Vibecoding: a beginner's guide

Scary_Turtle said:
I hope you are adding all your security checks or only using this as an internal project that doesn't touch the internet.

The vibe coded things are coming through in pentests and have huge security flaws.

Even programs that have been pentested aren’t safe. Someone decides to “clean up” the code, dumps it into an AI without any of the context, and the AI strips out chunks that existed for a reason. Suddenly, an application that’s been tested for a decade is vulnerable to XSS, SQL injection, etc.
Click to expand...
Have fun doing XXS and SQL injection with Django. All the backend APIs are very standard and boring Django views.

This is the mistake I think a lot of people make with vibe coding. I know where it is safe for the AI to work, and where it is not. For example, if someone mentioned graphql and vibe coding, I would instantly classify it as being a security risk ( well I would say graphql in general)

Most of the work was developing a fairly complex front end. I would rather spend my time ensuing the backend works well and is secure and let my good friend and colleague Claude handle React and CSS.
 
rustypup said:
I just threw up... a little bit.

Wordpress + Vibe coding is pretty much upchuck juice.
Click to expand...
Weeeeeellllll I asked Gemini if it felt I should stick with Wordpress or build a new website from scratch with AI, and it recommended sticking with Wordpress because of its established security plug-ins.

I mean there’s a whole argument on this thread about AI not getting security right, so doesn’t that make sense? Wordfence works well as a plug-in: who is going to try recreate that much security for their own personal website?
 
Foxhound5366 said:
Weeeeeellllll I asked Gemini if it felt I should stick with Wordpress or build a new website from scratch with AI, and it recommended sticking with Wordpress because of its established security plug-ins.

I mean there’s a whole argument on this thread about AI not getting security right, so doesn’t that make sense? Wordfence works well as a plug-in: who is going to try recreate that much security for their own personal website?
Click to expand...
Have you tried making Wordpress plugins with AI? That might interest me...
 
purrr said:
Have you tried making Wordpress plugins with AI? That might interest me...
Click to expand...
Nope, I made a lottery number generator over the weekend with AI which I shared here. I have some other simpler projects in mind for AI before I get to Wordpress plug-ins: plug-ins are great though because they achieve the same goal as AI (adding new functionality without worrying about the code).
 
Foxhound5366 said:
I asked Gemini if it felt I should stick with Wordpress or build a new website from scratch
Click to expand...
Wordpress is the cancer of the modern web. The plugins and maintenance thereof are virulent space aids.

WP core is not really the primary issue although it has had some whoppers in the CVE space. The access and control of the garbage plugins is. And those plugins are required because WP core is a fugly, anti-functionality mess.

I don't care that 40% of sites on the internet are built on this noise. That's just an indication of how awful the web is, not how great WP is.

Add in garbage vibe code and the end times are just around the corner.
 
rustypup said:
Wordpress is the cancer of the modern web. The plugins and maintenance thereof are virulent space aids.

WP core is not really the primary issue although it has had some whoppers in the CVE space. The access and control of the garbage plugins is. And those plugins are required because WP core is a fugly, anti-functionality mess.

I don't care that 40% of sites on the internet are built on this noise. That's just an indication of how awful the web is, not how great WP is.

Add in garbage vibe code and the end times are just around the corner.
Click to expand...
Phew, but tell us how you REALLY feel.

I hope you don’t carry that much anger around with you all the time, your blood pressure would be shocking.

If you can cool down to a mild simmer, maybe developers need to get off their high horses and understand that WordPress fulfils a critical need: a user-friendly GUI that any vaguely tech-savvy person can work their way around, and a whole library of free plugins that do really useful things (many of which offer paid upgrades but a surprising number given away for free just out of love and care). Are there garbage plugins? Absolutely! But if you follow a strict policy of checking number of installs, frequency of updates, on-site and third-party reviews … you generally won’t have any regrets.

Vibecoding is also here to stay, there’s no “turning off AI”: it’s only going to get more deeply-entrenched in every aspect of our lives until all of us (even you) can’t remember a time without it. The more you fight against it, the further behind you’re going to fall.
 
RedViking said:
Where is the beginners guide?
Click to expand...
The thread is the guide. I’ve mentioned a few tools, and other people have shared some useful videos and anecdotes from their life.

Something wise a guy said is that before AI, you learned how to code and then you coded something, but now after AI you code first and then try understand why it works and what needs to be fixed.
 
RedViking said:
Sheesh that looks bad.

I thought there would be a guide here. Misunderstood the clickabait headings. Bummer.
Click to expand...
Dude, I deliberately leaned into it and asked AI to make it even more obnoxious, it’s all part of the vibe(coding)! The actual functionality works and has the necessary safeties built in though, if you check it out.

