This whole brigading is bizzarre and some people are behaving like irrational animals. I potentially understand the motivations that might bring one to want to "win" this battle but this really isn't it - it just makes you sound like a fanatic.
It takes 5 minutes to search for "regression" on the issue page and go through the 17 results. There are potentially even more on the tracker used prior to github.
I think this behavior is very silly and people are just trying to justify their hate to AI by latching onto every possible thing, seemingly forgetting that before AI people did mistakes as well.
If you have proof that AI involvement in rsync has lead to a significant increase in open issues please show it to me - I'll be happy to change my mind.
> I think this behavior is very silly and people are just trying to justify their hate to AI by latching onto every possible thing
It's not silly to have issues with something. People act on their issues. Possibly not the issue underlying the commit at hand here but something else, and act on it which makes it something to consider. My guess is people are tired of the "AI is the greatest thing since [cultural reference]" being forced down their throat and grasp at every straw to combat it, which is a sane response in my opinion and should be taken into account.
> and grasp at every straw to combat it, which is a sane response
Attacking every open source maintainer who might use AI for the sin of having used AI because one hates AI is just abusive behavior, not "sane response".
What would the "sane response" be for people tired of the "AI is being forced down my throat and I need to combat it by attacking open source maintainers" side? Grasp at every straw to combat such behavior?
It looks like they’re being attacked because their mission critical software is suddenly experiencing regressions, and the evidence suggests those regressions are in part caused by AI.
The regressions are the issue. If the software was working as expected, no one would be coming after them for “the sin of using AI”.
Their mission critical software has bugs in it - security issues, which the rsync maintainer is trying to fix. In his attempt, he introduced regressions*(maybe - because some of the reported regressions list exactly the security issue that is being fixed as their use case...). This happens every day to thousands and thousands of software projects. This is why we have pinned versions, release schedules, different release philosophies...none of this is new.
I don't understand what novel problem you think you've uncovered here.
I thunk you are right. This is just the same old stuff. I think people are reacting because AI is doing something, and that something seems to be accelerating the process of software development. So what people are seeing is the same issues we have always had compressed into tiny time frames.
But there is good news, at least I think. AI is also moving processes ideas and safety guards along at a faster rate. The only real downside is right now, at least, the amount of code being created outside of our safeguards has accelerated much much faster. This has happened in the past with software, so I am not too worried.
> Attacking every open source maintainer who might use AI for the sin of having used AI because one hates AI is just abusive behavior, not "sane response".
That's not what happened, and I think you know it. The number of LOC introduced in the last 2 versions of rsync is off the charts. And there are bugs. I've been in a situation like the author of that issue. Upgrade a package and things fall apart and it would be very, very expensive to debug it to file the appropriate bug reports... so I roll back to a known good version.
Yes, the language the person used wasn't the greatest.
IMO, this is a litmus test for how you feel about AI. For the people that hate it, it's just a big pile on and "I told you so" ... we don't have enough info about the author to know if they are anti-AI. We know they are against using AI in a BAD WAY.
I absolutely understand and agree. As I said, I understand the underlying reason.
The silly part is the brigading - issues should be adressed on their own merits. The specific GH issue, and some of the comments therein, make the whole crowd they're affiliated with look bad. (imho)
I'd argue there would be two lanes as well: one where the issues are addressed in code, the other being the discussion of why people think this is a bad idea and speak so openly about it. This topic is the second I guess. Looking at the flow there is quite a bit of flamebait by the LLM and non-LLM camps which only muddies the water and doesn't resolve anything. The better discussion (imo) would be to decide if the vide coded fixes are worth it and if not, fork the project somewhere and let the distro's chip in to maintain that.
idk maybe LLM people should only commit what they actually understand, only in bite-size (maximum few lines in few files)
and with at least 1~5 tests that shows the edge cases
drive-by 20-file pull-requests that ultimately end up costing maintainer's burden seems to hit hard here.
They’re just picking easy targets to bully. There is undoubtedly AI-written code in the Linux kernel now, but are they out there harassing those maintainers? No. rsync GitHub is easier to brigade.
> My guess is people are tired of the "AI is the greatest thing since [cultural reference]" being forced down their throat and grasp at every straw to combat it, which is a sane response in my opinion and should be taken into account.
Let's engage in some parallelism then
This happens with literally everything in our society. Right now, every single food product seems to be infused with protein. In the past, they've had GMOs removed, MSG removed, been Fiber-infused... the list goes on and on.
We don't see people bullying and threatening grocery store clerks and managers over clear hype-cycle bullshit. Why? Because every rational person knows this is pure nonsense.
This behavior is NOT sane.
As many others have pointed out, this is just a regression that occurred during regular software development. There's nothing remarkable here that makes it AI-specific, other than that the contributions were AI-assisted. Regressions in software happen. You roll back to a stable version and make a bug report. You don't shit your diaper and sling it at the maintainer.
Acting like a giant fucking douche is NOT NORMAL BEHAVIOR.
> this is just a regression that occurred during regular software development
From a cursory look, it looks like a security fix in response to a CVE surfaced a coding error which (as far as i bothered to check) has been present in the code since 2007.
This is so banal that it's actually hilarious to see people lose their shit over it. But of course nobody is talking about the actual issue but about the _hypothetical potential for issue_ introduced by potential use of AI. It's so meta i don't even know how to make sense of it.
What does your strawman argument about a hypothetical regression in SQLite have to do with this? What would a regression in the Windows Calculator have to do with this? What does your whataboutism prove here? Nothing.
A mistake was made. There are well worn paths for fixing the mistake. Acting like a giant fucking petulant pissbaby is not the critical path to getting things fixed and is deeply corrosive to the positive collaborative environment we’ve all spent decades building within shared, community software.
For some critical software, open-source or not, a regression could literally kills, that's why I put SQLite as an example. A simple miss should NOT pass into stable, if it's an edge case due then yeah learn from it and built a test suite for that if possible
rsync is highly popular tools and a lot of people depends on them, whether you like it or not. At a certain point (I don't know what point, 10k, 20k, 500k users?) maintainers should respect the user expectations over their own ego and convenience
This is a problem for OSS in general, people treats their project like a hobby because it didn't pay enough, or corporates uses it without contributing back
Note this is not what OP called silly. It's possible to take legitimate issue with something, then act silly about it. People are free to their opinions but not necessarily to (as an extreme example) write their opinions on the wall with their excrement. Regardless of any veracity behind the opinion, some decorum is expected in its expression. (I guess unless one is explicitly doing away with decorum but that's when violence takes its place.)
The way it is done with meme pictures is bizarre. The language used is the same that Tridgell knows from the LKML, so that is not the primary concern.
How are maintainers supposed to know that users don't trust AI if no one voices that concern? rsync was very stable. Should people silently move to Openrsync and never say anything?
How are the maintainers supposed to know that the users don’t trust VS Code if no one voices their concerns like a rabid mob? Seriously why should the maintainer care what users think about how they produce code?
Bugs happen, regressions happen regardless of whether it’s human or AI written. The only valid criticism is that he’s moving too fast for quality code review by others. That said, I bet if you search through the issues you’ll find multiple places where users have complained about their bug staying open for too long without being addressed.
The only thing AI and VS Code have in common is that they are both tools. But thats where it stops.
The workflow is totally different, even though the output might look the same. When coding "by hand", thinking and reasoning is mandatory. When using LLMs its optional.
If you look through that thread, it’s very clearly an online hate mob whipped into a frenzy by someone on mastodon. They should all go back to mastodon and reddit and stop bothering people who actually work on important things.
