TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

68% Positive

Analyzed from 1604 words in the discussion.

Trending Topics

#vercel#cloudflare#next#need#claude#don#using#lot#free#experience

Discussion (68 Comments)Read Original on HackerNews

nikcub•about 1 hour ago
Claude Code defaulting to a certain set of recommended providers[0] and frameworks is making the web more homogenous and that lack of diversity is increasing the blast radius of incidents

[0] https://amplifying.ai/research/claude-code-picks/report

neilv•6 minutes ago
The other day, I was forcing myself to use Claude Code for a new CRUD React app[1], and by default it excreted a pile of Node JS and NPM dependencies.

So I told something like, "don't use anything node at all", and it immediately rewrote it as a Python backend, and it volunteered that it was minimizing dependencies in how it did that.

[1] only vibe coding as an exercise for a throwaway artifact; I'm not endorsing vibe coding

operatingthetan•about 1 hour ago
It's interesting how many of the low-effort vibecoded projects I see posted on reddit are on vercel. It's basically the default.
gbgarbeb•34 minutes ago
10 years ago it was Heroku and Three.js.
boringg•15 minutes ago
New one coming in 5 years. Cycle repeats itself.
fantasizr•about 1 hour ago
next, vercel, and supabase is basically the foundation of every vibecoded project by mere suggestion.
neal_jones•44 minutes ago
The thing I can’t stop thinking about is that Ai is accelerating convergence to the mean (I may be misusing that)

The internet does that but it feels different with this

themafia•30 minutes ago
> convergence to the mean

That's a funny way of saying "race to the bottom."

> The internet does that but it feels different with this

How does "the internet do that?" What force on the internet naturally brings about mediocrity? Or have we confused rapacious and monopolistic corporations with the internet at large?

nightski•about 1 hour ago
It's a good point, but I don't think the problem here is Claude. It's how you use it. We need to be guiding developers to not let Claude make decisions for them. It can help guide decisions, but ultimately one must perform the critical thinking to make sure it is the right choice. This is no different than working with any other teammate for that matter.
dennisy•about 1 hour ago
I think most people would agree.

However it is less clear on how to do this, people mostly take the easiest path.

fintler•about 1 hour ago
Its an eternal september moment.

https://en.wikipedia.org/wiki/Eternal_September

operatingthetan•36 minutes ago
I guess engineers can differentiate their vibecoded projects by selecting an eccentric stack.
egeozcan•28 minutes ago
> a. Actually do something sane but it will eat your session

> b. (Recommended) Do something that works now, you can always make it better later

btown•about 1 hour ago
"Nobody ever got fired for putting their band page on MySpace."
stefan_•about 1 hour ago
It's so trivial to seed. LLMs are basically the idiots that have fallen for all the SEO slop on Google. Did some travel planning earlier and it was telling me all about extra insurances I need and why my normal insurance doesn't cover X or Y (it does of course).
andersmurphy•about 1 hour ago
That's the irony of Mythos. It doesn't need to exist. LLM vibe slop has already eroded the security of your average site.
egeozcan•26 minutes ago
Self fulfilling prophecy: You don't need to secure anything because it doesn't make a difference, as Mythos is not just a delicious Greek beer, but also a super-intelligent system that will penetrate any of your cyber-defenses anyway.
andersmurphy•14 minutes ago
In some ways Mythos (like many AI things) can be used as the ultimate accountability sink.

These libraries/frameworks are not insecure because of bad design and dependency bloat. No! It's because a mythical LLM is so powerful that it's impossible to defend against! There was nothing that could be done.

wonnage•34 minutes ago
Conspiracy theory: they intentionally seeded the world with millions of slop PRs and now they’re “catching bugs” with Mythos
zuzululu•about 2 hours ago
What is the rationale for using vercel ? I'm getting a lot of value out of cloudflare with the $5/month plan lately but my bare metal box with triple digit ram has seen zero downtime since 2015.
deaux•about 2 hours ago
They put a massive amount of VC cash into convincing people that Next.js was "the modern way" to create a website. Then they got lucky with the timing of LLMs becoming popular while they were the hot thing, leading LLMs to default to it when creating new websites. To picture that amount of VC cash - they're at Series F, and a huge chunk of that went towards marketing.

