Hacker News new | past | comments | ask | show | jobs | submit
One problem I have seen IRL is AI deployment mistakes and IMO Vibe Coders need an IT/Dev Father Figure type to avoid these simple mistakes. Here is one example:

A surgeon (no coding experience) used Claude to write a web app to track certain things about procedures he had done. He deployed the app on a web hosting provided (PHP LAMP stack). He wanted to share it with other doctors, but wasn't sure if it was 'secure' or not. He asked me to read the code and visit the site and provide my opinion.

The code was pretty reasonable. The DB schema was good. And it worked as expected. However, he routinely zipped up the entire project and placed the zip files in the web root and he had no index file. So anyone who navigated to the website saw the backups named Jan-2026.backup, etc. and could download them.

The backups contained the entire DB, all the project secrets, DB connection strings, API credentials, AWS keys, etc.

He had no idea what an 'index' file was and why that was important. Last I heard he was going to ask Claude how to secure it.

Claude is crazy good at coding but it won't hold your hand when it comes to the unknown unknowns that the regular joe like this doesn't know.