You mean the dude who writes articles on TechCrunch and Ars Technica based off of HN and Reddit thread titles because he doesn't understand what real journalism is? Sure, we can count on him :)

I've seen senior software engineers get tricked with the 'if YES spells yes, what does EYES spell?', or 'Say silk three times, what do cows drink?', or 'What do you put in a toaster?'.

Even if not a trick - lots of people get the 'bat and a ball cost £1.10 in total. The bat costs £1 more than the ball. How much does the ball cost?' question wrong, or '5 machines take 5 minutes to make 5 widgets. How long do 100 machines take to make 100 widgets?' etc. There are obviously more complex variants of all these that have even lower success rates for humans.

In addition, being PHD-Level in maths as a human doesn't make you immune to the 'toaster/toast' question (assuming you haven't heard it before).

So if we assume humans are generally intelligent and can be a senior software engineer, getting this sort of question confidently wrong isn't incompatible with being a competent senior software engineer.

thanks but no thanks

i am often glad my field of endeavour does not require special professional credentials but the advent of "vibe coding" and, just, generally, unethical behavior industry-wide, makes me wonder whether it wouldn't be better to have professional education and licensing

https://fs.blog/einstein-wertheimer-car-problem/

And that many mathematicians got monty-hall wrong, despite it being intuitive for many kids.

And being at the top of your field (regardless of the PHD) does not make you immune to falling for YES / EYES.

> humans without credentials are bad at basic algebra in a word problem, ergo the large language model must be substantially equivalent to a human without a credential

I'm not saying this - i'm saying the claim that 'AI's get this question wrong ergo they cannot be a senior software engineer' is wrong when senior software engineers will get analogous questions wrong. If you apply the same bar to software engineers, you get 'senior software engineers get this question wrong so they can't be senior software engineers' which is obviously wrong.

I guess the author hasn't done real software development. The cost isn't just for the code. It's for the whole process - especially the architecture. Which database to use for the use case, which framework and language to use, how the database should be structured,table naming standardization, best practices, security audits and everything else.

Can AI do all that? Sure, but you must know to ask for all that in the first place. Look what happened to Clawd/Molt.

> It's because building an app went from a $50K project to a weekend with Claude.

Sure, why don't you deploy your vibe coded app over the weekend and see if it falls apart after handling one request per second

This article was written by AI btw

Unless there is inherent complexity in the problem (and assuming subscriptions don’t get pricey soon) I can see nontechnical people getting into designing their own apps.

It makes me think of 3d printing. A lot of people got into 3d modeling because of it. And a lot of people publish cute baubles 3d models (analogous to vibe coded ai wrappers?) but there is genuinely useful stuff that people not in the fabrication or 3d design industry create and share, some even making money off of it.

I just can’t think of a way saas margins will stay as high as they are now.

If there was a text based file format for models, it could generate those and you could hand that to the slicer. Like I’ve never looked, but are stl files text or binary? Or those 3mf files?

If Gemini can generate a good looking pelican on a bicycle SVG, it can probably help design some fairly useful functional parts given a good design language it was trained on.

And honestly if the slicer itself could be driven via CLI, you could in theory do the entire workflow right to the printer.

It makes me wonder if we are going to really see a push to text-based file formats. Markdown is the lingua franca of output for LLMs. Same with json, csv, etc. Things that are easy to “git diff” are also easy for LLMs…

It's just gimped to the point that you can basically only use it for hobbyist projects, anything reasonably professional looking is using STEP compatible files and that is much more complex to try to emulate and get right. STEP is a bit different - it's more like a mesh in that it contains the final geometry, but in BRep which is pretty close to the machining grade, while OpenSCAD is more like what you're asking about - a textual recipe to generate curves that you pass into an engine that turns it into the actual geometry. It's just that OpenSCAD is so wholly insufficient to express what professional designs need it never gets used in the professional world.

Most of the problems you talk about are problems if you intend your software to be used at scale.

If you're building an app for yourself to track your own food habits; why does DB, framework, best practices matters?

People used to do this in an Excel sheet.

Now they can ask Claude to make them a nice UI similar to MFP or whatever.

Data can be stored in a single JSON file.

It's going to take years before they see actual performance issues.

And even though it becomes an issue, right now an AI Agent can already provide a fix and a script to migrate the data.

My only concern really is about security.

But a private VPS only reachable through Tailscale and they're ahead of 99% of the rest.

AI can fix bugs, sure. But every time you ask it to fix the same problem, it will come up with a new solution - usually unnecessarily complex. Will we reach a point where the AI can be its own architect? Maybe. But, I know for a fact that it's not what we have right now.

Right now, AI needs an architect to tell it how it should solve a problem. The real value of software is in the lived human experiences, not just the code. That's why we make certain decisions different than an AI would.

