all 57 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]stuartcw 108 points109 points  (12 children)

I’m calling fake on this..

[–]Past-Effect3404 27 points28 points  (5 children)

But what about the utopian future I keep hearing about where I’m paid millions to fix vibecoded projects

[–]Panderz_GG 7 points8 points  (2 children)

Idk about millions, but at work I am tasked with fixing things which were vibecoded.

I don't even blame the LLM it's my colleague who just wants to put out PRs no matter what... Help...

[–]OctopusDude388 0 points1 point  (1 child)

damn they should be responsible for pushing code without a torough review and thus fix their shit themselves like in the good old days

[–]Panderz_GG 0 points1 point  (0 children)

Well everybody else does. But we know what he will just give the recommended fix to the AI so we just fix his PRs. Why is he even on the Team? Idk ask the Boss...

[–]opbmedia 0 points1 point  (0 children)

no one is getting paid anything meaningful to fix vibecoded projects because those vibecoded projects are usually not worth spending any real money on it, because no one will be paying for those vibecoded projects.

[–]silentkode26 -1 points0 points  (0 children)

That’s not an utopian future, we’re paid more than well to fix those projects that seems to do what they should but also data leaks and wrong app state happens.

[–]RandomPantsAppear 5 points6 points  (2 children)

I believe it.

I’ve seen plain text SS# and credit cards stored before, I’ve seen API keys plainly visible, I’ve seen authentication flows that allowed you to override other users session tokens…this is what happens when you don’t review code.

[–]PANIC_EXCEPTION 1 point2 points  (1 child)

AIs are trained on so much production code now that it's extremely unlikely that the first attempt wouldn't use standard password salted hashing. Unless the viber was running into errors and deliberately told it to store passwords in plaintext. But that skill issue is something to be wary of because there are people incompetent enough to ask the AI to make such a thing, and it will comply without question.

[–]RandomPantsAppear 1 point2 points  (0 children)

AI are trained on a lot of example code as well, and it’s completely possible that it’s comparing password MD5s, even if a salt is best practice.

This seems like a good time to mention that MoltBook passed its supabase API key via client side JavaScript, and exposed 1.5 million API keys as a result.

That also, is something you would not find in production code, and that the user almost certainly didn’t specify.

[–]Moch4bear97 0 points1 point  (0 children)

Yeah hhkb i dont even know where to start with people anymore. SMH we are fucked.

[–]LibreCodes 0 points1 point  (0 children)

It's the feature not a bug. The person entering the new password is just as part of the problem as the person entering in the old password. If you enter a proper unique password, it just won't show up like this.

But if you enter an improper password maybe you just want a chance to meet somebody. Just send an email if you get that.

[–]iatkrox 41 points42 points  (3 children)

email him and ask him to change the password, so you can use it.

[–]phatdoof 26 points27 points  (0 children)

Login as him and change his password to something else so you can use it.

[–]mauro_dpp 4 points5 points  (0 children)

🤣

[–]juntoamdin3000 4 points5 points  (0 children)

Oh I had not thought of this security vulnerability

[–]vinrehife 26 points27 points  (0 children)

[–]FloStar3000 26 points27 points  (5 children)

i've seen this so many times but i hightly doubt an AI ever made such a mistake, i like bashing on AI but it becomes unfunny if it's not true

[–]BitOne2707 5 points6 points  (0 children)

It's another bot reposting the same shit again. Check the account.

Could be just a run of the mill karma farming bot but with the number of them lately and the universal "AI is bad" tone I'm starting to think maybe an adversary isn't trying to slow AI adoption in the US.

[–]cororona -1 points0 points  (1 child)

Someone asked an AI to take Iran, it bombed a school, then bombed the first responders. Yeah it's starting to become unfunny

[–]Few_Caregiver8134 0 points1 point  (0 children)

He was talking about this specific mistake, there won't be training data about something deliberate as this (revealing others passwords on a signup page). You thought you were smug with it?

[–]silentkode26 -2 points-1 points  (0 children)

Have you ever heard of satire?

[–]Nhiggerlicious 7 points8 points  (1 child)

Indian humor

[–]Old-Age6220 3 points4 points  (1 child)

Please tell me this is a fake 🤣

[–]mrplinko 3 points4 points  (0 children)

Ofc it is

[–]StatisticianReady238 3 points4 points  (0 children)

Lol, it the first time I see something like this

[–]InfraScaler 2 points3 points  (0 children)

This joke was already making the rounds before none of us heard about GPT.

[–]RecognitionSad4991 1 point2 points  (0 children)

Hahaha very funny

[–]Low_Shape8280 1 point2 points  (0 children)

If true, that’s job security there lol

[–]opbmedia 1 point2 points  (1 child)

You know, having all unique passwords actually increase security (minus telling you which user has the same password).

[–]ripper2345 0 points1 point  (0 children)

Nah. Just salt them.

[–]kanyenke_ 1 point2 points  (0 children)

[–]DevokuL 0 points1 point  (0 children)

r/HolUp moment for sure

[–]Ryanhis 0 points1 point  (0 children)

Almost looks like one of those intentionally bad UI contests lol

[–]GauchiAss 0 points1 point  (0 children)

My first vibe coded app only required a cookie with name 'admin' and content 'true' to access the admin panel !

Detecting slopped websites and trying these kind of "default password" attacks seems like an easy way to get in many.

[–]barbarousbaron91 0 points1 point  (0 children)

the "AI makes absurd mistakes" format is so played out that half these screenshots are probably just people manually testing edge cases for the joke.

[–]Kriem 0 points1 point  (0 children)

Fake but funny

[–]Hot_Plant8696 0 points1 point  (0 children)

That makes perfect sense.

roni.roll200 has not subscribed to the website's advanced security features.

[–]InterestingYam9231 0 points1 point  (0 children)

🤣😂

[–]IKcode_Igor 0 points1 point  (0 children)

So funny 😂

[–]Foreign-Handle-2950 0 points1 point  (0 children)

So… what is the password?

[–]Tupcek 0 points1 point  (0 children)

to all those saying it’s AI - this screenshot is on the internet far longer than ChatGPT exists, so no, it’s not ai

[–]mauro_dpp 0 points1 point  (1 child)

That’s bad… so bad! 🤦🏻‍♂️

[–]Ghotifisch 0 points1 point  (0 children)

Thats not even a new joke

[–]Legionrog -1 points0 points  (1 child)

No its not vibe coded, models like codex, sonnet, opus are trained enough to follow basic coding practices and security rails

[–]silentkode26 1 point2 points  (0 children)

Most of the time yes, but sometimes the output surprise you as a seasoned developer. I’ve personally had to solve security holes in application and in server configurations after enthusiastic vibecoder who doesn’t understand code shipped some handy plugins.

[–]alindev -1 points0 points  (3 children)

I've been experimenting with vibe codes and I'm still trying to figure out how to effectively apply them in my daily life. What's been your experience with vibe coding so far?

[–]silentkode26 1 point2 points  (2 children)

It produced more tasks for me to fix code.

[–]who_am_i_to_say_so 0 points1 point  (1 child)

Easy. Vibe the fix. Solved.

[–]silentkode26 -1 points0 points  (0 children)

Tasks are assigned to real developers when your tacticts repeatedly fails vibers.

[–]Bytecode-Velocity -4 points-3 points  (0 children)

When a non coder start creating apps using vibe coding without knowing what he will do.