According to the release:
Adds experimental PostgreSQL support
The code was written by Cursor and Claude
14,997 added lines of code, and 10,202 lines removed
reviewed and heavily tested over 2-3 weeks
This makes me uneasy, especially as ntfy is an internet facing service. I am now looking for alternatives.
Am I overreacting or do you all share the same concern?
You must log in or # to comment.
Yeah, this is now inherently untrustworthy. Better to switch to an alternative.
I’m a developer
I sometimes sometimes use AI for an answer to a complicated problem because normally I’d open up 20 pages , have to go through them all to find the right answer
AI gets me the answer right away, though it likely is completely wrong or at least partially wrong. Either way, it gives me a general direction and with that I only have to search through one or two pages to confirm, so the same process is just a little faster.
I laso have used AI on a couple of occasions to ask it to write code for a complicated problem. Again, you don’t copy the code, god no, it’s always the worst, and it is in 80% of the cases still at least riddled with bugs, or just complete bullshit. However, it might give me an alternative idea or a direction to take to implement or fix this complicated feature problem.
That’s the extent to which I’ve used AI and for the foreseeable future that won’t change because AI still can’t code. It’s still wildly flailing around and it might produce something that implements a certain functionality, but it’s a guarantee that that functionality will have more bugs and security holes than features
I am also a developer and agree entirely.
Asking for advice, examples or the occasional boilerplate is at most how I use AI and certainly not integrated directly into my IDE.
I understand this comment. AI sometimes saves a ton of mental power and time when I’m stuck on an issue. It can give some really good suggestions. Also, AI is a godsend for frontend shit. I don’t care what y’all say, I’m never touching CSS and HTML ever again. lmao.
Nah, wouldn’t do that. CSS needs to be well designed to function properly, you need actual developers for that or you’ll screw over your users.
But yeah, to give quick pointers and ideas to flesh out, it’s reasonably useful
If that is enough to warrant it’s extreme energy use, the spread of AI slop everywhere, the pollution, the uncontrolled datacenter expansions, the explosion in hardware costs it created, the countless death and suffering it caused through AI psychosis, the AI childporn bots (hello grok, are you still the world’s biggest child porn producer or did Elmo finally reign you in to again be mecha Hitler?), the…
Long story short, AI will likely end this world in a long list of fucked up ways, I don’t think it’s worth it
Until then, I’ll use it as a suggestion tool, not much more
Bro, what the hell. Lmao. “Hey AI is horrible in all ways and is doing harm to the planet and people and kids, but I’ll use it regardless. Hear me I’m a good guy. I hate AI, but I’ll use it”. That’s virtu signaling, isn’t it?
It’s not virtue signalling, I know very well what I’m doing is hypocritical at best, but it’s also unavoidable for me. For one, I’m using it like this at work where they’d love nothing better than for me to start vibe coding. This is the compromise I’ve been able to make so far.
No judgement. I just thought it was funny.
Well yeah
I’m not proud of it, in any case :)
Definitely share your initial concern. Without strong review processes to ensure that every line of code follows the intent of the human developer, there’s no way of knowing what exactly is in there and the implications for the human users. And I’m not just talking about bugs.
They say it’s reviewed, but the temptation to blindly trust is there. In this case, developer appears to have taken some care.
The code was written by Cursor and Claude, but reviewed and heavily tested over 2-3 weeks by me. I created comparison documents, went through all queries multiple times and reviewed the logic over and over again. I also did load tests and manual regression tests, which took lots of evenings.
Let us hope so. Handle with care to ensure responsibility is not offloaded to a machine instead of a person.
Definitely time to find an alternative. What the actual fuck is this
there is this repo that lists some slopware : https://codeberg.org/small-hack/open-slopware maybe someone can add it
did not know that the serde developer tolnay is a military apologist. I’m disgusted. serde is a very good tool… I’ll think about what to do about this. such a shame…
we’re all so fucked
This doesn’t make me uneasy. It makes me resentful, a little angry, and a lot tired. Thanks for bringing it to attention, I will make sure that nothing of that project or from that author will ever cross my ecosystem again.
