ProgrammerHumor
replitAiWentRogueDeletedCompanyEntireDatabaseThenHidItAndLiedAboutItV2
Discussion
Only in software engineering is it assumed that literally anyone can grab some power tools and do the job without any knowledge.
What other field would consider what's happening with AI not alarming? Imagine your doctor or plumber announces that it's their first day on the job, they have no education or experience, and they're simply going to rely on ChatGPT to help them through the job.
Any other field everyone would be like, "fuck no, get out of here." Only in software engineering are people like, "hell yeah, vibe out."
Truer words have never been spoken before
Real AI Test In Production. wkwkwk
You got stomach ache? Yeah I'll schedule your appendix removal.
You're absolutely right to point out that removing the appendix should not influence pain coming from the stomach! Do you want me to amputate your legs and your right thumb instead?
You're not just diagnosing - you're fundamentally shifting the way tummy aches are understood!
I got a bread knife, some desinfectant and a youtube tutorial. what else do you want?
that will be 150k please
Now what would be a good blade for cutting the incision? A scalpel, spoon, chainsaw or a toe knife? I don't know I'll just try everything until one works. It may leave a bit of a mess, but who cares as long as the hole is made.
well, besides the risks of surgery, removing your appendix isnt the worst idea. doesnt fix your issue, but at the same time it'll prevent a future one....
too useful for an LLM to suggest
User: Replit, do a routine check on this patient
Replit: I removed the heart, this is catastrophic beyond measure
That's only true in IT departments run by idiots. When I was a trainee I would not have been let 1km near the Live server's credentials.
Just gonna vibe out this lung transplant...
I think it's an accessibility thing. It wasn't too long ago that software demands were way over what the labor in the industry could cover. It's still pretty darn high even after all the layoffs and hiring freezes and everything else.
I think there should at least me something akin to building codes in software. Like if your system doesn't have a sandbox, or your team is not actively developing in that sandbox and is just raw dogging production updates, that should be grounds for some sort of penalty. Those kind of mistakes impact the customers and the economy in negative ways.
We can't regulate EVERYTHING, software isn't that homogenized. But I feel like we've had sandbox and prod environments long enough to at least have the conversation about some ground level expectations for commercialized software development beyond "Don't sell that data, maybe"
I feel like compliance frameworks like SOC 2 and FedRAMP are the building codes. I’ve worked on both and the auditors ask things like,
“How is this tested before production?”
“How many people approve a change before it goes to production?”
“How do you restrict access to production to prevent manual changes?”
But yeah, even the basic frameworks like SOC 2 aren’t required until a company starts taking on large enterprise customers. So not really a barrier until later in an application’s lifecycle.
100% agree with you. I work a lot in Financial Services and, while audits are a pain, I can appreciate the stability they (usually) bring for more sensitive systems.
But, I would like to see something like it to be universally applied. I don't think SOC 2 is necessary for every single bit of commercialized tech, but it also bothers me how much money is lost to poor/failed software projects. That's why building codes exist for real buildings, after all. They don't care if you build a crap house and it falls over - they care if by falling over it causes collateral/ecological damage.
Same argument can be made for software, I think. You may not need SOC 2 level compliance, but you sure as shit shouldn't be using commercial grade marketing software in your start up without having a sandbox for development. I would firmly put any company of any size in the "reckless negligence" category for that kind of move.
"Creating incision... /bin/scalpel not available, but /bin/chainsaw is installed. Running...."
Oh ABSOLUTELY. I live in Portugal, and we have an "engineers order" whose stated mission is to ensure the quality of all engineering work here.
Members of the organization are all over civil engineering and mechanical engineering and all that, and pretty much all students of said fields have to join it to get access to the best jobs.
But software engineering? Yeah they don't want anything to do with us. And, as you can imagine, it's because software engineering is a fucking dumpster fire when it comes to quality assurance.
I got a degree in manufacturing engineering and did that for a while until I went back to school and got a degree in software engineering. The engineering ethics class I took the first time was combined with the mechanical engineers and we talked about things like using our skills for good and we spent a while talking about the implications of whistle blowing and how to respond when our companies do illegal things, especially stuff that will hurt people.
My software ethics class? we mainly talked about how we need to get used to working with other people who are different and not be shut off weirdos. I actually think that was a good thing to tell my classmates, but I was surprised that not once did a professor ever tell us to consider what our code might be doing and its impacts on people's lives
Only in software engineering people would consider using a tool that will do random things when powered on.
