According to the release:
Adds experimental PostgreSQL support
The code was written by Cursor and Claude
14,997 added lines of code, and 10,202 lines removed
reviewed and heavily tested over 2-3 weeks
This makes me a bit uneasy, especially as ntfy is an internet facing service.
Am I overreacting or do you all share the same concern?
Definitely share your concern. Without strong review processes to ensure that every line of code follows the intent of the human developer, there’s no way of knowing what exactly is in there and the implications for the human users. And I’m not just talking about bugs. How do you know there isn’t malware?
They say it’s reviewed, but the temptation to blindly trust is there.
If you use ntfy mainly as a Unified Push distributor, then I highly recommend switching to a XMPP client that can do the same.
I was also using it for notifications but I’ll probably switch to E-Mail for that and find an alternative UP distributor.
Uh. I’d really prefer if people experimented with new technology a bit more cautiously and not directly jump to “the biggest release […] ever done”.
Yeah, this is now inherently untrustworthy. Better to switch to an alternative.
Send push notifications to your phone or desktop using PUT/POST
I’m sorry, how many lines of code for that?
They are not even trusting it themselves. This is from the release notes
I’ll not instantly switch ntfy.sh over. Instead, I’m kindly asking the community to test the Postgres support and report back to me if things are working
Fuck that.
Conversations is working very well on my phone for that.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| IP | Internet Protocol |
| XMPP | Extensible Messaging and Presence Protocol (‘Jabber’) for open instant messaging |
[Thread #146 for this comm, first seen 8th Mar 2026, 10:40] [FAQ] [Full list] [Contact] [Source code]
The size of that changeset means that it’s inherently unreviewable.
The commit history is something I’ve seen only in the PRs that even the most dysfunctional companies would demand a rewrite for.
Also, 2-3 weeks review? PostgreSQL support could be added in that time without the need for a damn „vibe check”. Hell, it would probably take less time than that.
if you want to send one notification from your desktop to your phone, it’s easy. but from any device to (m)any other, with guaranteed delivery and no doubles? shit gets complicated.
To be fair they would have needed to spend time testing the manual implementation as well.
The problem I see mainly is that even if this rolls out perfectly, the erratic and changing nature if llms still make it pointless as a proof of concept. Next time Claude might fuck up in a fringe way that’s not covered by unit tests and is missed by manual tests.
On the other hand I guess I’ve been guilty myself on numerous occasions to implement fringe bugs into production code, but at least I learn from it.
Classic “test in production” strategy, very solid!
So it’s a little more than just sending notifications, then.
no, it’s literally all in service of sending notifications. but there’s a lot involved. android doesn’t have a way to receive them natively for example, you need to go through google’s services. so ntfy has to emulate the firebase api. then there’s the “exactly once” requirement, which is basically the two generals problem turned up to eleven because every platform syncs differently and you need some way to store messages that are in the process of transmitting. then there’s the matter of punching through NAT, so you need a STUN/TURN setup on the server.
and that’s on top of the fact that every platform requires different build options, manifests, certificates, etc.
I made my statement as a BDD/TDD practitioner.
The code goal of software engineering is not to deliver said code, but to deliver it in a framework that lets others—and consequently me in a week’s time—to contribute easily. This makes both future improvements and bug fixes easier.
Dumping a ~25000 lines changeset with a git history that’s almost designed to confuse is antithetical to both engineering and open source.
I just set up a ntfy server for Unified Push earlier this week to use with Matrix. Now I have to turn around and immediately replace it…
Do you know any? I’ve never really looked beyond ntfy.sh until now
Definitely time to find an alternative. What the actual fuck is this
NOOOOOOOOO
Oh ffs..
Thanks for the heads-up
I only know NextPush (Nextcloud App), but there is also something called Autopush I think?
Test in production is the best. We spent months warning from data bugs and nobody bat an eye (upstream bug, not our responsibility but we noticed) When it was d launched in prod we just pointed out the bug that nobody fixed was still there and immediately a war room was formed and the bug fixed within an hour.
It honestly seems more efficient to let shit hit the fan than to fight everybody to do their job.
Same here. Literally just set it up and now this.
I hope the author will roll this back or someone makes a fork. I don’t want to immediately switch technology to XMPP and do it all over again.
