top | item 47207571

(no title)

seethishat | 15 hours ago

One problem I have seen IRL is AI deployment mistakes and IMO Vibe Coders need an IT/Dev Father Figure type to avoid these simple mistakes. Here is one example:

A surgeon (no coding experience) used Claude to write a web app to track certain things about procedures he had done. He deployed the app on a web hosting provided (PHP LAMP stack). He wanted to share it with other doctors, but wasn't sure if it was 'secure' or not. He asked me to read the code and visit the site and provide my opinion.

The code was pretty reasonable. The DB schema was good. And it worked as expected. However, he routinely zipped up the entire project and placed the zip files in the web root and he had no index file. So anyone who navigated to the website saw the backups named Jan-2026.backup, etc. and could download them.

The backups contained the entire DB, all the project secrets, DB connection strings, API credentials, AWS keys, etc.

He had no idea what an 'index' file was and why that was important. Last I heard he was going to ask Claude how to secure it.

discuss

i_think_so|15 minutes ago

We're probably not far away from the fully automated (no human interaction whatsoever needed) exploitation of such vulnerabilities by state level actors. At that point give it another few months and script kiddies will be doing it at significant scale.

When this happens one of them is going to use their new toy to swat somebody, resulting in serious injury or death.

How is that risk/responsibility debate going to go?

dana321|15 hours ago

Claude is crazy good at coding but it won't hold your hand when it comes to the unknown unknowns that the regular joe like this doesn't know.