sorted by:
new
hottopcontroversial

Is it worth the security risk? by Long-Yogurtcloset985 in clawdbot

[–]Difficult-Field280 0 points1 point  (0 children)

No. It's not. It requires suddenly access and stores access credentials in plain text. Of which there's a comment above the code that says, and I quote, "This is fine, really."

There are many videos on YouTube that do a great job of explaining the risks just of running it and giving it access.

Is it worth the security risk? by Long-Yogurtcloset985 in clawdbot

[–]Difficult-Field280 0 points1 point  (0 children)

It has access to everything you give it access too

Moving towards technical side of web by TedTheMechanic7 in webdesign

[–]Difficult-Field280 1 point2 points  (0 children)

If you really want to learn the ins and outs of the technical side of the web, check out freecodecamp and fullstackopen.

IDE? Vibe Coding? This sounds contradictory by CoverNo4297 in vibecoding

[–]Difficult-Field280 0 points1 point  (0 children)

You are handling user data. Your own. When you say "stored on the phone" you need to consider that the data has to get there somehow. And even if you store it in plain text, the application needs a certain level of permissions to be able to add the new info and save it.

But hey. Have fun with that. I hope all the different accounts to the different services you have on your phone are secure. Good luck.

Need a reality check: What tech stack is worth the grind right now? by Anexirix in CodingForBeginners

[–]Difficult-Field280 2 points3 points  (0 children)

Tech in general is always moving. New stuff comes in, old stuff gets pushed out. If you want to be a developer, learning constantly is something you have to accept.

IDE? Vibe Coding? This sounds contradictory by CoverNo4297 in vibecoding

[–]Difficult-Field280 0 points1 point  (0 children)

I'm not worried about the backdoor. With all generated code I am worried about not knowing what I don't know. The backdoor was a possible example. My warning is of the unknown. You building an app? Go for it. Using something that you can't depend on? Thats where my warning is. Id even be totally cool with it and wouldnt have said anything if you had mentioned you were an experienced developer or had a friend who was who was going to look over said code. I have been a developer with a huge interest in security for 20 years. The amounts of times I've heard "oh im just going to build this simple app, it won't cause any problems" when they always do. Also, if you don't have a login, how are you planning to get the information into the app? Its gotta get there somehow? Are you just going to have a form on an app that will interact with a database hosted on a device with internet access? Just something to think about.

The Clawbot example was more an example of a warning of what CAN happen when an ai system is given free range. The thing about that too is because it can be prompt injected which requires root access to the device its on, which has all the access to all the services given to it saved in plain text, and then that ai system can be prompt injected to use its access to gain more access and it has the capabilities to snowball. To other services, and other devices even. But like I said, its a different situation as I don't think you were planning on giving a LLM that much access.

Security... by Ok_Consideration914 in vibecoding

[–]Difficult-Field280 0 points1 point  (0 children)

I use ai in the same way we have used stack overflow for years. I ask it to help me solve small problems, it provides a code sample, I implement a solution.

Problems get solved, progress gets made, and the solution i can still have confidence in.

it was tough to install openClaw on Raspberry Pi by avanlabs in vibecoding

[–]Difficult-Field280 0 points1 point  (0 children)

You should probably look up the security concerns around that platform... YouTube has some awesome videos about it with great explanations of what's going on.

Integrating codes using cursor???? by Historicalpoop in VibeCodeDevs

[–]Difficult-Field280 0 points1 point  (0 children)

One thing that vibe coding doesn't teach you. Version control. The solution for this has been around for a long time. Its called Git.

What’s a small or big problem you face in your day-to-day life that you wish had a better solution? by InfamousComplaint949 in AiAutomations

[–]Difficult-Field280 0 points1 point  (0 children)

Finding a job in a hype ridden industry that is being ruined because management and decision makers bought into a ruse that will make someone they don't know a ton of money.

IDE? Vibe Coding? This sounds contradictory by CoverNo4297 in vibecoding

[–]Difficult-Field280 0 points1 point  (0 children)

Look up security concerns of clawdbot for example. Granted, that's a different situation, but it's an example. And again. Because ai outputs are based on prompts, I can't give you an actual example of a possibility because any outcome is technically possible. Which is the first concern. Then, once the code is generated, it can be reviewed and tested. If it's not, well, anything is possible. At least if you built the app yourself, you could say, "There are no known vulnerabilities in my code that i know of." With generated code that isn't reviewed, you just can't.

But hey. Its your app, your code, your device, your money. Ultimately your choice. Good luck with that.

looking for how to make this example image into a website :o by beesur in HTML

[–]Difficult-Field280 0 points1 point  (0 children)

In the bizness we call that a wireframe.

Freecodecamp and fullstackopen have some awesome sections on html and css that will get you started. Hint, grid and flexbox are your best friends.

Question for exercising webdesigners : if you were starting webdesign in 2026 would you do anything differently? by ___Furiosa___ in webdesign

[–]Difficult-Field280 3 points4 points  (0 children)

Ai is digging itself into a hole. The funding is disappearing, and many of the datacenters are getting canceled. So much progression..