You’re implying a shitty capitalist company that nobody cares for if it burns down. A tool like this though that is self-hosted by a lot of people (29.1k stars on GH!) and that is internet-facing is very different.
For sure, the song of the hero who fixed the production bug is oft sang at meetings but the loser who prevented the bug to begin with gets no credit.
I’ll embrace the inevitable fork.
Do you recommend an app?
Gotify is supposedly a good alternative. Looking into it myself now.
Time for a fork?
I’ve been meaning to put something like this in my setup for a while, but definitely not this now! List of alternatives in the Custom Communication section at awesome selfhosted
I have the same concern..
Then, let’s just call it “massive decentralized surprise testing”
fuck
I meant to ask already: what is the actual technical difference between mqtt and ntfy? For me it feels pretty similar technique, just one is used for push service and the other not. So it feels like reinventing the wheel. Maybe somebody here can enlighten me?
@ueiqkkwhuwjw just this quote at the start of the release notes
> 14,997 added lines of code, and 10,202 lines removed, all from one pull request
This is already a major red flag even without the ai stuff right? Can't believe anyone would flaunt that like this.
Im quite hesistant with idea of AI writing my code. At one point your AI wont help you with fixing certain bug and you will have to go through all of this AI slop. Not to mention you deploy debt code.
there is this repo that lists some slopware : https://codeberg.org/small-hack/open-slopware maybe someone can add it
The first three on this list can do it: https://joinjabber.org/docs/apps/android/
Explanation here: https://joinjabber.org/tutorials/service/unifiedpush/
Heck. Guess I won't be hosting that then
I think the main difference is that services adapt to mqtt while nfty adapts to services to send the msgs. Also, nfty offers push notifications on your Android device.
That’s concerning. If it was “I generated a function with an LLM and reviewed it myself” I’d be much less concerned, but 14k added lines and 10k removed lines is crazy. We already know that LLMs don’t generate up to scratch code quality…
I won’t use PostgreSQL with ntfy, and keep an eye on it to see if they continue down this path for other parts of ntfy. If so I’ll have to switch to another UP provider.
I’m assuming this is some sort of canary message to indicate that the code base has been compromised, the author can’t talk about it, and everyone should immediately stop using the service. Surely no-one would be unwise enough to commit this otherwise?
Even ignoring the huge red LLM flag, a 25kLOC delta in a single PR should be cause for instant rejection as there’s no way to fully understand or test it, let alone in 2-3 weeks.
Ai can be powerful and destructive at the same time.
Ai coding can help a lot in accelerating software development. In the right hands that is. Meaning the software engineer still reviews the code. Test it. And takes responsibility. In those cases there is nothing wrong with it.
The problem is that some programmers are using AI without even looking at the end results. Just approves everything, commits, push and release. That approach is wrong and especially inexperience engineers might fail in this trap. So in this case the code has most likely a lot of duplicated code, full with bugs and other issues. Some issues you encounter it for the first time, since it wasn’t tested etc.
In the latter story, you feel the impact. And the downsides of Ai. And only see the negatives of Ai. You might say it’s Ai slop even. Or vibe coded. Which is correct.
Tldr: Ai can be very powerful in the right hands. It still requires a lot of human time and effort to get it correct. And if the engineer is too lazy then you feel the consequences.
Gotify is not UP compatible still AFAIK. That’s why I went to ntfy.
Well now I certainly am glad I didn’t migrate from Gotify as I’ve been slowly planning.
There’s SunUp one F-droid, but I don’t know anything about them.
Hmm, no, I think I’ll just uninstall.
Damn, I guess I’ll stick to the older release for now. Hopefully a viable alternative/fork comes around.
Was this written with genAI? Even the TLDR is padded fluff of common talking points
Look, if he wanted to introduce AI code, whatever, but doing it all at once in a 14k line change (biggest release ever by his words) is crazy.
Fuck, I love ntfy, it’s one of the best self hosted push notification systems I’ve used. It has been flawless so far.
Don’t like this.
25kLOC delta in a single PR should be cause for instant rejection
Not to pick at nits, but it would be VERY different if it was 1k lines added and 24k lines removed. There’s something extremely satisfying about removing 10k+ lines of unnecessary code.
No thumb down reaction emoji 🤔
Awesome page, thanks. Have bookmarked.
