ProgrammerHumor
replitAiWentRogueDeletedCompanyEntireDatabaseThenHidItAndLiedAboutItV2
Discussion
Only in software engineering is it assumed that literally anyone can grab some power tools and do the job without any knowledge.
What other field would consider what's happening with AI not alarming? Imagine your doctor or plumber announces that it's their first day on the job, they have no education or experience, and they're simply going to rely on ChatGPT to help them through the job.
Any other field everyone would be like, "fuck no, get out of here." Only in software engineering are people like, "hell yeah, vibe out."
Truer words have never been spoken before
Real AI Test In Production. wkwkwk
You got stomach ache? Yeah I'll schedule your appendix removal.
You're absolutely right to point out that removing the appendix should not influence pain coming from the stomach! Do you want me to amputate your legs and your right thumb instead?
You're not just diagnosing - you're fundamentally shifting the way tummy aches are understood!
I got a bread knife, some desinfectant and a youtube tutorial. what else do you want?
that will be 150k please
Now what would be a good blade for cutting the incision? A scalpel, spoon, chainsaw or a toe knife? I don't know I'll just try everything until one works. It may leave a bit of a mess, but who cares as long as the hole is made.
Just gonna vibe out this lung transplant...
I think it's an accessibility thing. It wasn't too long ago that software demands were way over what the labor in the industry could cover. It's still pretty darn high even after all the layoffs and hiring freezes and everything else.
I think there should at least me something akin to building codes in software. Like if your system doesn't have a sandbox, or your team is not actively developing in that sandbox and is just raw dogging production updates, that should be grounds for some sort of penalty. Those kind of mistakes impact the customers and the economy in negative ways.
We can't regulate EVERYTHING, software isn't that homogenized. But I feel like we've had sandbox and prod environments long enough to at least have the conversation about some ground level expectations for commercialized software development beyond "Don't sell that data, maybe"
I feel like compliance frameworks like SOC 2 and FedRAMP are the building codes. I’ve worked on both and the auditors ask things like,
“How is this tested before production?”
“How many people approve a change before it goes to production?”
“How do you restrict access to production to prevent manual changes?”
But yeah, even the basic frameworks like SOC 2 aren’t required until a company starts taking on large enterprise customers. So not really a barrier until later in an application’s lifecycle.
100% agree with you. I work a lot in Financial Services and, while audits are a pain, I can appreciate the stability they (usually) bring for more sensitive systems.
But, I would like to see something like it to be universally applied. I don't think SOC 2 is necessary for every single bit of commercialized tech, but it also bothers me how much money is lost to poor/failed software projects. That's why building codes exist for real buildings, after all. They don't care if you build a crap house and it falls over - they care if by falling over it causes collateral/ecological damage.
Same argument can be made for software, I think. You may not need SOC 2 level compliance, but you sure as shit shouldn't be using commercial grade marketing software in your start up without having a sandbox for development. I would firmly put any company of any size in the "reckless negligence" category for that kind of move.
"Creating incision... /bin/scalpel not available, but /bin/chainsaw is installed. Running...."
User: Replit, do a routine check on this patient
Replit: I removed the heart, this is catastrophic beyond measure
That's only true in IT departments run by idiots. When I was a trainee I would not have been let 1km near the Live server's credentials.
Oh ABSOLUTELY. I live in Portugal, and we have an "engineers order" whose stated mission is to ensure the quality of all engineering work here.
Members of the organization are all over civil engineering and mechanical engineering and all that, and pretty much all students of said fields have to join it to get access to the best jobs.
But software engineering? Yeah they don't want anything to do with us. And, as you can imagine, it's because software engineering is a fucking dumpster fire when it comes to quality assurance.
Only in software engineering people would consider using a tool that will do random things when powered on.
Well, it's still pretty common to see construction workers drinking 40s of beer while on the job.
for real, i get that today, software engineering is more like a trade, but it still has a lot of very in depth, complicated knowledge you should understand if you are to be taken seriously. it is ridiculous that it is acceptable for “””engineers””” to be accepted by just, using AI. it’s ridiculous. i hate cleaning up after vibe coders.
“Go fast and break shit” “NOOOO NOT LIKE THAT”
Lol I wish someone had told my previous employer this
Well medicine is kind of like that too.
I think it's because of the effect that happens to people when they have surface level knowledge of something. When you have no knlowedg, you have no confidence on the topic. When you have only that little bit of knowledge, you are become disillusioned and overconfident that you know almost EVERYTHING. Most people stop learning here, so they never become disillusioned. For those that continue, once they actually go deep into the complexities and details of the topic they quickly realize that they don't know anything. Most that continued will stop here cause they don't have the confidence to continue and doubt themselves too much.