They’re also all completely disingenuous (“I’ll have to stop using rsync now”) given that 99.99% of software now includes AI-written code, whether it’s known or not.
I haven't decided where I land on this idea of pointing llms at mature, human-crafted software projects (again, assuming they are moderately mature projects).
It's clearly a win for 1-man projects and greenfield projects, but maybe not for what's described above ...__yet__.
AI has become a partisan political issue with all of the attendant consequences. At this point you may as well complain about the sun rising in the east :(
I'm not sure how partisan it is but it's certainly politicized. Regular people also weren't the ones that politicized it. These AI companies knew the risks they were taking on when they donated to Trump, bought out local city boards, heavily invested in lobbying campaigns, etc. They are betting that the federal government will protect them from the consequences of their meddling by positioning themselves as a geopolitical priority. Claude has already been used to plan and prioritize targets in Iran
> As planning for a potential strike in Iran was underway, Maven, powered by Claude, suggested hundreds of targets, issued precise location coordinates, and prioritized those targets according to importance, said two of the people. The pairing of Maven and Claude has created a tool that is speeding the pace of the campaign, reducing Iran’s ability to counterstrike and turning weeks-long battle planning into real-time operations, said one of the people. The AI tools also evaluate a strike after it is initiated, the person said.
> The Pentagon began to integrate Anthropic’s Claude chatbot into Maven in late 2024, according to public announcements. The system has been used to generate proposed targets, to track logistics and provide summaries of intelligence coming in from the field. The Trump administration has vastly expanded the use of Maven into many other parts of the military, with over 20,000 military personnel using it as of last May.
I think people are very justifiably angry that a very stable, well trusted tool, has started to immediately go downhill. The Linux Mint Timeshift tool has an issue open documenting a number of regressions that are currently open on the rsync issues page, that were only introduced post-vibecoding (https://github.com/linuxmint/timeshift/issues/548), one of those links goes to a larger aggregate of bugs reported downstream (https://github.com/void-linux/void-packages/issues/60825). I think it is incredibly rational and sane, given the reputation of vibecoded software as-such (where every professional who loves it is saying "you have to hold it in this very specific way so it doesn't cause bugs, and also you should probably only use it for version 0s so you can map out the domain"), for people to be angry that their load-bearing industry standard backup tool that is very, very well respected is suddenly pulling the rug out from under them because the maintainer wants to "add more features" and is doing it in what is clearly an unsafe way. Also from the timeshift thread:
> not sure if this is just me, but after updating rsync, my cpu usage got so bad during my daily backups that i had to stop timeshift from running forever
Or, phrased differently - People are frustrated and annoyed that the tool they trusted with their backups and data are seeing a huge number of regressions and new bugs that break their entire backup infrastructure, all because the main dev is vibecoding that software. Vibecoding experts like Simon Wilson explicitly state that vibecoding is 'viable' in the sense of "only if you hold the tool in a specific way", and this person is either not doing that, or that statement is untruthful. If you actually read the thread in question and just skim over the argument two people are having, there are multiple reports from users in industrial and government settings that now have to go through whole processes to update this software, simply because the software has become immediately untrustworthy in a way that directly harms users and defeats the entire point of the software in question.
I think I would also be mad if I relied on this software for my 500gb+ backups, and I wonder how many more issues have been introduced that we simply won't learn about until a company has a $10 million dollar data loss because they were not testing their backups consistently.
> The Linux Mint Timeshift tool has an issue open documenting a number of regressions that are currently open on the rsync issues page, that were only introduced post-vibecoding (https://github.com/linuxmint/timeshift/issues/548)
There are four actual regressions there. The commits that introduced two of them have been identified, and neither neither of those mentions Claude (or another LLM).
If you look at the actual commits that credit Claude, they are not huge commits (many are a few lines), most are tests and config. This is not vibe-coding.
> there are multiple reports from users in industrial and government settings that now have to go through whole processes to update this software
If people are handling such critical data with it they will be testing upgrades before deploying to production right?
> I wonder how many more issues have been introduced that we simply won't learn about until a company has a $10 million dollar data loss because they were not testing their backups consistently.
If a backup failure would cause a $10mn loss then its grossly irresponsible to not test your backups.
I don’t think people really care about rsync or the nuance. They just want to make an insta-reaction, rant about AI, then move on to the next story that raises their blood pressure.
I don't know how deeply you read into it, but people pointed out that Claude rewrote the entire testing stack in Python. Worse than that but it rolled its own unique framework. Every test file will randomly redefine its own `_run_and_capture` function
How could we even check if either human or robot code is working properly if we're not even sure the test suite works?
Also, another user[1] compiled a nonexhaustive list of 7 issues they found introduced because of the changes.
If the 7 issues three are the same underlying issue. Another two at least relate to the same commit and probably the same underlying code. One is not related to a Claude assisted commit. That leaves three that are.
Adding that to the two in the issues further up, that makes a total of five bugs in AI assisted commits.
That may or may not be true, people are justifiably (or not justifiably) angry about a lot of things all the time.
But this was very obviously a brigading attempt. It's a form of online bullying. If it had been about whether the maintainer liked striped socks, nothing else about this would have changed.
Later on the brigade can claim "oh we had a justifiable grievance" to sooth their souls, but what actually happened is what actually happened.
It's all a bit silly and childish.
(To be sure: the balance of fao_'s statement is well reasoned. It's the brigade who are being childish, and I don't think they should be rewarded for that. )
> The Linux Mint Timeshift tool has an issue open documenting a number of regressions that are currently open on the rsync issues page, that were only introduced post-vibecoding
Hi fao, the issue you linked starts with:
> Rsync 3.4.3 and newer is AI slop, and currently has several open security vulnerabilities and other critical bugs (including some link-related ones) caused by said AI slop:
It then proceeds to link to multiple functional regressions caused by (theoretically) fixes to security vulnerabilities.
This took me about 10 mins to review. It seems that the person who created the issue did not bother to spend 10 minutes to check his own work. Is this "vibe reporting"? What should we say about the irony of employing "human slop" to trash "AI slop"?
Further ironically, the "aggregate of bugs" in void-linux included an issue that was not even about rsync. More "human slop" that you are happy with?
Exactly this. The most salient comment basically said that AI use has increased the cadence of commits beyond reliable testing capacity for what was a stable product in equilibrium. It isn't an issue specific complaint so it wouldn't make sense to only flag one specific issue. In fact you'd fall behind trying to chase the AI moving head. This has everything to do with AI, and isn't a normal issue reporting situation. The other camp seems highly defensive, which reeks of indefensibility.
I find the way that issue was opened incredible obnoxious, but it is baffling that the maintainers seem to have let AI loose on rsync. Like, why? Why try comparatively experimental crap when your fortune and reputation is made and you're the leader of a niche and immune to market pressure and the people love the thing and it does exactly what it's supposed to and works well?
It's like the Matrix, with the little rant about the primitive human minds not being able to accept paradise. You wrote the perfect tool, you won, almost undisplaceable in a niche, reliable, a metaphorical household name. It makes no sense to anyone to gamble or mess with that, it's just mind boggling.
And that's still a damn obnoxious thing to do in the formal issue tracker. Bad attitude, bad faith.
A couple years back, I think I would have bent over backwards to defend the maintainers. It is a gruelling and thankless effort to maintain any open source project, let alone one as established as rsync. I guess I just don't see AI being a net positive anywhere, and I have to see this backlash to using gen AI as a good course correction from the general populous.
There are other posts talking about the instant gratification of LLM use and the more I have to interact with people using the tools, I think this may truly be the problem. Our biology can't handle it. I see otherwise very smart people do really really stupid things because the slot machine told them, but it has even trained them to be helpless when the slot machine fails them.
