There is a big difference between having people with experience coding using AI assistance vs having people with no or little experience coding using AI assistance. Generative AI spits out junk information all the time, including junk code. People with enough coding experience can read the AI-generated code, detect bad code, and manually delete the bad code. People without enough coding experience will use whatever code AI generates.
Since you are a iNaturalist moderator posting on iNaturalist forum to promote your app, does this mean your app has the backing of iNaturalist?
Authorized iNat apps can permanently screw up a person’s observations and identifications from bad edits and deletions. Basic questions I would ask anyone who creates who creates iNaturalist app that requires authorized access:
How much experience do you have with iNaturalist?
How much experience do you have in coding?
Is the code open source so that other people can view the code?
If you use AI to code the site, would you be able to create the app without AI?
For me, question four is a deal breaker. Software bugs are normal part of writing code. If there is a bug in the software, does the vibe coder know enough to fix the bug? Even if the person who created the app does not have bad intentions, a person with malicious intent could submit a pull request and add code to the app that does really bad things. If a vibe code doesn’t know enough to detect bad AI-generated code, then they also don’t know enough to detect bad code from people with malicious intent.
I moved your response to a new thread as it’s almost entirely not specific to the obscured observation viewer and I asked people to keep the discussion on topic. (And to address the one comment that was about the viewer: as a volunteer moderator, my app has no special status with iNat and is no more approved for use than anyone else’s.)
if you’re implying that jwidness doesn’t know how to code without AI assistance, or that she didn’t at least review the AI contributions, i think that’s wrong. i think it’s fine to criticize constructively, but i’m not sure that’s what your original post is doing.
Today, AI kind of sucks at coding anything original and complex. jwidness’s tool required programmer guidance.
I agree with the concern about safety: it’s possible for bugs or malicious instructions to exist in any code. Fortunately the code is not obfuscated and can be inspected easily if you’re uncertain.
One thing that would help is… finding a local or regional organization with interest in the functionality that might host the application. There are zero organizations that would host an application without a clear understanding of who wrote it and without looking at the code. The problem is… the organizations that any of these applications are targeted at don’t have the resources to do this.
It’s almost as if there needs to be a new non-profit that certifies code written using api’s offered by observational technology platforms (iNat, gbif, ebird, bugguide). Their role wouldn’t be to assess the functionality… only to give an indication of… this person didn’t have ill intent and we have reviewed the source code and see nothing malicious here. Then they’d host the application from their own server rather than the developers GitHub repo.
How much experience do you have with iNaturalist? I’ve been a member since April of 2020, have over 2800 observations and over 5000 identifications.
How much experience do you have in coding? I was a software developer from 1994 until 2007 when my second child was born. The problem is… It was before github (we used eclipse). I also refuse to spend any money since I’m doing this for free. I use the GitHub web interface from a $100 Chromebook. Basically, I could be a junior high kid on a school supplied chromebook. I’m not, but theoretically I could be.
Is the code open source so that other people can view the code? Yes, but it looks like C rather than JavaScript since the mobile billing and switch provisioning application we provided to at&t and sprint in the 90s was written in C.
If you use AI to code the site, would you be able to create the app without AI? Yes, as long as JavaScript can interpret logic that looks like C. I figure, if any of it really takes off, someone will run it through terser anyway.
Is there a possibility that you are old and in the way? Yes. Yes there is.
It would be incredibly helpful if some local and regional earth science organizations (nature centers, zoos, park districts, etc)… began hosting small applications like this for people who they have met in person… people from their own physical human networks. These are organizations that people trust to protect them and forgive when it’s done imperfectly. I can understand why they’d be resistant… but the platform (and many of the small ancillary applications) seem like they’re being written to serve them, so…
It seems like the app that triggered the conversation would be useful for a regional nature conservancy. an organization that might have people trusting it with obscured observations occurring on private properties. if jwidness were able to say… “the source code for one of my applications has been reviewed by My Local Nature Conservancy. They’ve agreed to host my new app. It’s available here → www.my_local_nature_conservancy/obscured/view_mine.html”.
That would probably increase the trust level of people interested in using the application. It would also put the local conservancy in a position to host the application for other conservancies.
I’m not opposed to this idea, but I don’t think it addresses the fundamental issue. Users of software have two real options when it comes to evaluating it -
trust someone else’s skill and expertise (which are always somewhat fallible)
trust their own skill and expertise (if they have them), which are also somewhat fallible
I don’t think I’d trust my local/regional conservation organization to authoritatively vet code anymore than someone I know on the forum. In fact, if I have an established track record with someone on this forum, I’d likely trust them more.
I think the general issue is - 100% of us use software that we haven’t/can’t authoritatively evaluate for good code everyday (just like I can’t validate that my car is perfectly safe to drive every time I use it).
For applications with a high importance (credit card transactions, confidential info), I am going to try to use highly supported, trustworthy software (though even Windows, bank software, etc. is routinely hacked). For more niche software (like custom extensions that are only going to be used by a small audience), this isn’t really possible. Of course, they are also going to be much less desirable targets for any bad actors. To continue the car analogy, if I need to fix the airbag on my car, I might be sure to take it to the dealer/highly certified mechanic to make sure it is done as close to 100% right as possible. If I want a custom mod to my car, I might be content to watch a Youtube vid and do it myself or get a friend to help.
In the case of using user-built apps/extensions for iNat, I think that users will always need to make their own choice about what type of risk they will accept. But trying to get high-level vetting/support for a passion project with a small audience probably isn’t realistic or feasible.
It would be going too far to suggest that they’ll be “authortatively vetting” anything. They’d be saying. We use this because it’s in our interest to use it. We know the person who developed it. We met with them and allowed them to show us how they did it. If you want to use it too… we’re running a version of it from our server. If you have problems with it, let us know because we have a real-world relationship with this person.
And yes… this is more for custom extensions of core functionality that would target specific use cases for specific regional organizations.