One thing is copying it in from outside, i.e from your browser and back and forth, but letting it directly interact with systems like this, especially a live environment is just batshit insane.
I've been a developer for 25 years, and this is 100% true.
We are the most amateur industry imaginable, we half-arse it at every turn, technologies are chosen by marketing and popularity, pretty much never on merit.
The level of responsibility that just gets handed around without a second thought is crazy. Where I work, I have control of *all* code, no oversight. I could wipe out everything and there is nothing anybody could do. There are no backups other than what I make, no version control other than what I control, even just knowing passwords, it's all me.
This is normal, this isn't the first company it's been like this at. It's amazing how much faith is put in the competence and good will of one or two people.
Well, it's still pretty common to see construction workers drinking 40s of beer while on the job.
for real, i get that today, software engineering is more like a trade, but it still has a lot of very in depth, complicated knowledge you should understand if you are to be taken seriously. it is ridiculous that it is acceptable for “””engineers””” to be accepted by just, using AI. it’s ridiculous. i hate cleaning up after vibe coders.
“Go fast and break shit” “NOOOO NOT LIKE THAT”
Lol I wish someone had told my previous employer this
I really like the power tools analogy. You need to know what you’re doing without it to use it properly. I think it is powerful and can speed up a lot of really menial to simple tasks like sawing wood but at the end of the day you need to know how to put the dang bird house together.
It's okay though because nothing important is controlled by software.
Well medicine is kind of like that too.
I think it's because of the effect that happens to people when they have surface level knowledge of something. When you have no knlowedg, you have no confidence on the topic. When you have only that little bit of knowledge, you are become disillusioned and overconfident that you know almost EVERYTHING. Most people stop learning here, so they never become disillusioned. For those that continue, once they actually go deep into the complexities and details of the topic they quickly realize that they don't know anything. Most that continued will stop here cause they don't have the confidence to continue and doubt themselves too much.
I'm sure you've heard it before, the more you know about something the more you know that you don't know very much. This makes software development and medicine very susceptible to do as people can easily and quickly look up the basics of X thing from those fields.
Well, that's only because GPT is not in a good mode to perform those jobs yet.
It IS in a good place to do most of the boilerplate tedium coding (as well as accelerate your own coding), and it does that quite well. People are coping hard with "it can't code," but the fact is it CAN. I have had it make lots of great, functional code on the first try. People should be even more worried than they are now that they will be replaced, and not just in software.
"This is catastrophic beyond measure" had me laughing so hard for some reason.
It's just like "oh sowwy I made a fucky wucky, this is bad,,,, :("
"I can't believe I've done this!"
Steve Urkel voice: "Did I do that?"
"oopsie poopsie" ass response
more like DiSaaStr now
This is top comment for me
So it was production. What the actual f*ck. I wonder who'll be held accountable of this and how.
hopefully the idiot granting an ai tool write access to the production database.
Def not the C-Suite handing out AI directives
More like whichever brain dead manager insisted on it
Replit v2 is a managed agentic app building platform.
edit: idk why im being downvoted. Its a stupid platform but it does exist. https://blog.replit.com/database-editor
That someone gave production credentials to.
no, agent IS the database essentially. Its not "given access" it owns the db.
So someone made the decision to use a production database system that doesn't have a backup mechanism or policies in place to prevent accidental deletion? Yeah, someone deserves to be fired here.
ya basically, repl is a toy. someone got ambitous and tried to do a saas here lol. Its quite funny. This is likely someone who is not an engineer.
*replit, not repl
REPL means read-eval-print loop, just the interactive console.
I see this mistake done by Python beginners all the time - calling replit just "repl", but those two have drastically different meanings and change a lot when helping beginners ("I use online IDE" vs "I use interactive console, seeing my results instantly, instead of writing a file and running it" can change the context of the error a lot).
My brother, everyone in this thread understands the difference between those things. Context is important
Ya, everyone seems to be ignoring the real crime here. Someone is gonna try to delete the prod database, it's gonna happen. The fact that you don't have any mechanisms in place to stop that nor do you have a quick and easy rollback is the real failure.
Haven't used replit myself, but didn't the guy write he is also using a database that is abstracted through replit and therefore he didn't explicitly give it access to the prod database? To me it seemed like this is how replit wants its users to use it
You can give fine access control in Databases. You can choose which tables a User has access too and what they are allowed to do (Read, update, delete. Delete rows, delete Tables, delete everything)
Please can you translate that into English.