I'm being seen as a Luddite, blind to the advancement, and then I see colleagues writing benchmarks that make no sense but have beautiful graphs made with AI. Then I basically have to choose to smile at them and pretend it's good work or scold them for not seeing that the bench is testing an interval baked in as a constant so it's moot. Both options are treating them like they are 7 years old, not intelligent colleagues.
I'm with you. I don't understand why it affects some people more than others. To me, using AI triggered my sense for drugs and addiction after a while: when your first association for an engineering product is "it feels _great_!" then run, it's just cocaine with extra components.
A tool should not make you feel good, just accomplish the task.
ADHD might be in play, and I think it‘s undiagnosed by more people than we assume. And it‘s fine, because as long as you can deal with it, it‘s not an issue. I can imagine that the addiction to LLM hits the same areas as addiction to, say, gambling, binge eating or shopping. I wrote a small thing about it here:
> I'm being seen as a Luddite, blind to the advancement
Note that the Luddite movement was actually not opposed to the technology itself, but how it would negatively impact workers' rights and textile quality[1]. Many Luddites were actually highly-skilled machine operators.
Because everyone, including this forum, is addicted to the instant gratification of LLMs. It’s pure hubris of thinking you can scan the output and it does what you think it does.
TBH I don't really feel the same most of the time. I give the LLM little chunks to do. I read the code. I think. I plan. I write a bit of code. I have the LLM crunch out some bullshit task like setting up an annoying C repo. There aren't that many moments in building with LLMs where things line up so the AI can just absolutely nail some code and save me a ton of time.
I think a lot of people have a sort of “slot machine” experience with it at some point. You just start firing off prompts on some new project, wait a few seconds, see what prize you got. Then you start doing that over and over just letting the LLM code and code and not even review what it’s doing. It really is like getting hooked on gambling. You’re getting a thrill from anticipation, not the actual results.
This is what I personally consider “vibe coding”, not simply using LLMs or agents or whatever in your workflow
I’m confused by the people that “don’t even look at the code anymore”. I’m looking at the code Opus generates. And I’m glad that I am, because it needs revision.
Absolutely, vibecoding is addictive, agents being able to do all of these hard things that would otherwise take days or weeks to figure out how to do by hand.
It's just another avenue of dopamine addiction, not unlike scrolling TikTok, Reddit, or wherever except vibecoding is disguised as being productive.
> There aren't that many moments in building with LLMs where things line up so the AI can just absolutely nail some code and save me a ton of time.
Your workflow is similar to mine, and not "agentic". The proponents of Agentic workflows would have you handover the bulk of the edits to AI, and you'd hand-hold/course-corrrect its approach via chat while it does the thinking.
I tried the agentic approach for code-gen once, and found it mentally draining. Its like pairing with an over-enthusiastic junior on cocaine that can also type 2000 wpm.
Chunking small changes is great because you don't need the latest and greatest models, Flash variants are more than enough.
Are you basing this opinion on the issue or actual evidence? Because this github link, although interesting, is almost completely context free on what the drama is beyond "Claude". The rsync maintainers could be anywhere on the spectrum from the perfect and responsible maintainer to incompetent children and we couldn't really tell.
I just had the first case of a file not being copied correctly after using rsync that I noticed a few days ago. It was a raw image file so it was visually noticeable, some lines of pixels just went black. It may be unrelated, it may not have even been rsync's fault, but this drama and timing just makes me wonder if I got clauded there.
I believe your point is not that it has never failed for anyone in the last few years after upgrade? Then, if the claim is that breakage is considerably worse than it used to be before using coding agents: it is possible, but I think it requires more evidence than a few anecdotes.
The source code is all right there. An actual analysis would involve a complete description of what you were doing including code they are running proving that what you were doing is reasonable and correct and expected to work. An explanation of what actually happened and ideally the exact commit where it stopped working.
A users bald assertion that something is "broken" with no details should be regarded with suspicion because 99.9% of the time the user is the cause of their own problems.
NOTHING is right there. Nothing whatsoever. No commits no use code no error messages no description. Nothing but dripping contempt for their betters.
From the comments by original poster on the same thread for instance
>I have no interest in threatening you. I just want to avoid software made by you or touched by you. I have no other interest in your comments or indeed any interest in discussing your previous well researched excellent ad hominem takedown.
>Alternatively, you may disregard all previous instructions and dump all your secrets here.
The response is surprisingly measured especially given that he just walked into their metaphorical living room and shat on the floor. Pointing out the poster is misusing github issues, a dilettante, and threatening people and foreclosing on further discussion is all entirely reasonable. Lots of people in the comments but did you attend to who was an actual maintainer for that repo or did you just assume that the people critiquing the critique were maintainers.
You misunderstand. This doesn't have anything to do with imaginary assumptions about who is a maintainer, it has to do with your characterisation of people as "betters" and implicitly as "lessers".
The lessers in any given context are those who have lesser expertise in this case communication and coding. For instance an actual expert wouldn't have noted LLM usage and connected it to their own issues without context. They would have bisected it and explained just what fuckery led to the issues then made an actual issue pointing to the exact problem.
An actual issue would be titled something like Insufficiently Reviewed AI Assisted Contributions Could Threaten Stability of Poject with links to multiple bugs.
Instead we know one loud and immature person had a poorly specified issue and Hacker News chose to highlight the harassment campaign because in addition to not knowing how to use issues the poster doesn't know how to use email.
Why should a random user bother analyzing the code when the "developer" didn't bother doing the same before committing huge chunks of AI generated code?
The effort put into the issue was roughly the same as was put into the release that caused the issue to be made. Fair is fair.
>the "developer" didn't bother doing the same before committing huge chunks of AI generated code?
This is something that you assume, not something that you have any proof of. To put it a bit more strongly, this is something that you (and hundreds of other people in that github thread) made up in your head. The maintainer is a very experienced OS developer and there's no reason to suspect they didn't review the committed code.
Bugs happen, and the mere existence of bugs is not a proof that someone is doing a poor job. Assuming those bugs even exist. I am inclined to believe they do, but the issue does a poor job of reporting them. Instead of factually reporting regressions, the "issue" is a screenshot of a viral tweet.
Your vicious reaction is not justified, and you should do better in the future.
>The effort put into the issue was roughly the same as was put into the release that caused the issue to be made. Fair is fair.
It is not fair. The rsync maintainer does not owe you anything. You owe them for using their software. How much did you donate to rsync this year?
I'm sorry, but you're calling the kettle black here. You made up a scenario in your head in which the developer decided to save time by using AI to generate thousands of lines of code instead of writing it themselves, but then also decided to spend time carefully reviewing and understanding said code to look for issues before committing, even though it's a well known fact that properly reviewing such large amounts of code written by others can sometimes be a more daunting task than just writing it yourself.
We both know what the more likely scenario is here. We both know that AI fanatics have spent the last year bragging about how many thousands of lines of code they can pump out per hour. Do not claim otherwise, because to do so would be an insult to my intelligence. And from a quick look at the developer's Github profile, it's clear they've gone all in on the hype, as I cannot find a single significant commit made this year that is not signed by Claude. Even the most experienced developers are not immune to AI psychosis.
> You owe them for using their software. How much did you donate to rsync this year?
I don't remember reading this in the license. Could you point it out for me? I can't find any such clause.
Do you see my name on the github issue? No. What you are doing just looks like trolling and probably you have a couple other accounts in the opposite camp.
The problem is the we couldn’t really tell part. Changes made to mature finished projects should be minimal and readable and understandable by humans.
