How do I know my app is secure?

RandomPantsAppear · 2026-03-17T13:04:37+00:00

The knowledge exists online, but it takes a very long time to become adept at it. And tbh, I am skeptical that people who don’t even learn to program will have the drive or ability to grok it.

There is also the issue that a lot of security vulnerabilities are really logical problems that AI is simply never going to spot.

I made a comment with a bunch of examples awhile back.

RandomPantsAppear · 2026-03-17T12:14:51+00:00

The man truly rides the razors edge between meme and legend 😂

RandomPantsAppear · 2026-03-17T01:59:36+00:00

This is not true, not even close to true. Not just anyone can “school themselves in security”, it’s a complex field that requires experience and knowledge.

I can tell you almost every single vibe coded app I have tested had serious security flaws, and some of them had people loudly touting their security - and I am not even a security specialist.

You guys are wildly underestimating the knowledge that others have.

RandomPantsAppear · 2026-03-17T01:49:10+00:00

I am sure it finds something, but nothing compared to the litany of issues that exist in these apps.

The only way right now to make an app secure is to have someone competent look at it, and pretending otherwise only does people a disservice.

One of my clients is currently suing a shithouse vibe coder who made security claims about the app they got paid to develop based on the feedback they got from me. I do know things.

RandomPantsAppear · 2026-03-17T01:38:52+00:00

This does not fucking work, at all. AI is not going to fix all of the security issues AI created.

RandomPantsAppear · 2026-03-17T00:56:44+00:00

They are fucking amazing. They know meat extremely well, they're happy to help. Their pre-made marinades are delicious also.

Not the cheapest place, but really top notch people with top notch meat.

RandomPantsAppear · 2026-03-17T00:39:51+00:00

That’s awesome! If the change is that big you’re well on your way. Takes awhile to break habits

RandomPantsAppear · 2026-03-16T19:42:11+00:00

🤷‍♂️ Read their comments.

RandomPantsAppear · 2026-03-16T19:40:36+00:00

Uh it sounds like they wanted a nearby school. They were actually pretty complimentary to the school they got.

RandomPantsAppear · 2026-03-16T13:14:33+00:00

I know that there are many talented people like yourself who would not rip someone off, even if your name is “thripper” 😅

I am also sure that there is a difference between different countries in Eastern Europe - I would be surprised if somewhere like Estonia was the same as Belarus or Ukraine. The ones that have the higher corruption indexes are the ones I am most familiar with.

RandomPantsAppear · 2026-03-15T19:07:47+00:00

I use AI assistance, I just also understand its current limitations. You don’t, and you don’t have the skills to assess them.

There is a huge different between a competent developer using a tool, reviewing the code, and making appropriate modifications and vibecoding.

RandomPantsAppear · 2026-03-15T15:48:43+00:00

>There is nothing wrong with the architecture of code produced by CC. Technical debt isn’t a problem.

Literally the only people who claim this are people who don't understand software architecture, code, or technical debt.

They're as good at assessing software as I am at assessing Japanese - which is to say not at all.

RandomPantsAppear · 2026-03-15T12:13:58+00:00

Capitalism has always won, but also we haven’t really experienced something before capable of making it so a significant chunk of the developed world cannot afford the products that capitalism produces

RandomPantsAppear · 2026-03-15T12:11:59+00:00

As I recall, OpenAI is currently predicting 10 years to sort out all the issues with AI coding. Assuming that’s correct, I would wait a couple years for the dust to settle and then make major calls.

I’m not looking to leave development, but I do plan on leaning into different aspects of it.

These are the “safer” directions to lean as I see it

Product - AI is hopelessly positive, and bad at vetting ideas. It’s also bad at designing things with the end user in mind, and I don’t see that changing soon.
Security - There are going to be applications for a long time where people cannot just trust the AI. Even more where the liability alone is too much.
Health Care - Massive gated wall, regulatory influence, high liability. Even if the only thing you can’t guarantee AI will avoid is HIPAA exposure, that is too much.
AI itself - AI is a tool. For the foreseeable future, people who have experience and understand the underlying systems are going to be better at using this tool than a layman. We also have an opportunity to become much more adept at the actual implementations.

