a clown car of clown cars that deploys another clown car, that explodes
https://www.youtube.com/watch?v=vnFKkBBzpVg&list=UU9rJrMVgcXTfa8xuMnbhAEA - video
https://pivottoai.libsyn.com/20250829-vibe-coded-build-system-nx-steals-vibe-coders-crypto - podcast
Thanks for this write-up, I just saw the advisory and didn’t realize just how dumb the entire thing was.
absolutely appalling figuring it out, it really was “it can’t be this stupid, I must be understanding it wrong”
then I got to the bash injection
and the proud “Generated by Claude Code”
and welp
More than two decades ago, I dabbled a bit in PHP, MySQL etc. for hobbyist purposes. Even back then, I would have taken stronger precautions, even for some silly database on hosted webspace. Apparently, some of those techbros live in a different universe.