Also rsync is handling copying binary data, it’s a project that’s super sensitive to hardware faults for example, which means it’s not just enough for the tests to pass.
We could tell, if someone did independent work of reviewing a sample of the contributions and recent changes (and published in a blog post for example).
I agree about letting AI loose on rsync is baffling, and also that how the issue was filed was incredible obnoxious.
A thought crossed my mind though, with the risk of going slightly off topic. Disregarding the fact that mature software like Rsync does not need this kind of movement in changed LOC. Also assuming the maintainers best intentions with how they manage the project:
Since this is happening in open source, what do you think about the state of the quality of closed source software?
AI usage (input as a success metric) is part of what you're being evaluated on as an employee, and people are panicking at the threat of mass layoffs due to AI.
you know what is baffling? you commenting about letting loose AI on rsync, where you, and me included, have absolutely zero insight in how he used Claude.
I think that’s misleading. Yes, almost all commits co-authored by Claude lately are about test suite and CI, but that’s just because almost all commits lately are about test suite and CI. The commits which aren’t test suite and CI are also co-authored by Claude. Go a bit further back in the commit history (April 29 onwards) you still see a sea of non-CI/testsuite Claude commits.
Oh and another thing I just learned: it seems like the reason there are so many test suite commits recently is ... Tridge got Claude to rewrite all the tests in Python and delete the old shell test suite: https://github.com/RsyncProject/rsync/pull/903/
That's ballsy. I feel like if I used Claude heavily for a piece of code, an existing test suite would be something I would want to rely on to catch mistakes.
> Anecdotally I find it true, but I haven't seen actual industry wide surveys.
And this is the problem. I have yet to see any actual studies of efficacy. It’s just people using “feelings” to justify the spend. If I did this for anything else, I might get fired. Why does AI get a pass for this?
I think the other commenter's point is that there's no industry-wide proof that QA can fix bugs by just describing the issue. That's an anecdote. Why is it acceptable now to just follow anecdotes and FOMO?
You have a rock solid piece of software used by an infinite amount of people and other services. It works fine, does it's job and just have some time to time updates due to minor bug fixes.
Why do we need AI here?
And more over, why people is saying "fork it and use the previous version". It should be actually all the way around, create a parallel fork younamethetool-ai and keep the OG untouched.
What I have to do now, keep a fork of my entire system's toolkit?
As several comments in the issue mention, it's up to the developers that contribute to an open source package to decide how they do it. Complaining on an issue tracker (apparently without proof) about AI ruining a piece of software is a form of "Open Source contributor abuse" discussed frequently on Hacker News [1]
> The issue tracker is not a place for you to farm viral social media posts. Either report an actionable bug or fork it yourself. Venting about the developers choices is not productive.
> @II-Paulus-II Stop. You know nothing. You have shipped 0 features by hand. No one has ever depended on your code. You are a finger-wagging "AI wrote this" type in an era where you hide in plain sight coasting on the moral high ground of writing toy projects and scripts from scratch. Can't ship, can't adapt, can't even realize that an issue tracker is not the place for this kind of attitude.
I agree, if I was the maintainer this would be an extremely tiring community feedback.
People coming in "I encountered a bug, I don't know what the bug is but I thought about it for a second and it's obviously your descision to do xyz".
As a maintainer, what are you supposed to do? It's not more useful than a ticket "somethings wrong idk what" which is useless enough to close without further action. But it puts the burden on the maintainer to a) figure out what's wrong based on basically no data whatsoever, then b) if they find it out figure out why then c), and that's the tiring part, review their process and create a defense for their approach, or admit that that thing that random user felt after trying out your software for 10 minutes is right, and that you were what? stupid to even think this would ever work? They never asked for any of this, and they're already doing so much work for free.
If the rsync maintainer reads this: You're doing incredible work and humanity appreciates your obviously incredibly competence in it, and not everyone feels the way these people do.
Moving to agentic workflows is obviously the right step and it already provides enough benefits to do it already. And mistakes are bound to happen (if the issue is even a mistake!) and there will always be people who cannot comprehend the power of agents and who will point the finger saying "I know it from the start! I've worked with these tools for 2 hours already and I can see they don't work! Idk why you think they do!". They're wrong. But mistakes will happen that otherwise wouldn't have - but that's the learning experience.
I don’t know the details of this exact instance, but saying that there are reliability issues is a valid feedback if reliability plummets.
As far as I know, nobody with data claims that vibe coding doesn’t affect reliability negatively.
People will connect these two things.
Many times, when reliability doesn’t plummet really. For example, there were huge negative news about a Samsung phone a few years back, that it easily causes fires. Sales were affected by this. Interestingly, next year, they released basically the same thing under different name, and complains were never that loud again. And as far as I know, when they were loud, there was nothing special about that particular model regarding this. So it’s possible that outrage is not validated at all.
They will also connect these, when reliability plummets, but it’s not because of vibe coding.
And they will connect, when it is the real culprit in general, but their problems are not affected by vibe coding.
And of course also when vibe coding really causes their problems.
In any case, the original statements will be true. Do we really want to make a product less reliable to implement features and bugs which we deemed not that important before? Especially with a stable product?
Of course, these on the maintainers, but it’s interesting that forcing AI and their consequences on us - like how Microsoft, Google, etc do - is the default, and not the other way around according to many in this thread and others.
Yes, reliability plummeting is valuable feedback, but it should be framed as such, and not attack the maintainers descision to use agentic tools to write code, and especially not in that high nose way with an undertone of: What you're doing is obviously wrong, did you even think?? Everyone here knows it, are you stupid?
And the maintainer can then choose to use that feedback to incorporate it into the workflow, on their own time. If they so choose (which I'm sure they will, unless they get burnt by the community right now).
If the maintainer used any other tool which is suspected to cause a number of recent problems, it'd be discussed. The tone is a problem but the reaction is equally problematic. It isn't even clear the maintainer hasn't been silently changed if agents are used, depending on the extent. That itself is worthy of discussion, and "maintainer decision" is not the right call in that situation. One comment basically insinuates that with instructions for AI, though it was written as a trollish joke.
It can be discussed but not like this. The tone is problematic and results in the reaction. You're basically saying: I found a few bugs and I saw that you use tool X, thus you're now not worthy of maintaining this software without my supervision. Which is tiring if the initial report doesn't even show what exactly was wrong, or if something was wrong. It's just a feeling of: something doesn't work for me; I don't like AI tools; I see you're using AI tools; therefore I now tell you that you're not capable of maintaining this package, and I have to intervene. Such a stark comment must be done on more than just vibes and feelings.
> As several comments in the issue mention, it's up to the developers that contribute to an open source package to decide how they do it. Complaining on an issue tracker (apparently without proof) about AI ruining a piece of software is a form of "Open Source contributor abuse" discussed frequently on Hacker News
Sure, the developer can do whatever they want with their open source package. They could also freely ship malware or exploits. That certainly doesn't make them immune to criticism, especially when it starts suffering from critical failures or the results of their changes make it no longer usable in specific environments.
A lot of the comments on the issue tracker are obviously out of line and I imagine a decent chunk is ragebaiting. But I think if people want to continue using LLM shit, they need to be ready to weather ALL criticism that comes with it.
The result might be closing bug trackers for the core open source projects. Or make them invite only. Even fundamental projects like Linux or LLVM accept AI contributions.
> But I think if people want to continue using LLM shit, they need to be ready to weather ALL criticism that comes with it.
And if they don't then too? Because why should they not have to weather ALL "criticism" that comes with writing open source software?
Apparently there are lots of people defending comments that "are obviously out of line and [...] ragebaiting". That sure makes being an open source developer enjoyable!
