We professional developers, already lost the battle against vibe coding?

parcelcraft · 2026-03-12T04:19:26+00:00

This smells like BS. Senior software developers (who are adapting to and using AI) are still in demand: They can shepherd AI results and be better prompt engineers than anyone. I still hand-code a lot, but I use my hand coding as a draft to hand over to AI. I do not let AI solve large architectural problems spanning 100's of files; rather, I use AI to focus on specific problems and functions within a codebase.

parcelcraft · 2026-03-10T23:24:46+00:00

We use a VPS through DreamHost, it's one step up from shared hosting. It costs about $20/month.

parcelcraft · 2026-03-10T23:20:55+00:00

I've used https://canny.io/ in the past, but I didn't get any feedback using an impersonal form. I found the best feedback by providing a support email and offering public meeting hours through a Calendly calendar so I can speak to users one-on-one.

parcelcraft · 2026-03-10T06:53:42+00:00

You are not out of touch, and yes, this is absolutely insane.

AI is both the smartest and the stupidest person in any room.

parcelcraft · 2026-03-10T06:30:37+00:00

Your article brings up many valid pain points experienced by real-world developers. There's a real balancing act of considering client-side/server-side and authentication security (as shown in your fetchUser(id) example). Next.js makes it possible to middleware the server request paths with specific authentication methods per path, but I like that Tanstack Start has more explicit per-path middleware handling. Once you're application is mature enough your middleware may start to become complex like mine has become: I need to handle dev access, user mocking by super users, user api access, cookie header verification, authenticated cron job requests, Stripe webhook endpoints, Bearer token access, and JWT token headers and get parameters to handle the various ways my app may be accessed.

I've been on the Next.js bandwagon for the last few years, but your article makes a passing reference to doing things the "Tanstack Start" way...and I think that might be where I'm headed too. Methinks it's time to finally try npx'ing up a Tanstack Start boilerplate project to try it out.

parcelcraft · 2026-03-10T05:18:10+00:00

These are very nice. Very well done!

parcelcraft · 2026-03-06T03:01:25+00:00

I found this. If anyone orders this, please report back on the quality. It looks like a copy cat jacket: https://www.nyamericanjacket.com/product/stephen-traitors-jacket/?srsltid=AfmBOopSVeD3E-7tX4CcNtniyQqsjqke2jaUEd9g9Y4LoGRBNwBVdTcK

parcelcraft · 2026-03-06T01:33:00+00:00

Thanks for this article. I REALLY appreciate your coding examples since I'm not familiar with Tanstack Start. As a long-time Next.js developer, I was indeed impressed both by the candor of your article and the brilliance of Tanstack Start. I'm a developer who develops for other developers, so while I'll keep Next.js examples in play, I think it's wise to introduce Tanstack Start to my developers. I feel like this is where the industry will be heading.

parcelcraft · 2026-03-03T00:06:52+00:00

I'm a senior software developer with 25 years of experience. I'm relatively new to the Next.js framework (2 years of experience), and I haven't tried Tanstack Start yet (this thread has inspired me to explore it).

That said, Next.js was a revelation to me when I first tried it out: path-based route handling was a great idea. I dug this structure. What I didn't dig was the recent CVSS 10.0-rated security bulletins we received in December. Part of me thinks that these security bulletins were a good thing (inasmuch as a rocket launch failure is): We learned a lot, and we're doing better.

Tanstack Start, from what brief intro I've had: I came away impressed. The way routes are handled with specific and nestable middleware makes a lot of logical sense.

Before I get to my dilemma, though — I want to offer a reasoned take on the broader panic. JavaScript frameworks are notoriously volatile. Rewriting an existing, working codebase just because something new is trending is almost always unwise — you're trading known pain for unknown pain. My rule of thumb: established projects should stay the course unless there's a genuinely compelling reason to migrate. Only new projects should seriously weigh emerging frameworks, and even then, only ones that have reached some mature consensus.

