People are using LLMs to generate apps and it's easy for non-technical people to miss this stuff. The blog post mentions https://lovable.dev/ becoming a $300M company, which uses Supabase by default and basically generates React SPA's with no true backend. But random people won't understand this distinction and will want to create full real apps. Doing this serverless is tricky and requires a lot of careful thought to do right.
Lovable is not going to tell them to use a proper auth service or fully secure their data. One Lovable project I looked at had generated an entire custom JS Markdown parser instead of using react-markdown, for example.
I had to double take back to the article after reading this - it actually said $330M (raised at
$6.6B valuation). AI investment has been crazy enough I would have actually believed it though!
Now, "non-technical people" should not ever by themselves put anything on the Internet that handles things like names and passwords.
It's bad that some folks want to make money on such people doing it anyway, which means they're not very nice and should get help to correct their ways.
I asked claude to build a system that involved parsing some dates and addresses and rather than using a library it wrote hundreds of lines of regexes and term lists ('st', 'street', 'dr', 'drive', 'ave', etc) to match every test case I gave it. Lesson learned.
My experience is watching a colleague use lovable which will mostly ignore security. Sure, if you prompt it the system will do something which seems correct, but it will also happily undo that as well.
eg I was trying to help her set up a webhook listener, and it undid our efforts.
These tools seem incapable of building software in the hands of users who don't understand security already.
> These tools seem incapable of building software in the hands of users who don't understand security already.
These tools are for augmentation of skills, not for wholesale "imma a programmer now", which a lot of people seem to think. And to be honest, lots of companies are selling that "experience" too, even though they know it isn't true, a bit shit.
dmix|2 months ago
Lovable is not going to tell them to use a proper auth service or fully secure their data. One Lovable project I looked at had generated an entire custom JS Markdown parser instead of using react-markdown, for example.
zamadatix|2 months ago
I had to double take back to the article after reading this - it actually said $330M (raised at $6.6B valuation). AI investment has been crazy enough I would have actually believed it though!
cess11|2 months ago
It's bad that some folks want to make money on such people doing it anyway, which means they're not very nice and should get help to correct their ways.
_puk|2 months ago
I've found doing this, and regularly asking "did you just make my system massively insecure" help keep it on its toes.
That said, I've seen a few "look what I just made.." that caused a double take.
vrosas|2 months ago
jeroenhd|2 months ago
iamsaitam|2 months ago
x0x0|2 months ago
eg I was trying to help her set up a webhook listener, and it undid our efforts.
These tools seem incapable of building software in the hands of users who don't understand security already.
embedding-shape|2 months ago
These tools are for augmentation of skills, not for wholesale "imma a programmer now", which a lot of people seem to think. And to be honest, lots of companies are selling that "experience" too, even though they know it isn't true, a bit shit.
bitbasher|2 months ago