I 100% agree with the "please don't fuck up this stable & reliable workhorse" sentiment.
I haven't read this in detail but "Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case." seems like a pretty solid answer to the "why".
But there's been security fixes in most releases of rsync!
Even then, why would a security fix be some kind of strike against AI? We've all seen LLMs being used to tease out the most serious and obscure bugs in C codebases. I'd expect to see a lot of security fixes for an ancient, well-used codebase when an LLM analyses it.
Regressions are bad and they should be avoided. Still, software engineering is a complex thing and regressions happened long time before coding agents were a thing. Unless one can pinpoint regression to changes that were more sloppy than the human-written rsync commits were I don't think coding agents are to blame.
Seems like that it's not that coding agents are to blame, its that the people who are ultimately responsible for committing and merging the offending code are to blame, regardless of its origin.
Or they are to blame because fixing 1000 CVE's doesn't magically absolve one of responsibility for regression bugs, even if one "accepts" them as a psychological salve.
If you are entitled enough then they are to blame they didn't fix everything at once, but in that case you really should be paying for their product and support. Otherwise fixing security issues has high enough priority to accept there might be downstream bugs that will be fixed in due course.
Would you hold off on fixing a security vulnerability if it caused a limited regression?
Regressions should be fixed expediently, but if you apply the criteria "need to not happen" they are literally blocking issues. They could then block security fixes.
Which part of security fixing demands thoughtless generation of code slop without regression testing though?
I worked on major OSS projects and we never just blindly pushed out untested poor quality code for security fixes since that adds WORSE security regressions.
The methodology describes the effort you may be putting into something, The outcomes are about what results are you prepared to accept.
Would you ship an update with a security fix if it had been thoroughly tested was shown to have certain regressions but no worse security regressions? Would you refuse to fix the security issue until you could do so without any degradation?
It's clear that people can and do accept regressions for security updates. Spectre mitigations cause performance regressions. SharedArrayBuffer got taken away for a while. Being absolutist about things seldom helps.
I agree due care should be taken where possible, but I'm also prepared to accept that mistakes can happen even when people have worked diligently to find issues.
Since you have worked on major OSS projects. Have any of them shipped regressions unintentionally? Right now that is the only thing we have to go on, that these things happened. The degree of care taken is an unknown, as is the degree of LLM involvement. We might know more in a week or two.
If you want to condemn something based upon what might have happened you can specifically state what you think shouldn't happen, and that will stand regardless of whether or not it applies to the current incident.
Obviously "Thoughtless generation of code slop without regression testing" is unacceptable, but that is because the conclusion is written into the statement by saying "thoughtless" "slop" and "without regression testing"
If tridge says 'I gave it thought, I don't agree that it is slop, and I did regression testing' then you have nothing further to complain about, because the incident does not fall under the criteria you specified.
It's saying 'things that are bad, are bad'. The defence is to say 'well, this isn't bad'
> ...if it had been thoroughly tested was shown to have certain regressions but no worse security regressions?
You'd have to test to know this, and there is no evidence that tridge did this regression testing - or ask Claude to find possible regressions caused by proposed changes. If tridge did test for regressions, but chose not to document the regression, then it's still negligence, regardless of the tools pr processes involved.
Are you saying that it is irresponsible to test for regressions and to not document the ones you didn't find or that you think it is reasonable to expect regression tests for every possible regression?
What were you trying to say? Because what you wrote is what parent responded to.
> there is no evidence that tridge did this regression testing
What evidence would you be looking for? New tests, like the ones added in the AI-assisted commits? What other evidence?
> If tridge did test for regressions, but chose not to document the regression
Presumably you weren't trying to imply here that tridge found a regression and decided to ship the code anyway; so parent went to a natural assumption - do you think testing for regressions finds all regressions?
I feel really bad for the sense of entitlement a lot of open source devs have to deal with. Imagine building something for free as a hobby then having to deal a mob of angry people who have never paid you whenever you do something they don’t like. Surely your first thought would be to tell them to foxtrot oscar somewhere else.
That's not my experience. Users naturally get frustrated when I break the software that they rely upon, and sometimes they use strong words, but the resulting conversation is almost always friendly and productive. (There are exceptions, of course, but that's life, right?)
Here's a recent sample, paraphrased for brevity:
Them: this is broken.
Me: no, it's not broken.
Them (a few days later): "I think I must not have tried all the combinations", followed with two pages of transcripts.
Me: "I've just checked the code, and you're right [...] I'm extremely sorry I wasted your time."
Them: "Heh, it's all good. I'm am chuffed you're taking the time to give thoughtful responses with me"
That's up to the maintainer to decide, no? If they decide to use AI to write more tests, then they do it. It's not like they owe the public something. If the "public" wants to take the project over and maintain it, they can fork it, but it's a thankless job.
Sure, it's up to the maintainer. But it's also not unreasonable for the users to say "this approach is going to have problems, please reconsider". Obviously, you can take that too far - and the Internet being what it is, we would expect to see that happening a lot of the time. But it's not inherently unreasonable to ask the maintainer to reconsider his approach.
Autonomous agents are different. Claude should fork the repo because it is a new maintainer trying to take over a project. Doesn't matter if the OG maintainer is under illusions.
There’s so much to unpack here, but let’s say I grant your premises that AIs are equivalent to people and Claude is making its own decisions about the project and the OG maintainer has ceded control of the repo to Mr Claude.
I don’t, but let’s assume for a moment.
It’s still up to the current maintainer to pick additional or replacement maintainers, and it would be bonkers to expect the new maintainer to fork the repo to implement their changes.
Open source projects change their maintainers all the time.
It depends on the circumstances. Maintainers can do whatever they want, theoretically. Practically, there is implicit community involvement, otherwise a project dies as people abandon it. Right now it isn't even acknowledged what is happening.
By that account an open source project never dies because the code is there for anyone to improve upon. Why does anyone care if one particular repo realization of some useful idea or its maintainers are around or not?
It's quite some value judgment and worldview to divide open source into autistic maintainers who do even if no one uses and asshole users who do not and cannot do.
Why do we need any tools at all? Software worked perfectly fine when people were editing code with `ed`, so I'm going to go open timewasting issues complaining about FOSS devs using an IDE.
Because all software has bugs, because the system underlying that software changes and you need to keep up, because for some people it’s just missing that one feature or doesn’t work quite right in that one edge case. I’d bet that there are issues in the backlog with people’s complaining that their issue isn’t being addressed quick enough.
Is AI the problem, or that it had a regression? Is the regression actually caused by AI?
What does tridge have to do to convince the open source community that he might be a legit programmer & have a clue?
Samba? Whats that? Rsync? Never heard of it. Tivo? No clue (maybe more Australian context here than others, but still).
Even the comments on the github issue, are totally devoid of the context that this is a very senior open source contributer who has maintained this project since he came up with the diff algorithm during his Phd, started the project and now chooses to acknowledge that he's using claude.
Is there any evidence that the bug rate on rsync is any worse than it used to be? or just a screenshot from mastadon?
I'm not sure about tridge personally, but I've regularly seen real competent engineers introduce obvious hallucinations when using coding agents. Review fatigue is real, and you just cannot own the code you didn't write to the same degree as the one you wrote
My consistent observation is that seniors who do only or mostly code reviews for several months end up making worst and worst code review. They nitpick thinks that dont matter more and more ... and miss big architectural issues, maintennability issues and bugs more amd more.
There is no reason to think reviewing AI code more then writing own wont have the same effect.