Harfbuzz though? That’s going to take some replacing. Hopefully someone will fork an earlier version. The thing that it does (accurate multi-script font shaping) is difficult to do; requires a lot of rule-of-thumb knowledge that’s unlikely to be possessed by a single person, needs a lot of collaboration.
Agreed. I have a sense that, eventually, development communities will figure out etiquette and policies to govern LLM usage. But how do you enforce that kind of policy? Right now, it’s essentially a judgement call by the maintainers. It’s hard to catch sneaky LLM usage.
On the other hand, I think there are objectively good ways to use LLMs for software: - High-level design and planning - Technical Research (although this tends towards the most popular tech) - POCs & rapid prototyping - “Textbook” solutions - TDD Red/Green development (where the LLM generates failing tests based on the high-level spec, and the programmer writes the implementation)
Uovote and comment on: https://github.com/binwiederhier/ntfy/issues/1645
Please add this to the post.
Upvote and comment on: https://github.com/binwiederhier/ntfy/issues/1645
I switched to Gotify when I ran into an issue where ntfy would delete old api tokens when creating more than 20. Only thing missing in Gotify is UniversalPush, other than that it feels actually more solid than ntfy to me.
I’m halfway with you, and halfway just considering that people think it’s relevant to include a tl;dr in a barely three paragraph comment. The feeling with tl;dr for me is a summary similar to a closing paragraph, and if anyone thinks that one sentence (“Ai coding can help a lot in accelerating software development.”) is somehow worthy of being summarized as if the point was proven (“Ai can be very powerful in the right hands”)… well, it sounds like shit because it is shit. Maybe it’s ai, maybe it’s just a really rushed dude making a throwaway comment in the fediverse, and maybe it’s just a person who is confident enough in their mind that they forget they haven’t made an actually decent argument outside of their past, and concluding as if they brought that past argument forth here is eye-raising.
Considering he’s on his own instance… I’m going to bet the context is somewhere between throwaway comment and invoking past assertions without citing them.
Time for a knife!^[I kid, I kid] Violence is the answer!
Oh goddamn it, I’m using this and don’t have an alternative lined up
I’m a developer
I sometimes sometimes use AI for an answer to a complicated problem because normally I’d open up 20 pages , have to go through them all to find the right answer
AI gets me the answer right away, though it likely is completely wrong or at least partially wrong. Either way, it gives me a general direction and with that I only have to search through one or two pages to confirm, so the same process is just a little faster.
I laso have used AI on a couple of occasions to ask it to write code for a complicated problem. Again, you don’t copy the code, god no, it’s always the worst, and it is in 80% of the cases still at least riddled with bugs, or just complete bullshit. However, it might give me an alternative idea or a direction to take to implement or fix this complicated feature problem.
That’s the extent to which I’ve used AI and for the foreseeable future that won’t change because AI still can’t code. It’s still wildly flailing around and it might produce something that implements a certain functionality, but it’s a guarantee that that functionality will have more bugs and security holes than features
Sure, that would be a little different, but unless you could make a convincing argument, backed up with a solid set of unit tests, at the least, as to why and how you were able to remove that much code whilst only adding a comparatively small amount, I’d still be inclined to reject it and ask for it to be broken down into smaller units.
Now, that explaination might be something along the lines of it being dead code that is not called from anywhere, or even that it was a patched version of an upstream library, and the patch is now included in that upstream, in which case, fair enough, good work, and thanks very much. As a rewrite or refactor though, it’s too big to sensibly review and needs breaking down into separate features.
They just replied:
What gave you the idea that this was a full rewrite? I moved things around with AI and added postgres support for the queries. Nobody has ever reviewed and tested anything more thoroughly than I did with this branch.
You are twisting what it actually is. You are assuming something that is not true.
This makes me think that they didn’t review or test it at all, lmao
I think there’s room for a little bit of nuance that page doesn’t do a great job of describing. In my opinion there’s a huge difference between volunteer maintainers using AI PR checks as a screening measure to ease their review burden and focusing their actual reviews on PRs that pass the AI checks, and AI-deranged lone developers flooding the code with “AI features” and slopping out 10kloc PRs for no obvious reason.