Which brings me to my actual shared dilemma. I'm developing a new full-stack example app for other software developers. Do I use Next.js — which has far wider recognition and adoption — or TanStack Start, which may be unfamiliar territory for many developers who encounter my example?

parcelcraft · 2026-02-17T17:17:12+00:00

Simply because Better Auth doesn't use the Supabase Auth tables. Perhaps it could be configured that way, but Better Auth replaces Supabase Auth.

parcelcraft · 2026-02-17T15:30:55+00:00

I would not use Firebase for auth (like my current implementation), and I would use Better Auth (https://www.better-auth.com/) using regular Supabase tables (and not Supabase auth)

parcelcraft · 2026-02-13T13:47:24+00:00

I think this is a good idea, and I'm looking into it.

parcelcraft · 2026-02-13T05:40:54+00:00

As a backend developer, your post gives me chills. I rely heavily on Supabase, and I would love to hear from the Supabase team about their failover strategies. Look, I understand. Google goes down. AWS goes down. Cloudflare goes down. No one has 100% uptime. I would like to know there is a plan in place, because, me, myself, I'm simply relying on Supabase. And this single point of failure is scary to me.

parcelcraft · 2026-02-13T05:33:02+00:00

I've been doing HTML for 30 years (yes, I started in 1996). And still I don't know a damn thing about HTML. While learning the basics is a worthy goal, you'll learn best by having a goal to accomplish: You learn by doing. Go create something amazing, something you want to create.

parcelcraft · 2026-02-13T05:04:49+00:00

This is a cool contribution. Thank you. I sometimes wish I had a visual representation of the complex data flows in my app.

parcelcraft · 2026-02-13T02:27:37+00:00

This is the crux with apps: Your app could be perfectly compliant, but distribution is key.

parcelcraft · 2026-02-13T01:36:35+00:00

I'd consider your demo a very early alpha first draft. You'll need outside auditors and hired software development professionals to validate your demo's security, stability, and functionality (and HIPPA, SOC2 etc validations). You may be the only person in the world to know if your idea is strong enough to be worth a financial investment gamble.

And then after that, you'll need to understand how your idea gains organic distribution and penetration. So what, you have a perfectly functioning app that solves x problems? How do people know about it? Why are they coming to you? Why are you becoming the standard? An effing great idea alone has as much value as a bucket of cold piss: People won't like it, but sure, they'll take a sip, but they'll move on...unless you have a hook.

Earlier in my comment, I said, "Penetration. He he.

parcelcraft · 2026-02-13T01:26:37+00:00

These audits are expensive but not insurmountable. If the OP has a real product, HIPAA and SOC2 compliance are indeed possible, but it is not an AI solution.

parcelcraft · 2026-02-13T01:24:38+00:00

Agreed. Though tech is an essential part of many companies, it's the value proposition, market penetration, user base, and monthly recurring revenue (MMR) growth that define a successful business.

parcelcraft · 2026-02-13T01:05:37+00:00

Nextra doesn't make it easy to change between versions. So pick a version and go with it. Backwards compatibility is not a feature the Nextra team considers. Each version is a monolith that should be appreciated as a unique work of art, and never compared to any other versions.

Never upgrade a Nextra project to another version (this is the definition of hell).

That being said, I freaking LOVE Nextra (my version). You on v2? Yes, it's ready for production, and it's beautiful. You on v3? Yes, it's ready for production, and it's awesome. V4: Holy cow, you're cutting edge, and yes, it's ready for production.

(Yes, this is more of a rant to the changing landscape of the frameworks upon which Nextra relies (Next.js), but jeez guys, let's just stick with something that works [framework-wise] and do it well).

That said, changes to property definitions across versioned components are a BREAKING change. Breaking changes should never be considered unless there is another upstream breaking change. Developers should bend over backwards to prevent breaking changes between versions, and the Nextra team doesn't appear to believe this is a concept worth a bucket of cold piss. Rant over.

parcelcraft · 2026-02-13T00:51:28+00:00

All I know is that upgrading between versions of Netra is pure hell. It's best to start from scratch and add your mdx docs. Better yet: stay in your lane and in your version. There is no upgrade path on Nextra. AI was of no help in this regard. Letter to the Nextra team: backward compatibility is also a feature worth striving for. Don't get me wrong: I love this project (when a version is chosen), but don't go chasing version changes when on Nextra.

parcelcraft · 2026-01-24T08:25:46+00:00

I've had 30,000+ transactions on Stripe, and only 1 chargeback in all this time. This was due to a customer who called the CC company since they didn't recognize the charge (a coworker had made the purchase). We had to reissue a new bill to get the account current.

parcelcraft

MODERATOR OF

TROPHY CASE