You’re gonna have a lot of hate in your blood if you go around acting like the most skilled engineers aren’t using AI to write code.
There’s a massive difference between “using AI to write code” and refactoring almost 15k lines in a single push.
The “best” uses of AI in coding are for small blocks. You don’t just tell it “I need a program that does X, Y, and Z” because that will (at best) result in horrible code. Instead, it’s best practice to use it for small blocks of code, where you tell it something more akin to “I need a function that takes {a} as a variable, does {thing}, and outputs {x}.” That way you’re not using it to generate giant swaths of code all at once, you’re just using it to generate individual functions that you can then use as needed.
But it also means that the “most skilled” (as you put it) programmers are basically putting themselves in a permanent debugging seat instead of working as a developer. And in many cases, debugging code can be just as (or more) difficult than writing the initial code. It’s also why senior devs exist to audit code from junior devs, because it’s assumed that junior devs will inevitably make mistakes that need debugging, or will make code that clashes with code from other junior devs. And it’s the senior dev’s job to ensure that the code is both functional and integrated properly.
And this “adding 15k lines of code and ripping out 10k lines” push smells a lot like the former “write me a program to do {thing}” usage.
But 15k likes of code and heavily reviewed over 2-3 weeks is not just adding code and ripping it out. It’s extremely easy to get 15k lines of code changes in a couple hours with AI. And it’s not gonna be all slop.
Most skilled engineers, and even mildly skilled engineers don’t use slopgenerators to write code. Some of them use it sometimes to do some menial tasks, although I’m not convinced it actually saves them time. It sure doesn’t every time we measure it.
There is however a plague of low skilled people who convinced themselves that they’ve found a shortcut to being an engineer. Those people are producing bad things at a fast pace, and the only reason we’re not in an unsolvable crisis yet is that their slop isn’t hitting prod very often on account of being bad.Lol you can definitely generate a large amount of non slop and if you keep believing that then you’ll never see it as a tool to multiply your skills on.
Fuck, I love ntfy, it’s one of the best self hosted push notification systems I’ve used. It has been flawless so far.
Don’t like this.
That’s concerning. If it was “I generated a function with an LLM and reviewed it myself” I’d be much less concerned, but 14k added lines and 10k removed lines is crazy. We already know that LLMs don’t generate up to scratch code quality…
I won’t use PostgreSQL with ntfy, and keep an eye on it to see if they continue down this path for other parts of ntfy. If so I’ll have to switch to another UP provider.
ts getting you pinned to 2.17 in the compose file 🥹🤞🥀
Oh ffs…
Thanks for the heads-up
I just set up a ntfy server for Unified Push earlier this week to use with Matrix. Now I have to turn around and immediately replace it…
Same here. Literally just set it up and now this.
I hope the author will roll this back or someone else makes a fork. I don’t want to immediately switch technology to XMPP/Matrix/… and have to do it all over again.
I’m so tired of that.
I’m using it for scripts notifications + unifiedpush. I don’t know where to start to find the fitting alternative.
The maintainer you and said that they tirelessly tested, reviewed and verified changes over the course of 3 weeks to make sure that things were running and operating correctly.
This is how it should be done. It’s not like they’re vibe coding this.
And the lead dev for Huntarr said they were following best practices, and had a heavy background in cybersecurity. And we’ve all seen how that turned out.
This change 100% smells like vibe code. They refactored nearly 15k lines of code in a single push. That’s not something you just do on a whim without a team of full time devs or vibe coding. And we know they don’t have the former, so it is almost certainly the latter.
Wait… what happened to Huntarr?
Long story short? You should kill the container and change your related passwords/API keys. The dev tried censoring it for a while, but couldn’t keep up with the posts. They eventually nuked the entire sub and deleted their Reddit account. They also privated their GitHub and changed their username.
I’ll embrace the inevitable fork.
Uovote and comment on: https://github.com/binwiederhier/ntfy/issues/1645
Please add this to the post.