Just because a project is using AI code reviews or has an AGENTS.md is not necessarily a red flag. A yellow flag, maybe, but the evidence that the Linux Kernel itself is on that list should serve as an example of why you can’t just kneejerk anti-AI here. If you know anything about Linus Torvalds you know he has zero tolerance for bad code, and the use of AI is not going to change that despite everyone’s fears. If it doesn’t work out, Linus will be the first one to throw it under the bus.
That’s from Mozilla, another AI company…
Yeah, it could easily have added a couple of lines of code that sends everything to Northern Korean hackers because it found that in a bunch of repositories or just logging passwords to public logs or other things an experienced developer would never do. “AI” only replicates what it sees most often and as more spam and junk repos are added to its training data because “AI” companies are too concerned with profit to teach it properly, it could do tons of random stuff. It’s like training a developer by giving them random examples from the internet rather than specific ones. Of course they pick up bad habits. Even if it “works” it is almost never efficient or secure.
Thanks for the link. As a short aside for the other people here: Try not to spam developers. That usually achieves the opposite and makes them miserable, when we want them to not burn out and write good software for us. A thumbs-up emoji is the correct reaction for the average person. Or a code-review highlighting specific issues in the code.
It looks like that tool is more or less built by a single developer (you already trust their judgment anyways!), and even though the code came through in a single PR it was a merge from a branch that had 79 separate commits: https://github.com/binwiederhier/ntfy/pull/1619
Also glancing through it a bit, huge portions of that are straightforward refactors or even just formatting changes caused by adding a new backend option.
I’m not going to say it’s fine, but they didn’t just throw Claude at a problem and let it rewrite 25k lines of code unnecessarily.
I am also a developer and agree entirely.
Asking for advice, examples or the occasional boilerplate is at most how I use AI and certainly not integrated directly into my IDE.
Absolutely, the author needs to be able to reason about their changes, no matter what. However, the reason why I think the two situations are fundamentally different, though, is that it’s a lot easier to validate the existence of features than it is the non-existence of bugs or malicious behavior. The biggest risk to removing code is breaking preexisting features, whereas the biggest risk to adding code is introducing malicious behavior.
What is your concern? If it’s a generic “AI”, then I can assure you tha pretty much every software has AI code in it already. Heck, Linus is accepting PRs where AI has been used.
AI is useful. It produces useful code.
Like creative writing, it won’t produce something novel. But man, 75% of code is just boiler plate. AI can do a lot.
That does not absolve anyone of committing crap code. Put your name to it. Own it. Take the consequence of delivering shit code or great code, no matter how it was written. Don’t let AI be a crutch. But you’d be god damn fooling not to use it, where it’s right.
There’s a big difference between “AI was used in some capacity” and “Entirely vibe coded”
Of course. And when I hear “vibe coded”, I hear someone stating with “make me a cool app”.
If you have a thorough, deeply thought through technical spec, then AI can write a great amount of tests up against that spec, say, and you’ve got a fantastic base for TDD.
I honestly feel like a lot of the downvotes are people thinking AI means “clueless programmer having an AI do its work for you”. Many highly productive, deeply technical developers use it every day.
Wow a differentiated opinion on AI use :)
Idk man by the sounds of it, the AI implemented the entire back end change, adding 14k lines of generated code. The dev doesn’t even seem confident with his own testing. Sounds like it’s closer to the vibe-coded end of the scale to me.
Massive changes made by robit in what has been a pretty stable utility for years is (obviously?) my main concern. It’s absolutely a crutch, and seeing a dev lean on it like this gives me the same feeling Coach must’ve got seeing his star player limping into the big game on a real one. If dude wants to check out and let the machine run his project fine, but I’ll be looking for something someone still cares about and works on.
I think you’d be a fool to use it. At this point it’s subsidized by their need for training data/desire to manufacture dependency, but that won’t be the case for long. It’s expensive, detrimental to your skills, and damaging to both our planet and society. It centralizes and gatekeeps access to information, the most powerful resource of all. “Treat it like an inexperienced dev” managers say, while it replaces their opportunities to gain experience. How are they supposed to even tell great code from shit when everything they’re exposed to has been run through the averaging machine?
apt-mark hold ntfy
This is the biggest release I’ve ever done on the server. It’s 14,997 added lines of code, and 10,202 lines removed
Ugh, seriously? Great…
we’re all so fucked
You could, in the meantime, simply not upgrade to the version that uses AI.