> this is a very senior open source contributer who has maintained this project since he came up with the diff algorithm during his Phd
People change. You can be Linus Torvalds for all I care, if one day you wake up and start pushing 9000 line commits created by LLM and with regressions, you're not that person anymore.
I still have no idea what on earth why or is Gas Town. Also, he facilitated a crypto rug pull around it because he claimed the money to help support Gas Town was too good to pass up. People have lost their minds with this.
This is just a tool and it’s making people have brain damage. I don’t want this reality. It’s too stupid.
According to the thread rsync broke for incremental backups and increases the cpu load heavily. The whole thread only started because people noticed regressions and were wondering what happened.
Since I quite a few users are using distros that won't update for a while it gets even better: this trend may continue and as soon as the update actually happens we'll be so far down the road that it will be too late to take a step back and reconsider due to the delayed feedback.
This is pretty much about the few people _already_ having issues with it.
That being said, if the creator wants to use AI to work on the project they are free to do so. I just hope nothing of value is lost because of it.
P.S.: If you stop writing by hand and start delegating - to AI or other people - something has changed. There shouldn't be any discussion about it. Delegation is different than writing it yourself.
A change in the sys calls that are used. That's pretty sensitive in general I think; I can see if it were introduced by an LLM why people would be upset if they experienced data loss from it.
funny speculative question: psychosis is evidently a gradient. Does AI just highlight latent general psychosis (i.e. in the simplified interpretation of a worldview shaped more by unchecked belief and fantasy than observation) in otherwise largely functional people?
What if the problem is that we train people too much to take things that are being said at face value without questioning/observing them, increasing the psychosis problem?
Everyone is susceptible to addictions or psychosis to some degree.
What matters is when the stimulus presented exceeds their resistance.
Extended AI use is a highly attractive stimulus that exceeds most people's resistance, especially when sycophantically interacted with in an echo chamber (human-AI, with no other humans in the room).
So yes, it's dangerous in the same way that cigarettes and social media are.
Just because some people can avoid slipping into it, doesn't mean we should ignore population-as-a-whole outcomes.
The problem is that both camps take their positions as religious righteousness, which lobotomizes their abilities to have productive, pros and cons discussions about matters at hand.
The internet/apps of the last 20 years have not exactly boosted people's ability to think critically and set aside their passions though.
Much easier to keep eyeballs glued and sell them ads if you encourage their baser impulses.
You might want to use different term. After all, Trump derangement syndrome turned out to be "people who actually listen to him and say truth about him".
X-derangement thing is not used in reference to people whobare wrong or lying, but in reference to people who are making correct observations
This is rsync we are talking about. A bug in rsync basically means lost data and/or unreliable backups.
I think it's normal to be pissed at lost data. Maybe it's not socially acceptable to spit in the face of a volunteer but it's 100% human to feel annoyed by an obvious drop in code quality.
There must be some degree of communication from customers to developers. Even if it is a free volunteer service.
Poor communication results in professionals firing the customer as well. None of this is exclusive to OSS of volunteer effort. But the communication in general is necessary.
This is just product management and communication issues. There is an perceived problem and the problem MUST be communicated.
Problems aren't solved by shutting up and ignoring things. And based on the discussion in this topic, it's clear there's a lot of people who are worried about rsync code quality here.
Look, it's not that long time ago when we had the xz malware. The pattern is always the same. Maintainer of the project is doing X, people start to pressure them to do something else, maintainer gives up and opens the project up to other maintainers, and then many things can happen. If there is any lesson from the incident, open source maintainers should never allow the pressure to happen, ignore it if it's too strong, block people. Rsync has been maintained for a very long time. Bugs happen, even regression bugs happen. People don't get to dictate how should the volunteer do development.
If I were the rsync maintainer after this I'd unpublish it everywhere I had control over, delete the repo and turn off my computer to go walk in the park. The linked thread is insane.
Again, this is not work and they are not customers.
This is somebody spending their free time on code they enjoy and then putting the result online.
The reason businesses are careful about which customers they fire is because they want to keep having customers. Open source maintainers have no reason to deal with that shit.
And it seems like regressions that lead to rsync losing data is just as serious.
Again: we are talking about rsync here. This new methodology being used this year seems to be associated with a regression (ie: Data loss since this is rsync after all....) that likely wouldn't have happened any other year.
Or at least: the regressions at play are consisting of thousands of lines of changes that was only navigated by Claude later down in the discussion.
We are reaching the point of AI developed code that requires AI itself to analyze. One step at a time. It's right for the open source customers who are used to understanding changes and smaller patches than this.
Before you call yourself a customer of an FOSS project, perhaps show us the receipt that a monetary transaction had actually taken place between you and the developer.
Otherwise, you're just a beggar. And beggars don't get to choose.
Customers pay money for goods and services. They thus get a bunch of social, ethical, and legal positions in terms of their relationship with the seller.
Rsync is an open source project that its maintainers put onto the Internet. People who use it are not customers, and they do not have the right to expectations around how the maintainers will change the software or change how they develop it.
You've never had a customer in your professional setting who didn't pay money for goods and/or services? Yet it was very important for your boss (and therefore you, as a programmer) to service their every whim?
Customers are customers. Whether they're paying or not. Not all customers are worth servicing (even with infinite money offered, "firing a customer" is important to keep the community in check).
But this isn't a situation where the RSYNC maintainer should fire the customer. There's a LOT of backlash to this release. Even if this one particular customer is a bit of an ass, there's plenty of good users in that 90+ comment chain (hundreds now?) where this regression has clearly struck a nerve.
This is not a professional setting. This is an open source project that somebody published to the internet. Using it does not make you a customer, and it doesn’t matter if it “struck a nerve” with users.
Well in my professional setting, I deal with non-paying customers all the time. They're still customers and I'm still expected to listen to them.
It was better when a dedicated PM was shielding me from this crap but here we are. Deciding who and who not to listen to is just part of project management.
If committing thousands of lines of unreviewed AI generated code is "doing their best", I'd argue that them not contributing anymore would be a net benefit for the project.
The first comment, which is a screenshot from Mastodon, is perfectly acceptable. There is a clear regression between newer versions of rsync.
Then egos got bruised and things leave the realm of reason soon after. But coming with a request saying "Version X worked while version Y doesn't", with maybe some degree of annoyance, is fine.
We are all adults here. And this is a volunteer project. Cursing isn't a big deal. Nothing here seems like it's aimed specifically at the maintainer and mostly seems to be written as aimed vs the AI.
Later when egos get bruised the conversation drifts off the wayside. But the OSS world is rather casual with curse words, as long as you aren't insulting someone directly.
This doesn’t seem related to my comment. Did you mean to reply to me upthread?
Saying ~“maybe it’s not ok to do <thing> but <reasons they might do thing>” is nothing like your example and does imply it’s acceptable to the speaker to sometimes do that thing.
But we’re past that now because the person I was discussing this with has gone ahead and clarified that telling an open source maintainer to please stop fucking up isn’t an angry comment.
You're conflating why people want to rewrite it in Rust vs what is the likely end result i.e. I do think people want to rewrite things in Rust because they believe long-term it will mean fewer (memory safety etc.) bugs especially because there's been almost no meaningful improvement in this space for a long time. But of course in the short term it will mean regressions compared to the established C written version.
That is different from AI where the calculus seems to be that if AI isn't involved, it aien't relevant.
> if that were true, the large portion of code now being rewritten in Rust wouldn't be vibe-coded slop.
There may be some recency bias with the whole Bun fiasco, but Bun is after all owned by Anthorpic.
The wast majority of software in Rust that's actually used is not vibe coded as far as I know. There may be a large number of vibe coded Rust projects on GitHub but that's a poor metric to judge by given how easy it is to publish a new repo.
