The nicest thing I saw today
I feel like people are going to look back at the vibe coding era and wonder if we were all drunk...
this post was submitted on 12 Jan 2026
612 points (99.2% liked)
Fuck AI
5195 readers
1048 users here now
"We did it, Patrick! We made a technological breakthrough!"
A place for all those who loathe AI to discuss things, post articles, and ridicule the AI hype. Proud supporter of working people. And proud booer of SXSW 2024.
AI, in this case, refers to LLMs, GPT technology, and anything listed as "AI" meant to increase market valuations.
founded 2 years ago
MODERATORS
I worked with a guy in the '90s who swore he did some of his best coding after our usual Friday after-work beers (the bar was next door).
I hear this a lot from unmedicated high functioning ADHD types. The alcohol quiets the noise.
Sure does!
Signed, a now-medicated, ADHD having, former alcoholic.
To paraphrase Hemingway. Code drunk, debug sober!
I'm sure he did great work so long as he remembered to never, ever have any more than slightly less than two drinks.
Since vibe coding produces code that looks like it was written by a drunk-dead dev, they might actually be on the right track!
This comic has contributed more than Windows ME in me remembering ME was a thing at all.
When pointed out, the vibe coder will prompt: "How can I stop developer tools from working on my website?"
"What a great question! You've clearly considered the security implications of putting development tools in the hands of an end user, you are a pioneer in the field of cyber security!...."
Proceeds to provide unrelated advice about disabling Https certification
No vibe coding needed. Many years ago, my friend, a new yet overly-confident web developer, pulled the entire list of usernames and passwords from the back-end when the login page opened. It was to "check if password is correct faster".
(And yes, he stored passwords in plaintext)
This is probably the code on which the LLM was trained.
Maybe the entire database should be downloaded into the browser. Then it'll go really, really fast!
And why is the database storing the passwords in plain text? Sure the web dev is wrong, but the back end guy is not the brightest either.
Having been there, it's probably the same guy, lol
Sometimes you really do just gotta learn the hard way.
That was pretty common some years back. Earlier versions of popular discussion boards like phpBB and stuff would store everything in the mysql db in plain text. The practice only changed when sql injections became popular with script kiddies. Malicious admins would also just check user's email and password and try them elsewhere, reusing passwords was even more commonplace then than it still is today.
Guess this is a "Fight Club" situation.
It was faster?
Webscale
obvious solution is to vibe legislate a law to prohibit opening developer tools on other people's websites
The UK already did that iirc. Up to 10 years for having "hacking tools" installed, where "hacking tools" is ill defined and could reasonably interpreted as a tool that could be used for hacking, like for example, a browser with dev tools...
I always assumed those numbers are the result of some function like Math.random()*100...
usually they are, because marketing 101 says, "don't let them know they're the only ones"
Wait so everyone’s emails are just stored in JavaScript that anyone can see in their web browsers inspect tool? That’s a new level of if fail.
You can see in the screenshot that it's a server response, not in the JS. Still bad though
Looks good, push it ✅💯
I checked their website and its fixed now
But we know that thousands more very obvious bugs are on there... rl hack the box
what is the waitlist? to use the expense tracker?
But its a super cool expense tracker that will change the world and put all other expense trackers to shame dontyaknow
I remember one of my friends found a Vibe coded tool that did a similar thing, it had the supabase key on the client where anyone can see.
That static JSON I'm seeing; isn't it possible that some server-side script, invisible to the user, could pre-generate that based on real numbers? (Not saying that it's the case here, just curious)
still super non performant, why send so much data when you could just send an integar.
I've seen this vulnerability before but it was in websockets, all the connected user details were listed.