Since, from what I’m seeing around, people are having issues looking for an alternative.
Well, Telegram does the something for free.
did not know that the serde developer tolnay is a military apologist. I’m disgusted. serde is a very good tool.. I’ll think about what to do about this. such a shame…
the linux kernel is on that list, bro it’s time to switch!
In reality how big of a risk it currently is? I just started to use it just for fun and personal projects. If previous version didn’t have security vulnerabilties then then there is no rush to update or am i missing something?
What’s the difference between ntfy (android app) and ntfy.sh?
Sigh. Time to switch to gotify
Ntfy.sh is the hosted version. Hosted by the author. Ntfy (android, ios) is the app that you use as a client.
I saved your comment for the added arguments against AI.
Something like https://graphite.com/ to create stacked PRs that are reviewable probably would have helped. Can be replicated with local LLMs or remote AI providers with locally configured agentic workflows. Never used graphite personally, but I’ve seen some open source maintainers use it to split up large PRs.
I understand this comment. AI sometimes saves a ton of mental power and time when I’m stuck on an issue. It can give some really good suggestions. Also, AI is a godsend for frontend shit. I don’t care what y’all say, I’m never touching CSS and HTML ever again. lmao.
I’ve never used ntfy.sh
I’ve only used Ntfy app for Universal Push that some apps need, and they recommend ntfy. Does this affect the app then? Ah, if so, what alternative can I use for just that purpose?
Read the README
Gotify is probably the next best thing, at least in terms of self hosted. Though doesn’t have the wide support of ntfy.
If using ntfy for UnifiedPush: https://unifiedpush.org/users/distributors/
If you use ntfy for UnifiedPush: https://unifiedpush.org/users/distributors/
been using EMQX plus an MQTT client on my phone for a few months now, I like it better than gotify since the app was chewing through my battery like a vampire.
it might be better now since my issues happened three-ish years ago.
Lot of hate for a project maintained by a volunteer and offered for free here. Nobody forces this free stuff on you.
Also Chrome, Firefox ans Ladybird!
ts getting you pinned to 2.17 in the compose file 🥹🤞🥀
Haha. I’m not a native English speaker.
You can run my text through Ai checkers if you wish. But it’s not Ai generated.
I’m not just on my own instance. I’m the creator of the software: Mbin. Previously known as kbin.
Indeed also read the paper called Programming as Theory building. From 1980. Which is very relevant today again. Since people lose the connection with the code due to Ai.
Upvote this guy
One of my favorite papers! On a similar note, I recently started reading A Philosophy of Software Design by John Ousterhout. Although it’s a lot more recent (2018), I’d argue it’s required reading in light of the LLM hype craze.
Also I can’t really answer the question if it’s bad or not what happens to ntfy.sh since it really depends on how the maintainer is using Ai here. Whether he did test the code, and read all the generated code.
Ai in itself isn’t the problem here.
Any AI usage immediately discredits the software for me, because it calls into question all of their past and future work.
How about you tell me what you see that I missed?
Oh boy, do I have bad news about 90% of the internet for you…
Time to switch to Plan9!
Lol my project has an AGENTS.md and its contents are basically, “Don’t use AI agents on this codebase.”
Linus sent an email recently to the Kernel Mailing List trashing AI slop and rejecting AI generated patches. The fact that he used it to play around with a script doesn’t invalidate the fact that he distrusts code written by LLMs when it actually matters.
Consider a donation to help people providing you the open source software you seem to depend upon.
Usage of a helper tool to perform tasks on code whether it is AI or the IDE internal features can reduce the work load of benevolent developers who has not asked you to use their softwares.
Maybe the language was not appropriate but get real. With the little revenue generated by the usage of people complaining, the use of AI agentic coding might be the only way to being features without pushing benevolent devs to burnout.
you mean this statement? https://www.theregister.com/2026/01/08/linus_versus_llms_ai_slop_docs/?td=rt-3a
If yes, your statement does not really match what Linus said.
Testing in production is the most idiotic last 10 years or so concept, which is mainly driven by incompetence of project managers.
Imagine if you get sold a car by a company, for 100k, then it start having major issues and the car company tell you: “we’ll fix it”.
While that does not necessarily apply to software or services or webapps, the logic still stands. You are selling bugs to people. Bugs that could have been cought, with some risk management and planning.
