No-Code vs Vibe Coding: What Actually Works for Practitioners? (Jeff Kuo, Ragic) - Episode 351 Prep

  • DOP 329: Vibe Coding and The Technical Debt Time Bomb
  • DOP 323: The Security Nightmare of Vibe Coding
  • DOP 175: Applying DevOps Principles to Low-Code and No-Code Applications
  • DOP 174: Security Concerns in Low-Code and No-Code Applications
  • DOP 125: What Is the Low Code Movement?

Differentiation from past episodes: We’ve hit vibe coding security (323) and tech debt (329) hard. This episode shifts to the practitioner’s decision framework — when do you reach for no-code, when do you vibe code, and when do you just write the damn code? Jeff brings the no-code perspective, and you and Viktor can push on the nuances and limitations of both approaches.

Guest Background: Jeff Kuo

  • Role: Founder & CEO of Ragic (no-code database platform)
  • Based in: Taipei, Taiwan (US headquarters in Covina, California)
  • Education: BS in Information Management from National Taiwan University; MS from National Chiao Tung University (thesis on semantic web and graph-based data modeling — the foundation for Ragic)
  • Career before Ragic: Part-time developer at TSMC during grad school (built database solutions for IC chip manufacturing); then developer at Springsoft (EDA software), where he implemented Oracle ERP systems and built web apps
  • Founded Ragic: 2008, completely bootstrapped — no VC funding. Quote: “Back then in 2007, there’s not a lot of VC or Angel funding in Taiwan.”
  • Business metrics (as of April 2024): ~$5M ARR, ~4,000 paying companies, 50 employees, profitable
  • Recent: Launched Ragic AI (October 2025) — users describe apps in natural language and Ragic builds the database application. Built on Google’s Gemini 2.5 Pro.
  • Published: “The Perils of Vibe Coding and the Evolution of No Code Platforms” on DEVOPSdigest; “The Coming Shift from Bigger AI Models to Smaller, Faster Ones” on RT Insights (Dec 2025)
  • Awards: Ragic shortlisted in 2025/26 Cloud Awards for “Most Innovative Use of Data” and “Cloud Innovator of the Year”

His known stance: Strongly critical of vibe coding, advocates no-code as the safer alternative. Key quote: “Novice programmers can use AI to write software, but they will leave gaps because they don’t know what they don’t know.”

Notable Ragic customers: Taipei City Government (slashed $2M in costs, built COVID-19 task allocation system in 3 days); CineConcerts (Harry Potter Film Concert Series — manages 300+ annual performances with 4 staff); Dr.aiR (shortened lead times from 3 months to 2 weeks)

Opening Hook Options

Hook 1: The Practitioner’s Dilemma (Problem-focused)

“Every week there’s a new tool that promises you don’t need to write code anymore. Vibe coding says ‘just tell the AI what you want.’ No-code platforms say ‘just drag and drop.’ But if you’re the practitioner who has to maintain whatever gets built, support it at 2 AM, and explain to security why customer data leaked — which one actually works? That’s what we’re digging into today.”

Hook 2: Karpathy’s Retreat (Provocative)

“The guy who coined ‘vibe coding’ — Andrej Karpathy — already says it’s passe. One year later, he’s calling it ‘agentic engineering’ and talking about testing, oversight, and governance. Meanwhile, a no-code database company out of Taiwan has been quietly doing this for 17 years without the hype cycle. So what does the person who’s been building no-code tools since before it was trendy think about all of this?”

Hook 3: The Security Body Count (Bold Statement)

“In the last year, vibe-coded apps have leaked 72,000 private photos, exposed 1.1 million DMs, and an audit of 5,600 apps found over 2,000 vulnerabilities. But here’s the thing — no-code platforms have their own graveyard of failures too. So if neither approach is bulletproof, how do you actually decide what to use?”

Segment Structure (Guest Episode — 45-60 min)

1. Opening Hook + Guest Introduction (3-5 min)

Guest intro talking points:

  • Jeff Kuo has been building no-code tools since 2008 — before “no-code” was even a term
  • Bootstrapped Ragic to profitability with no VC funding (rare in SaaS)
  • Background includes TSMC and enterprise ERP — he knows what real production systems look like
  • Recently launched AI-powered database building, so he’s not anti-AI — he just has opinions about HOW AI should be used in development

Transition to topic: “You published a piece called ‘The Perils of Vibe Coding’ — but you also just shipped an AI feature. So you’re clearly not anti-AI. Where’s the line for you?”

2. Guest Background & Context (5-10 min)

Discussion prompts:

  • Walk us through the origin of Ragic — you were at TSMC and Springsoft dealing with enterprise databases. What made you say “there has to be a better way”?
  • You bootstrapped this for 17 years with no VC. In a world where Lovable became a unicorn in 8 months, what’s the tradeoff between moving fast with hype and building something sustainable?
  • Ragic AI uses Gemini 2.5 Pro to let users describe apps in plain English. How is that different from vibe coding? Isn’t it the same thing with a different label?

Key tension to explore: Jeff is using AI to generate applications. His PR pitch criticizes vibe coding for doing the same thing. Where exactly is the line between “AI-assisted no-code” and “vibe coding”? Push on this.

