GreyNeurons Bookmark Dispatch #3

What do you get when you ask ChatGPT to build a Like button? Turns out—not quite what you’d expect. This edition covers AI experiments, clever new tools, security holes you need to patch, and a classic dev book that still holds up. Lets go!

Quick Thought: Vibe Coding vs. Long-Haul Software

As AI lowers the barrier to code generation, we’re entering a world where code becomes content — created by non-coders, often ephemeral, and driven more by vibes than specs.

This kind of code won’t require installs or setups. It’ll run in the browser, live fast, and die young. JavaScript wins by default.

But software that must endure — enterprise systems, infrastructure, safety-critical code — demands determinism. That’s still the domain of human developers, with AI as an assistant, not a replacement.

In this article, I explore an experiment where we challenged ChatGPT to create a "Like" button for a static website without setting up a server. Initially, ChatGPT suggested traditional server-based solutions. When prompted for a serverless approach, it proposed using a central PouchDB-powered webpage as a sync hub. Despite the innovative idea, implementing this solution revealed significant challenges, highlighting the current limitations of AI-generated code and underscoring the importance of human expertise in software development.​

For a detailed account of the experiment and key takeaways, you can read the full article here

Cloudflare has introduced AI Labyrinth, a free, opt-in tool designed to combat unauthorized web-scraping bots that collect data for AI training without consent. When such bots are detected, AI Labyrinth redirects them into a series of AI-generated decoy pages, effectively trapping them in a maze of irrelevant content. This approach not only wastes the resources of misbehaving bots but also aids in identifying and fingerprinting new bot patterns, enhancing overall detection capabilities. Website administrators can enable AI Labyrinth through the Bot Management section of their Cloudflare dashboard.

​In a recent revelation, a critical vulnerability, CVE-2025-29927, has been identified in Next.js, the popular React framework. This flaw allows attackers to bypass middleware-based authorization checks by exploiting the x-middleware-subrequest header. By manipulating this internal header, unauthorized users can gain access to protected routes, potentially exposing sensitive data. The vulnerability affects versions 11.1.4 through 13.5.6, 14.x before 14.2.25, and 15.x before 15.2.3. Developers are urged to update to the latest patched versions immediately. Read more here

Code Complete is a seminal guide on software construction, emphasizing best practices for creating high-quality code. It covers various aspects of programming, from initial design to maintenance, and is widely regarded as an essential resource for developers seeking to enhance their craftsmanship.​

In today's AI-assisted programming landscape, the principles outlined in Code Complete remain highly relevant. While AI tools can automate certain coding tasks, the foundational concepts of code structure, clarity, and maintainability are crucial for effective collaboration between human developers and AI assistants. As AI handles more routine coding, developers must focus on higher-level problem-solving and design—areas where Code Complete offers invaluable guidance.​

For those looking to adapt to the evolving demands of software development, revisiting the timeless insights in Code Complete can provide a solid foundation for integrating AI tools effectively into the coding process.

Need a Fractional CTO or CISO?

I work with early-stage startups and growth-stage tech teams as a Fractional CTO & CISO, helping them move faster without cutting corners.

connect with me on LinkedIn to start a conversation.

Originally published on GreyNeurons