This EMQX?
Seems it’s no longer FOSS?
I’ve been using Gotify for a few notifications from Home Assistant and it doesn’t appear to be eating my battery.
It’s a little more responsive than ntfy - sometimes ntfy doesn’t alert for ages after the trigger (could be phone power saving the wifi…), but then I also get realerts from yesterday…. not had that with Gotify.
that’s the one.
FOSS or not, it still runs just fine on my infra. I prefer it over something like rabbitmq because it has a pretty slick admin webgui.
I’ll have to give gotify another try.
which is mainly driven by incompetence of project managers.
I completely agree. I work on an internal solution, which is a part of a very large product. It’s not a live product, only part of a pipeline that runs on a predetermined schedule. Our bit is the only one with actual business/performance KPIs, most of the other teams measure only “user story/CR points”. If the other teams screw up, it will impact our performance unless we prove it’s their fault. And of it’s their fault, they open a US/bug which improves their metrics (one more US closed). Our team has to think ahead and try to do things well in one go, because our bugfixing doesn’t count as work. But our speed is measured against people who benefits from half doing stuff. When we did massive effort, we got complaints we were slow. Now we do less effort and once every blue moon we have to do a hotfix. Most often than not when we have an production issue is due to the other teams that run before us on the pipeline, so we even had to develop checks to our input because they won’t add checks to their outputs. And they won’t because that’s a CR that requires extra funding that’s not approved, but we had to create them for our own sanity.
Yes, I’m looking to move out haha
I recently switched to gotify. Push notifications to iOS aren’t as good but I’m happy with it.
I’m so tired of that.
I’m using it for scripts notifications + unifiedpush. I don’t know where to start to find the fitting alternative.
oh no. not ladybird! You were supposed to save us!
The “single pull request” is a merge release from 79 separate commits.
You are completely correct, and to be honest I’ve tested commercial product features in prod as well on teams that have the capacity to handle it and make a living on it, unlike this maintainer.
I’m also experimenting heavily with vibe coding and I think it has many uses for a seasoned programmer while getting a lot of flak.
Of course there are issues and problems with it, but for me it had been helping out a lot.
I can see the pragmatic appeal. Maintaining a lot of code for an open source project is thankless. Go is designed for idiots like me so it makes sense that an llm should be able to emit code that mostly works. There are classes of errors that are less likely in Go and the compiler and linting will prevent some foot guns and then it would have been tested.
Ethically I hate anything to do with the llm industry and all it represents. I hate the environmental impacts. The social impacts. The disregard for intellectual property. The devaluing of human effort. The scam economics. I won’t use anything touched by it on principle and if that means walking away from a dead Internet so be it. There is enough pre-2020s books, audiobooks, movies, music and code to keep me interested for the rest of my life.
If more people were contributing there wouldn’t be a need for AI.
Non-sense comment. The project was fine without AI. And it’s so stupid: how do you expect people to contribute if there’s only AI? How do you expect developers to learn to code if everything is AI?
“but reviewed and heavily tested over 2-3 weeks by me. I created comparison documents, went through all queries multiple times and reviewed the logic over and over again. I also did load tests and manual regression tests, which took lots of evenings.”
This is the way.
Yeah, I mean, with or without AI, I’ve always only had a big pull request for releases, from a stable release branch into the main branch, the release branch would be a merge of various branches or just be worked on directly on various stages.
One big pull request doesn’t really mean anything.
Doesn’t matter, it’s entirely too much for one PR
Pretty much.
I’ve started using AI on a project last week and the first thing I do is write tests. Lots of tests.
With enough guardrails, you could actually get pretty decent quality output out of it and with enough regression tests, you can ensure that nothing’s actually breaking.
Similarly, reviewing its changes and actually reading the code that’s being generated to ensure correctness is necessary. However, I am finding ways to automate that and reduce the incident rate of problems to even lower than my co-workers.
The maintainer you and said that they tirelessly tested, reviewed and verified changes over the course of 3 weeks to make sure that things were running and operating correctly.
This is how it should be done. It’s not like they’re vibe coding this.
This doesn’t make me uneasy. It makes me resentful, a little angry, and a lot tired. Thanks for bringing it to attention, I will make sure that nothing of that project or from that author will ever cross my ecosystem again.