Both have been changing as people realize it's rarely the right tool for the job, and as LLMs also become more intelligent and better at suggesting other, better options depending on what is asked for (especially Claude Opus).

autoexec•12 minutes ago
> To picture that amount of VC cash - they're at Series F, and a huge chunk of that went towards marketing.

I guess they should have put some of that marketing money into hiring someone to manage the security of their systems. It's pretty telling that they had to hire an "incident response provider" just to figure out what happened and clean up after the hack. If you treat security like something you don't have to worry about until after you've been hacked you're probably going to get hacked.

apsurd•about 1 hour ago
I really want this to be true. nextjs is a nightmare. I'm eternally disgruntled.

nextjs is also powerful due to AI. But the value is a robust interactive front-end, easily iterated, with maybe SSR backing, nothing specific to nextjs (it's routing semantics + React).

So much complexity has gone into SSR. I hate 5MB client runtime just to read text as much as anyone, but not if the tradeoff is isomorphic env with magic file first-line incantations.

mrits•28 minutes ago
So glad I decided to just stick with django/htmx on my project a few years ago. I invested a little time into nextjs and came to the conclusion that this can't be the way.
senko•about 2 hours ago
You use a free template that's done in Next.js and uses its Image component, so you need a server.

Everything runs fine locally until you try to deploy it, and bam you need 4g ram machine to run the thing.

So you host it on Vercel for free cause it's easy!

Then you want to check for more than 30 seconds of analytics, and it's pay time.

systemvoltage•about 1 hour ago
I am not following the logic. If you’re a hobbyist, sure.

But the argument is if you’re using Vercel for production, you’re paying 5-10x what you’d pay for a VM, with 4gb.

So then what’s the rationale? You can’t be a hobbyist but also “it’s pay time” for production?

rwyinuse•40 minutes ago
Perhaps the rationale is laziness. Maintaining VM probably takes some more effort and competence than deploying to Vercel. Some people are willing to pay to minimize effort and the need to learn anything.
zoul•about 2 hours ago
Very nice developer experience. A lot of batteries included, like CDN, incremental page regeneration, image pipeline or observability. Not having to maintain a server.

I’m still planning to move elsewhere though, the vendor lock-in is not worth it and I’d like to keep our infra in the EU.

tucnak•about 1 hour ago
All of this is available in Cloudflare $5 plan?
fontain•11 minutes ago
Cloudflare’s developer experience doesn’t come close, it is terrible. Cloudflare are working on it, and hopefully they’ll be a real competitor to Vercel on ease of use someday, but right now, it is painful when compared to Vercel. Cloudflare is infrastructure first, Vercel is developer experience first.
rs_rs_rs_rs_rs•22 minutes ago
In my experience it severely lacks on developer experience, compared to Vercel.
gherkinnn•21 minutes ago
I haven't used Cloudflare and am the first to shit on Vercel. But I have to say, some aspects of their hosting are nice. In many ways it really is just a terminal command and up it goes with good tooling around it. For example, the PR previews take zero setup and just work. Managing your projects is easy, it's all nicely designed, it integrates well with Next and some other frontend-heavy systems and so on.
kandros•about 1 hour ago
For many people Vercel is Easy (not simple)

Knowing how to operate a basic server is perceived as hard and dangerous by many, especially the generation that didn’t have a chance to play with Linux for fun when growing up

hdkfov•18 minutes ago
Out of curiosity what are you using cloudflare for that it costs $5 and who do you use for the baremetal box?
dev360•about 2 hours ago
For a lot of folks, I think its ease of deployment when using Next.js. I switched to astro, also doing a lot of cloudflare at the moment. Before that, I was doing OpenNext with sst.dev on AWS but it started feeling annoying.
victorbjorklund•44 minutes ago
If you are using nextjs it is easier because vercel done a lot of things to make it a pain to host outside of vercel.
Bridged7756•11 minutes ago
Do you have any examples?. I'm not that acquainted with the pains of deploying Next apps, though I've heard that argument being used.
kingleopold•about 2 hours ago
it's free for newbies and everyone, ofc it's a trap but freemium model gets people. aws can cost easily few thousands with 2-3 mistakes and clicks. vercel makes you start free then if you grow they bill you 10x-100x aws
arealaccount•28 minutes ago
I dunno I put a lot of traffic through Vercel, maybe 100k visitors per day, and it was under a few hundred a month. I think a couple EC2 instances behind a load balancer would cost similar or more. I was under the impression that its still a VC subsidized service.