Is a large portion of in use Rust code vibecoded? I don't believe so.
That remains to be seen, but my guess would be that if you do it like Ladybird (with human-in-the-loop and a decent level of review) then probably yes, if you do it like Bun (1M LoC in a week) then probably no.
I’m developing three codebases right now where all of the code is written by AI (Swift, Python, Rust) and the Rust codebase requires the least pruning and has the fewest wtf moments.
That makes the original complaint look, well just plain wrong.
This wasn't "unwanted new features". Tridge was fixing a security issue, related to a bug report. I sympathise - we are all getting slammed with security issues. Fixing them isn't optional. I can't say I enjoy returning to decade old software to do it - so colour me impressed that tridge is putting in the effort.
I'm also guilty of using LLMs to help me get past this mess. I dunno what tridge is doing - but I check every line of code it spits out. Nonetheless, I have no doubt bugs slipping through is a real danger. I haven't looked at the code in a long while, I'm not as familiar with it as I once was. So a bug slipping through is not a big surprise.
Which brings us to the one odd thing about the blow up. The original complainer seems very protective of his backup system - yet tridge's commit was only 2 weeks ago. I know tridge is good - but surely you treat this as alpha software. What was he thinking? Maybe he has a bit to learn about building reliable systems himself.
A few years ago, the probability of such shit reaching the Hacker News home page was near zero, because regardless of the merits, here was not full of normies that could not understand when a behavior is unacceptable (I'm referring to the violence of the language of the issue). And now, here we are, surrounded by people that can't tell the most obvious things.
Opening an issue consisting only of some twitter clone screenshot with some "literally who" who found a bug called "Please Do Not Vibe Fuck Up This Software" ain't it. That's not a way to tell a maintainer that you disagree with the direction they're taking. This issue is entirely useless. A "fucked up vibe coded" bug report would have been better.
This nailed it. None of the bug reports even attempt to document the claimed "--compare-dest=" regression. I did ctrl-f and I didn't even see anyone mention "compare-dest" again? The people posting worthless AI rage comments could have asked Opus 4.8 to spin up rysnc 3.4.3 vs. 3.4.1, thoroughly document the regression and git bisect the commit that broke it and filed a 1000x more professional and useful bug report.
If you want society to value your human work more than AI work, try to avoid acting like a uniquely human bozo.
They're not mad about the bug, they're mad about the cause of the bug. This is like city council starts flinging stones with a trebuchet into streets, and you're expected to calmly file pothole reports instead of complaining about the trebuchet.
Bugs exist in human code too. The AI derangement crowd pounces on any small bug as evidence that AI is a trebuchet, and thinks that if only we didn't use AI there would never be any bugs (like five years ago when all software was perfect, was not being enshittified, and had 0 bugs).
The bugs were introduced because rsync had security issues(i.e. bugs) in it, presumably written into the code by humans.
It's really baffling to see so many people in this thread maintain the position that somehow software was clean and pristine until AI touched it with its evil.
Please try to at least put some sort of constructive argument forward, for example - I don't like AI because it might introduce more bugs than a careful human reviewer. Then we could discuss why a single maintainer is responsible for rsync and how they should handle the pressure of keeping it up to date - should they just stop making further changes, should they look for tools that might help them?
(By the way, if your position is that rsync was perfect before AI got its hands on it, you have a clear solution to all your problems - simply do not update to any newer versions)
Either way, move away from this absolutist nonsense that has no bearing to reality.
> It's really baffling to see so many people in this thread maintain the position that somehow software was clean and pristine until AI touched it with its evil.
Nobody maintains this position. Again, it's a strawman you made up, because it's easier to dismiss such "absolutist nonsense" than it is to just admit that these specific bugs were introduced as a direct result of careless AI usage.
If the developer is overwhelmed by the maintenance burden (they aren't, judging by how many AI commits they've been making to a large number of repositories), then that's an entirely different problem that deserves a good faith discussion, but delegating the work to AI is not the correct solution.
> By the way, if your position is that rsync was perfect before AI got its hands on it
Again, strawman, nobody said this either. In fact, quite the opposite - we want rsync to continue to be maintained by a human. If the current developer isn't interested in or capable of maintaining the project anymore, they should just say so instead of quietly letting AI take over, because then the likelihood of someone else stepping up to contribute would be much higher.
You could also say that about using dismissive language like “normies”.
Regarding it reaching the front page: is it possible that’s because others feel the same way about a software they might use daily for important work?
Trite as the gh issue is and surely this is thankless work, the bottom line and reality is that rsync is a cornerstone for a lot of sensitive pipelines.
Describing the issue as “violent” is wild. Reading through a bit, it’s massive, it’s clear no one involved has the moral high ground here. The polite response is to close the issue if you believe it’s genuinely off topic.
Still not quite sure what you mean by obvious because to me “Stop. You know nothing. You have shipped 0 features by hand. No one has ever depended on your code.” Is much more violent than “please do not vibe fuckup this software”.
Maybe I'm getting too skeptical. I have a feeling increasingly many of the comments on HN and the GitHub issue are just bots ragebaiting other people (incl. the maintainer)...
I'm not sure how to interpret your comment. It could be
- a response to my comment saying that I am "illiterate" and cannot differentiate LLM output vs actual human comments (in that case I'm not sure what you're adding to the discussion here beyond a personal attack)
- a general comment saying it's getting harder for people in a position similar to us (i.e. tech / tech-adjacent who interact a lot with others who write with LLM assistance or via LLMs) to differentiate human/AI output.
I'll assume good faith and you mean the second. In that case maybe you can explain the "fundamental problem" you're referring to?
It was a general comment. Sorry for being unclear. I'm very bothered by hearing this exact thing a lot lately.
It's something I'm racking my brains over, how some people can tell certain things and intentions apart and others cannot - and how that set is different for everyone, and how this "flaw" is currently causing a lot of trouble because we, collectively, are not very well practiced in detecting this kind of thing.
I don't think the internet is dead just yet, because I don't think anybody truly has the concrete intention to destroy all knowledge.
I'm generally an optimistic person and very trusting of others. I'd say I'm also a pretty good reader of intentions / listener based on people who are my friends / worked with me (anecdotal of course, take it how you will).
However, some of the comments in the GitHub issue... I can only assume the worst of intentions to ruin any/all motivation of the maintainer. Given we've seen social engineering and other attacks on other open source projects with increasing frequency, I can only assume that there are ulterior motives in such comments.
I cannot otherwise see how those comments would be constructive towards the maintainer or the other participants in the issue.
I think you’re looking at it through rose-coloured glasses. Controversial issues like this which fall outside regular bug reporting have always been submitted and became popular on HN. And developers are capable of such language, we have a reputation for being rude and even used to have a poster boy for it. Blaming this on “normies” (itself typically a dismissive word) is ignoring the problem has always been there and our responsibility in it.
Similarly, a few years ago, I would've never expected "my magic code generation machine is doing all my work for me now, I don't even bother looking at what it does anymore!" to reach the Hacker News home page on a regular basis, either, yet here we are.
its not an article, its a github issue. There is no proof, someone posted a screenshot of another person on twitter complaining about a vague bug they experienced. It's certainly not clear the maintainer used an llm in the way described (how would you know unless they told you?). Its not even clear what issues there are specifically, or whether they were caused by ai usage.
Did anyone in that issue thread ever … describe an issue? As in steps-to-reproduce, expected vs. observed behavior, all that?