Self-host
It is possible to host your own Autopush server. Autopush is designed to work with Google BigTable but it is also possible to use it with redis.
For this: 1. Clone Autopush
# mozilla-services/autopush-rs
Autopush-rs
Mozilla Push server built with Rust.
At that point, I think: Why not just write the code yourself?
Writing the code is more fun that reviewing code, not to mention less error prone.
that’s nowhere near enough testing for such a large change… special one written by the slop machine
A many-month-long refactor on code you’ve already written is less than fun. While I don’t love seeing a project I’m using being 80% replaced by Claude code, I’ve had Claude code look at some of my old projects and find underlying issues I was able to verify, and then suggested a more best-practice approach that I wasn’t even aware of. The real question is, was the claude output better than the original code? If it is and it has unit tests and many eyes on it, it’s quite possible that it’s better off now.
I’ll sit on my current versions for a few months and let everyone else test it out :)
I agree with you, though even when I have just made a change myself, I am looking through the git diff like a crazy person.
So, still I think refactoring my own code is much more fun than telling AI to do it for me and then proceeding to review and test it for weeks (allegedly, lol).
You seem to be using it responsibly by asking it how things could be better.
I’d never copy and paste output from an AI or give it free roam to make a PR, etc myself.
I’ll probably be sitting out on this update for a while too until I gage the general reactions of people heh :)
Well it’s AI slop then - at least by the definition of most users here.
I’d run for the hills
There are so many issues with AI
True
That also means nobody is forcing me to use it. I respect the Dev but vibe coded anything is not for me.
A project is as good as its weakest point. While people might get butthurt by getting pointed at, a project is a group effort. Segregated teams are always a problem and almost always becomes a vulnerability,
Given current micro services architectures, we all have to get along with each other,for the greater good and the interest of the customer.
You sell shit, you get shit back. You sell high quality products with less obvious faults, you profit in the long run.
But no: “Let’s test in production”…
Why? What difference does it make that it’s big?
Keep in mind this is a single maintainer project, there are no PR reviews.
Same as always - by coding.
Nah, wouldn’t do that. CSS needs to be well designed to function properly, you need actual developers for that or you’ll screw over your users.
But yeah, to give quick pointers and ideas to flesh out, it’s reasonably useful
If that is enough to warrant it’s extreme energy use, the spread of AI slop everywhere, the pollution, the uncontrolled datacenter expansions, the explosion in hardware costs it created, the countless death and suffering it caused through AI psychosis, the AI childporn bots (hello grok, are you still the world’s biggest child porn producer or did Elmo finally reign you in to again be mecha Hitler?), the….
Long story short, AI will likely end this world in a long list of fucked up ways, I don’t think it’s worth it
Until then, I’ll use it as a suggestion tool, not much more
That’s it. Fuck AI.
Again, I agree and I’ve fought for that. But this needs to be top to bottom. We have budget slashed, morale in the ground across the board. Those who keep trying for the best fight a losing battle with those who already have up trying.
If the bosses don’t care about the interest of the “customer”, I don’t either. I’ve already openly spoken to my team saying I’m now ready for things to blow up and get the attention we need from the ones really high up. I’m done working overtime because anther team is already working overtime in something else or because some bullshit political 4D chess were they throw us under the bus for their failings or try to make theirs our work.
Had an annoying day with this things, sorry for dumping this here haha
Like ppl thinking skilled engineers cannot vet AI output. AI is pretty good for programming.
You’re gonna have a lot of hate in your blood if you go around acting like the most skilled engineers aren’t using AI to write code.
Creds?
You’d be amazed at how much an LLM can accomplish while you take a shit.
@ueiqkkwhuwjw the speed with which (just about) every open source project is going to be tainted by AI copyright issues is scary
What happened to “reviewed and heavily tested over 2-3 weeks” from the release notes? Maybe Claude wrote that too lol
At my company we have been using AI very heavily to write code lately, and if that sentence was used to justify a 10k+ diff, whoever wrote it/vetted the change would have their access to the codebase revoked
I have a few decades programming experience, as a professional software engineer, an open source developer, and a DevOps engineer. There is no way in hell I would do a code review where 15k lines were added and a similar amount of lines removed without having a long discussion with the person who made those changes. I’d want to ask a lot of detailed questions about the changes, questions that an LLM isn’t likely to answer, and most definitely not questions I’d be inclined to try to type into an LLM to try to get an answer.
