Skip to main content

AI anxiety & my future

· 10 min read
Marlamin
Marlamin
Parrot

As vibe coding gets easier, more accessible and quite frankly higher quality, it is becoming harder and sometimes even impossible to recognize its usage in the making/update of software. Where is this going? What is the place of me and my projects in this? Why am I scared?

This is yet another long AI-related rant, for my previous one/stance on AI see here.

Recognition

Today I saw people who I know are vehemently against the usage of AI happily promote the return of a popular piece of software after someone updated it out of nowhere, an update I think was entirely vibe-coded by Claude. Guided by a human, sure, but I highly doubt said human wrote a single line of actual code.

Now, I think I am still able recognize the usage of AI in code and how much of it was written by a human. I think in this case very little was. But it is becoming harder to make that call. Someone not proficient in programming won't be able to at all, and in time I won't be able to either as things become higher quality and vibe coding slowly becomes indistinguishable from human programming.

I also recognize that this tool being updated and available again could be a net positive for the community. I don't even blame said human for wanting to bring it back.

Relying

But personally I don't want to touch these projects or rely on them as the tech debt will stack up overtime, likely leading to issues down the line, and likely already has, as AI isn't quite there yet and will happily build pillars upon pillars of misconception and misunderstandings, something it takes an actual human developer to detect and steer it out of.

But what'll happen when hobbyists like me, or even seasoned programmers, start to become unable to recognize vibe coding and start relying on these pieces of software, which may have severe underlying issues that simply haven't been noticed yet..

What if we already rely on that kind of software? How likely is that?

Ramifications

Even the blog you're reading this on depends on hundreds of packages I have no control over, some of which maybe even vibe-coded. Granted, this is a blog, not some critical piece of software, but with the amount of vulnerabilities that are popping up left and right or packages being hijacked/compromised with malicious code, writing this was done in Visual Studio Code without actually locally running the blog software, because I don't feel comfortable doing so given the hundreds of packages.

But VS Code also runs on hundreds of packages. But surely such a big piece of software is tested and secure... right?

At least the way the blog software (Docusaurus) works is that it outputs a simple pre-built HTML website compiled, deployed and hosted on GitHub's infrastructure the moment I push up this text file.

But what of software that has wider access to our PCs/livelihoods? What about my software?

Retaining control

Lets take wow.tools.local (WTL) for example. Something I develop but also run on my PC almost every single day. I obviously want it to be secure, not only for myself but also for other users. But how much of that do I really control?

As of the upcoming version, I've largely finished replacing most of the external dependencies it relies on either with things I maintain or things I largely trust to not be malicious, not insecure and not vibe-coded.

Projects WTL relies on that I maintain/have first-hand knowledge of:

Now, that's quite the list of things. I know how all of these things work because I've either made them myself or adopted/maintained them from previous authors, but understand deep enough to have complete knowledge of. I won't claim that they're flawless, if anything I'll admit many are flawed, but I know how they work and what most of those flaws are.

But lets keep going. There's also projects WTL relies/relied on that I don't maintain or have knowledge of their inner workings off:

  • Bootstrap (UI framework)
  • Datatables (table library)
  • Choices.js (dropdown UI element library)
  • WebWowViewerCpp (model viewer)
  • jQuery (javascript enhancements, removed in WTL 0.9.4)
  • ImageSharp (image manipulation, removed in WTL 0.9.5)
  • CascLib (WoW filesystem reading, removed in WTL 0.9.5)
  • JSON.net (JSON reading/writing, largely removed in WTL 0.9.5)
  • net-vips (image manipulation, added in 0.9.5 to replace ImageSharp)

You'll see I already replaced/removed some things either in the latest version or an upcoming one, but there's still a good amount of code there that I have no real knowledge of. Granted, I try to keep the external code limited to things exclusively used in the browser as those are the unlikeliest to to be capable of truly malicious behavior if compromised. There are exceptions though, but I try to stick with either industry standard or otherwise well-known packages in those cases.