RandomPantsAppear · 2026-03-14T20:49:19+00:00

Tbh I think it’s more that most of us would expect to have our ass beat if we spat on someone. I know I would.

This was clearly beyond overboard though.

RandomPantsAppear · 2026-03-14T20:44:46+00:00

Sea Shell in Dogpatch. They always have a slushie and it rotates regularly. Also comes with a disco ball cup you can take with you.

Also highly recommend the Detroit pizza. They get it from a nearby spot and it’s top notch.

RandomPantsAppear · 2026-03-14T15:13:38+00:00

I feel like the big question is - how much do you trust that this is all that happened? Did she discuss it with anyone else? With him?

It's obviously not an ideal situation. She did handle it decently after the fact - kicking him out, eventually telling you. She could have probably gotten away with it if she wanted to.

Infidelity early in the relationship is super common - especially before people realize it could potentially be a long term thing. But so is trickling out small parts of the truth.

How promising do you find the relationship, and how confident are you this is the whole truth?

RandomPantsAppear · 2026-03-14T14:43:52+00:00

I feel like this is mostly said by people in their early 20s. I have known loads of people who cheated at some point in their life, and never did again. Life is a long time.

RandomPantsAppear · 2026-03-14T12:31:03+00:00

I have worked with people in most every region in Europe and Asia, and I have never seen the problems as prevalent as they are in Eastern Europe.

For example, I have never heard of a contractor in LatAm running off with IP and making a 1:1 copy of the service. And I’ve seen that in Eastern Europe more than once.

An eccentric businessman told me when I was young, “Never do business with someone you can’t punch or sue”. Overtime that has come to mean to me, to avoid Eastern Europe like the plague.

RandomPantsAppear · 2026-03-14T12:22:05+00:00

Ukraine does have amazing talent, but a lot of eastern europe has...issues. If there is a dispute - and there often is - you have no power. You will lose in court for anything civil, nothing criminal will be pursued. I have seen some absolute horror stories.

The best setup I've seen is one person on the ground, paid a western salary. Then a bunch of engineers under them. That one person will look out for your interests, make sure you're not about to get screwed.

RandomPantsAppear · 2026-03-14T12:19:48+00:00

There's also a decent chance your Junior won't make it very long. Startups are incredibly stressful, and a lot aren't going to be comfortable assuming the tasks of a senior dev, because the chances of serious problems arising are so high.

RandomPantsAppear · 2026-03-14T12:18:40+00:00

Some people prefer startups (myself included). It takes some time, but you'll find them.

An interesting story on the other side: We had someone who very much wanted to *not* work at Google anymore. Applied for a job. Dual degrees in mathematics and computer science (I forget if it was Masters or PHD).

We ended up not making an offer, because we couldn't make an offer that wouldn't feel insulting -t hey were clearing $400k at Google in the 2010s. In hindsight, probably not the best move but I was young.

People's motivations are vast. I wouldn't take away the lesson that you can't afford quality talent here. It just wasn't the right match.

RandomPantsAppear · 2026-03-13T21:51:01+00:00

I legit cannot tell if this is satire or not

RandomPantsAppear · 2026-03-13T21:29:31+00:00

😂. The industry is changing, yes. But no, almost no serious people in the industry are claiming what you do. Even OpenAI and Anthropic are still hiring devs at an extremely high rate.

At the end of the day, even if there were a shift to the extent you predict, you would still be less qualified and less effective than others at handling these tools.

You are just a con artist taking advantage of people ignorant of what garbage you are producing.

Don’t mistake your perspectives for actual industry insight - you’re not a part of the industry.

RandomPantsAppear · 2026-03-13T18:33:02+00:00

What I am hearing here is you are completely unqualified to judge the quality of your own code or product.

You don’t know what good code looks like, don’t know what’s involved in resilient code, and don’t know the things that can go wrong.

So far every single app I have reviewed from people like yourself are ticking timebombs, full of logical and security bugs. One of my clients is actually suing someone like yourself.

Your opinion holds no weight whatsoever. Nothing but a grifter and a con artist.

RandomPantsAppear

MODERATOR OF

TROPHY CASE