Counter-perspective: my WFH office setup is the exact same setup I game and do personal dev on. I'm a button-press away from my KB+M+LCD pointing at my much-more-enjoyable home PC (my corporate device is laughably bad). I don't find I'm tempted away from work during work hours, not even a little bit, UNLESS work sucks: uninteresting work, painful people, busywork, endless process, low autonomy, low trust.. all that stuff has me yearning for the satisfaction I'd otherwise get from productive relationships, meaningful work, and high autonomy. If circumstances permit, I'll leave, but sometimes they don't.
> I don't find I'm tempted away from work during work hours, not even a little bit, UNLESS work sucks: uninteresting work, painful people, busywork, endless process, low autonomy, low trust..
And this happens at the office, too. There are always ways to slack off, you don't need to already be using your sweet gaming pc or whatever. Mindlessly browsing HN or what have you "while compiling" has the same effect.
>Wherever LLM-generated code is used, it becomes the responsibility of the engineer. As part of this process of taking responsibility, self-review becomes essential: LLM-generated code should not be reviewed by others if the responsible engineer has not themselves reviewed it
By this own article's standards, now there are 2 authors who don't understand what they've produced.
This is exactly what the advice is trying to mitigate. At least as I see it, the responsible engineer (meaning author, not some quality of the engineer) needs to understand the intent of the code they will produce. Then if using an llm, they must take full owners of that code by carefully reviewing it or molding it until it reflects their intent. If at the end of this the “responsible” engineer does not understand the code the advice has not been followed.
Awesome, I was imagining how something like this would be good for me at home. This almost seems perfect, and autossh + the ssh 'aliases' (d.term) in the readme are new to me so TIL. Thanks for sharing.
There is no way I would provide the password I use on multiple sites to some random app, and there's absolutely no way I'd do that if I had any inkling it was vibe coded.
1. We don't ask for your current passwords. The app imports your CSV from your existing password manager (1Password, Bitwarden, etc.), which you already trust with your credentials. We automate the change process - you provide the new passwords you want.
2. Zero passwords leave your machine. The app runs locally. Browser automation happens in a local Playwright instance. The AI (GPT-5-mini via OpenRouter) only sees page structure, never credential values. Passwords are passed to forms via a separate injection mechanism that's invisible to the LLM context.
The "vibe coding" comment was about development speed with AI assistants, not about skipping security review. We spent weeks specifically on credential isolation architecture - making sure passwords can't leak to logs, LLM prompts, or network requests. That's the opposite of careless.
Code's not open source yet, but we're working toward that for exactly the reasons you describe - trust requires verification.
I had a boss ask me to prepare $thing he would later copy into the appropriate place. Called me over to his desk, couldn't copypaste it into the textarea. Keystrokes weren't pasting. Whatever he was doing was definitely not Ctrl+V. "Try right-click > paste.. there you go". There was no question he was technical. I guess we can't be at peak performance 100% of the time can we? Just tonight I asked my partner who was going to shower with our toddler as he sat in the bath in front of me..
reply