...but lets keep going. What about projects that the above projects rely on? I try to keep external dependencies to minimum for the projects in the first list, with exceptions. The projects in the second list? That's where things get more vague.

What about a layer deeper? Imagine that Inception image. Or an onion.

WTL runs on Microsoft's .NET framework, which as part of Windows you'd assume is pretty secure and all. Right?

WTL and almost all of my projects, including this blog, are hosted, distributed and compiled through GitHub. The same GitHub that's been having increasing reliability issues, not neccesarily because they've been vibe coding it (not counting it out though), but due to the influx of new users/traffic almost entirely thanks to AI/vibe coding.

I can keep peeling the onion layers away but this chapter is already way too big.

My point is: every piece of software these days relies on so many other pieces of software and we don't really know what we're running most of the time or how reliable/secure that entire stack of software is. I feel like AI (and more specifically vibe coding) is making the reliability/stability of that stack worse and likely causing more vulnerabilities than it has been solving/finding, at least with currently available/popular models.

Reflecting

It is clear to anyone who has been reading my blog that even before AI I had a, at the time of previous posts, more healthy habit of wanting to understand everything and preferring using things I built myself. There's been various reasons for that, both good and bad (the bad ones largely being personality faults on my end), but it has taught me many things over the years and I'm generally happy I've taken that approach to software development.

But more recently I've started to recognize that that previously healthy habit is more often turning into an unhealthy paranoia in part thanks to AI (paranoAI? pAIranoia? there's a joke here somewhere). If a cool new project shows up or someone sends a pull-request/commit to software I co-maintain, I always check for the tell-tale signs of vibe coding, and if I find them I very quickly lose the motivation to further keep looking at said thing, let alone using or working on it.

This unfortunately is also the case when someone uses something I maintain in their vibe-coded projects, code, resource, knowledge or whatever. Instead of the joy I used to get from having contributed something and made someone's life easier, it now takes away that joy since it makes me co-responsible for even more slop being generated into the world.

This is a problem that I haven't yet been able to solve, nor do I think I really want to. It is becoming a bigger obstacle every day and is actively starting to cost me time, motivation and general happiness. From a rational PoV it is stupid and I should just get over it and join the masses in accepting our AI overlords and just riding the rollercoaster down to hell, but given my rather stubborn/emotional nature I have not been able to. It is actively affecting some of the projects I work and I can feel it about to affect my job and livelihood as well.

I don't really know how to fix this. There's a few things that could happen going forward.

Results

One possible situation is that the whole AI ecosystem implodes and AI usage becomes very expensive while further development of it stagnates/stops, but I don't see that happening. AI companies are propping eachother up and governments/stock markets are continously pumping huge amounts of money into them.
Result: not happening.

Another option is that AI models become so good that even vibe-coded things are as secure, reliable and performant as a human could write them, or even going beyond that. But that brings its own slew of worries and problems with it, many of which I don't even want to think about.
Result: Definitely need to take up another profession.

A more likely scenario is that a combination of both will happen, but in a way where only the richer are able to pay for and use the good models leading to them getting richer (classic!), while everyone else is limited to using less capable/self-hosted models that will fall behind more and more compared to their big brother counterparts. Arguably, this is already happening.
Result: My extremely niche expertise could still be relevant, but I think that is already almost no longer the case, even for locally hosted models, so I might already be screwed in that regard as well.

Realization

We'll see what ends up happening and where things go. I'm closer than ever before in throwing in the programming towel. Me not wanting to change my stance on AI likely already has resulted in irreversable damage to my standing compared to my peers. I don't see any way forward that leads to a positive outcome for me (or even the industry/humanity in general) without (further) compromising my morals/accepting defeat, so this blog post simply ends at a depressing impasse.

For now I'm just going to keep carrying on trying to find enjoyment in the things I make for myself. It might effectively be a downwards slope, but it is better than getting on what I feel like is that rollercoaster to hell. Maybe I really do need a change in profession.