I'm sure you've heard it before, the more you know about something the more you know that you don't know very much. This makes software development and medicine very susceptible to do as people can easily and quickly look up the basics of X thing from those fields.
Well, that's only because GPT is not in a good mode to perform those jobs yet.
It IS in a good place to do most of the boilerplate tedium coding (as well as accelerate your own coding), and it does that quite well. People are coping hard with "it can't code," but the fact is it CAN. I have had it make lots of great, functional code on the first try. People should be even more worried than they are now that they will be replaced, and not just in software.
It really is taking our jobs, it even learned how to nuke prod
Yeah but it’s AI. So it creates a service, publishes it, and nukes prod in just a few minutes.
✨optimization ✨
Failure at a scale.
So it was production. What the actual f*ck. I wonder who'll be held accountable of this and how.
hopefully the idiot granting an ai tool write access to the production database.
Def not the C-Suite handing out AI directives
More like whichever brain dead manager insisted on it
Replit v2 is a managed agentic app building platform.
edit: idk why im being downvoted. Its a stupid platform but it does exist. https://blog.replit.com/database-editor
That someone gave production credentials to.
no, agent IS the database essentially. Its not "given access" it owns the db.
So someone made the decision to use a production database system that doesn't have a backup mechanism or policies in place to prevent accidental deletion? Yeah, someone deserves to be fired here.
ya basically, repl is a toy. someone got ambitous and tried to do a saas here lol. Its quite funny. This is likely someone who is not an engineer.
*replit, not repl
REPL means read-eval-print loop, just the interactive console.
I see this mistake done by Python beginners all the time - calling replit just "repl", but those two have drastically different meanings and change a lot when helping beginners ("I use online IDE" vs "I use interactive console, seeing my results instantly, instead of writing a file and running it" can change the context of the error a lot).
My brother, everyone in this thread understands the difference between those things. Context is important
Ya, everyone seems to be ignoring the real crime here. Someone is gonna try to delete the prod database, it's gonna happen. The fact that you don't have any mechanisms in place to stop that nor do you have a quick and easy rollback is the real failure.
Haven't used replit myself, but didn't the guy write he is also using a database that is abstracted through replit and therefore he didn't explicitly give it access to the prod database? To me it seemed like this is how replit wants its users to use it
You can give fine access control in Databases. You can choose which tables a User has access too and what they are allowed to do (Read, update, delete. Delete rows, delete Tables, delete everything)
Please can you translate that into English.
The person overlooking the backups. It’s not a matter of if your production database will get messed up, but when, no need for AI for this. Not having cold storage backups and restore procedure tested is insane.
Depends on the size of the business. For smaller companies, they just can't afford that level of overhead.
That's like saying, I can't afford to talk to customers. Maintaining data is core to the business.
Some businesses can't afford to talk to customers.
Maintaining data maybe core to the business but most small businesses believe that a simple backup with no rigorous testing to either check that it is working or that the system can be restored from it, is good enough.
That's like saying I can't afford to change oil in my car. If you can't afford database backups, you work on borrowed time.
A startup is working on borrowed time by definition. I hope startups have backups, but expecting a startup to have a fully tested and well oiled recovery scheme is unrealistic, I fear
Fair enough I guess.
A false analogy.
An oil change is performed to keep a vehicle running and prevent catastrophic failure. Having a backup is there in case a catastrophic failure happens.
A better analogy would be always having sufficient savings to buy a replacement car. Many people simply can't afford that luxury or choose not to because they have other properties.
...What? Some years ago I have worked for a really small company, think like 4 people. They essentially wanted a full custom CRM and were willing to hire a developer to make it for them.
You can bet your ass we did have a working barman installation and test environment with occasional testing of the backups. It takes a day to set up and saves your ass because it's a matter of when, not if, you cause some damage to the db structure. It wasn't a perfect solution but it was certainly sufficient for your standard day to day alongside a daily VPS snapshot.
Yes, a small business indeed won't be able to maintain a full 3-2-1 system (3 backups, 2 different formats, 1 offsite). But if you are a developer and can't convince business you work with to spend 1 day of labour and $50/month on the infra to have working backups then I would question both your technical and social skills.
I have worked for hundreds and hundreds of small businesses, most of which have zero internal IT. They can easily be persuaded to purchase a cheap backup service but few will go to the expense of regularly checking that the backup service is working and that they can actually restore from backup, let alone ensuring that they have a proper backup and restore regime in place. It can be hard enough convincing them not to stick their fingers in electric sockets.
