According to the release:
Adds experimental PostgreSQL support
The code was written by Cursor and Claude
14,997 added lines of code, and 10,202 lines removed
reviewed and heavily tested over 2-3 weeks
This makes me uneasy, especially as ntfy is an internet facing service. I am now looking for alternatives.
Am I overreacting or do you all share the same concern?
You must log in or register to comment.
Sigh. Time to switch to gotify
been using EMQX plus an MQTT client on my phone for a few months now, I like it better than gotify since the app was chewing through my battery like a vampire.
it might be better now since my issues happened three-ish years ago.
This EMQX?
Seems it’s no longer FOSS?
I’ve been using Gotify for a few notifications from Home Assistant and it doesn’t appear to be eating my battery.
It’s a little more responsive than ntfy - sometimes ntfy doesn’t alert for ages after the trigger (could be phone power saving the wifi…), but then I also get realerts from yesterday… not had that with Gotify.
that’s the one.
FOSS or not, it still runs just fine on my infra. I prefer it over something like rabbitmq because it has a pretty slick admin webgui.
I’ll have to give gotify another try.
NOOOOOOOOO
Well now I certainly am glad I didn’t migrate from Gotify as I’ve been slowly planning.
fuck
I’ll embrace the inevitable fork.
I’ve been meaning to put something like this in my setup for a while, but definitely not this now! List of alternatives in the Custom Communication section at awesome selfhosted
Ai can be powerful and destructive at the same time.
Ai coding can help a lot in accelerating software development. In the right hands that is. Meaning the software engineer still reviews the code. Test it. And takes responsibility. In those cases there is nothing wrong with using Ai for software development.
The problem is that some programmers are using AI without even looking at the end results. Just approves everything, commits, push and release. That approach is wrong and especially inexperience engineers might fail into this trap. So in this case the code has most likely a lot of duplicated code, full with bugs and other issues. Some issues you encounter it for the first time, since it wasn’t tested etc.
In the latter story, you feel the impact. And the downsides of Ai. And only see the negatives of Ai. You might say it’s Ai slop even. Or vibe coded. Which is correct.
Tldr: Ai can be very powerful in the right hands. It still requires a lot of human time and effort to get it correct. And if the engineer is too lazy then you feel the consequences. If you got an experienced software engineer that takes the responsibility of the code. Reviews it thoroughly. Test all corner cases, etc. Then AI can be powerful and helpful.
Was this written with genAI? Even the TLDR is padded fluff of common talking points
I’m halfway with you, and halfway just considering that people think it’s relevant to include a tl;dr in a barely three paragraph comment. The feeling with tl;dr for me is a summary similar to a closing paragraph, and if anyone thinks that one sentence (“Ai coding can help a lot in accelerating software development.”) is somehow worthy of being summarized as if the point was proven (“Ai can be very powerful in the right hands”)… well, it sounds like shit because it is shit. Maybe it’s ai, maybe it’s just a really rushed dude making a throwaway comment in the fediverse, and maybe it’s just a person who is confident enough in their mind that they forget they haven’t made an actually decent argument outside of their past, and concluding as if they brought that past argument forth here is eye-raising.
Considering he’s on his own instance… I’m going to bet the context is somewhere between throwaway comment and invoking past assertions without citing them.
You can run my text through Ai checkers if you wish. But it’s not Ai generated.
I’m not just on my own instance. I’m the creator of the software: Mbin. Previously known as kbin.
People need tldr today, due to TikTok. 😅
Agreed. I have a sense that, eventually, development communities will figure out etiquette and policies to govern LLM usage. But how do you enforce that kind of policy? Right now, it’s essentially a judgement call by the maintainers. It’s hard to catch sneaky LLM usage.
On the other hand, I think there are objectively good ways to use LLMs for software:
- High-level design and planning
- Technical Research (although this tends towards the most popular tech)
- POCs & rapid prototyping
- “Textbook” solutions
- TDD Red/Green development (where the LLM generates failing tests based on the high-level spec, and the programmer writes the implementation)
Indeed also read the paper called Programming as Theory building. From 1985. Which is very relevant today again. Since people lose the connection with the code due to Ai.
there is this repo that lists some slopware : https://codeberg.org/small-hack/open-slopware maybe someone can add it
oh no. not ladybird! You were supposed to save us!
the linux kernel is on that list, bro it’s time to switch!
Time to switch to Plan9!
