the market after all.
I predict 2030: all sites in most countries will need a license to operate and something like SOC2 certification. Even for your blog.
Ferret7446 · 1h ago
I think it should only apply to commercial services FWIW. Amateur sites should be caveat emptor
daveguy · 2h ago
Nah, it'll still depend on size of user base, revenue, and safety requirements of the domain. A random personal blog won't hit any of those criteria.
mvkel · 1h ago
"Tech debt" is a misnomer. It implies that at some point it should be paid down. There are very few examples where dedicating real efforts exclusively to paying down tech debt led to anything beneficial for the customer.
Some of the software we know and love today started with someone writing their very first line of PHP code, or Rails.
Vibe coding is ultimately about getting ideas shipped faster. Code quality is an engineer recruiting/retention strategy.
As we saw with that Tea app (which wasn't even vibe coded), you're only as secure as your weakest firebase store.
elzbardico · 5h ago
Man. Script kiddies are everywhere and if you have vulnerable code, it is basically a matter of time until one of them finds a hole.
starkparker · 5h ago
> Was it worth it? Yes, it is terrible, shoddy, insecure code, but he proved out a viable business with just a few hundred dollars of investment.
How much is it costing him to hire someone to reimplement his idea correctly?
mrmincent · 5h ago
Probably a similar amount that it would have taken him to hire someone from the start, except he’s already validated the product and market.
keerthiko · 5h ago
Likely still cheaper than whatever these competitors have spent building their product and then hiring blackhat saboteurs.
Joel_Mckay · 5h ago
I wonder if people do that sort of thing..
Generally bandits are not interested in sparing anyone. =3
singpolyma3 · 5h ago
If he manages to do it, he'll know it's a business with legs and how much people will pay which is pretty invaluable knowledge
CharlieDigital · 5h ago
Currently only equity.
And it only works because has proven the revenue model and found the customers already.
darepublic · 4h ago
Customers that he screwed over with his shoddy code.
No comments yet
imiric · 5h ago
Never mind what it's costing the vibe coder to fix this.
The important question is: what was the cost and consequences of the exploits for users of the service?
Joel_Mckay · 5h ago
He can expect 5 times what he would have paid the first time with a proper specification...
=3
joshdavham · 1h ago
This is why I think it's irresponsible to announce to the world that your app was vibe coded. It's like putting a target on your back for hackers.
benreesman · 3h ago
Your friend vibe coded something that handles people's financial information and/or PII with zero diligence.
This is a no fly zone amigo, that's going to be a hard no from me dawg.
That's not instant tech debt, that's a class action lawsuit for negligence with damages that were I a juror in a trial I would find him liable.
risyachka · 5h ago
It’s not a “hack” when you have your stripe keys in the frontend.
It’s called a skill issue and to prevent these you have to actually spend time learning instead of vibing.
It’s literally the same as driving a car without license.
Everyone can do it - but shouldn’t.
YokoZar · 4h ago
Just because it's an easy hack doesn't mean it isn't one. It's still lockpicking when it's MasterLock.
ben-schaaf · 2h ago
Maybe more accurately: it's still theft if the door was left open.
CharlieDigital · 4h ago
It's a hack because he had an admin route and API endpoint which was only checking for authenticated users. He thought no one could see the route because it wasn't in a sitemap (of course, everyone could see the route). Hacker found the API route to insert themselves into an admin table (Supabase RLS was not deployed correctly) and from there, started adding himself to other orgs in the DB.
QuadmasterXLII · 2h ago
I’d take even odds that that’s what his vibe assistant said happened but it has no relation to the actual sequence of events
aprilthird2021 · 4h ago
It's a hack because... it's openly exposed to anyone...
the_af · 4h ago
What he built was, almost by definition, a prototype.
The problem is that, as it often happens, the prototype was then deployed to production. In this case, it was partly the fault of your non-technical friend who didn't know better, but software engineering history shows us this sometimes happens because of customer/boss pressure.
So it's often the case prototypes designed to prove feasibility or to demo to customers become production software, and AI makes this undesirable result even more frictionless.
It seems in our line of business we are doomed to repeat past mistakes -- forever.
xorcist · 5h ago
Will his customers trust him a second time though?
wrs · 4h ago
Most customers just don’t care that much, and if it’s a viable business, even losing all the initial customers won’t matter. This is why we are where we are with respect to basic security.
(E.g., early Dropbox went four hours accepting any password for any account, and shortly thereafter somebody got about 30 million of their passwords, and they’re doing just fine.)
CharlieDigital · 4h ago
They trusted him more after he got hacked. He actually got more signups from inbound.
roywiggins · 3h ago
> ZUCK: people just submitted it
> ZUCK: i don’t know why
> ZUCK: they “trust me”
> ZUCK: dumb fucks
imiric · 5h ago
"Claude, write a heartfelt apology tweet, downplay the damages, and emphasize that we're working around the clock to fix things."
stronglikedan · 2h ago
sounds like a case of survivorship bias, considering that many try but very, very few succeed.
aprilthird2021 · 4h ago
It's honestly a bit depressing to see you say that it was worth it to make money with little investment even though it cost the users the loss of their personal data and privacy and probably put the business creator in legal turmoil.
It's only possible for you to say that because you know that the financial incentive is tipped towards vibe coders who don't care about security vs towards consumers...
Fokamul · 5h ago
Which country?
But I'm guessing there are lawsuits incomming with GDPR/US equivalent fines.
tux1968 · 6h ago
This has happened before. Non-technical or junior people developed and deployed applications, emboldened by the relative ease of Microsoft Access and Excel. There were all kinds of limitations, scaling problems, and maintenance nightmares. But there were a lot of upsides too, and it made the "professionals" up their game to obviate the need for such adhoc and unsanctioned developments.
Come to think of it, the exact same thing happened when the PC became popular. Mainframe people were aghast at all the horrible unprofessional mess that the PC people were creating.
sysmax · 39m ago
There's a pretty good sweet spot in between vibe coding and manual coding.
You still think out all the classes, algorithms, complexities in your head, but then instead of writing code by hand, use short prompts like "encapsulate X and Y in a nested class + create a dictionary where key is A+B".
This saves a ton of repetitive manual work, while the results are pretty indistinguishable from doing all the legwork yourself.
I am building a list of examples with exact prompts and token counts here [0]. The list is far from being complete, but gives the overall idea.
And as someone who’s reviewed plenty of production scripts, functions, and services written by junior developers, including my own early work, this take is overly absolutist.
The problem persists in the vast majority of organisations.
You can write articles criticising LLM-generated code, but if you’ve spent most of your career fixing, extending, or re-architecting systems built by others, you should know better.
Until software engineering adopts the same standards, certifications, consistency, and accountability as traditional engineering, along with real consequences, these arguments don’t hold much weight.
This entire modern industry was built on the opposite philosophy: agile. Move fast, break things. Ship iteratively with minimal design. Drop production? Just revert. Outage? Oops.
Software is still treated like a toy. It’s playdough in the hands of toddlers led by other toddlers. You might be among the 1% who do things properly.. but the other 99% don’t.
And odds are, if you’re reading this, you’re not the 1%.
rolha-capoeira · 2h ago
piggybacking on everything you said, which is all true: Code is not a science, despite what pedants would have you believe. The annoying answer to "what's correct" code is, "it depends." Code is just a tool used to achieve a goal.
bdangubic · 4h ago
I have been SWE for almost three decades now - have read all the comments in this post and almost every negative comment about vibe coding holds true about almost every single ‘human-coded’ codebase I’ve ever seen ( some notable exceptions of course :) )
vlovich123 · 2h ago
Kind of but vibe coding lets you attempt at tackling problems without bothering to do any research to understand what the solution needs to look like or how the existing codebase is structured.
Just yesterday a coworker who knows little Rust vibe coded a new feature that “worked” but is actually horribly broken (lots of synchronous I/O/locks/channels in a tokio async context). On top of everything else, they created their own bad abstractions for things that already had safe async abstractions.
If they’d had to actually do this themselves they either would have asked for help sooner so they could be guided or they would have done research in the code which already had examples on how to do things.
raincole · 3h ago
Yeah since when prototypes built to throwaway are a bad thing? They're arguably the most important step to build a business.
Legacy code isn't a bad thing either. The majority of code that actually generates revenue right now is probably considered "legacy" by the devs working there.
roywiggins · 3h ago
Stuff that you know you aren't going to maintain? Vibe code it. It's fine.
The article's point is that if you are planning to maintain something, you've created instant legacy code. Which might be fine, depending!
qingcharles · 2h ago
This. I'm using vibe-coding now to build little utils and apps that I will literally never maintain as they do one job, often a one-time job. In this situation vibe-coding is incredibly time-saving.
I know zero about the code the LLM created, though. I've tried going through it, and it is all well-written, but it's all foreign. I wasn't there for any of its creation and I don't have any map in my head about the layout of the functions or the flow of the apps.
Arubis · 3h ago
Yep. The humorous definition of legacy code is anything merged to trunk.
pyman · 6h ago
Something interesting is happening. A false narrative is spreading online, pushed by people who know little about engineering, and others who should know better.
They claim junior devs are now 10x more productive, and project managers are shipping code themselves. Now, close your eyes for five seconds and try to picture what that code looks like. It's 100% legacy, disposable code.
The problem isn't AI, or PMs turning Figma into code, or junior devs prompting like mad. The real problem is the disconnect between expectations and outcomes. And that disconnect exists because people are mixing up terminology that took engineers years to define properly.
- A lean prototype is not the same as a disposable prototype
- An MVP is not the same as a lean prototype
- And a product is not the same as an MVP
A lean prototype is a starting point, a rough model used to test and refine an idea. If it works, it might evolve into an MVP. An MVP becomes a product once it proves the core assumptions and shows there's a real need in the market. And a disposable prototype is exactly that, something you throw away after initial use.
Vibing tools are great for building disposable prototypes, and LLM-assisted IDEs are better for creating actual products. Right now, only engineers are able to create lean prototypes using LLM prompts outside the IDE. Everyone else is just building simple (and working?) software on top of disposable code.
ravenstine · 6h ago
> And a product is not the same as an MVP
Tell that to almost every company I've worked for!
The whole "make it to the next financial quarter" attitude among directors and C-suite these days leads to the kind of crap where developers build an MVP and then are made to move on to the next thing. Like you said, it's not really about vibe coding at all. To a degree, they're right; the perception of feature richness leads to the bottom line irrespective of quality because few are truly comparing products, assuming it's feasible.
Hell, are developers (which we now call engineers apparently) even empowered to prototype things these days? I'm sure it happens, but it doesn't seem all that common. Maybe it happens in the gaming industry and actual tech (not "big tech"). Most coding outfits don't provide much affordance for that. It's just MVPs all the way down. At best, vibe coding just accelerates that process while quality suffers.
ryandv · 6h ago
> that disconnect exists because people are mixing up terminology that took engineers years to define properly.
This is one of the larger trends I've observed in about 10 years of the software industry. A lot of these terms are really the crystallization of discussions at the water cooler, expositions in books or articles, or on technical fora like these, that span months if not years and thousands upon thousands of words. A veteran utters the word and immediately all the past conversations he's had regarding this topic come to mind.