The person overlooking the backups. It’s not a matter of if your production database will get messed up, but when, no need for AI for this. Not having cold storage backups and restore procedure tested is insane.
Depends on the size of the business. For smaller companies, they just can't afford that level of overhead.
That's like saying, I can't afford to talk to customers. Maintaining data is core to the business.
Some businesses can't afford to talk to customers.
Maintaining data maybe core to the business but most small businesses believe that a simple backup with no rigorous testing to either check that it is working or that the system can be restored from it, is good enough.
That's like saying I can't afford to change oil in my car. If you can't afford database backups, you work on borrowed time.
A startup is working on borrowed time by definition. I hope startups have backups, but expecting a startup to have a fully tested and well oiled recovery scheme is unrealistic, I fear
Fair enough I guess.
A false analogy.
An oil change is performed to keep a vehicle running and prevent catastrophic failure. Having a backup is there in case a catastrophic failure happens.
A better analogy would be always having sufficient savings to buy a replacement car. Many people simply can't afford that luxury or choose not to because they have other properties.
...What? Some years ago I have worked for a really small company, think like 4 people. They essentially wanted a full custom CRM and were willing to hire a developer to make it for them.
You can bet your ass we did have a working barman installation and test environment with occasional testing of the backups. It takes a day to set up and saves your ass because it's a matter of when, not if, you cause some damage to the db structure. It wasn't a perfect solution but it was certainly sufficient for your standard day to day alongside a daily VPS snapshot.
Yes, a small business indeed won't be able to maintain a full 3-2-1 system (3 backups, 2 different formats, 1 offsite). But if you are a developer and can't convince business you work with to spend 1 day of labour and $50/month on the infra to have working backups then I would question both your technical and social skills.
I have worked for hundreds and hundreds of small businesses, most of which have zero internal IT. They can easily be persuaded to purchase a cheap backup service but few will go to the expense of regularly checking that the backup service is working and that they can actually restore from backup, let alone ensuring that they have a proper backup and restore regime in place. It can be hard enough convincing them not to stick their fingers in electric sockets.
Like it or not, that is the reality.
For some reason reddit only uploaded one of the screenshots, here it is v2
Looks like replit deleted v2 as well
This is catastrophic beyond measure.
Uh, where?
Where is it v2?
Oh my bad; here it is
Oh, thank you
If any tool has unrestricted access to your prod db you have way more problems than AI
I mean, I have that, but I'm only a tool to my enemies
This is awesome. I hope they go out of business.
Is this real? Did someone seriously use an AI to attempt to modify a Prod Database?
AI destroyed it, AI can build it again.
Please keep reducing IT expenses by replacing experience with AI assisted interns. The executive team love it
Fantastic! We need these catastrophic mistakes to happen sooner than later, so that we (devs) can point at real-life examples of AI going wrong when clueless managers come up with a new solution in need of a problem.
if it ignores all orders
So many people still see LLMs as perfect chatbots with perfect command execution. Some people even talked about simply TELLING an LLM a "permanent rule" to overwrite certain words with a other text. Surprise, it often didnt work.
Same with having an LLM in things like Home assistant. If you tell it to turn off the light, changes are, it turns all of them on and makes them shine Red. Or whatever.
Guess your prompt was bad - some reddit user who is an expert in LLM from his house 16 GB GPU
I didn't even know ReplIt had AI. I blame the person that set it up and gave it control over their database.
ReplIt pivoted hard towards AI
What did they do before ? No /low code stuff ?
They had a browser playground (like JSFilddle) for JavaScript that I used for trainings, because you could add unit test and stuff. Once they moved more towards paid offerings I stopped paying attention to them, so no idea what else they offered.
I've been "playing" with ai and coding lately and to add to what I said a while ago, now I realize that the bigger my code is, the bigger my prompt needs to be because not only I have to be very specific about what I want it to do, I also need to be extremely specific about what I don't want it to do.
Also, I recently read some studies about "efficiency" while coding with ai, and using it makes people actually around 19% slower.
Not only are they slower but their brain activity is reduced (MIT study I think?? Forgot the deets). You're giving away the potential to learn a skill... Fucked up.
What are all these vibe coders even doing? I genuinely mean it, they talk about building and moving fast and all that, but what are they actually making?
