> Wouldn't his firm be better served by website builders like WordPress, Squarespace, Wix, etc
My understanding is the majority of his work is on WordPress. It's worth noting this is a partnership with 100+ clients, 5+ full time employees. They do television commercials, websites, banner ads, social media campaigns, etc. He is a partner at the firm and while he calls himself "non-technical" he does have experience with website design (HTML/CSS) and the administration of WordPress and databases.
To be clear: he was already delivering these kind of custom solutions to clients using contract programmers. He is well aware of requirements like authentication (in fact, our last conversation he mentioned a project he was working on that did just that). But previously, the cost of custom work was too high in some cases, since bringing on a contract programmer for certain kinds of projects pushed the budget out of range for the client. Vibe coding is opening up a new avenue for custom built functionality that was previously too expensive.
> I hope that he has the wisdom and humility
I notice this kind of thing frequently. I mean, who is lacking humility here? Someone thinking they have all of the facts, offering advice and "Why don't you just ..." kind of thinking based on assumptions. If you really think you can diagnose issues and offer advice based on the quick comment I made, you should reassess your own humility before recommending it to others.
> Vibe coding is opening up a new avenue for custom built functionality that was previously too expensive.
I'm not debating that. What I am arguing for is for using these new tools smartly and conservatively, because they have and will continue to produce low quality software in hands of inexperienced developers. It's easy to be misled by their confident tone and the overhyped marketing around them into thinking that they're able to do things they realistically cannot. Those best practices you say that customers don't care about are precisely what help prevent quality issues from impacting them, regardless of the software complexity. Vibe coding throws all of that out the window. It's tempting to cut corners to keep the cost of projects down, but ignoring well established software development practices is not a safe way to do it.
> If you really think you can diagnose issues and offer advice based on the quick comment I made, you should reassess your own humility before recommending it to others.
I'm not offering advice. I'm going by what you said, and voicing a concern that the apparent utility of LLMs has some important caveats. I don't particularly care about your friend's firm nor their customers. What I do care about is that the widespread adoption of vibe coding is doing more harm than good to the software industry and society at large, which will have destructive consequences in the near future.
Instead of engaging with this argument and filling in any details I might be missing, you chose to attack me personally, which says more about you than me.
What argument? You are expressing vague feelings of concern and stating incorrect assumptions. I can't change how you feel and those feelings are valid. They are certainly motivating your reasoning and leading you to the incorrect assumptions.
You are stating conclusions (e.g. "He will deliver a seemingly working site to his customers with security issues and bugs, and it will only be a matter of time for them to be exploited.") as if you have a crystal ball and then demanding that I defend this figment of your imagination.
> What I am arguing for is for using these new tools smartly and conservatively
You've moved the goalpost here. You said "These issues could be mitigated or avoided by hiring an experienced developer." Now you are back peddling, suggesting you actually meant to say we should use the tools "smartly and conservatively".
So how about you state yourself clearly: Can non-programmers use these tools "smartly and conservatively". And if so, why do you assume the friend I mentioned in question, someone who has been in the business for decades hiring for and delivering software, is incapable of doing so. And if not, provide an actual argument to that effect.
not to be rude, but WordPress is already a well known target for a lot of malicious behavior; assuming someone non technical is safely extending it with LLM generated authentication code is something that causes me, an industry professional, a certain amount of alarm
Your comment isn't rude, but it is a bit close to concern trolling. (as in, "the action or practice of disingenuously expressing concern about an issue in order to undermine or derail genuine discussion.") "Won't somebody think of the local plumbers website!"
There is an assumption being made here that isn't being made explicit: the only way that malicious behavior can be avoided is by paying a programmer. Is that a valid assumption? Or the less strong: a plugin is less secure if developed by a coding agent when compared to any possible programmer. Is that a valid assumption? Aren't all of the well-known issues in WordPress plugins the fault of programmers?
What I feel in these comments isn't a genuine attempt to engage but rather Fear, Uncertainty and Doubt (FUD) writ large.
Also, for what it is worth, the most recent project he developed was using React, Tailwind and Postgres (which he called "Post ... something?"). It was very work-flowy (user uploads a doc, it goes into a queue for manual review, once approved it is converted and uploaded to Google Docs, an email is sent, etc). I asked him if he had investigated any workflow builders and he said no, he just vibe coded it. It's also worth noting that he is paying for QA, I think that existed already in house for his other projects. Well, actually what he said was "it is currently in testing", so I can't confirm if it is professional QA.
> There is an assumption being made here that isn't being made explicit: the only way that malicious behavior can be avoided is by paying a programmer. Is that a valid assumption?
As far as anyone knows: yes. Why would that surprise you? The "only way" architecture can be certified hurricane-proof is by "paying" an engineering agency. That's why such professions were developed.
I see you chose to respond to my weaker argument and ignore the second: "A plugin is less secure if developed by a coding agent when compared to any possible programmer. Is that a valid assumption? Aren't all of the well-known issues in WordPress plugins the fault of programmers?"
You are also conflating professional engineering, a licensed profession requiring insurance, etc. with software "engineering". You don't want to admit that the quality of "engineering" that is available on Upwork or in the average contract software developer is likely as bad, in fact, probably worse than the latest crop of LLMs.
My understanding is the majority of his work is on WordPress. It's worth noting this is a partnership with 100+ clients, 5+ full time employees. They do television commercials, websites, banner ads, social media campaigns, etc. He is a partner at the firm and while he calls himself "non-technical" he does have experience with website design (HTML/CSS) and the administration of WordPress and databases.
To be clear: he was already delivering these kind of custom solutions to clients using contract programmers. He is well aware of requirements like authentication (in fact, our last conversation he mentioned a project he was working on that did just that). But previously, the cost of custom work was too high in some cases, since bringing on a contract programmer for certain kinds of projects pushed the budget out of range for the client. Vibe coding is opening up a new avenue for custom built functionality that was previously too expensive.
> I hope that he has the wisdom and humility
I notice this kind of thing frequently. I mean, who is lacking humility here? Someone thinking they have all of the facts, offering advice and "Why don't you just ..." kind of thinking based on assumptions. If you really think you can diagnose issues and offer advice based on the quick comment I made, you should reassess your own humility before recommending it to others.