Newer cohorts come in, and, not having been privy to those discussions, latch on to the jargon in a mimetic attempt to stochastically parrot the experts, but don't have the substance underlying the word - they only have the word itself. Now it gets thrown around as an ill-defined, ill-specified buzzword that means multiple different things to multiple people, none of whom can clarify what exactly the definition of that word is, what it means to them, because they were never part of the discourse, the oral or written tradition, in the first place, and don't understand the meaning of that word in context, its usage.
"Agile." "Technical debt." "DevOps." And now, "vibe coding." There was an article here on HN [0] [1] discussing semantic drift of the term "vibe coding" and how it now means something different from what was originally intended; I will merely point out that this is par for the course in software.
For other, more technical, examples of linguistic sloppiness: see JavaScript's conflation of objects, JSON, dictionaries, and hashmaps; to the computer scientist, you have the compositional primitive from object-oriented programming, the JavaScript Object Notation for serialization, the abstract data type, and the concrete data structure, respectively. To the JavaScript programmer, you just have "objects," and the fidelity of your linguistic and conceptual space has been reduced to a single pixel instead of something with more resolution and nuance.
> Everyone else is just building simple (and working) software on top of disposable code.
I'd argue we should better define working. Take for example a generated UI, they all look the same and are subtly wrong or broken in many ways. At a first sight it might seem "working" only to fail at the first user test. Also generated UIs already feel like obsolete, meaning they religiously follow the trend at the training moment, they spectacularly fail coming up with something new
cookiengineer · 5h ago
In the past I always talked about other devs in different mindsets. What we see is currently a developer fatigue of code that nobody understands anymore.
Usually that was when an engineer chimed in, and made the broken part into something more useful and more maintainable.
Then an architect looked at the codebase and tried to reduce its complexity.
Now, post LLM, it seems we have 100x the code written by devs, and engineers and architects are completely left out.
And that's what we are observing.
If you figure out how to test this, whether or not with e.g. a TDD MCP server or a DDD MCP server (or whatever workflow and architecture you prefer) you have a potential for a trillion dollar startup. We need to scale the efficiency of code reviews, because currently that is utterly broken as a concept and doesn't scale well enough.
Joel_Mckay · 4h ago
In general, bad design patterns and team management are the primary drivers for sick projects.
"[O]rganizations which design systems (in the broad sense used here) are constrained to produce designs which are copies of the communication structures of these organizations." (Melvin E. Conway)
Keep in mind Conway's law also works in reverse, try running a private project wiki with documentation, and a ticket/task queue with small tasks.
Setting pie-in-sky project goals is just as bad as ivory tower engineers. =3
calrain · 5h ago
Have you seen how enterprises write code for internal use?
It's no different to vibe coding, except if you ask an LLM to harden your code base to pass a pen test, it will do something.
Enterprises just don't give a sh!t.
nyarlathotep_ · 4h ago
In many cases some of the stuff at the big enterprises is shockingly, remarkably bad. I've seen multiple contracting firms leave things behind that wouldn't warrant a passing grade in an 'intro to programming' class.
Most of the time it's not "don't give a sh!t"--it's they genuinely don't know any better, no actual stakeholders even see the codebase nor are in any position to pass judgement, etc.
Most of the time folks that are "enterprise architects" or some such haven't written code in a decade and spend many hours a day on meetings.
JohnMakin · 6h ago
Even thinking outside of product view point - speaking technically, I can't think of anything worse than junior dev's or PM's determining what they want technology-wise. At least once a week in my entire career I've had to shoot down awful ideas because they would be unnecessarily risky, won't possibly scale beyond minor use case, etc.
I would hazard a guess it's going to be extremely profitable being a consultant in the next few years.
bluefirebrand · 5h ago
> I would hazard a guess it's going to be extremely profitable being a consultant in the next few years.
I hope so. This is something I'm hoping to get into. As long as companies are trying to push their internal teams to use AI tools, I think it makes sense to position myself to follow along after them and clear the mess
JohnMakin · 5h ago
same
sidewndr46 · 4h ago
I've worked on projects where each feature had its own unique part of the technology stack. To the point that multiple databases were used for one application.
I imagine 'vibe coded' applications to be similar to this but even worse.
reactordev · 5h ago
One would argue that perfectly crafted code is at odds with first to market. Every company I have ever worked for has just run with their MVP, bolted on more and more, until they find they own the market - then they split into these things called microservices that make engineering easy to understand at a service level but a nightmare to orchestrate into the same business processes leading to the inevitable disruption by the next… MVP.
exasperaited · 5h ago
> And a product is not the same as an MVP
Hahaha you're funny :-)
0x500x79 · 4h ago
I had a PM at my company (with an engineering background) post AI generated slop in a ticket this week. It was very frustrating.
We asked them: "Where is xyz code". It didn't exist, it was a hallucination. We asked them: "Did you validated abc use cases?" no they did not.
So we had a PM push a narrative to executives that this feature was simple, that he could do it with AI generated code: and it didn't solve 5% of the use cases that would need to be solved in order to ship this feature.
This is the state of things right now: all talk, little results, and other non-technical people being fed the same bullshit from multiple angles.
AdieuToLogic · 3h ago
> I had a PM at my company (with an engineering background) post AI generated slop in a ticket this week. It was very frustrating.
This is likely because LLM's solve for document creation which "best" match the prompt, via statistical consensus based on their training data-set.
> We asked them: "Where is xyz code". It didn't exist, it was a hallucination. We asked them: "Did you validated abc use cases?" no they did not.
So many people mistake the certainty implicit in commercial LLM responses as correctness, largely due to how people typically interpret similar content made by actual people when the latter's position supports the former's. It's a confluence of Argument from authority[0] and Subjective validation[1].
People are focusing on the artifacts because they can't point to the theory in the physical world, but it's the theory and its correspondence to the artifacts that they actually want.
extr · 5h ago
IMO, the time of "code as math" is over. No sufficiently large software system that interacts with the real world is provable to be correct like a mathematical statement is. They are all complicated, engineered systems that are backed by a mix of formal guarantees, earned design principals, experimental testing, rules of thumb, acceptable performance envelopes, etc
This is what all software will become, down to the smallest script. The vast majority of software does not need to be provably correct in a mathematical way. It just needs to get the job done. People love the craft of programming, so I get it, it's uncomfortable to let go.
But what is going to win out in the end:
- An unreadable 100K loc program backed by 50K tests, guaranteeing behavior to the client requirements. Cost: $50K of API tokens
- A well engineered and honed 30K loc program, built by humans, with elegant abstractions. Backed by 3K tests. Built to the same requirements. Cost: $300K of developer time.
If I am a consumer of software, and not particularly interested in the details, I am going to choose the option that is 6x cheaper, every time.
skydhash · 5h ago
> An unreadable 100K loc program backed by 50K tests, guaranteeing behavior to the client requirements
Until the next set of needed changes due to exterior requirements. And this software is one of the pillar in the business. That is when you switch vendors if you were buying the service.
That is why support is always an essential part of B2B or even serious B2C. The world will change and you need to react to it, not just have the correct software now.
kidbomb · 5h ago
// When I wrote this code, only Copilot and I understood what I did. Now only Copilot knows.
dehrmann · 3h ago
> No sufficiently large software system that interacts with the real world is provable to be correct like a mathematical statement is.
People who work in formal verification will either vehemently disagree with you or secretly know you're right.
emehex · 5h ago
I think the question to ask about your two scenarios: in which is it faster and cheaper to get from v1 to v2? From v2 to v3? I think, for right now, it's cheaper under scenario B. But in the future? Who knows!
trip-zip · 5h ago
> guaranteeing behavior to the client requirements
> built by humans, with elegant abstractions
Frankly, I look at both of these options and think I haven't seen either in the wild...
hibikir · 6h ago
I think you are not going far enough though: All code is legacy code. So vibe coding's ability to make writing more code faster isn't special because it's code nobody understands: Your hand-rolled code is also bad.
Once you embrace the fact that all the code is legacy, then it's clear how writing more code, faster cannot be helpful from a maintenance POV: You are just creating more work for yourself.
And no, libraries don't really solve the problem, but might make it a bit less so if they are well maintained, because hopefully then they are someone else's problem. Eventually it can be mostly trusted and be almost not legacy. But a library that changes too often, or has a bad interface, is just legacy code which you also cannot change easily for a double whammy.
The more one writes code, the more one eventually realizes that the one way out of the problem is doing less: Not necessarily you, but just needing fewer things, in general. Because all complexity is ultimately a puzzle for someone that doesn't remember, and that's probably you a week later, or even in the way you typed it, as what you thought were the requirements might not really have been the requirements. And even if they were what a supposed expert told you they should be, that doesn't mean that whoever told you was right, and that's true even when you are the supposed expert.
exasperaited · 5h ago
> I think you are not going far enough though: All code is legacy code. So vibe coding's ability to make writing more code faster isn't special because it's code nobody understands: Your hand-rolled code is also bad.
This is "but humans also", which I believe should be a recognised fallacy at this point.
Not all code is legacy code, for one thing; some is small enough that it is absolutely live in the minds of developers.
The best practical definition of legacy code is that it is voluminous, entrenched and owned by nobody currently in the organisation. Vibe code typically meets two of those requirements the moment it is produced.
asadotzler · 5h ago
That's not what legacy means. Legacy means the people who understood it are gone and you're left with code that's hard to maintain because it's hard to understand because the people who understood it are gone.
ggregoryarms · 3h ago
I find this a bit like saying that we can't understand East of Eden because Steinbeck is dead.
xwolfi · 2h ago
Yeah, we all own all code, if we can't understand the code we own, we study it. If we need to change it, we change it.
"Legacy" for me is a bad word. I refuse to use it, and I scold my colleagues when they do: it's our code, we modernize it if we don't like it, and if we stop using it, then it's finished code. What is this false dichotomy between legacy code and "not in prod yet code" ?
In companies we call our regulatory prosecutions for fraudulent behavior that are so complex that they last for 10 years "legacy matters". Do you think that points at a statement of factual representation, or at a ridiculous attempt at distancing ourselves from our actual responsibilities ?
stevekrouse · 6h ago
Fair! I agree that we want as little code as we can get away with. We love pull requests with a lot of red (deleted lines).
Like you say about libraries, it is possible to have code that isn't your problem. It's all about how leaky the abstraction is. Right now LLMs write terrible abstractions, and it's unclear how long it'll take for them to get good at writing good code.
I am excited to invest more in tools to make the understanding of code easier, cheaper, and more fun. My friend Glen pointed one way in this direction: https://glench.github.io/fuzzyset.js/ui/
As Geoffrey Litt likes to say, LLMs can help with this by building us throwaway visualizers and debuggers to help us understand our code.
skydhash · 5h ago
But we have plenty of tools that helps us understanding code. Things like inspectors (UI,network,..), tracing (including the old printf), debuggers (stack frame for function calls and variable values), grep (for context and overview) and static analysers.