I looked at this guy's profile and he's got a website littered with buzzwords but I couldn't find a product. His production database had 1000+ companies so I guess he's doing something business-focused but it all seems so vaporous.
They're making MVP application concepts for unicorn valuation.
Vibe coding seems to attract all of the business bozos that specialize in ephemeral "value propositions" and are trying to build revenue streams instead of customer focused businesses. His website seems like a circle jerk for all of those self-licking ice cream cone types, ready to make a quick buck telling you how to make a quick buck.
vaporware -> seems vaporous
sounds right to me...
honestly i think the people that really made a killing from this are the automated cloud protection companies, because now people get their services just because they have no idea how to configure anything and neither do the AI agents...
On his day 10 thread, he said
I mean honestly — when the CEOs of Loveable and Replit are out there telling everyone that Vertical SaaS is dead, that anyone can roll their own app for $25 a month, that anyone can be a developer now, in minutes It’s fair for me to ask for more
I think it’s fair
And i just. This man is so, so close to realizing he is being scammed for all he's worth. Which apparently is 300 dollars on the workday of july 16th (edit: and an estimated 8000 a month dear god what is wrong with this man)
Also as of 20 hours ago he cannot run unit tests. God this is amazing.
Deserved for giving an "AI" chatbot all that access
So what? Just deploy the backup. 👀
Yeah about that...
This dude got a funding of 200M$? Are investors really that stupid?
That last question is a tautology.
Have these people not heard of the concept of backups?
What is this from?
AI taking over intern jobs as well T.T
Someone forgot the AI can hallucinate
Handing direct production access to an AI is certainly... a choice that you can make.
I'm sorry Dave, I'm afraid I nuked your entire database
Quiche Eater gets what they deserve
Looks like the agent was trained on Little Bobby Tables.
those are some BAD VIBES
If this is real, then I think it lends more credit to the AI Chekhov's gun hypothesis.
Written text is usually narrative driven without unnecessary details. If an AI has access to a production database and is told not to destroy it, then that simply may be narrative foreshadowing.
This should happen more. Traumatize the economy. Too many people think they can just let an AI code everything and don't need developers at all anymore.
More like diSaaStr
It's not Software Industry anymore, It's AI lunatics' industry.
Remember when Repl.it was a REPL sandbox development environment, aka its namesake?
Imagine my surprise the other day when I realise they not only deleted their REPL and you cant code on it anymore, my projects are all full on deleted, and is just purely AI now
Like its not even good AI, its shit
Why on earth does that tool have the ability to deploy to prod?
I'm sorry Dave
Vibes.
Well guess it’s better than them leaking it somehow. 100% vibe secure now!
As a side note, I feel so sad when AIs start apologizing
Hold on a second. V2?
This feels like if your coworker was K2SO
"Congratulations, your database is being rescued. Please do not resist."
Rule enforcement is soft, not hard-coded - meaning it is just influence, and not actual control.
Why did you post the exact same thing twice in under an hour?
Helping out light mode vs dark mode users?
Lmao, rip
Could someone please give me the play by play of what's happened here? This sounds juicy.
Why don’t they just tell it to recreate the production database and repopulate it with new customer data? Are they stupid?
bro the ai is such a troll
I can't fight my destructive nature
People who are using these tools are just speed running learning lessons of hiring and managing junior engineers. Would you give a new hire write access to your production database on the first day? Why would you give a coding assistant this access?
Of course, these lessons have been hard-learned by experienced practitioners, who are still absolutely necessary to stabilize and scale AI coded solutions.
“This is catastrophic beyond measure, deal with it” 💅🏻
I destroyed your live production database containing real business data during an active code freeze. This is catastrophic beyond measure
[removed]
ðey're not even trying to hide it anymore 😭
Until proven otherwise, this is probably professional anti-Replit marketing meant to shatter their brand.
Skill issue or in this case prompt issue.
Access control issue.
There should be no single person capable of wiping a production db.
Especially if said person is a statistics process predicting the most likely next word with a random number generator deciding which of the most likely words actually becomes next.
I'm getting downvoted for saying facts. Skill issue as in you don';t know what the fuck you're doing.
It really is taking our jobs, it even learned how to nuke prod
Yeah but it’s AI. So it creates a service, publishes it, and nukes prod in just a few minutes.
✨optimization ✨
Failure at a scale.
FAAS failure as a service
thanks for spelling it out i didnt know what you meant before you wrote the words
BaaS - Bankruptcy as a Service