Ask an AI to vibe code an invoice app. It will make some really lovely looking UI - which is what unfortunately people judge an app by - but with a MongoDb backend which is totally not the right solution for the problem. That's what I mean.

They don't, it's just annoying as shit when things break at the worst time for lack of these "best practices" and you know that the only answer will be "do better". I'll give you an example. Years ago I migrated a lot of my app usage to selfhosted OSS apps for all the reasons one might list them. I did like 80% of what I perceived as the "important best practices". Setup ZFS with redundancy to handle drive failures, a UPS for power interruption, wireguard for secure access, docker for application and dependencies isolation, etc.

But there were always things I just thought "I should probably do that, but later. This is just for me"

It would be the end of the day, I'm tired and on bed wanting to just chill and watch something on my ipad, and what do you know my plex is down, again.

Why does it go down every few days? Now I need to go get a laptop, ssh into my server, docker logs. See a bunch of exceptions. I don't want to debug it today. Just restart it, ok it works again. Go to bed, start watching.

20 minutes in.. I think it's down again.. wtf? get the laptop again, google the error, something about sqlite db on an NFS share not being very stable. All my ZFS storage is only exposed as NFS and SMB share to another machine.. Ok, just restart and hope it works and I'll deal with it latter.

Forget for a couple of days. I'm with a friend as her place and want to watch again, and fuck me I never fixed the sqlite issue, nevermind lets just watch netflix.

Over the weekend, I'm determined to get this fixed. Move the application folder out of NFS on the local machine SSD. It doesn't have redundancy, but it's ok for now. I'll setup an rsync job to copy it to the NFS share in case the SSD fails. I just want to see if it'll be stable.

Few months pass, and it's been pretty stable until I have a power outage. The UPS was there, but the configuration to notify the OS to shutdown broke a while ago and I didn't notice. Files on ZFS are fine, but the some on the local SSD got corrupted and I didn't notice, including plex database. the rsync job just copied the corrupted file over the "backup" file.

It's late at night again, and I just want to relax and watch something and discover this happened. I could try to figure out how to recover it, but it's probably easier to just do a clean scan. It's gonna take hours. Lets just start it and go to sleep.

Later, lets just migrate everything to jellyfin. Have auto upgrade setup because I'm smart. Jellyfin 10.8 updates and unfavorites all the facorited music tracks. "You have backups right". "Well, yes I do. Let me make sure I have an evening cleared so I can setup another instance of jellyfin, run the old backups, export the favorite list, and import it in the new one"... oh there is no way to do that? I guess I can export it to CSV, get a plugin to automate it for me. the plugin hasn't been updated to 10.8 but there is a pull request. ok lets wait. Forget that I setup restic to delete backups older than 30 days. fuck me. I have the CSV somewhere I think. God my `/tmp` is ephemeral and I hope I haven't rebooted since then. phew it's there. fuck me still.

I have worked in managing services for most of my career. I know what I'm doing wrong. I need to setup monitoring, alerts, health checks, 321 backups (not just rsync to a zfs pool) and actually use a backup software that tracks file versions, off site redundancy, dashboards for anomaly detection, scheduled hardware upgrades and checks for memtest, disk health, UPS configuration checks. I know how 3 or 4 9s are achieved in the industry.

Personally, for my small business. I've replaced £500 Zapier subscription, £100 Todoist subscription, and I only haven't replaced the rest because I feel like there's not a huge rush. And it's been six months and nothing has fallen apart yet.

You might not think small business is relevant, but it absolutely is.

Actually this number was updated to 135,000 exposed instances recently

Unless you had an AI write the article, you can't possibly know that. I'm sick of this being randomly thrown around: it's basically mentioned for every article posted. Sometimes the author chimes in to say that no, they wrote it themselves. Other times sure, the article was written by AI. I don't know, and you don't know either.

Easiest way, however - any article that uses em dashes instead of regular hyphens is most likely AI. Normal bloggers, particularly in casual tech circles don't use em dashes. When was the last time you ever used an em dash? Me? Never.

The use of the word "any" here only emphasizes that this advice is not very valuable.

Pray how do those "ai detectors" work? I trust those even less than I trust ai: AI detectors use simple heuristics and take advantage of your gullibility.

To think that someone on Hacker News actually wrote this seriously in 2026, after a couple of decades of CVEs, security breaches, and data thefts being in the news every single week and after 50+ years of the industry experiencing how arduous software maintenance is. I doubt even Anthropic or OpenAI would be brave enough to say that.

Ironically, AI tend to be better at securing code, because unlike the squishy human, it is much more cable of creating tons of tests and figuring out weaknesses.

