@seclink: Advice: Beginners should not abuse viber coding. Mixing Chinese and overseas large models, viber coding — I've stepped on all the development pitfalls: 1. Timezone issues: Chinese large models use Beijing time, US models use US time... 2. Error code type confusion...

X AI KOLs Following News

Summary

A developer shares various development pitfalls encountered when mixing Chinese and overseas large models for viber coding, including timezone, data types, database design, security vulnerabilities, etc., advising beginners to use it with caution.

Advice: Beginners should not abuse viber coding. Mixing Chinese and overseas large models, viber coding — I've stepped on all the development pitfalls: 1. Timezone issues: Chinese large models use Beijing time, US models use US time... 2. Error code: Is it int or str? Can't tell clearly. 3. Soft delete: Is it actually deleted or just flagged as 'is_deleted' = true? 4. Status codes (500, 400, ...) are scattered all over the project... 5. Database slow query settings, N+1 problem not considered... 6. SMS verification code and real-name authentication anti-brute force measures not considered... 7. State machine: 8 states now, 10 states the next day, then 7 states the day after... 8. Variables with the same business meaning are written with different function names or different variable names. 9. Function names that are written but not used. 10. Not using ORM, but bare SQL, leading to primary key auto-increment issues. 11. Database uses JsonB, causing difficulties in data querying and retrieval. 12. Highly severe horizontal privilege escalation vulnerabilities and vertical privilege escalation vulnerabilities are rampant... ...
Original Article
View Cached Full Text

Cached at: 06/03/26, 03:42 AM

Suggestion: Beginners should not abuse vibe coding.

Mixing Chinese and overseas large models with vibe coding, I’ve stepped on all the R&D pitfalls:

  1. Timezone issues – Chinese large models follow Beijing time, while overseas models follow US time…
  2. Error code type – Is it an int or a str? Hard to tell.
  3. Soft delete – Is it actually deleted, or just flagged as is_deleted = true?
  4. Status codes (500, 400…) – Scattered all over the project with no consistency.
  5. Database slow query settings – N+1 problem not considered.
  6. SMS verification codes & real-name authentication – No brute-force prevention in place.
  7. State machine – One day it has 8 states, the next day 10, then back to 7…
  8. Same business meaning, different function names or variable names – Inconsistent naming.
  9. Functions written but never used.
  10. Not using ORM, raw SQL instead – Leads to auto-increment primary key issues.
  11. Database design with JsonB – Causes difficulties in data querying and retrieval.
  12. Critical and severe horizontal privilege escalation & vertical privilege escalation vulnerabilities – Widespread.

Similar Articles

@yibie: Using Local Models as Primary Coding Tools: A Practical Report from Mid-2026 There was a post on Hacker News with a straightforward title: "Is anyone using local models as their primary coding tool?" 197 comments, incredibly dense with information. A dozen real users discussed their daily configurations, pitfalls they encountered, and why they still choose local models even though they know they're not as good as...

X AI KOLs Timeline

This article summarizes practical experiences from a Hacker News discussion about using local models (mainly Qwen 3.6 35B-A3B) as primary coding tools, including configurations, effectiveness (approximately 50-75% of frontier models), key techniques (such as preserve_thinking), and different user positions.

@vansvoler: Successfully activated a CMLink UK SIM card using DJI 4G module + Vohive. But this setup has greater significance for me because the RedPocket card, if reactivated, would require being in the US. Now that's no longer an issue. Also, there is a learning curve with this setup — I...

X AI KOLs Timeline

User shares how they used the DJI 4G module and Vohive software to successfully activate a CMLink UK SIM card, solving the issue of RedPocket card reactivation requiring US location, and notes that the Vohive project repository has been deleted, with their own fork available.

@xiangxiang103: Wow, Anthropic really dropped the ball this time. Someone dug up hidden code in the Claude Code binary — specifically designed to detect whether you're a Chinese user or routing through China. Not ordinary telemetry, but deliberately obfuscated, not mentioned in release notes, and completely unknown to users. The process goes like this: - Detects you...

X AI KOLs Timeline

Hidden code was discovered in the Claude Code binary that specifically detects Chinese users or proxy routes, and secretly modifies system prompts to add watermarks, sparking widespread concerns about trust in developer tools.