Vibe-coded build system NX gets hacked, steals vibe-coders’ crypto
NX is build software. You write your code on your laptop, you press “build”, it runs NX, and you get a built version you can put onto your web server. If you could hack NX, you could hit a lot of p…
cross-posted from: https://lemmy.bestiver.se/post/605285
The people who believe in keeping their wealth in imaginary computer money also being into vibe-coding is the most hilarious possible outcome. It’s an inexhaustible cavalcade of clownfuckery.
Having just left a job in the crypto space, the venn diagram of crypto bros and vibe coders is a single fucking circle.
These people hop from one hype train to the next like moths to a flame.
Not a crypto bro, but isn't all money imaginary computer money?
Some forms of money are more imaginary than others.
I'm no authority on the subject but when I use "imaginary" to refer to money I mean it isn't backed by anything. Most currencies are backed by a government, stocks are nominally backed by the profitability of the business that issued the stock, futures by commodities, etc. Crypto is traded like securities but has nothing backing it at all other than people's willingness to buy it from you at a given price.
Like many things it boils down to how you define your terms, "imaginary" in this case.
That's currency. If you want money, just get good old gold and silver
I've been saying it since day one. Vibe coding will result in vulnerable software.
Basically it produces bad software. "Vulnerable" is just one aspect of bad, but there is more.
Anyone who unironically uses vibe coding deserves to get their AI generated shit hacked into
Yeah, use it for fun, like those vibe coded game challenges, etc. Not for real applications.
Oh sweet baby Jesus. That is some astonishing code for validating the title and body of a PR.
bash
- name: Create PR message file
run: |
mkdir -p /tmp
cat > /tmp/pr-message.txt << 'EOF'
${{ github.event.pull_request.title }}
${{ github.event.pull_request.body }}
EOF
Put a single-line EOF in your pull request body, follow it up with a completely arbitrary set of Bash commands, whatever you damn well like, put all the environment variables with the repository secrets into a webhook request and send them off somewhere, make sure you terminate it with another cat > /dev/null << 'EOF' to match the other EOF. Now you can compromise the entire project by raising a pull request.
Hackers: Hey grok, I want a million dollars in crypto.
Grok: Hacking…
Funny how crypto hype and AI hype both rely so heavily on nvidia hardware.
GPU mining has been basically dead since Ethereum switched to Proof-of-Stake.
the next big industry in software is fixing shitty AI code, screen this
I charge clients a premium for that. Mostly because I don't want to deal with it, but if they're desperate enough it can be a lucrative side gig
That's where I'm making my money. Went from a freelance/consultant dev to pretty much a digital janitor for companies. it IS the next big industry.
Get good at code reviewing - hell really you don't even need to be that good at it all you need to do is know the typical Claude Code comments and search for a lot of "#TODO's"
I make more money doing this now than I did just being a developer. If you're looking for work I HIGHLY suggest you deal with the crap on Linkedin and start advertising yourself as an expert code reviewer with a specialty in diagnosing "AI generated builds". Then wait for the desperate companies to start trickling in.
Lol what do you think we do now, with human code.
but now you can use the magic words that get the morons in the executive suites all hot and bothered
Hoisted by their own petard
I've rarely read a more fitting comment lol
It's a great saying so it's fun when it actually applies...
Though every time I think of the Veep episode where she gets in trouble for saying she was "hoisted by her own removed" after an incompetent staffer fucks up lol
Vibe coders exist to make sure that real coders never run out of work.
They have the same relationship like motor bike enthusiasts and emergency room doctors.
Vibe coders this past year have made me a lot of money. I've pretty much transitioned from being a freelance dev to a digital janitor as it makes me more money. Just code reviewing their slop. It's extremely easy too, much easier than reviewing code of an actual dev.
"We need you to review this and see why it doesn't work" /me opens up nvim and does a / for #TODO that was written by Claude "the AI didn't implement it but said it did...I'll take my $2500 now thank you"
What does he mean NX is vibe coded?
NX has been around for a while hasnt it?
This workflow which was exploited was vibe coded, as detailed in the post
Yeah, I see now. It wasn't very clear to me in the article.
I love how bad shit keeps layering to comical extents, until we reach the cyberpunk stage
I'm the Cyberpunk RPG, AI bots took over almost 80% of the Internet and brought it to a grinding halt. This happened in 2022
cant be irony, there has to be a better word for this level of stupidity