3. Core Topic Deep Dive: No-Code vs Vibe Coding (15-20 min)

Jeff’s likely position (from his published articles):

  • Vibe coding = black box. You can’t see, debug, or maintain the code.
  • No-code = pre-built, tested code blocks with professional design and built-in safety.
  • Quote: “Vibe coding asks AI to translate binary data into functional software. No-code creates software using tested, pre-built code blocks.”

Discussion prompts:

  • You’ve said “there is no substitute for software expertise.” But isn’t the whole point of no-code that you DON’T need software expertise? Who’s the actual user here?
  • The CodeRabbit study found AI-generated PRs have 1.7x more issues and 2.74x more XSS vulnerabilities than human-written code. But what’s the bug rate for no-code apps? Do we have data on that?
  • Andrej Karpathy — the guy who coined vibe coding — already walked it back. He now calls it “agentic engineering” and says you need testing, oversight, and governance. Doesn’t that evolution address your concerns?

Data points to reference:

  • METR RCT (July 2025): Experienced devs were 19% slower with AI tools on large codebases, despite predicting they’d be 24% faster
  • Escape.tech audit: 5,600 vibe-coded apps, 2,000+ vulnerabilities, 400+ exposed secrets, 175 PII exposures
  • Tea dating app breach: 72,000 private images, 13,000 government IDs, 1.1M DMs exposed — Firebase left completely open with no auth
  • Lovable CVE-2025-48757: 170 of 1,645 tested apps had exposed databases; Lovable’s “security scan” only checked if RLS existed, not if it worked
  • 92% of US devs use AI coding tools daily; 41% of all code globally is now AI-generated (2026)
  • No-code market: $28.75B (2024), projected $264B by 2032

4. Practitioner Impact / Real-World Application (10-15 min)

The decision framework — when to use what:

Approach Good For Bad For
No-code CRUD apps, internal tools, workflows, forms, dashboards, prototypes Complex integrations, custom UIs, high-performance systems
Vibe coding Quick scripts, prototypes, personal tools, boilerplate generation Production security-sensitive apps, large codebases, team projects
Traditional code Core business logic, differentiating features, scale, complex systems Simple internal tools (overkill), rapid prototyping (too slow)

Discussion prompts:

  • For a team lead at a 50-person company with no dedicated IT — walk us through the decision. They need a CRM, an inventory tracker, and a customer portal. What gets no-coded, what gets vibe coded, what gets built?
  • You mentioned Taipei City Government built a COVID system in 3 days on Ragic. Could they have vibe-coded that faster? What would the tradeoffs be?
  • What happens when a no-code app hits the wall? The data shows 47% of orgs worry about scalability and 37% about vendor lock-in. What’s the migration path when you outgrow the platform?

Wardley Mapping framework (useful mental model):

  • If the capability is commodity (auth, CRUD, dashboards) → use a platform
  • If it’s your differentiator → build it (maybe with AI assistance, but with proper engineering oversight)
  • If it’s novel/experimental → prototype with whatever is fastest, then rebuild properly

5. Pushback & Counterpoints (5-10 min)

Common Pushback / Where Practitioners Might Disagree

1. “No-code is just a different kind of lock-in”

  • 47% of organizations worry about vendor lock-in with no-code platforms
  • If Ragic goes away or changes pricing, you’re stuck — at least with vibe-coded apps you own the code (even if it’s bad code)
  • Open-source alternatives (Appsmith, Tooljet, NocoDB) exist specifically to address this

2. “No-code hits a complexity ceiling just like vibe coding does”

  • Only 12% of enterprises use no-code/low-code for critical business processes
  • The pattern: prototype fast on no-code, hit walls, rewrite in real code anyway
  • InfoWorld: no-code tools “fail extremely short for scaling, despite being amazing for prototyping or testing MVPs”

3. “The security argument cuts both ways”

  • No-code platforms centralize risk — a vulnerability in the platform affects ALL apps built on it
  • At least with custom code, you can patch your own vulnerabilities
  • How does Ragic handle security audits, pen testing, SOC 2 compliance?

4. “AI-assisted coding is maturing fast — the problems are temporary”

  • Thoughtworks Technology Radar Vol 33 (2025): the industry has moved past informal vibe coding toward “structured, security-conscious, context-aware AI development”
  • The problems Jeff cites (no debugging, no maintenance) are being solved by tools like Cursor, Claude Code, and GitHub Copilot Workspace
  • Karpathy’s “agentic engineering” with testing loops may close the quality gap

Discussion prompt for Jeff: “If someone came to you and said ‘I built my whole business on Ragic and now I need to migrate off because I’ve outgrown it’ — what does that conversation look like? How portable is what they’ve built?”

6. Wrap-up & Takeaways (5 min)

Discussion prompts:

  • For practitioners listening right now — what’s the one thing they should evaluate before choosing no-code vs building it themselves?
  • Where does Ragic go from here? You’ve added AI — does no-code eventually converge with vibe coding, or do they stay separate?
  • What’s the thing about this space that practitioners consistently get wrong?

Call to action: If you’re a team lead or engineer evaluating tools right now, do a Wardley Map of your capabilities. Figure out what’s commodity (use a platform), what’s differentiating (build it), and stop trying to use one approach for everything.

Research References

Articles

Security Incidents

Guest Research

Frameworks