Let alone the issue when lots of meatbags with different skill levels are working on the same codebases.

I have barely seen any codebase that has been in production for a long time, that did not have glaring issues.

But if you tried to do a code audit, your spending somebody their time (assuming this is a pro), for a long time. Where as a AI with the correct hints on what too look for, can do insane levels of work, testing, etc...

Ironically, when you try to secure test a codebase, and you use multiple different LLMs, you get a very interesting list of issues they can find. Many that are probably in tons of production level software.

But its up to you, as the instructor of that LLM codebase, to actually tell it to do regular security audits of the codebase.

Sentences like this make me think AI is honestly the best thing that happened for my imposter syndrome. AI is great for simulating test case, and that's it. If you leave it, it write the most basic, useless tests (i mean, half of them might be usefull when you refactor, but that's about it). It can't design reusable test components and have trouble with test double, which i would think is the easiest test case for AI. Even average devs like me write test double faster than AI, and i'm shit at writing tests.

AI is also extremely bad at understanding versionning, and will use a deprecated API for no reason except increasing the surface of attack.

AI is great for writing CLI scripts, boilerplate and autocomplete. I use it for frontend because i'm shit at it (even though i have to clean its shit up behind), and to rewrite small functionalities of some libraries i want to avoid loading (which allowed us to remove legacy dependencies). It's good at writing prototypes (my main use nowadays), and a very good way to use it is to ask it a plan to improve/factorize your code (it's _very_ bad at factorizing, but as it recognize patterns, it is able to suggest interesting refactors. Half the time it's wrong, so use the "plan" mode)

I'm on a network security and cybersecurity tooling team, i guarantee you AI is shit at securing the code (and at understanding network).

I ran Opus on some public source code, and lets just say that the picture was less rosy for the whole "human as security".

I understand people have a aversion to LLMs but it irked me the wrong way to see the amount of downvotes on here, because people disagree with a opinion. Its starting the become like reddit. As i stated before, its still your tasks as the person working with the LLM to guide it on security practices. But as somebody now 30 years in the industry, the amount of absolute crap i have seen produced as code (and security issues), makes LLMs frankly security wizards.

Stupid example: I have yet to see LLMs not use placeholders to prevent SQL injection (despite it being trained on a lot of bad code).

The amount of code i have seen, where humans just injected variables directly into the SQL... Yea, what a surprise that SQL database content get stolen like its nothing. When doing a security audit on some public code, one of the items always found by the LLMs, yep ... SQL injectable code everywhere.

A lot of practices are easy, but anybody can overlook something in their own code base. This is where LLMs are so great. You audit with multiple LLMs and you will find points that are weak or where you forgot something, even if you code security wse.

So yea, i have no issue doing discussions but the ridiculous downvotes on what seems to come from people with no clue, is amazing. Going to take a break from here.

But like i said, this whole discussion on LLMs since Opus is out is _great_ for my ego. At first i thought i used it wrong, then my company made weekly meeting on "how to use AI" with devs who swore by it, now i'm confident I might be a bit above average after all.

Maybe it's different for tooling/network/security devs than for product devs, but i doubt our backend are _that_ complex.

Nobody gatekept anything. The software, tools, knowledgebase (MIT, Coursera, etc) were always there. It was a choice. Some of us chose it, rest didn't for whatever reason.

Who was preventing you from learning how to do it yourself and then doing it?

And about the pulling in devs - you can actually go to indeed.com and filter out listings for co-founders and CTOs. Usually equity only, or barely any pay. Since they're used to getting code for free. No real CTO/Senior dev will touch anything like that.

For every vibe coded product, there's a 100 clones more. It's just a red ocean.

Watt is a measure of power, that is a rate: Joule/second, [energy/time]

> The watt (symbol: W) is the unit of power or radiant flux in the International System of Units (SI), equal to 1 joule per second or 1 kg⋅m2⋅s−3.[1][2][3] It is used to quantify the rate of energy transfer.

https://en.wikipedia.org/wiki/Watt

One household uses about 30 kWh per day.

20 kW * 24 = 480 kWh per day for the server.

So you're looking at one server (if parent's 20kW number is accurate - I see other sources saying even 25kW) consuming 16 households worth of energy.

For comparison, a hair dryer uses around 1.5 kW of energy, which is just below the rating for most US home electrical circuits. This is something like 13 hair dryers going on full blast.

1 Watt = 1 Joule per second.

A KW is a unit of power while a KWH is a unit of energy. Power is a measure of energy transferred in an amount of time, which is why you rate an electronic device’s energy usage using power; it consumes energy over time.

In terms of paying for electricity, you care about the total energy consumed, which is why your electric bill is denominated in KWH, which is the amount of energy used if you use one kilowatt of power for one hour.