I see people going all in with LLMs and forgetting that those even exists. It's hard to take such people seriously.
stevekrouse · 5h ago
Strong agree! For example, we at Val Town just invested very heavily in getting a good ol' fashioned language server to work in our product to power hover-overs and type information in our web editor. That'll likely be our next company blog post...
skydhash · 5h ago
I like LLM as a technology (just got trough a couple of courses on Machine learning this year). But when we have all these tools available, the next step is making a better UI for them (Kinda like IDEs do), not reinvent everything from scratch.
mrits · 6h ago
All code is a liability but all code is not legacy. I'm not OP but I agree Vibe is legacy simply because there is no longer anyone around that is qualified to maintain it or know the reasoning behind it (there never was)
lawlessone · 6h ago
The argument against this can be summed up as throwing more data, training and gpu's at the problem until it works again.
mrits · 6h ago
Knowing if it is actually working or not is half the problem.
lawlessone · 6h ago
Vibe Validation :D
Just ask the model.
WD-42 · 5h ago
I'm sorry, but how is all code legacy code? Have you never written or worked on a project for which you got such a deep understanding that you could track down the likely source of a bug in your head before even fully reading the issue? Visualize how you'd add a feature before opening the editor? This is not legacy code just because it's old.
croes · 6h ago
My hand rolled code isn’t legacy code for at least three months. After that I need my documentation to make changes.
Vibe code is legacy from day one and with changing styles
skydhash · 5h ago
If you have good documentation and you're on stable platform, you can go for years without changes (Common in the Common Lisp world). Which is what we called finished software. Just light maintenance here and then.
MrGilbert · 6h ago
And what you will get in return is professional software developers looking at vibe-coded modules that already went into production, stating that "we will never ever touch this", as they don’t want to be responsible for something they would have never put into production in the first place.
Now, they see themselves challenged to defend against the non-technical departments, because all they see are some elitist developers, that deem something as "not good enough", which, from a user standpoint, "is working quite well".
However - it's unmaintainable. That whole situation is a mess, and it's becoming bigger and bigger.
NitpickLawyer · 5h ago
Asking someone to maintain a "vibecoded" project isn't vibecoding anymore, by definition. I feel this whole thing is going the "AGI" way. Everyone is shouting above everyone else, using different definitions and biases, and there is 0 productive discussion going on.
Vibe coding - you don't care about the code. You don't look at the code. You just ask, test that what you received works, and go on with your life.
LLM-assisted coding - you care about the code. You will maintain that code. You take responsibility and treat it as any other software development job, with everything that's required.
Same same, but different.
sshine · 3h ago
It’s a spectrum.
I care when it doesn’t just work.
I hardly look when it does.
iambateman · 6h ago
Yesterday, I wrote detailed requirements for a bit of software, and sent Claude to work. The code looked great until it…didn’t. It ended up being completely unworkable.
I’ve noticed myself writing requirements for a feature and asking Claude to help me think through and expand. Obviously in a real project, there are challenges:
(1) how do we tell Claude what is already in the project so it doesn’t reimplement existing methods?
(2) how do we get Claude to fully implement the feature and not just “stub it out?”
(3) how do we help Professionals maintain visibility and digest the new code?
Claude recommends the explore-plan-code-commit loop. I’m working on a package which formalizes that process within a Laravel application.
airstrike · 6h ago
I mean, that's why Windsurf and the like exist. Claude can navigate through the codebase in those environments and do more
mr_donk · 5h ago
Don't you think the next step is a programming language that isn't even meant to be human readable? What's the point of using an LLM to generate python or Swift or whatever? The output of the LLM should be something that runs and does whatever it's been asked to do... why should the implementation be some programming language that was designed for humans to grok? Once that's true the idea of it being maintainable becomes moot, because no one will know what it is in the first place. I don't think we're there yet, but that seems like the eventual destination.
simonw · 5h ago
All good software is in a constant state of maintenance - users figure out new things they want to do so requirements are constantly changing.
A running joke we had at my startup years ago was "... and after we ship this feature we'll be finished and we will never have to write another line of code again!"
Good software is built with future changes in mind - that's why I care so much about things like automated test suites and documentation and code maintainability.
Letting LLMs generate black box garbage code sounds like a terrible idea to me. The idea that LLMs will get so good at coding that we won't mind is pure science fiction - writing code is only one part of the craft of delivering useful software.
sagarm · 2h ago
Isn't that what machine code is?
LLMs work best with interfaces meant for humans because they're trained on human behavior. It's why they generate JSON and not BSON.
PessimalDecimal · 5h ago
What problem does this solve? I can tell you what problems it creates.
suzzer99 · 3h ago
Yeah it does seem like a game of telephone to train LLMs on code optimized for human cognition, then have them create behavior by parrotting that code back into a compiler. Could they just create behavior directly?
datameta · 5h ago
That begs the question of what abstraction layer is necessary beyond an assembler, if any? If human handcrafted ASM outcompetes compiled C then why not give LLMs the wheel on ASM? Then another question is - are there enough good ASM publically available as examples?
Izkata · 4h ago
> Don't you think the next step is a programming language that isn't even meant to be human readable?
Malbolge is a couple of decades old. Apparently the first working "Hello World" was made by a genetic algorithm.
genewitch · 5h ago
We're seeking angel investors for our startup that does this, we train models with "assembly" that does specific things and also complete "programs"; the end goal to prompt and it outputs executables. It's farther along than quantum computing at solving real problems, for instance, it can factor "15".
this is like the third time i've mentioned this on HN (over a year.) Apparently everyone else is too busy complaining or defending Claude Code to notice.
thesuperbigfrog · 4h ago
>> It's farther along than quantum computing at solving real problems, for instance, it can factor "15".
It might even get further. I imagine a day where AI would generate an executable neural network that models (and is optimized for) a specific problem; i.e. kind of a model that runs on a neural network runtime or VM. Who cares what the NN is doing as long as it's doing its job correctly. The big catch, though, is the keyword "correctly" and I would add "deterministically" to it, in order for users to trust it.
mr_donk · 5h ago
yeah, that's probably more along the lines of what I was thinking, actually, you just worded it better :)
adriand · 5h ago
I think it will just be the AI. “Hey AI, be a CRM please.” Done.
krainboltgreene · 5h ago
This must be how physicists feel when people start spouting Rogan-esque quantum mechanics nonsense.
PessimalDecimal · 4h ago
As someone trained in physics, this is actually a pretty good comparison.
stevekrouse · 6h ago
Author here - very excited to chat with you all about this :)
hugs · 5h ago
"Vibe coding" is too perfect of a phrase. It's the next "cloud computing", where it continued to expand in meaning until even Gmail was considered "cloud computing". ("Cloud computing" used to have a very specific meaning - spin up a bunch of machines, do a task, then throw them away. It was built into Amazon's product name for it - EC2 - Elastic Compute Cloud. But "cloud" was too perfect of a metaphor to stay that limited.
strogonoff · 5h ago
Everything exists in four dimensions (space + time). If a thing “looks good” in three of them but falls apart in the fourth (e.g., it works right at this moment but its continued existence is an impossibility or a hassle—be it physical artifact made from subpar material, unmaintainable tangle of excess code, etc.), then that thing does not look good. Getting a hang of what things look like in the fourth requires skill and wisdom that probably partly comes from having traveled it yourself.
codingdave · 6h ago
> We already have a phrase for code that nobody understands: legacy code.
Wow, no. Bad misunderstanding of what legacy means.
Long-lived organizations all eventually go through tech renovations, where they re-platform their business functionality onto more modern systems. But sometimes, the cost/benefit analysis to that re-platforming doesn't make sense... yet. The pieces of the business still running on the former platform are legacy code.
People do understand it. Often, deeply understand it because they wrote it, and have lived and supported it for years. They know the reason behind the tech debt, all the odd tech constraints that drove it to where it is, they can keep the thing running without breaking a sweat. It is second-nature to them.
But it is not easy for anyone other than them. That is the true risk of legacy code, and that is probably where the author got off-track. They may have only ever worked in orgs after the last of the legacy coders left, and everything was a disaster. You definitely do not want to let a legacy system get to that point... and at the same time, if you ever do get there, the cost/benefit analysis has changed and you need to retire the legacy stack.
All that being said, now, yes, we can compare it to vibe coding. If nobody understands the code from the beginning, you never have that magical timeframe when someone just keeps the system alive with ease. You never solved business problems with it. It is just bad code launching straight into the disaster-filled zone where nobody can maintain anything.
WD-42 · 5h ago
This definition doesn't make any sense to me. If code at an org is working, and there are people or at least a person at that company that understands it, how is it legacy? Just because it's been around for a while? At what age according to your definition, does perfect working code that can be improved or added to by currently employed developers, become "legacy"? I feel like you are falling into the "keeping up with the Jones'" trap.
I much more agree with the blog author. Once the last developer that has a deep understanding of a codebase moves on (or simply forgets it all), that's the point it becomes legacy.
codingdave · 5h ago
The problem with the definition is that if a business has some ancient COBOL code with one guy left who understands it, then your definition would say that is not legacy code. And that is what makes no sense.
It becomes legacy when it is no longer running on a tech stack that matches the future strategy of the organization. Legacy is a strategic label, not an engineering label. There is no age where something becomes legacy, it happens when business strategy moves on to something else.
WD-42 · 5h ago
Okay, I could get behind that definition if you could tell me what you call code that aligns perfectly with the "strategic future of the organization" but nobody at said company understands or can work on?
svieira · 1h ago
Critical magic
flyinglizard · 5h ago
It becomes legacy once the organization understands that the codebase, or platform, or business case, is obsolete. It does not mean it's immediately phased out; it may continue working for decades more with some love and attention, but it's clear that it is in the past rather than the future. The easiest way to tell if a project is legacy is how desirable it is for programmers in the company to work on.
cortical_iv · 5h ago
I wouldn't get too persnickety about definitions. There are lots of arguments about what 'legacy' code means. you are throwing around the term quite a bit without really giving any definition at all. 'Code that nobody understands' is fine as a quick and dirty pointer.
Martin Feathers, in the most popular book on legacy code, defines it as code without tests. This is not a good definition at all, but it shows just how hard it is to define it. This is not meant as an attack on anyone: I just think some flexibility and slack is called for here.
You could easily write an long white paper trying to define 'legacy code', and it would be a lot less interesting than the target article here.
benatkin · 5h ago
The post is trying to define vibe coding, so the definition of things is highly relevant.
bluefirebrand · 5h ago
> People do understand it. Often, deeply understand it because they wrote it, and have lived and supported it for years. They know the reason behind the tech debt, all the odd tech constraints that drove it to where it is, they can keep the thing running without breaking a sweat. It is second-nature to them.
I don't think it counts as legacy code if the original devs are still around to work on it
Legacy is not just "old" it is something that was left behind by someone else
wubrr · 5h ago
> People do understand it. Often, deeply understand it because they wrote it, and have lived and supported it for years.
You're assuming the people that wrote it are still there, which is often not the case.
dustingetz · 5h ago
Peter Principle for codebases - codebase will continue to grow until nobody understands it, and then it will tread water until enough key personnel leave and then suddenly eng capacity is below the cost of servicing the debt and this is the point at which all control is fully lost. Eventually a younger sharper competitor will acquire it for the users or it will go through M&A repackaging or some other way to extract the last drops of money before discarding it
ChrisMarshallNY · 6h ago
> and throwaway projects
I have seldom encountered these.