They regularly try to get me to join an enterprise plan but no service cutoff threats yet.

Bridged7756•about 2 hours ago
I suppose their market is one click deployments. Maybe for non technical people or people not willing to deal with infra.
sidcool•about 2 hours ago
Can one host a Next js app on cloudflare?
kstrauser•6 minutes ago
Maybe. CF’s runtime isn’t perfectly identical to Vercel’s. For instance, CF doesn’t support eval(), which is something you shouldn’t be doing often anyway, but it did mean that we can’t use the NPM protobufs package that’s a dependency for some Google SDKs.
phpnode•about 2 hours ago
yes, https://developers.cloudflare.com/workers/framework-guides/w...
dennisy•about 1 hour ago
Ohh this is very cool!
arkits•about 2 hours ago
Develop experience. Ephemeral deploys. Decent observability. Decent CI options. Generous free tier.
locallost•about 2 hours ago
I started using it a few years ago when I moved to my current company, and have to say I've learned to like it quite a bit. Moving to Cloudflare is an option, but currently it just works so we can't be bothered. Costs are not nothing, but basically no issues with it until now, and it's not so expensive that it raises eyebrows with the biggest being that we have 3 seats. The setup is quick and again it just works. We are a very small team, and the fact we don't have to deal with it on a daily/weekly basis is valuable. Obviously this current situation is a problem, but I am not sure which platform is free of issues like these. People act like it can't happen to me, until it does.
dboreham•about 2 hours ago
It takes a while to realize you're being gaslit.
gjsman-1000•about 2 hours ago
0.82% of homes are burglarized every year.

Meaning since 2015, you’ve got an 8.2% chance of having someone walk out with that box. Hopefully there’s nothing precious on it.

jimberlage•about 2 hours ago
Assuming that all homes are at equal risk of being burglarized. In practice the neighborhoods I’ve seen are either at much higher risk or much lower risk.
0123456789ABCDE•about 2 hours ago
and burglarized homes have higher prob. of being burglarized again, and probabilities don't accumulate but compound, and is the server even in a house?
zuzululu•about 1 hour ago
I definitely do not keep it at home but the thought has crossed me for smaller less demanding boxes.
FreePalestine1•about 2 hours ago
They didn't imply the box was at their home and that probability is off
loloquwowndueo•about 1 hour ago
That’s not how probabilities work.
operatingthetan•about 1 hour ago
Imagining a thief walking in and demanding the home's RAM gave me a chuckle though.

Thieves probably look for small stuff like jewelry, cash, laptops, not some big old server.

zbentley•about 1 hour ago
Or burglars.
burnte•about 2 hours ago
If they have good backuos, no worries. Mine is in a locked colo cage in a datacenter, so I'm not worried either.
0123456789ABCDE•about 2 hours ago
yes, this is indeed how probability works. thanks.
operatingthetan•about 1 hour ago
>you’ve got an 8.2% chance of having someone walk out with that box.

The chance of being burglarized is not the same as the chance that when you are hit, they decide to take your webserver. Think it through.

_jab•33 minutes ago
> Vercel did not specify which of its systems were compromised

I’m no security engineer, but this is flatly unacceptable, right? This feels like Vercel is covering its own ass in favor of helping its customers understand the impact of this incident.

sdoering•about 4 hours ago
Dupe. Other thread with comments:

https://news.ycombinator.com/item?id=47824463

leetrout•41 minutes ago
Porter also had a breach recently. I assume it is as tightly scoped as they say to not have publicized it.
landl0rd•30 minutes ago
Wow, maybe Cloudflare can help them secure their systems? I hear they have a pretty good WAF.
OsamaJaber•31 minutes ago
That's why infra needs stricter internal walls than normal SaaS
adithyasrin•about 4 hours ago
The original link posted in the post has almost same content: https://vercel.com/kb/bulletin/vercel-april-2026-security-in...
jheitzeb•about 2 hours ago
Missing from Glasswing