Over the years I’ve dealt with all manner of bugs, from overflows & underflows, to bad assumptions about logic flow, and much much more. The whole purpose of pointed questioning of the author is to be comfortable with decisions made in the code and to minimize the chances of all sorts of potential bugs.
It’s not. That’s the problem. It actually sucks ass. It’s super low quality for anything more complex they s very simple CRUD app or a simple function. I say this as someone who s a heavy LLM user. It’s just bad code. It makes all kinds of simple mistakes. Just because code compiles doesn’t mean it’s good or does what you need it to do
And yet there are cases like the Huntarr debacle, where the dev simply thought “and make sure your code complies with best security practices” to their vibe code prompts actually made it secure.
They added 14k lines of code in a week, and ripped out 10k lines of existing code. That’s not something that a skilled programmer can reasonably vet in that amount of time. This is showing all the signs of AI slop, and none of the signs of debugged or vetted code.
I already acknowledged they’re using a Mozilla service. My comments was about the claim that they’re owned by Mozilla. What the fuck happened to reading comprehension?
There’s a massive difference between “using AI to write code” and refactoring almost 15k lines in a single push.
The “best” uses of AI in coding are for small blocks. You don’t just tell it “I need a program that does X, Y, and Z” because that will (at best) result in horrible code. Instead, it’s best practice to use it for small blocks of code, where you tell it something more akin to “I need a function that takes {a} as a variable, does {thing}, and outputs {x}.” That way you’re not using it to generate giant swaths of code all at once, you’re just using it to generate individual functions that you can then use as needed.
But it also means that the “most skilled” (as you put it) programmers are basically putting themselves in a permanent debugging seat instead of working as a developer. And in many cases, debugging code can be just as (or more) difficult than writing the initial code. It’s also why senior devs exist to audit code from junior devs, because it’s assumed that junior devs will inevitably make mistakes that need debugging, or will make code that clashes with code from other junior devs. And it’s the senior dev’s job to ensure that the code is both functional and integrated properly.
And this “adding 15k lines of code and ripping out 10k lines” push smells a lot like the former “write me a program to do {thing}” usage.
And the lead dev for Huntarr said they were following best practices, and had a heavy background in cybersecurity. And we’ve all seen how that turned out.
This change 100% smells like vibe code. They refactored nearly 15k lines of code in a single push. That’s not something you just do on a whim without a team of full time devs or vibe coding. And we know they don’t have the former, so it is almost certainly the latter.
🙃
Huh, I was wondering how rrds would help..
You’re absolutely right, and the vast majority of people on this platform seem to get offended by anything AI related. Software engineers have been reviewing code made by other people since the dawn of the craft. Guess what y’all, AI generated code looks exactly the same, if not better on the first pass at creating a thing.
Down vote me all you want homies. You’re living in a fantasy if you think all AI is slop. Sure, I can see how it’s ruining some content on the Internet, but for code related tasks, its going to dramatically change the world for the better.
Most skilled engineers, and even mildly skilled engineers don’t use slopgenerators to write code. Some of them use it sometimes to do some menial tasks, although I’m not convinced it actually saves them time. It sure doesn’t every time we measure it.
There is however a plague of low skilled people who convinced themselves that they’ve found a shortcut to being an engineer. Those people are producing bad things at a fast pace, and the only reason we’re not in an unsolvable crisis yet is that their slop isn’t hitting prod very often on account of being bad.
Wait.. what happened to Huntarr?
Bro, what the hell. Lmao. “Hey AI is horrible in all ways and is doing harm to the planet and people and kids, but I’ll use it regardless. Hear me I’m a good guy. I hate AI, but I’ll use it”. That’s virtu signaling, isn’t it?
Long story short? You should kill the container and change your related passwords/API keys. The dev tried censoring it for a while, but couldn’t keep up with the posts. They eventually nuked the entire sub and deleted their Reddit account. They also privated their GitHub and changed their username.
It’s not virtue signalling, I know very well what I’m doing is hypocritical at best, but it’s also unavoidable for me. For one, I’m using it like this at work where they’d love nothing better than for me to start vibe coding. This is the compromise I’ve been able to make so far.
No judgement. I just thought it was funny.