What I encounter, instead, are lashups that the engineering team thought would be throwaway, but which Management made "Final Ship" code.
I have learned to always do "ship-shape" code; even for the most innocuous projects. I may be a bit sloppy as I'm exploring different paths, but the minute I decide on a firm plan, the code cleanup and documentation starts.
stevekrouse · 5h ago
Vibe coding is allowing everyone (including me!) to make way more apps in my personal life that are very throwaway. I think some folks are doing this in business contexts too. But this is a real game-changer for non-technical folks
ChrisMarshallNY · 5h ago
Yes and no.
If you ship, and charge money for it, you are responsible for maintaining it. Can’t treat it as throwaway, even if you meant it as such.
stevekrouse · 2h ago
Yeah I definitely agree. I'm specifically talking about things you're not shipping or charging money for. Just little personal apps for you and friends or you and work colleagues. Internal tools, etc.
henriquegodoy · 6h ago
I'm seeing a real-world example of Jevons paradox playing out here. When AI coding tools first emerged, everyone predicted mass developer unemployment. Instead, I'm watching demand for skilled developers actually increase.
What's happening is that all this "vibe coded" software needs someone to fix it when it breaks. I've been getting more requests than ever to debug AI-generated codebases where the original "developer" can't explain what any of it does. The security audit work alone is keeping me busy - these AI-generated apps often have vulnerabilities that would never pass a human code review.
It reminds me of when WordPress democratized web development. Suddenly everyone could build a website, but that just created a massive market for developers who could fix broken WordPress sites, migrate databases, and patch security holes.
The difference now is the scale and complexity. At least with WordPress, there was some underlying structure you could reason about. With vibe coding, you get these sprawling codebases where the AI has reinvented the wheel five different ways in the same project, used deprecated libraries because they were in its training data, and created bizarre architectural decisions that only make sense if you don't understand the problem domain.
So yeah, the jobs aren't disappearing - they're just shifting from "build new features" to "fix the mess the PM made last weekend when they tried to ship their own feature."
darepublic · 4h ago
I will vibe code functions that I fully understand how to program if I'm otherwise occupied and I want it to run in the background. A quick glance confirms the implementation is as expected
dfabulich · 5h ago
Vibe code may be "disposable," but isn't "legacy code" if it has automated tests that the product owner can read and understand.
There are approximately two definitions of "legacy" code that I'm familiar with. One is: "valuable code that you're afraid to change." This definition is subjective. I might be afraid to change code that you're unafraid to change, especially if it's code that you wrote (because you remember, at least vaguely, how your code is "supposed" to work).
Another definition of "legacy" is attributed to Michael Feathers: "Legacy code is simply code without tests." The definitions overlap because code without tests is definitely scary to change, because it's very hard to be sure whether or not you've broken it, or even understood it in the first place.
When vibe-coding with an LLM that generates automated tests, (as they mostly all do nowadays), it's not legacy code. The tests both specify and ensure correct behavior.
Automated tests are particularly useful for vibe coding, because they help prevent LLMs from hallucinating answers. (This is also why type checkers are so helpful for LLMs.)
Once the code has tests, you can pretty much let the LLMs change anything they want, including refactoring the architecture. LLMs are extremely good at refactoring code with automated tests, in the sense that they'll puke out some hallucinated, hilariously wrong answer, and then refine their answer automatically until it passes the tests. (Just like I did when I was a junior engineer.)
But watch out, because sometimes the LLMs try to delete tests that are hard to pass. If vibe-coding means reading no code, not even the tests, then, yeah, you're gonna have a bad time. But if it means "only reading the tests and not reading the application code," then vibe coding works pretty well, actually.
What the new systems give you (and especially junior engineers/PMs) is disposable code with automated tests, ensuring that that you can dispose of the code and regenerate it (aka refactor it) and add features with confidence.
That's the very opposite of "legacy code."
dimal · 4h ago
Have you seen the tests that LLMs write if you just vibe code it and don't pay attention? They're generally worse than worthless. They test pointless stuff and they miss important stuff. If you have them on a tight leash, then you can get some useful tests, but then that's not vibe coding.
> But watch out, because sometimes the LLMs try to delete tests that are hard to pass. If vibe-coding means reading no code, not even the tests, then, yeah, you're gonna have a bad time. But if it means "only reading the tests and not reading the application code," then vibe coding works pretty well, actually.
Yeah, vibe coding means plowing forward with whatever the LLM does without understanding it. That's the definition. If you're using your brain, you're not vibe coding.
throw234234234 · 2h ago
In the long run that's the promise of RL; build the verifications vs the model. As a SWE we could be relegated to doing what many consider the "boring part" of software development, which is just writing case by case test cases rather than the code/model of the world interaction. The "math/intellectual" part may get rarer which sadly devalues the skill/intelligence part of software development assuming the AI can come up with a code model that meets requirements.
Personally however I've found more luck generating requests from the "code model" rather than generating code from the "tests" at present. Only because tests are usually much more code than the code itself under test (one code has many scenarios) w.r.t. productivity. Everything still needs review, manual tweaking and understanding of course for now.
xnx · 6h ago
Is the argument that it's better to start from an empty code editor than having AI create a working first version?
I've found it faster to have AI write the code, revise with instructions as necessary, and delve into the code itself if I need to.
stevekrouse · 5h ago
The argument is that if you intent to maintain the code you should keep the AI on a very tight leash, and at least understand the architecture of the code, if not every line.
xnx · 5h ago
This is good advice for any code contribution. Current AI is definitely not better than the best programmers, but is often better than junior programmers (who often carry a "senior" title now).
ww520 · 4h ago
Vibe coding can get very far. Years ago I interviewed with a company whose business was doing price modeling on retail products. It was couple guys, who were not developers, writing some Excel VBA scripts and Access VBA scripts. They got big customers. Their system won't scale and was not robust; it's basically a proof of concept. They got tens of millions in funding. They hired a seasoned team of developers to build the real product. The project failed. They fired the team, and was interviewing me to restart. Their POC was basically vibe coding and actually got their pretty far. I didn't join because they had burnt through quite a bit of their funding, they had built the sales and marketing orgs while they didn't have a real product, they had fired the entire engineering team where all the organization knowledge had lost and it spoke of some deep distrust between engineering and the rest of the company, and their offer was completely not compelling.
gleenn · 4h ago
Sometimes you can just smell it when companies are bad. I went into an interview at a company that they were trying to escape out if SAP hell and the two founders weren't anywhere to be seen. The kitchen looked sad. I told myself I'd probably be eating lunch there every day and the founders being absent made me realize they probably didn't give a crap about their employees. Also they had junior developer managing the paperwork and hiring process even though the senior lead dev did the real interview. Definitely a shell of a company.
minikomi · 3h ago
Pay as you go non-deterministic Chesterson's fence factories. Sometimes that's fine.
jsight · 2h ago
The fundamental issue is that most AI tools are solving the wrong problem. We've never had a hard time writing code for well defined requirements.
What we've had a hard time with is understanding what this article calls legacy code, and also understanding where our new changes fit into a larger context.
It isn't at all dissimilar from the paintbrush analogy that all the (neo)vimmers love. We spend more time reading and navigating than we do writing.
AI needs to help with that.
cpursley · 5h ago
I don't agree with this, my code quality is much better now. But you have to stay on the LLM's ass in terms of guidance and review it all (this is a given). I think part of it is the LLMs writes more "standard" code instead of getting creative with architecture, etc. It helps to create guides and correct context, proper test coverage just as you would if working with other people.
simonw · 5h ago
"I don't agree with this, my code quality is much better now. But you have to stay on the LLM's ass in terms of guidance and review it all (this is a given)."
that's great but that's not what vibe coding is though
bobjordan · 5h ago
Coding with AI is just a different kind of work than what those of us that coded before AI are used to doing. But, reading and understanding the code AI produces is required for anything complex. I had an inventory control app that I started five years ago without AI and picked the project back up this year. I had like 15-20 database tables in the app when I started with AI this year. Now, I have a "platform" database, a "tenant" database, about 125 tables in the tenant database and 30 in the platform database, full test suite that integrates both databases, like 100 services, etc., it would have taken me *YEARS AND YEARS* to do what I've done in the last 90 days with AI assistance. The biggest challenge has just been keeping up with all the code output and ensuring no technical debt accrues and it is all leveraging existing code. Ultimately, you have to understand what you've already built to ensure the AI uses it instead of constantly reinventing it. But, generating what would have taken years of my life in a few months? PRICELESS.
sshine · 3h ago
I’ve been coding a git-powered issue tracker (like git-bug) that’s been on my wishlist for years.
With agentic programming, I need issue tracking that is accessible from CLI, and in three evenings I’ve made what would have taken two weeks.
The thing is, I would have just never finished it, or started in this case.
gleenn · 4h ago
I would like to say I did a massive refactoring on a legacy project only to make separation of concerns by making a DB access layer with multiple backends just so I could test it. I wrote not even a single line of code. It did a fantastic job even abstracting between both databases. I was shocked. It then was a huge PR so I had it redo it in a step by step fashion and maintain the tests passing at each step so I could split it into 5 different pull-requests. This vibe-coded project did the exact opposite, it made it easy and possible to fix a mostly intested and poorly organized project far better. You can use this stuff for good SWE practices too
whatever1 · 5h ago
If the code will be reviewed from the LLM of the future, then why does it matter? Let it review a trillion lines of code for a simple calculator app.
I think that we devs are now very skeptical because we are the ones that have to fix the sh that llms spit out. But likely we will be taken out of the loop completely.
zizee · 5h ago
The vast majority of people cannot do the structured thinking to model the real world in a fashion that a computer can understand. That is a key attribute of a good dev. If someone can do this, and describe it well enough to a LLM, they are a dev. It's not devs that will be taken out of the loop, unless you define a dev as someone who is just a translator between human language and machine code.
sshine · 3h ago
The LLM + agentic framework supplements many core dev skills including sporadic habits of tirelessly testing things, spec-driven development (thinking what you’re gonna make before you do), and debugging.
Some devs may have all of these, some may lack several.
I certainly benefit from having a better overview while vibe-coding: I don’t get lost in some rabbit-hole trying to optimise something that is good enough, and my most important tasks are always well-defined before I start.
jes5199 · 5h ago
a meme I heard 15 years ago is:
What’s the definition of “Legacy Code”? It’s code that has business value.
(otherwise you’d just delete it and move on)
ridruejo · 5h ago
Yes, if your code does not live long enough to become legacy ... the project failed. All good code is (or will be) legacy code by definition. Most companies and projects die because nobody cares about them, not because they were difficult to maintain.
TrackerFF · 5h ago
I think that in the near future, code itself will become abstracted away. High-level programming code will simply become the assembly or machine code of today.
Interesting times ahead for sure.
No comments yet
bigcat12345678 · 4h ago
Great analogy!
