- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
cross-posted from: https://lemmy.dbzer0.com/post/50693956
Transcript
A post by [object Object] (@[email protected]) saying: courtesy of @[email protected], Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957
It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f
given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
You must log in or register to comment.
Calling something “vibe coded” feels similar to calling something “woke”. Its used for everything so it lost all meaning.
If I start writing a function name and the coding assistant suggests exactly, character by character, the function signature I would have typed, is that vibecoding? If I ask an agent to check out my classes and create me a json schema from that, what about that? What if I ask it to write me some database connection stuff, boilerplate that is basically directly copy pasted from docs?
The presence of a cursorrules file signifies… Nothing. Most projects now have a prompt file to store general context, like styling etc. Most programmers use coding assistants. The use of coding assistants does not, in of itself, mean bad quality. Obviously you have to hide it because people get irrationally angry about it.
The blind AI hate does not help. LLMs can be useful. Is it stupid to have an LLM write an email so the other side can use an LLM to summarize it? Yes. Is LLM slop annoying? Yes. That does not mean that everything is bad. If you check out the Developer-sphere, people who have tried coding assistants for a couple years now, the consensus is “overhyped but definitely useful”.
Example, read this comment section: https://news.ycombinator.com/item?id=44836879
The blind AI hate does not help. LLMs can be useful.
I agree. Unfortunately, they’re being forced on us by the same companies which are enshittifying things as much as they can, and respond with hostility when anyone suggests that users deserve privacy, or fair compensation for their work. I can’t really blame people who respond with skepticism and distrust.
The second you allow slop generator use into your code base the quality takes a nosedive. People claim to review their slop but I have seen it often enough, all they are doing is hitting accept all without even reading half of the generated code. This isn’t “just a tool” this is technical debt as a service.
Also Hackernews is ridiculous den of techbros, libertarians, AI maximalists and temporarily embarrassed founders who think they stand to gain the most from hyping up slop generators. Trusting them with anything related to AI is like asking the CEO of Microsoft if you should use Windows or Linux.
Yeah, impossible to tell from that if someone is trying to “prompt engineer” all the way through a problem (which sucks and I’m shocked anyone reports that it works out for them) versus hitting tab complete for a couple of lines at a time or maybe prompt your way through a pretty boilerplate little function.
If they try to prompt engineer the whole project, well it should be obvious because it almost certainly has to be utter crap.
I dislike using AI when im writing my own code, simply because I do not believe AI is fair use or leads to anything positive for the creators of the works its trained on. I do use it to debug some stuff or get some hints but always double check whether the solution is good afterwards. With that said, if the cursorfile is just a settings file it only proves that someone has used AI in their IDE, the code itself does not necessarily have to be generated by an AI. And even if it were it could still be fine, it all comes down to the developers and the review process. The code is not inherently flawed because an AI wrote it. As long as humans are there to point out, find and prevent issues/security flaws its fine to use.
Here comes the problem though. The term “vibe coding” mainly refers to people with little to no skill as developers, mainly relying on AI to do the heavy lifting. That is very problematic. Thats when security flaws, issues and tech debt start to rack up. I havent looked at the code or researched repo history, but i would believe these devs are better than “vibe coders”
Tbh I would not be at all surprised if they were vibe coding. The snafu with the new authenticator app logging secrets, them just churning out random new apps no one asked for instead of meaningfully improving their existing products, claiming to open-source all their apps despite the Android calendar app still (after years) not being open-sourced (and with a GitHub link on their web page that implies all their code is available, but it in fact just links to the web clients), etc. have all combined to the point where I simply no longer trust them.
Based on my experience with prompts and seeing what they produce when attempting significant function… I’m kind of shocked anyone makes to produce a working project at all.
I still haven’t quite gotten over getting annoyed at bad suggestions even though I can just ignore them when they are bad.
What is “. cursor”?
Cursor is a version of a popular coding program that integrates Ai into the editor. A
.cursoris a text file that you put into your code folder that gives extra context and information to the Cursor code editor.Does anything here imply that the entire application was “vibe coded”? Or is it possible that a developer just used AI a few times to help with a line or two?
No. There’s no indication that any AI code was or was not added to their repository, nor is there any indication that any “vibe coding” was done. It could be that some junior developer installed Cursor on their machine and was playing with it and committed the
.cursorfile which was subsequently removed. More likely, they’re experimenting with introducing some AI into their development workflow as almost every company seems to be doing these days. Not great, but not nearly as alarming or damning as this post suggests.No, it’s entirely possible they used cursor without any AI at all (that’s unlikely, AI is kind of cursor’s big thing), used it in a few places, as a slightly better autocomplete, or to “vibe code the whole thing”. There are probably good reasons to avoid proton, but a text file in their repo related to a specific text editor isn’t very significant.
Cursor is an AI code editor. Like most code editors it leaves a hidden settings file in the project. This file can then deliberately (or accidentally) be commited to the repo.