Also Chrome, Firefox ans Ladybird!
did not know that the serde developer tolnay is a military apologist. I’m disgusted. serde is a very good tool… I’ll think about what to do about this. such a shame…
Awesome page, thanks. Have bookmarked.
Harfbuzz though? That’s going to take some replacing. Hopefully someone will fork an earlier version. The thing that it does (accurate multi-script font shaping) is difficult to do; requires a lot of rule-of-thumb knowledge that’s unlikely to be possessed by a single person, needs a lot of collaboration.
I think there’s room for a little bit of nuance that page doesn’t do a great job of describing. In my opinion there’s a huge difference between volunteer maintainers using AI PR checks as a screening measure to ease their review burden and focusing their actual reviews on PRs that pass the AI checks, and AI-deranged lone developers flooding the code with “AI features” and slopping out 10kloc PRs for no obvious reason.
Just because a project is using AI code reviews or has an AGENTS.md is not necessarily a red flag. A yellow flag, maybe, but the evidence that the Linux Kernel itself is on that list should serve as an example of why you can’t just kneejerk anti-AI here. If you know anything about Linus Torvalds you know he has zero tolerance for bad code, and the use of AI is not going to change that despite everyone’s fears. If it doesn’t work out, Linus will be the first one to throw it under the bus.
Lol my project has an AGENTS.md and its contents are basically, “Don’t use AI agents on this codebase.”
Well it’s AI slop then - at least by the definition of most users here.
🙃
Upvote this guy
Time for a fork?
@ueiqkkwhuwjw just this quote at the start of the release notes
> 14,997 added lines of code, and 10,202 lines removed, all from one pull request
This is already a major red flag even without the ai stuff right? Can’t believe anyone would flaunt that like this.
The “single pull request” is a merge release from 79 separate commits. It’s the sum of all work, it doesn’t mean all of it was changed in one go.
Doesn’t matter, it’s entirely too much for one PR
Why? What difference does it make if he packages these commits in 1 or 10 PRs?
Keep in mind this is a single maintainer project, there are no PR reviews. He could be just pushing straight to the branch anyway with no PR at all.
I mean, yeah, he could also not use git and just write some random bullshit directly on prod while blindfolded and blackout drunk.
However if you want a good product and good code you need to follow best practices, and those include meaningful and small PRs that you can easily review, check, debug, and revert if necessary.
Im quite hesistant with idea of AI writing my code. At one point your AI wont help you with fixing certain bug and you will have to go through all of this AI slop. Not to mention you deploy debt code.
I have the same concern…
I meant to ask already: what is the actual technical difference between mqtt and ntfy? For me it feels pretty similar technique, just one is used for push service and the other not. So it feels like reinventing the wheel. Maybe somebody here can enlighten me?
I think the main difference is that services adapt to mqtt while nfty adapts to services to send the msgs. Also, nfty offers push notifications on your Android device.
Thanks for the heads up. I was considering trying
ntfyfor some home projects but now I will not.I’m assuming this is some sort of canary message to indicate that the code base has been compromised, the author can’t talk about it, and everyone should immediately stop using the service. Surely no-one would be unwise enough to commit this otherwise?
Even ignoring the huge red LLM flag, a 25kLOC delta in a single PR should be cause for instant rejection as there’s no way to fully understand or test it, let alone in 2-3 weeks.
25kLOC delta in a single PR should be cause for instant rejection
Not to pick at nits, but it would be VERY different if it was 1k lines added and 24k lines removed. There’s something extremely satisfying about removing 10k+ lines of unnecessary code.
Sure, that would be a little different, but unless you could make a convincing argument, backed up with a solid set of unit tests, at the least, as to why and how you were able to remove that much code whilst only adding a comparatively small amount, I’d still be inclined to reject it and ask for it to be broken down into smaller units.
Now, that explaination might be something along the lines of it being dead code that is not called from anywhere, or even that it was a patched version of an upstream library, and the patch is now included in that upstream, in which case, fair enough, good work, and thanks very much. As a rewrite or refactor though, it’s too big to sensibly review and needs breaking down into separate features.
Absolutely, the author needs to be able to reason about their changes, no matter what. However, the reason why I think the two situations are fundamentally different, though, is that it’s a lot easier to validate the existence of features than it is the non-existence of bugs or malicious behavior. The biggest risk to removing code is breaking preexisting features, whereas the biggest risk to adding code is introducing malicious behavior.
