Me too. They make it seem like you can vibe code an entire web shop in one prompt. In reality they charge by the token so if you hit a wall trying to get the AI to do stuff you run up a huge bill but it's too late to get out.
Hot on the wheels on the vibe-coded Tea breach. Things are looking great for vibe coding.
Don't get me wrong, I have been been more hands off (though not completely, and very prescriptive) with an SPA side project and it's going great. Claude makes way better looking UIs than my dog ugly developer UIs. But vibing auth? That should seriously count as _legal_ gross negligence.
"The vulnerability we discovered was remarkably simple to exploit - by providing only a non-secret app_id value to undocumented registration and email verification endpoints." So you could sign yourself up as editor / collaborator on any app once you knew the app's ID.
Jeez, that's sloppy. My colleague in 2000 discovered you could browse any account on his bank's website by just changing the (sequential!) account IDs in the URL. In a lot of ways we've made great strides in security over the last 25 years... and in many ways, we haven't.
Every single day someone dies a wrongful death, a plane crashes, a serious data breach occurs, and someone slips on a banana peel.
None of these things will ever stop the billionaire gravy train because of something called “Risk Management.” I don’t think our “vibe-coded AI slopware” is an exception.
These platforms feel like their authors just stick a big bow (uniquely branded ofc) on top of llms. I don't want to undervalue the importance of good glue code.. but that's all I see here. Doesn't deserve the glossy sheen or accolades imo.
> Platforms like Loveable, Bolt, and Base44
> Wiz Research has been looking into the security posture
> (recently acquired by Wix following an amazingly rapid rise)
Anyone else find all these names really surreal?
(Yeah, Google is kind of a dumb name too, but at least there's a cute story behind it.)
(Okay, I knew Wix had been around for quite some time, but I didn't expect it to be almost as old as YouTube....)
I might go to the extent of saying that this is classical example of security by obscurity, and for good or bad reasons, a lot of applications would fall into this category, one way or another.
20 comments
[ 3.6 ms ] story [ 48.8 ms ] threadDon't get me wrong, I have been been more hands off (though not completely, and very prescriptive) with an SPA side project and it's going great. Claude makes way better looking UIs than my dog ugly developer UIs. But vibing auth? That should seriously count as _legal_ gross negligence.
Wix was probably acquiring a growing userbase.
this is israeli on israeli violence
Jeez, that's sloppy. My colleague in 2000 discovered you could browse any account on his bank's website by just changing the (sequential!) account IDs in the URL. In a lot of ways we've made great strides in security over the last 25 years... and in many ways, we haven't.
I wonder if they fixed it manually or used Base44 to fix it
None of these things will ever stop the billionaire gravy train because of something called “Risk Management.” I don’t think our “vibe-coded AI slopware” is an exception.
Anyone else find all these names really surreal?
(Yeah, Google is kind of a dumb name too, but at least there's a cute story behind it.)
(Okay, I knew Wix had been around for quite some time, but I didn't expect it to be almost as old as YouTube....)
https://www.ynetnews.com/articles/0,7340,L-5461537,00.html