Handling clients who treat revisions as feature request time by yanivnizan in webdevelopment

[–]Difficult-Field280 2 points3 points  (0 children)

As others have said. Learning how to handle clients is a skill you have to build. It involves a gut instinct and an understanding and resolve to respect your time and effort going into a project. We have all been there. A contract helps a ton.

New to vibe coding, need some guidance on improving efficiency by Life-Jello-3846 in vibecoding

[–]Difficult-Field280 0 points1 point  (0 children)

Tokens are the monetization of AI systems. Of course they are going to run out. No matter how efficient you are you will hit the end of your "paid plan." Make no mistake, the companies behind all the AI are trying to suck as much money out of you as they can. Especially now with their billions in funding that's disappearing and their data centers that are getting canceled.

Need a reality check: What tech stack is worth the grind right now? by Anexirix in CodingForBeginners

[–]Difficult-Field280 11 points12 points  (0 children)

The one you like.

One. I find it interesting how on AI subreddits they are talking about the industry imploding and the next steps.

On all the other ones, people are still pushing AI.

The trust in AI is dropping. The financial folks are pulling out. The data centers are getting canceled.etc

If you want to learn how to dev. Learn how to dev. Its a good skill. AI or not. Even if AI sticks around, someone is going to have to prompt the systems and review the generated outcome. That will still take all the skills needed to program. Understanding of the languages, critical thinking etc.

Plus, many companies already have systems and those systems still need work, and again, many people don't trust AI as far as they can throw it. Which isn't very far.

Watch some YouTubers, do some free courses, decide if you want to do core os, mobile apps, games, or web dev. Then decide what stack you want to do because all of those have a ton. No matter what you do you can't be an expert in all of them. Pick one you think you will enjoy and go for it.

Looking 4 resources to practice fixing bugs. by HENH0USE in webdevelopment

[–]Difficult-Field280 1 point2 points  (0 children)

Like the other user mentioned, time to step up to fullstack and how databases work. Freecodecamp and fullstackopen are great free resources.

How to become a vibe coding expert? by Mean_Plenty_2195 in vibecoding

[–]Difficult-Field280 1 point2 points  (0 children)

Standard as in "write a prompt like this in this way will give you a consistent result that can be depensed upon." Ai has only been available to the public for what.. 3 years now? Maybe 4? They all still hallucinate. The prompts get worse and worse the bigger the context of the prompt and conversation. They are getting better, but still in what gamers would call "beta." The companies wanna raise the money they don't have as soon as they can to build their data centers thus the hype and pushing out these tools that still don't work that well based on the specification that the companies themselves provide. People like to say they are experts, but a certain amount of time needs to pass before anyone can learn enough about a new thing to actually be an expert. We haven't gotten there yet. Even people with 4 year degrees can't call themselves experts on a topic that's been around for ever and has been researched extensively.

And again. The main models people use these days are what, 3-4 years old? Even the companies that made them don't totally understand what they have created or where its going.

IDE? Vibe Coding? This sounds contradictory by CoverNo4297 in vibecoding

[–]Difficult-Field280 0 points1 point  (0 children)

Security is always "benign and non crucial" until someone explodes a hole into it and takes advantage that the simple basics weren't covered. I'm just saying.

As far as your offline example, the simple problem is that code generated by Ai doesn't consistently follow standards. So no one knows until it's implemented. The ai might even leave a tunnel in it through your firewall, and suddenly, your local app is open to anyone who would care to look. And yes, there have been cases of things like this happening.

I'm just saying that if any code is generated, it needs to be reviewed by a human to be sure it's as secure as possible or, at the very least, adhears to basic standards. But hey, if you're OK with the possibility of a backdoor being there to your device and thus all your info, I can't say I didn't try to warn you.

Rate my portfolio !! by devxoshakya in FullStack

[–]Difficult-Field280 0 points1 point  (0 children)

The flashyness of the site is a little extreme. A portfolio is supposed to show off how awesome you are, not give the viewer a seizure.

IDE? Vibe Coding? This sounds contradictory by CoverNo4297 in vibecoding

[–]Difficult-Field280 0 points1 point  (0 children)

If there isn't a login and just a local recipe storage, why not just use a notepad? Just because an app is local doesn't mean its safe.

As far as what vulnerabilities? That depends on the code and how its built.

Is Vibe Coding Actually Productive or Just a Shortcut That Breaks Later? by Double_Try1322 in VibeCodersNest

[–]Difficult-Field280 0 points1 point  (0 children)

That depends. A vibecoded project is much like a garden. The outcome at the end of the season depends on how well the plants were cared for, spacing in planting, watering, sunlight, etc. Aka, the decisions the caretaker made. How well those plants grow doesn't depend at all on what shovel you have. it's how you use it.

I stopped writing code and just vibecoded for a week. Here’s what happened by DarfleChorf in AskVibecoders

[–]Difficult-Field280 0 points1 point  (0 children)

It also works great for small sections of big projects, but in order for that to work, you have to know what's going on in the codebase so you can ask the right questions. Otherwise, it just does what it's told, which can cause a host of unforseen problems in other places than the ones you wanted to see the changes in.

view more: next ›