Life is the guide. I’ll be sure to share more vibecoding adventures here this weekend, and not all of them will be ridiculously colourful.
 
RedViking said:
Don't know the forum heading gave me different expecations. So far I've learned nothing from this thread. I would recommend you update it to something like "My first time vibe coding - this is the result"


Anyways, if someone could actually post a guide or thread for beginners to advanced that would be awesome.
Click to expand...
Where did you get the idea that all threads need to offer everything in the OP? Some of the best threads are adventures that unfold over time, and add value for those following them.
 
Foxhound5366 said:
Start here with vibe coding:
1) Install Cursor: https://cursor.com/
2) Watch a couple getting started videos:
-
-
3) Profit

Better?
Click to expand...

Are you only interested in using online models and Cursor, or have you dabbled in other tools that could be more limited and restricted, but private?

I like Claude, but I am not going to subscribe to a service that I don't need. I liked using it with Ghidra, and doing mods. You know how, it can be super invasive where it should be otherwise restricted.

For my use, due to sensitivity reasons, I use local AI. Analytical AI is the exception. I have to break everything down into chunks, otherwise I am resource limited.
 
Fulcrum29 said:
Are you only interested in using online models and Cursor, or have you dabbled in other tools that could be more limited and restricted, but private?

I like Claude, but I am not going to subscribe to a service that I don't need. I liked using it with Ghidra, and doing mods. You know how, it can be super invasive where it should be otherwise restricted.

For my use, due to sensitivity reasons, I use local AI. Analytical AI is the exception. I have to break everything down into chunks, otherwise I am resource limited.
Click to expand...
How is AI “super invasive”? My biggest frustration with AI is it isn’t invasive enough due to privacy rules … I personally look forward to a genuine AI assistant that has all my context and I don’t need to brief any background to.

I don’t have a use case to how AI locally. What’s in the cloud is good enough for me.
 
Not vibe coding, but AI assisted coding is in demand.

Work with us - Senior Software Engineer (C++ GOG GALAXY)

Join us
www.gog.com www.gog.com

  • Active use of AI tools in daily development workflows, and enthusiasm for helping the team increase adoption
Click to expand...

GOG have long used AI. They don't actively promote its use, but I have seen genAI in their advertising and writing. Almost everyone is using GenAI in their writing, so much so, that AI and plagiarism checkers don't even work all that well anymore.

Overall, in my opinion, where it boosts productivity I am okay with it, but don't expect organic returns. Everything has a place and time. Though this might sound OT, when you design a website using vibe coding, please make it original. Where you do have to add Lorem Ipsum at least make it personal to your brand. I have been seeing this in reviews... eeuw.
 
Foxhound5366 said:
How is AI “super invasive”? My biggest frustration with AI is it isn’t invasive enough due to privacy rules … I personally look forward to a genuine AI assistant that has all my context and I don’t need to brief any background to.

I don’t have a use case to how AI locally. What’s in the cloud is good enough for me.
Click to expand...

I am not going to dive into the privacy aspects. There are commercial LLMs that have processed commercial IP. It can be used to circumvent copyright and licensing, but it has built-in guardrails.

For the same reasons, you can't use an LLM, like Claude, to directly produce a cheat (or hack); however, this can be bypassed using methods.

There are other things on this topic, but they are not relevant to this thread. Like users abusing APIs to penetrate and/or decompile machine code.

All-in-all, someone can't load up CoPilot (e.g.) and ask it to produce a CS2 hack. Though you can ask, educationally, to analyse the code that is hosted on GitHub (e.g.), and even put it into context with code commenting. There are steps to this.
 
Fulcrum29 said:
I am not going to dive into the privacy aspects. There are commercial LLMs that have processed commercial IP. It can be used to circumvent copyright and licensing, but it has built-in guardrails.

For the same reasons, you can't use an LLM, like Claude, to directly produce a cheat (or hack); however, this can be bypassed using methods.

There are other things on this topic, but they are not relevant to this thread. Like users abusing APIs to penetrate and/or decompile machine code.

All-in-all, someone can't load up CoPilot (e.g.) and ask it to produce a CS2 hack. Though you can ask, educationally, to analyse the code that is hosted on GitHub (e.g.), and even put it into context with code commenting. There are steps to this.
Click to expand...

Jailbreaking LLMs is honestly pretty easy. Took me like an hour to jailbreak Gemini.
 
purrr said:
View attachment 1881544

Think I need to give this a try...
Click to expand...


I've been working on a plugin for wordpress for about a month now and it i pretty good so far, it will only be for my internal use on a website but the way that it is being developed without me having to know the exact code is pretty cool

I did study software development and have an IT background, so definitely easier for me to at least check what it is doing, sometimes you need to finess it a bit but it works pretty well when the Ai understands exactly what you need. Definitely a good way to try things
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X