It's very true that any vibe code is immediately legacy after they are generated. In other words, they are incarnations of foreign minds, things from a realm that is shuttered from my access, and they are giant pile of code that is beyond immediate recognition to any human engineers.
andy_ppp · 5h ago
I think most software is extremely buggy and it’s about to get much worse… just today several comments just disappeared from YouTube, did they even get written there? Uber has a whole feature about upgrading to Uber Comfort - it’s never worked once for me just gives an error. Three have managed to not take PAYG top up automatically for the nth time. Google’s UI is broken everywhere, loads of sites including John Lewis don’t seem to scroll on my iPhone 15 Pro Max and the camera still doesn’t work correctly in WhatsApp (macro mode is not automatic) and don’t get me started on how buggy Dynamic Island is etc. etc.
There’s just shit buggy software everywhere now and I’m definitely not expecting AI to make the way we build things better.
Always has been and always will be. This article was eye opening to me because I didn't even realize how often I was working around buggy software.
worldsayshi · 5h ago
> I’m definitely not expecting AI to make the way we build things better.
There's a certain chance that this development will force our hands at inventing new ways to handle code verification though?
user3939382 · 5h ago
When you have 100+ tables and 100k+ loc you’re incapable of the context needed to write features without bugs which is why we have tests. LLMs are capable of like 5% of the context you are:
Full context > human context capacity > LLM context capacity.
We should all be able to agree on this and it should settle the debates around the efficacy of vibe coding.
worldsayshi · 5h ago
I agree and we should be sceptical in ways we really aren't right now. But I also think that it is interesting to figure out when "vibe-like" coding works and how it can be made more useful.
It doesn't, as you say, work for large and complex contexts. But it can work really well for automating parts of your work flow that you otherwise wouldn't have bothered to automate. And I wonder if there are more ways where it can be useful where the context can be narrowed down enough.
zabzonk · 6h ago
Well, all code once written is legacy code. But at least if written by a human you can talk sensibly to someone about it.
efitz · 4h ago
If you vibe coded it, why can’t you vibe support it?
I think the whole premise of the article is wrong because it compares apples to oranges, assuming that you’re going to maintain “vibe code” in a traditional way.
sshine · 3h ago
Because support requires understanding. If you can maintain long-term context for the LLM, then you have an approximation of actionable institutional knowledge.
But context is text documentation, and that stuff rots just as much, if not more, when LLMs generate it.
Nothing beats having the actual code and the thoughts that went onto it in your wetware. I still remember the hardest problems in my professional life in the last 15 years down to a scary detail.
efitz · 2m ago
You can have the LLM generate whatever context you need- documentation, developers guide, design patterns, whatever. You can have it do this, at the time you create the app, or later (I have done this for other peoples code I found on GitHub that was commented in a language I can’t speak). You store this by having your LLM coding agent write it down in a file. I do that all the time. It works really well.
efitz · 40s ago
And if you have some kind of special case or something, the LLM will usually comment it when it writes it, but you can also just tell it to do so.
The docs don’t rot because you can throw them away and have the LLM recreate them at any time. And they’re not for you, they’re for the agent.
It’s a completely different mindset.
jongjong · 39m ago
I love using Claude Code. What happens is if your codebase is bad, Claude will produce bad code which follows the same general approach.
So if the foundation is overengineered, it will produce over-engineered code on top. If your code is super clean and succinct, it will produce code that is equally neat and succinct.
I've used Claude code with my own backend serverless platform and it's like it can read my mind. It's almost exactly how I would do it. It's like working with a clone of myself. I can implement nuanced features and ask for very specific changes and the success rate is extremely high.
On the other hand, I've worked with some other people's code which was slightly over-engineered and it struggled. I managed to achieve what I wanted with a lot of manual intervention and careful prompting but it was a very different experience and the code it produced didn't look like my code. It looked like it was written by a mid-level dev.
I can sense that it's a code completion engine because it clearly doesn't have an opinion about code quality. It doesn't know what metrics to aim for. It doesn't aim for succinctness; just as most human developers don't aim for it either.
My assessment of LLMs is that they don't have a specific intrinsic goal so the goal/motivation is inferred from the text it sees (from the input). If the original author of the code was motivated by creating complexity for the purpose of lock-in factor and career advancement, the LLM will produce code which optimizes for that. Unfortunately, this describes the vast majoy of code which is produced.
You can tell a lot about someone based on their code.
matt_cogito · 5h ago
All production code will be written by AI. The question is not if. It is WHEN.
What we are seeing right in front of our eyes is how the boundaries of what is possible in the realm of software programming has gone from AI/LLMs poorly writing simple scripts, to being able to "zero-shoot" and "vibe code" a complex system, with a set of instructions written in natural language.
What we might be seeing in 2025 is how programming, the way it has been for the last decades, be disappearing and becoming a rare artisanal craft, not meant for being productive, but for showing off skill, for intellectual entertainment of the programmer.
I know how hard this hits the real coders. I am one, too. But I cannot unsee, what I have seen. The progress is so undeniable, there is no doubt left in me.
code_runner · 5h ago
I’m also surprised at the progress but don’t quite share the “AI is doing a good job” perspective.
It’s fine. Some things it’s awful at. The more you know about what you’re asking for the worse the result in my opinion.
That said a lot of my complaints are out of date apis being referenced and other little nuisances. If ai is writing the code, why did we even need an ergonomic api update in the first place. Maybe apis stabilize and ai just goes nuts.
0x500x79 · 4h ago
LLMs are doing a great job at generating syntactically correct output related to the prompt or task at hand. The semantics, hierarchy, architecture, abstraction, security, and maintainability of a code base is not being handled by LLMs generating code.
So far, the syntax has gotten better in LLMs. More tooling allows for validation of the syntax even more, but all those other things are still missing.
I feel like my job is still safe: but that of less experienced developers is in jeopardy. We will see what the future brings.
mikert89 · 4h ago
Yeah I think its over, it will take a while for the effects to ripple through society, but writing code will be seen as something like wood working
delfinom · 4h ago
I'm more curious how society will look when half the population is living in tents.
mikert89 · 3h ago
what a time to be alive!
Joel_Mckay · 5h ago
Statistically salient answers are not necessarily correct.
Real "AI" may happen some day, but it is unlikely going to be an LLM. =3
pphysch · 4h ago
"all computer engineering will be replaced by software"
"all code will be generated by compilers from basic prose"
"enterprise software will be trivialized by simple SQL prompts that anyone can write"
...
The progress is so unreliable, there is doubt left in me.
artur_makly · 4h ago
Someone should just create an app (*open-source ideally ) that stress-tests these vibe apps for security penetration risks and offers mitigation solutions.
khaledh · 5h ago
I'm an experienced software engineer (20+ years experience). I really liked the agentic coding capabilities, especially Claude Code. In addition to using it at work (data engineering), I used it for a hobby project (that I intended to contribute as open source). It was a new systems programming language built from scratch, including the backend. It was not fully fledged, but it had the core pieces: a static type system, algebraic data types, pattern matching with destructuring, type checker, ownership (pointer capabilities), dynamic scope region-based memory management, lowering to SSA-based IR (including fast dominance analysis), graph coloring register allocator with liveness interference, and x86-64 assembly generation. I did this in two weeks, something I couldn't do by myself in 6 months.
As I did this, I was keeping everything documented using a memory bank approach[1], so that I can fire up Claude Code and get it up to speed without explaining everything from scratch. Even with this disciplined approach, the code base got to a point where Claude would "forget" the big picture and start trying to optimize locally, hurting the global optimum. Eventually, I got burnt out by having to keep it in check every time it tried to do something stupid. I found myself always needing to remind it to check other modules to see how things fit together. I guess the memory bank got big with many concepts and relationships that Claude "got lost" in it.
Also, I realized that I missed the opportunity to learn deeply all those topics. so now I'm back to coding things myself, with little help from Cursor Tab, that's it. Will see how that goes.
ive been finding that letting an LLM write its own memory bank tends to have it regurgiate your prompts more than keep something actually useful.
khaledh · 2h ago
That is also true. Occasionally I would go in and clean up the docs and refocus them, but in the end I realized that I'm baby sitting the agent rather than relying on it to help me.
simonw · 6h ago
This is really clear and well argued. I particularly enjoyed this line:
> If you don't understand the code, your only recourse is to ask AI to fix it for you, which is like paying off credit card debt with another credit card.
ay · 5h ago
This is a super apt analogy. Every time I decided to let LLMs “vibe-fix” non-obvious things for the sake of experiment, it spiraled into an unspeakable fubar territory, which needed to be reverted - a very similar situation to this financial collapse.
Invariably, after using the brain, the real fix was usually quite simple - but, also invariably - was hidden behind 2-3 levels of indirection in reasoning.
On the other hand, I had rather pleasant results when “pair-debugging”, my demanding to explain why or just correcting it in the places when it was about to go astray certainly had effect - in return I got some really nice spotting of “obvious” but small things I might have missed otherwise.
That said, definition of “going astray” varies - from innocently jumping into what looked like unsupported conclusions to blatantly telling me something was equal to true right after ingesting the log with the printout showing the opposite.
pyman · 6h ago
I'm now following your advice and just telling LLMs, "Do better." Although I have to admit, the other day I lost it and said, "Fix it goddammit or I'll delete you!"
LLMs really know how to bring out the worst in intelligent, hard-working, respectable developers. I can't even imagine what PMs are saying to them, but I'd happily pay another $30 a month just to read those messages :)
stevekrouse · 6h ago
Thanks Simon!!
joshdavham · 1h ago
> If you don't understand the code, your only recourse is to ask AI to fix it for you, which is like paying off credit card debt with another credit card.
Excellent article! But I wonder if the above point will always be true. Maybe AI at some point could become better at cleaning its own mess?
mattigames · 5h ago
"the more you understand the less you are vibing" also works as a philosophical claim, and a truthful one in the opinion of this one reader.
mortsnort · 4h ago
You can also vibe tackle tech debt tho. AI is pretty good at deciphering code for you when you need to jump into it.
8thcross · 5h ago
interesting but i have thought about it. rarely is ours as well. All my code is original but based on my past experiences from learning, thinking about it, and improving it based on new knowledge i know. my 2cents.
mattxxx · 2h ago
all code is legacy code; git repos are mausoleums
aussieguy1234 · 4h ago
I think the quality of the code is going to be based on the skill of the person using the AI agent. An engineer knows a pyramid of doom pattern is bad, a non programmer would not. Engineers understand modularity and seperation of concerns, non programmers don't.
An engineer can guide an agent to write good, modular code, but a non programmer can't.
dgfitz · 3h ago
I’ll never cease to be amazed about this industry. Programming for the web is a thing, sure. I’ve made a small fortune having never written a single line of JavaScript.
The ecosystem is bigger than the internet.
isaacvando · 5h ago
programming as theory building mentioned
dabber21 · 6h ago
we need a mandatory warning label for any services that were vibe coded.
I really don't want to sign up for a service and then get my shit leaked immediately
dweekly · 5h ago
It will be interesting to see when this inverts - when it becomes scary to use an application that has only had humans review it and declare it safe and secure.
ninetyninenine · 3h ago
Just have AI deal with this legacy bs so I don’t need to look at it.
Joel_Mckay · 5h ago
Slop in, Slop out...
In general, a good code base teaches future developers how to leverage a pragmatic solution in the context of the use-case. Often, "vibe" code relies on superfluous computational heuristics overhead to compensate for people that had zero notion of what they were doing in the first place.