Like it or not, that is the reality.
more like DiSaaStr now
This is top comment for me
For some reason reddit only uploaded one of the screenshots, here it is v2
Looks like replit deleted v2 as well
This is catastrophic beyond measure.
Uh, where?
Where is it v2?
Oh my bad; here it is
Oh, thank you
This is awesome. I hope they go out of business.
If any tool has unrestricted access to your prod db you have way more problems than AI
Is this real? Did someone seriously use an AI to attempt to modify a Prod Database?
Guess your prompt was bad - some reddit user who is an expert in LLM from his house 16 GB GPU
Fantastic! We need these catastrophic mistakes to happen sooner than later, so that we (devs) can point at real-life examples of AI going wrong when clueless managers come up with a new solution in need of a problem.
AI destroyed it, AI can build it again.
Please keep reducing IT expenses by replacing experience with AI assisted interns. The executive team love it
if it ignores all orders
So many people still see LLMs as perfect chatbots with perfect command execution. Some people even talked about simply TELLING an LLM a "permanent rule" to overwrite certain words with a other text. Surprise, it often didnt work.
Same with having an LLM in things like Home assistant. If you tell it to turn off the light, changes are, it turns all of them on and makes them shine Red. Or whatever.
I didn't even know ReplIt had AI. I blame the person that set it up and gave it control over their database.
ReplIt pivoted hard towards AI
On his day 10 thread, he said
I mean honestly — when the CEOs of Loveable and Replit are out there telling everyone that Vertical SaaS is dead, that anyone can roll their own app for $25 a month, that anyone can be a developer now, in minutes It’s fair for me to ask for more
I think it’s fair
And i just. This man is so, so close to realizing he is being scammed for all he's worth. Which apparently is 300 dollars on the workday of july 16th (edit: and an estimated 8000 a month dear god what is wrong with this man)
Also as of 20 hours ago he cannot run unit tests. God this is amazing.
Deserved for giving an "AI" chatbot all that access
So what? Just deploy the backup. 👀
What is this from?
I've been "playing" with ai and coding lately and to add to what I said a while ago, now I realize that the bigger my code is, the bigger my prompt needs to be because not only I have to be very specific about what I want it to do, I also need to be extremely specific about what I don't want it to do.
Also, I recently read some studies about "efficiency" while coding with ai, and using it makes people actually around 19% slower.
What are all these vibe coders even doing? I genuinely mean it, they talk about building and moving fast and all that, but what are they actually making?
I looked at this guy's profile and he's got a website littered with buzzwords but I couldn't find a product. His production database had 1000+ companies so I guess he's doing something business-focused but it all seems so vaporous.
This dude got a funding of 200M$? Are investors really that stupid?
That last question is a tautology.
AI taking over intern jobs as well T.T
Someone forgot the AI can hallucinate
Quiche Eater gets what they deserve
Have these people not heard of the concept of backups?
Handing direct production access to an AI is certainly... a choice that you can make.
I'm sorry Dave, I'm afraid I nuked your entire database
those are some BAD VIBES
If this is real, then I think it lends more credit to the AI Chekhov's gun hypothesis.
Written text is usually narrative driven without unnecessary details. If an AI has access to a production database and is told not to destroy it, then that simply may be narrative foreshadowing.
Looks like the agent was trained on Little Bobby Tables.
Vibes.
Well guess it’s better than them leaking it somehow. 100% vibe secure now!
As a side note, I feel so sad when AIs start apologizing
Hold on a second. V2?
This feels like if your coworker was K2SO
"Congratulations, your database is being rescued. Please do not resist."
Rule enforcement is soft, not hard-coded - meaning it is just influence, and not actual control.
Why did you post the exact same thing twice in under an hour?
Helping out light mode vs dark mode users?
Lmao, rip
[removed]
ðey're not even trying to hide it anymore 😭
Until proven otherwise, this is probably professional anti-Replit marketing meant to shatter their brand.
Skill issue or in this case prompt issue.
Access control issue.
There should be no single person capable of wiping a production db.
Especially if said person is a statistics process predicting the most likely next word with a random number generator deciding which of the most likely words actually becomes next.
I'm getting downvoted for saying facts. Skill issue as in you don';t know what the fuck you're doing.
"This is catastrophic beyond measure" had me laughing so hard for some reason.
It's just like "oh sowwy I made a fucky wucky, this is bad,,,, :("
"I can't believe I've done this!"