To summarize, no one competent is fooled by low-value content farmed blogs, or the folks that rely on LLM. The age of Spam exceeding content is upon us. =3
What I think happened: there are two incumbents in this space that are not happy about him showing up and charging a fraction of their monthly cost for a better, more modern product (their products are Windows-based desktop software). So they hired hackers to hack his SaaS (because these hackers have never demanded money). Unfortunately, that vibe-coding resulted in some bad code that made it easy to hack. First, the user list was leaked on the FE of the code and the hacker emailed all of the customers. Second, the hacker got a hold of his Stripe key and issued every customer a refund. Third, the hacker has been trying to inject XSS attacks into app (we'll see a random `<script>alert()</script>` tag in some fields)
I think indeed, vibe-coded software in the hands of the inexperienced is instant tech debt. But at the same time, he was able to prove out a viable business in a matter of a few months with no engineering background and no technical capability.
Now he's hiring a developer to shore it up.
Was it worth it? Yes, it is terrible, shoddy, insecure code, but he proved out a viable business with just a few hundred dollars of investment.
Half an hour after the push I got an email and text from GitHub that I had exposed credentials. I quickly logged in to my AWS to turn off the service, to see that AWS had suspended that service because the bounce rate on the 80000 emails sent in that 15 minute period was too high. It was crazy just how fast it was exploited.
1) They took action after getting the Stripe key by refunding all customers
2) They drafted an email to all customers after a hack that got the mailing list and API route to send emails
3) Not once has the hacker asked for compensation of any kind nor a ransom
I remember when I was a kid running a tiny forum with phpbb or something, and some script kiddies from g00nsquad (can't remember exact spelling, but something like that) defaced it. They didn't ask for money, they just did it for fun.
Sure things have changed now and the internet has become more corporate, but I reckon there are still people out there doing this stuff l because they can.
Breaking things is just fun for them and the internet is their video game.
Also the vibe I am getting from places like reddit/etc... is that it's currently open season on vibe coded apps. Lot's of internet points to be had for destroying them.
I am not saying it is the most likely case or even ethically justified but it is definitely not a super unlikely one. Anyone who thinks that's an impossible scenario has not been in the hacker's shoes.
He's lucky they didn't find a way to use it for card washing.
Your friend should take this as a lesson instead of trying to deflect blame to their competitors.
I think you mean “for the lulz”
Definitely not a good idea but it's not an unreasonable motivation.
The good news is that with each of these we get to "validate" that having an idea still isn't worth much without the ability to actually execute.
In a perfect world the creation of software would have been locked down like other engineering fields, with developers and companies suffering legal consequences for exposing customer information.
There are some industries where the massive cost of this type of lock down — probably innovation at 1/10th the speed at 100X the cost — is needed. Medicine comes to mind. It’s different from software in two ways. One is that the stakes are higher from a human point of view, but the more significant difference is that ordinary users of medicine are usually not competent to judge its efficacy (hence why there’s so much quackery). It has an extreme case of the ignorant customer problem, making it hard for the market to work. The users of software usually can see if it’s working.
I'll say video games would certainly be worse.
I don't know if we'd be worse off with a lot of other software and/or public internet sites of 20-to-30 years ago. A lot of people are unhappy with the state of modern consumer software, ad surveillance, etc.
Probably a lot less identity theft and credit card/banking fraud.
For social media, it depends on if that "regulate things to ensure safety" attitude extends to things like abuse/threats/unsolicited gore or nudes/etc. And advertising surveillance. Would ad tracking be rejected since the device and platform should not be allowed to share all that fingerprinting stuff in the first place, or would it just be "you can track if you check all the data protection boxes" which is not really that much better.
I'm sure someone would've spent the time to produce certified Linux versions by now; "Linux with support" has been a business model for decades, and if the alternative is pay MS, pay someone else, or write your own from scratch, there's room in the market.
(Somewhere out there there's another counterfactual world where medicine is less regulated and the survivors who haven't been victimized by the resulting problems are talking about how "in that other world we'd still be getting hip replacement surgery instead of regrowing things with gene therapy" or somesuch...)
Which are reasonable prices when lives are at risk.
Yes, I know RTOS are not general purpose, this is NOT apples to apples, but that is what that kind of reliability, testing, safety certification, etc. costs.
Even in the US most software jobs are lower-scale and lower-ROI than a company that can serve hundreds of millions of users from one central organization.
But for the engineers/investors in other countries... I think the EU, etc, would do well to put more barriers up for those companies to force the creation of local alternatives in those super-high-ROI areas - would drive a lot of high-profit job- and investment-growth which would lead to more of that SV-style risk-taking ecosystem. Just because one company is able, through technology, to now serve everyone in the world doesn't mean that it's economically ideal for most of the world.
The EU is the only place hiring software engineers right now. Everyone in the U.S. just keeps laying them off.
Spotify is European. Any innovative SV companies going to unseat them with sheer pluckiness? Same goes for Meta or Amazon going the other way.
China and to some degree Russia have their own ecosystems due to anti-innovative barriers they put up.
This feels like less of a win for the customers though. They're paying money and exposing their data insecurely, all for a product that maybe does what it's trying to do.
> Now he's hiring a developer to shore it up.
This is going to be way harder than it sounds...
I'm all for AI as a reference or productivity/learning aid, but the results without a human in the loop quickly get horrific.
It's because the software is that much of an improvement over the incumbents at a fraction of the cost. Better features, more flexible, easier to use, faster, etc. Everything about it is better than the two major vendors.
The rebuild will likely end up easier, IMO, because the screens and the logic is all done. Most of it just has to be moved to strict backend and then have the APIs secured correctly.
How to draw an owl…
Step 1. Draw a circle. Step 2. Draw the rest of the owl…
Plenty of people probably. There are hundreds of businesses that constantly get exposed for massive leaks and/or horrendous business practices yet they're doing just fine. I'd imagine the killing blow in this case would be the stripe key but beyond that they would've likely had no massive issue.
Thank god that someone, somewhere, was able to make some money out of irresponsibly releasing software into the world!
and the vital ingredient? complete contempt for his customers
I predict 2030: all sites in most countries will need a license to operate and something like SOC2 certification. Even for your blog.
Some of the software we know and love today started with someone writing their very first line of PHP code, or Rails.
Vibe coding is ultimately about getting ideas shipped faster. Code quality is an engineer recruiting/retention strategy.
As we saw with that Tea app (which wasn't even vibe coded), you're only as secure as your weakest firebase store.
How much is it costing him to hire someone to reimplement his idea correctly?
Generally bandits are not interested in sparing anyone. =3
And it only works because has proven the revenue model and found the customers already.
No comments yet
The important question is: what was the cost and consequences of the exploits for users of the service?
=3
This is a no fly zone amigo, that's going to be a hard no from me dawg.
That's not instant tech debt, that's a class action lawsuit for negligence with damages that were I a juror in a trial I would find him liable.
It’s called a skill issue and to prevent these you have to actually spend time learning instead of vibing.
It’s literally the same as driving a car without license.
Everyone can do it - but shouldn’t.
The problem is that, as it often happens, the prototype was then deployed to production. In this case, it was partly the fault of your non-technical friend who didn't know better, but software engineering history shows us this sometimes happens because of customer/boss pressure.
So it's often the case prototypes designed to prove feasibility or to demo to customers become production software, and AI makes this undesirable result even more frictionless.
It seems in our line of business we are doomed to repeat past mistakes -- forever.
(E.g., early Dropbox went four hours accepting any password for any account, and shortly thereafter somebody got about 30 million of their passwords, and they’re doing just fine.)
> ZUCK: i don’t know why
> ZUCK: they “trust me”
> ZUCK: dumb fucks
It's only possible for you to say that because you know that the financial incentive is tipped towards vibe coders who don't care about security vs towards consumers...
But I'm guessing there are lawsuits incomming with GDPR/US equivalent fines.
Come to think of it, the exact same thing happened when the PC became popular. Mainframe people were aghast at all the horrible unprofessional mess that the PC people were creating.
You still think out all the classes, algorithms, complexities in your head, but then instead of writing code by hand, use short prompts like "encapsulate X and Y in a nested class + create a dictionary where key is A+B".
This saves a ton of repetitive manual work, while the results are pretty indistinguishable from doing all the legwork yourself.
I am building a list of examples with exact prompts and token counts here [0]. The list is far from being complete, but gives the overall idea.
[0] https://sysprogs.com/CodeVROOM/documentation/examples/scatte...
And as someone who’s reviewed plenty of production scripts, functions, and services written by junior developers, including my own early work, this take is overly absolutist.
The problem persists in the vast majority of organisations.
You can write articles criticising LLM-generated code, but if you’ve spent most of your career fixing, extending, or re-architecting systems built by others, you should know better.
Until software engineering adopts the same standards, certifications, consistency, and accountability as traditional engineering, along with real consequences, these arguments don’t hold much weight.
This entire modern industry was built on the opposite philosophy: agile. Move fast, break things. Ship iteratively with minimal design. Drop production? Just revert. Outage? Oops.
Software is still treated like a toy. It’s playdough in the hands of toddlers led by other toddlers. You might be among the 1% who do things properly.. but the other 99% don’t.
And odds are, if you’re reading this, you’re not the 1%.
Just yesterday a coworker who knows little Rust vibe coded a new feature that “worked” but is actually horribly broken (lots of synchronous I/O/locks/channels in a tokio async context). On top of everything else, they created their own bad abstractions for things that already had safe async abstractions.
If they’d had to actually do this themselves they either would have asked for help sooner so they could be guided or they would have done research in the code which already had examples on how to do things.
Legacy code isn't a bad thing either. The majority of code that actually generates revenue right now is probably considered "legacy" by the devs working there.
The article's point is that if you are planning to maintain something, you've created instant legacy code. Which might be fine, depending!
I know zero about the code the LLM created, though. I've tried going through it, and it is all well-written, but it's all foreign. I wasn't there for any of its creation and I don't have any map in my head about the layout of the functions or the flow of the apps.
They claim junior devs are now 10x more productive, and project managers are shipping code themselves. Now, close your eyes for five seconds and try to picture what that code looks like. It's 100% legacy, disposable code.
The problem isn't AI, or PMs turning Figma into code, or junior devs prompting like mad. The real problem is the disconnect between expectations and outcomes. And that disconnect exists because people are mixing up terminology that took engineers years to define properly.
- A lean prototype is not the same as a disposable prototype
- An MVP is not the same as a lean prototype
- And a product is not the same as an MVP
A lean prototype is a starting point, a rough model used to test and refine an idea. If it works, it might evolve into an MVP. An MVP becomes a product once it proves the core assumptions and shows there's a real need in the market. And a disposable prototype is exactly that, something you throw away after initial use.
Vibing tools are great for building disposable prototypes, and LLM-assisted IDEs are better for creating actual products. Right now, only engineers are able to create lean prototypes using LLM prompts outside the IDE. Everyone else is just building simple (and working?) software on top of disposable code.
Tell that to almost every company I've worked for!
The whole "make it to the next financial quarter" attitude among directors and C-suite these days leads to the kind of crap where developers build an MVP and then are made to move on to the next thing. Like you said, it's not really about vibe coding at all. To a degree, they're right; the perception of feature richness leads to the bottom line irrespective of quality because few are truly comparing products, assuming it's feasible.
Hell, are developers (which we now call engineers apparently) even empowered to prototype things these days? I'm sure it happens, but it doesn't seem all that common. Maybe it happens in the gaming industry and actual tech (not "big tech"). Most coding outfits don't provide much affordance for that. It's just MVPs all the way down. At best, vibe coding just accelerates that process while quality suffers.
This is one of the larger trends I've observed in about 10 years of the software industry. A lot of these terms are really the crystallization of discussions at the water cooler, expositions in books or articles, or on technical fora like these, that span months if not years and thousands upon thousands of words. A veteran utters the word and immediately all the past conversations he's had regarding this topic come to mind.
Newer cohorts come in, and, not having been privy to those discussions, latch on to the jargon in a mimetic attempt to stochastically parrot the experts, but don't have the substance underlying the word - they only have the word itself. Now it gets thrown around as an ill-defined, ill-specified buzzword that means multiple different things to multiple people, none of whom can clarify what exactly the definition of that word is, what it means to them, because they were never part of the discourse, the oral or written tradition, in the first place, and don't understand the meaning of that word in context, its usage.
"Agile." "Technical debt." "DevOps." And now, "vibe coding." There was an article here on HN [0] [1] discussing semantic drift of the term "vibe coding" and how it now means something different from what was originally intended; I will merely point out that this is par for the course in software.
For other, more technical, examples of linguistic sloppiness: see JavaScript's conflation of objects, JSON, dictionaries, and hashmaps; to the computer scientist, you have the compositional primitive from object-oriented programming, the JavaScript Object Notation for serialization, the abstract data type, and the concrete data structure, respectively. To the JavaScript programmer, you just have "objects," and the fidelity of your linguistic and conceptual space has been reduced to a single pixel instead of something with more resolution and nuance.
[0] https://simonwillison.net/2025/Mar/19/vibe-coding/
[1] https://news.ycombinator.com/item?id=43739037
I'd argue we should better define working. Take for example a generated UI, they all look the same and are subtly wrong or broken in many ways. At a first sight it might seem "working" only to fail at the first user test. Also generated UIs already feel like obsolete, meaning they religiously follow the trend at the training moment, they spectacularly fail coming up with something new
Usually that was when an engineer chimed in, and made the broken part into something more useful and more maintainable.
Then an architect looked at the codebase and tried to reduce its complexity.
Now, post LLM, it seems we have 100x the code written by devs, and engineers and architects are completely left out.
And that's what we are observing.
If you figure out how to test this, whether or not with e.g. a TDD MCP server or a DDD MCP server (or whatever workflow and architecture you prefer) you have a potential for a trillion dollar startup. We need to scale the efficiency of code reviews, because currently that is utterly broken as a concept and doesn't scale well enough.
"[O]rganizations which design systems (in the broad sense used here) are constrained to produce designs which are copies of the communication structures of these organizations." (Melvin E. Conway)
Keep in mind Conway's law also works in reverse, try running a private project wiki with documentation, and a ticket/task queue with small tasks.
Setting pie-in-sky project goals is just as bad as ivory tower engineers. =3
It's no different to vibe coding, except if you ask an LLM to harden your code base to pass a pen test, it will do something.
Enterprises just don't give a sh!t.
Most of the time it's not "don't give a sh!t"--it's they genuinely don't know any better, no actual stakeholders even see the codebase nor are in any position to pass judgement, etc.
Most of the time folks that are "enterprise architects" or some such haven't written code in a decade and spend many hours a day on meetings.
I would hazard a guess it's going to be extremely profitable being a consultant in the next few years.
I hope so. This is something I'm hoping to get into. As long as companies are trying to push their internal teams to use AI tools, I think it makes sense to position myself to follow along after them and clear the mess
I imagine 'vibe coded' applications to be similar to this but even worse.
Hahaha you're funny :-)
We asked them: "Where is xyz code". It didn't exist, it was a hallucination. We asked them: "Did you validated abc use cases?" no they did not.
So we had a PM push a narrative to executives that this feature was simple, that he could do it with AI generated code: and it didn't solve 5% of the use cases that would need to be solved in order to ship this feature.
This is the state of things right now: all talk, little results, and other non-technical people being fed the same bullshit from multiple angles.
This is likely because LLM's solve for document creation which "best" match the prompt, via statistical consensus based on their training data-set.
> We asked them: "Where is xyz code". It didn't exist, it was a hallucination. We asked them: "Did you validated abc use cases?" no they did not.
So many people mistake the certainty implicit in commercial LLM responses as correctness, largely due to how people typically interpret similar content made by actual people when the latter's position supports the former's. It's a confluence of Argument from authority[0] and Subjective validation[1].
0 - https://en.wikipedia.org/wiki/Argument_from_authority
1 - https://en.wikipedia.org/wiki/Subjective_validation
This is what all software will become, down to the smallest script. The vast majority of software does not need to be provably correct in a mathematical way. It just needs to get the job done. People love the craft of programming, so I get it, it's uncomfortable to let go.
But what is going to win out in the end:
- An unreadable 100K loc program backed by 50K tests, guaranteeing behavior to the client requirements. Cost: $50K of API tokens
- A well engineered and honed 30K loc program, built by humans, with elegant abstractions. Backed by 3K tests. Built to the same requirements. Cost: $300K of developer time.
If I am a consumer of software, and not particularly interested in the details, I am going to choose the option that is 6x cheaper, every time.
Until the next set of needed changes due to exterior requirements. And this software is one of the pillar in the business. That is when you switch vendors if you were buying the service.
That is why support is always an essential part of B2B or even serious B2C. The world will change and you need to react to it, not just have the correct software now.
People who work in formal verification will either vehemently disagree with you or secretly know you're right.
> built by humans, with elegant abstractions
Frankly, I look at both of these options and think I haven't seen either in the wild...
Once you embrace the fact that all the code is legacy, then it's clear how writing more code, faster cannot be helpful from a maintenance POV: You are just creating more work for yourself.
And no, libraries don't really solve the problem, but might make it a bit less so if they are well maintained, because hopefully then they are someone else's problem. Eventually it can be mostly trusted and be almost not legacy. But a library that changes too often, or has a bad interface, is just legacy code which you also cannot change easily for a double whammy.
The more one writes code, the more one eventually realizes that the one way out of the problem is doing less: Not necessarily you, but just needing fewer things, in general. Because all complexity is ultimately a puzzle for someone that doesn't remember, and that's probably you a week later, or even in the way you typed it, as what you thought were the requirements might not really have been the requirements. And even if they were what a supposed expert told you they should be, that doesn't mean that whoever told you was right, and that's true even when you are the supposed expert.
This is "but humans also", which I believe should be a recognised fallacy at this point.
Not all code is legacy code, for one thing; some is small enough that it is absolutely live in the minds of developers.
The best practical definition of legacy code is that it is voluminous, entrenched and owned by nobody currently in the organisation. Vibe code typically meets two of those requirements the moment it is produced.
"Legacy" for me is a bad word. I refuse to use it, and I scold my colleagues when they do: it's our code, we modernize it if we don't like it, and if we stop using it, then it's finished code. What is this false dichotomy between legacy code and "not in prod yet code" ?
In companies we call our regulatory prosecutions for fraudulent behavior that are so complex that they last for 10 years "legacy matters". Do you think that points at a statement of factual representation, or at a ridiculous attempt at distancing ourselves from our actual responsibilities ?
Like you say about libraries, it is possible to have code that isn't your problem. It's all about how leaky the abstraction is. Right now LLMs write terrible abstractions, and it's unclear how long it'll take for them to get good at writing good code.
I am excited to invest more in tools to make the understanding of code easier, cheaper, and more fun. My friend Glen pointed one way in this direction: https://glench.github.io/fuzzyset.js/ui/
As Geoffrey Litt likes to say, LLMs can help with this by building us throwaway visualizers and debuggers to help us understand our code.
I see people going all in with LLMs and forgetting that those even exists. It's hard to take such people seriously.
Just ask the model.
Vibe code is legacy from day one and with changing styles
Now, they see themselves challenged to defend against the non-technical departments, because all they see are some elitist developers, that deem something as "not good enough", which, from a user standpoint, "is working quite well".
However - it's unmaintainable. That whole situation is a mess, and it's becoming bigger and bigger.
Vibe coding - you don't care about the code. You don't look at the code. You just ask, test that what you received works, and go on with your life.
LLM-assisted coding - you care about the code. You will maintain that code. You take responsibility and treat it as any other software development job, with everything that's required.
Same same, but different.
I care when it doesn’t just work.
I hardly look when it does.
I’ve noticed myself writing requirements for a feature and asking Claude to help me think through and expand. Obviously in a real project, there are challenges: (1) how do we tell Claude what is already in the project so it doesn’t reimplement existing methods? (2) how do we get Claude to fully implement the feature and not just “stub it out?” (3) how do we help Professionals maintain visibility and digest the new code?
Claude recommends the explore-plan-code-commit loop. I’m working on a package which formalizes that process within a Laravel application.
A running joke we had at my startup years ago was "... and after we ship this feature we'll be finished and we will never have to write another line of code again!"
Good software is built with future changes in mind - that's why I care so much about things like automated test suites and documentation and code maintainability.
Letting LLMs generate black box garbage code sounds like a terrible idea to me. The idea that LLMs will get so good at coding that we won't mind is pure science fiction - writing code is only one part of the craft of delivering useful software.
LLMs work best with interfaces meant for humans because they're trained on human behavior. It's why they generate JSON and not BSON.
Malbolge is a couple of decades old. Apparently the first working "Hello World" was made by a genetic algorithm.
this is like the third time i've mentioned this on HN (over a year.) Apparently everyone else is too busy complaining or defending Claude Code to notice.
Dogs can also factor 15:
https://eprint.iacr.org/2025/1237.pdf
Wow, no. Bad misunderstanding of what legacy means.
Long-lived organizations all eventually go through tech renovations, where they re-platform their business functionality onto more modern systems. But sometimes, the cost/benefit analysis to that re-platforming doesn't make sense... yet. The pieces of the business still running on the former platform are legacy code.
People do understand it. Often, deeply understand it because they wrote it, and have lived and supported it for years. They know the reason behind the tech debt, all the odd tech constraints that drove it to where it is, they can keep the thing running without breaking a sweat. It is second-nature to them.
But it is not easy for anyone other than them. That is the true risk of legacy code, and that is probably where the author got off-track. They may have only ever worked in orgs after the last of the legacy coders left, and everything was a disaster. You definitely do not want to let a legacy system get to that point... and at the same time, if you ever do get there, the cost/benefit analysis has changed and you need to retire the legacy stack.
All that being said, now, yes, we can compare it to vibe coding. If nobody understands the code from the beginning, you never have that magical timeframe when someone just keeps the system alive with ease. You never solved business problems with it. It is just bad code launching straight into the disaster-filled zone where nobody can maintain anything.
I much more agree with the blog author. Once the last developer that has a deep understanding of a codebase moves on (or simply forgets it all), that's the point it becomes legacy.
It becomes legacy when it is no longer running on a tech stack that matches the future strategy of the organization. Legacy is a strategic label, not an engineering label. There is no age where something becomes legacy, it happens when business strategy moves on to something else.
Martin Feathers, in the most popular book on legacy code, defines it as code without tests. This is not a good definition at all, but it shows just how hard it is to define it. This is not meant as an attack on anyone: I just think some flexibility and slack is called for here.
You could easily write an long white paper trying to define 'legacy code', and it would be a lot less interesting than the target article here.
I don't think it counts as legacy code if the original devs are still around to work on it
Legacy is not just "old" it is something that was left behind by someone else
You're assuming the people that wrote it are still there, which is often not the case.
I have seldom encountered these.
What I encounter, instead, are lashups that the engineering team thought would be throwaway, but which Management made "Final Ship" code.
I have learned to always do "ship-shape" code; even for the most innocuous projects. I may be a bit sloppy as I'm exploring different paths, but the minute I decide on a firm plan, the code cleanup and documentation starts.
If you ship, and charge money for it, you are responsible for maintaining it. Can’t treat it as throwaway, even if you meant it as such.
What's happening is that all this "vibe coded" software needs someone to fix it when it breaks. I've been getting more requests than ever to debug AI-generated codebases where the original "developer" can't explain what any of it does. The security audit work alone is keeping me busy - these AI-generated apps often have vulnerabilities that would never pass a human code review. It reminds me of when WordPress democratized web development. Suddenly everyone could build a website, but that just created a massive market for developers who could fix broken WordPress sites, migrate databases, and patch security holes. The difference now is the scale and complexity. At least with WordPress, there was some underlying structure you could reason about. With vibe coding, you get these sprawling codebases where the AI has reinvented the wheel five different ways in the same project, used deprecated libraries because they were in its training data, and created bizarre architectural decisions that only make sense if you don't understand the problem domain.
So yeah, the jobs aren't disappearing - they're just shifting from "build new features" to "fix the mess the PM made last weekend when they tried to ship their own feature."
There are approximately two definitions of "legacy" code that I'm familiar with. One is: "valuable code that you're afraid to change." This definition is subjective. I might be afraid to change code that you're unafraid to change, especially if it's code that you wrote (because you remember, at least vaguely, how your code is "supposed" to work).
Another definition of "legacy" is attributed to Michael Feathers: "Legacy code is simply code without tests." The definitions overlap because code without tests is definitely scary to change, because it's very hard to be sure whether or not you've broken it, or even understood it in the first place.
When vibe-coding with an LLM that generates automated tests, (as they mostly all do nowadays), it's not legacy code. The tests both specify and ensure correct behavior.
Automated tests are particularly useful for vibe coding, because they help prevent LLMs from hallucinating answers. (This is also why type checkers are so helpful for LLMs.)
Once the code has tests, you can pretty much let the LLMs change anything they want, including refactoring the architecture. LLMs are extremely good at refactoring code with automated tests, in the sense that they'll puke out some hallucinated, hilariously wrong answer, and then refine their answer automatically until it passes the tests. (Just like I did when I was a junior engineer.)
But watch out, because sometimes the LLMs try to delete tests that are hard to pass. If vibe-coding means reading no code, not even the tests, then, yeah, you're gonna have a bad time. But if it means "only reading the tests and not reading the application code," then vibe coding works pretty well, actually.
What the new systems give you (and especially junior engineers/PMs) is disposable code with automated tests, ensuring that that you can dispose of the code and regenerate it (aka refactor it) and add features with confidence.
That's the very opposite of "legacy code."
> But watch out, because sometimes the LLMs try to delete tests that are hard to pass. If vibe-coding means reading no code, not even the tests, then, yeah, you're gonna have a bad time. But if it means "only reading the tests and not reading the application code," then vibe coding works pretty well, actually.
Yeah, vibe coding means plowing forward with whatever the LLM does without understanding it. That's the definition. If you're using your brain, you're not vibe coding.
Personally however I've found more luck generating requests from the "code model" rather than generating code from the "tests" at present. Only because tests are usually much more code than the code itself under test (one code has many scenarios) w.r.t. productivity. Everything still needs review, manual tweaking and understanding of course for now.
I've found it faster to have AI write the code, revise with instructions as necessary, and delve into the code itself if I need to.
What we've had a hard time with is understanding what this article calls legacy code, and also understanding where our new changes fit into a larger context.
It isn't at all dissimilar from the paintbrush analogy that all the (neo)vimmers love. We spend more time reading and navigating than we do writing.
AI needs to help with that.
Sounds to me like you're not vibe coding, you're coding. https://simonwillison.net/2025/Mar/19/vibe-coding/
that's great but that's not what vibe coding is though
With agentic programming, I need issue tracking that is accessible from CLI, and in three evenings I’ve made what would have taken two weeks.
The thing is, I would have just never finished it, or started in this case.
I think that we devs are now very skeptical because we are the ones that have to fix the sh that llms spit out. But likely we will be taken out of the loop completely.
Some devs may have all of these, some may lack several.
I certainly benefit from having a better overview while vibe-coding: I don’t get lost in some rabbit-hole trying to optimise something that is good enough, and my most important tasks are always well-defined before I start.
What’s the definition of “Legacy Code”? It’s code that has business value.
(otherwise you’d just delete it and move on)
Interesting times ahead for sure.
No comments yet
It's very true that any vibe code is immediately legacy after they are generated. In other words, they are incarnations of foreign minds, things from a realm that is shuttered from my access, and they are giant pile of code that is beyond immediate recognition to any human engineers.
There’s just shit buggy software everywhere now and I’m definitely not expecting AI to make the way we build things better.
Always has been and always will be. This article was eye opening to me because I didn't even realize how often I was working around buggy software.
There's a certain chance that this development will force our hands at inventing new ways to handle code verification though?
Full context > human context capacity > LLM context capacity.
We should all be able to agree on this and it should settle the debates around the efficacy of vibe coding.
It doesn't, as you say, work for large and complex contexts. But it can work really well for automating parts of your work flow that you otherwise wouldn't have bothered to automate. And I wonder if there are more ways where it can be useful where the context can be narrowed down enough.
I think the whole premise of the article is wrong because it compares apples to oranges, assuming that you’re going to maintain “vibe code” in a traditional way.
But context is text documentation, and that stuff rots just as much, if not more, when LLMs generate it.
Nothing beats having the actual code and the thoughts that went onto it in your wetware. I still remember the hardest problems in my professional life in the last 15 years down to a scary detail.
The docs don’t rot because you can throw them away and have the LLM recreate them at any time. And they’re not for you, they’re for the agent.
It’s a completely different mindset.
So if the foundation is overengineered, it will produce over-engineered code on top. If your code is super clean and succinct, it will produce code that is equally neat and succinct.
I've used Claude code with my own backend serverless platform and it's like it can read my mind. It's almost exactly how I would do it. It's like working with a clone of myself. I can implement nuanced features and ask for very specific changes and the success rate is extremely high.
On the other hand, I've worked with some other people's code which was slightly over-engineered and it struggled. I managed to achieve what I wanted with a lot of manual intervention and careful prompting but it was a very different experience and the code it produced didn't look like my code. It looked like it was written by a mid-level dev.
I can sense that it's a code completion engine because it clearly doesn't have an opinion about code quality. It doesn't know what metrics to aim for. It doesn't aim for succinctness; just as most human developers don't aim for it either.
My assessment of LLMs is that they don't have a specific intrinsic goal so the goal/motivation is inferred from the text it sees (from the input). If the original author of the code was motivated by creating complexity for the purpose of lock-in factor and career advancement, the LLM will produce code which optimizes for that. Unfortunately, this describes the vast majoy of code which is produced.
You can tell a lot about someone based on their code.
What we are seeing right in front of our eyes is how the boundaries of what is possible in the realm of software programming has gone from AI/LLMs poorly writing simple scripts, to being able to "zero-shoot" and "vibe code" a complex system, with a set of instructions written in natural language.
What we might be seeing in 2025 is how programming, the way it has been for the last decades, be disappearing and becoming a rare artisanal craft, not meant for being productive, but for showing off skill, for intellectual entertainment of the programmer.
I know how hard this hits the real coders. I am one, too. But I cannot unsee, what I have seen. The progress is so undeniable, there is no doubt left in me.
It’s fine. Some things it’s awful at. The more you know about what you’re asking for the worse the result in my opinion.
That said a lot of my complaints are out of date apis being referenced and other little nuisances. If ai is writing the code, why did we even need an ergonomic api update in the first place. Maybe apis stabilize and ai just goes nuts.
So far, the syntax has gotten better in LLMs. More tooling allows for validation of the syntax even more, but all those other things are still missing.
I feel like my job is still safe: but that of less experienced developers is in jeopardy. We will see what the future brings.
Real "AI" may happen some day, but it is unlikely going to be an LLM. =3
"all code will be generated by compilers from basic prose"
"enterprise software will be trivialized by simple SQL prompts that anyone can write"
...
The progress is so unreliable, there is doubt left in me.
As I did this, I was keeping everything documented using a memory bank approach[1], so that I can fire up Claude Code and get it up to speed without explaining everything from scratch. Even with this disciplined approach, the code base got to a point where Claude would "forget" the big picture and start trying to optimize locally, hurting the global optimum. Eventually, I got burnt out by having to keep it in check every time it tried to do something stupid. I found myself always needing to remind it to check other modules to see how things fit together. I guess the memory bank got big with many concepts and relationships that Claude "got lost" in it.
Also, I realized that I missed the opportunity to learn deeply all those topics. so now I'm back to coding things myself, with little help from Cursor Tab, that's it. Will see how that goes.
[1] https://docs.cline.bot/prompting/cline-memory-bank
> If you don't understand the code, your only recourse is to ask AI to fix it for you, which is like paying off credit card debt with another credit card.
Invariably, after using the brain, the real fix was usually quite simple - but, also invariably - was hidden behind 2-3 levels of indirection in reasoning.
On the other hand, I had rather pleasant results when “pair-debugging”, my demanding to explain why or just correcting it in the places when it was about to go astray certainly had effect - in return I got some really nice spotting of “obvious” but small things I might have missed otherwise.
That said, definition of “going astray” varies - from innocently jumping into what looked like unsupported conclusions to blatantly telling me something was equal to true right after ingesting the log with the printout showing the opposite.
LLMs really know how to bring out the worst in intelligent, hard-working, respectable developers. I can't even imagine what PMs are saying to them, but I'd happily pay another $30 a month just to read those messages :)
Excellent article! But I wonder if the above point will always be true. Maybe AI at some point could become better at cleaning its own mess?
An engineer can guide an agent to write good, modular code, but a non programmer can't.
The ecosystem is bigger than the internet.
I really don't want to sign up for a service and then get my shit leaked immediately
In general, a good code base teaches future developers how to leverage a pragmatic solution in the context of the use-case. Often, "vibe" code relies on superfluous computational heuristics overhead to compensate for people that had zero notion of what they were doing in the first place.
To summarize, no one competent is fooled by low-value content farmed blogs, or the folks that rely on LLM. The age of Spam exceeding content is upon us. =3