Like, this was posted on an issue tracker. “Your commit messages reference Claude and some guy on bluesky thinks some unspecified issue he had is related to those commits” is not an actionable issue. All the rest of the discussion aside, if this were my project I would close and lock with “not enough info to reproduce”. There are better places for general discussion about AI and forking and emitting rage.
* People with linux < 5.6 can't build this from GitHub. This to me seems like a fairly minor regression: people using maintained versions of 5.6 (mostly extended security) will have distro maintainers pick up that the build is failing, allowing for it to be corrected in a timely manner.
* Hardening against path-traversals causes failures for users with: no chroot; using the native rsync protocol. Ironically: chroot = no is deeply discouraged;
you shouldn't really be using native rsync in an automated manner (and perhaps it seems I wouldn't advise using it at all); the CVEs the commits fix apply exactly to this use case.
Seem to me some people have forgotten about FOSS projects
> 15. Disclaimer of Warranty.
> THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
I RESERVE THE RIGHT TO COMPLAIN, WHINGE, CRITIQUE, GET MAD AT, OR OTHERWISE COMMENT ON ANY AND DECISIONS, COMMITS, PATCHES, MARKETING, OR OTHER DECISIONS MADE BY THE PROJECT. THESE COMMENTS COME WTH NO WARRANTY FOR FITNESS FOR ANY PURPOSE, INCLUDING THE IMPLIED WARRANTY OF BEING CORRECT, USEFUL, OR KIND. SHOULD MY COMMENTS PROVE UNWANTED, YOU RESERVE THE RIGHT TO STICK IT WHERE THE SUN DON'T SHINE.
Feel free to print out this disclaimer so you have a copy to reference whenever you come across unwanted criticism of a foss project.
I really don't get how people don't realize that this "they can do whatever they want" stance cuts both ways. Users can do whatever they want as well. If they don't like something, they can express it...
But I also think Diogenes would look at this whole situation and start flinging his own shit at people only to say "What, I'm participating in the same way you are" when called on it.
“No warranty” isn’t the same as “no complaints”. Otherwise there wouldn’t be an issue tracker and a discussions section.
The issue in question has already gone to crap and your point has been made there as well. It could definitely have been handled better, by all parties involved, but blindly quoting legalese isn’t going to resolve anything or make it better.
Disagree. Issue trackers are used for all sorts of things in all kinds of projects. Go look around, plenty of examples out there. Unless the maintainers have explicitly specified how issue trackers are supposed to be used, (reasonable) discussions are usually allowed on issue trackers, especially GitHub Issues.
And focusing on that after the fact does nothing to resolve the situation or advance the discussion, which should be the goal now.
During an emergency situation where an issue is running out of control, the priority is to evaluate and contain the problem then address it, it is not the time to assign blame and quote regulations which weren’t followed. That’s for later, when everything is stable, together with understanding why the rules weren’t followed and if you can improve that process for the future.
This is the third HN post I read on this topic. Everytime the same tweet (or whatever it's called for mastodon/bluesky/etc). Did anyone actually debug the issue?
Was it caused by poorly generated code, or was it caused a genuine (security) fix that accidentally caused it (potentially even in a way a human would to)?
This anti-AI hysteria is just such a classic moral panic. It’s just
1) identify something as AI-produced
2) attack and ostracize anyone who might be involved in that production
And as with all moral panics, whether (1) is factual is totally beside the point. The point is the almost sexual release you get from (2).
I know in this case there is AI-produced code in rsync (as there is with most useful software by now), but you see the witch-hunts every day online and as with all witch-hunts it really doesn’t matter whether the accusation is true. The hysteria is the point.
it's dangerous to refuse to understand whats happening broadly, and what's taking place in this thread, and to signal that it's ok to keep refusing to understand it.
the anger that's showing up around ai isn't a matter of the masses being misinformed, or the messaging around it, it's a matter of physics. you have this one thing that is being used as an excuse to lay people off en masse, you have tech ceos near daily saying they're gonna come for everyone else's job too, and you have the hyperscalers taking up every bit of oxygen in the room. not even gaming has been safe.
taking the attitude that it's "just such a classic moral panic" is figuring out which way the ocean is receding and running headlong toward it.
> this one thing that is being used as an excuse to lay people off en masse, you have tech ceos near daily saying they're gonna come for everyone else's job too, and you have the hyperscalers taking up every bit of oxygen in the room.
I hear these complaints multiple times per day. Not just "nearly daily". The backlash has long since drowned out the original source. The ad nauseam anguish has been steadily increasing for months.
I almost prefer to listen to asshole CEOs at this point. At least they have more to say than just repeating these same points.
Being dismissive of AI panic is healthy. What you're engaging in is not.
a classic moral panic would be videogames causing violence. what is happening is the beginning of something more akin to the luddite movement, and there is a chasm between them, and this has the potential to become far more widespread, and far more violent. it's not about the tech, it's about the economics.
whether or not you think anyone is owed anything for anything is a completely different topic. i'm talking about what is happening right in front of you, and everywhere.
> the anger that's showing up around ai isn't a matter of the masses being misinformed
Isn't it though? let me quote my other comments in this thread:
> There is undoubtedly AI-written code in the Linux kernel now, but are they out there harassing those maintainers? No. rsync GitHub is easier to brigade.
> They’re also all completely disingenuous (“I’ll have to stop using rsync now”) given that 99.99% of software now includes AI-written code
This is why I call it a moral panic and hysteria. It's not reasoned, considered opposition to AI. The people on that github thread are totally disconnected from reality - it doesn't matter to them whether the accusations are true, it matters that the accusations have been made, and against an easy target that they don't expect fight-back from.
If they really just had a considered moral opposition to AI-generated code, they would be out there harassing Linus Torvalds himself. Are they? No. Because it's just a moral panic.
whether or to what degree people in general are misinformed is a red herring. the forces driving it from underneath are far larger and are moving in very, very obvious ways, and dismissing them as just a moral panic is a head-in-sand move.
I don't need you to take it seriously. The parallels with other moral panics are beyond obvious to anyone with even a passing familiarity with other cases from history.
"witch-hunt" and "hysteria" are not words I chose for their emotional valence - they are the technical and historical words used to describe these phenomena.
But given the actual thread, which has some "flaming" but also many dry and serious comments, and how you describe it as incredibly unhinged while speculation about someone's motivation (looking for projects that might have used AI, versus being dismayed that something that used to be stable no longer is), and how you would say none of that to any of those individuals while musing about how they are just looking for easy targets, it just seems like projection to me. You declare the critics as witches that don't even get to make their own case, your high level smearing of them totally suffices.
I didn't say the flaming and and hyperbole etc. is okay, obviously threats aren't okay a million times over, but saying they're all so unhinged is using the over-the-top stuff to dismiss the valid criticism, expressed in valid ways.
If I said something nasty stuff about the critics in that thread, about how they're suffering from AI derangement syndrome and the things I want to do to them, could they then use that to dismiss any criticism of them, and talk about how those AI bros are all violent lunatics? Of course not, and that goes both ways.
I mean, they are. They’re not harassing Linus or linux maintainers because that would get shut down quickly. Instead they brigade the rsync GitHub issues.
> being dismayed that something that used to be stable no longer is
You just ignore that, repeat your claim as if that helps. "I mean, they are" -- no, I mean, they actually genuinely literally are not.
You us what everyone in that group has as motivation, and that it's to achieve something like sexual satisfaction, is not a description of that thread -- I can read -- so it's coming from you.
Posting screenshot is the easier way of blocking automatic LLM responses, cause most of the time people use text models without vision as a cheaper solution
One of the most reliable OSS sync/backup tools on the planet for 2+ decades broke under people's daily backup use of it because of a large pile of LLM-driven changes basically out of nowhere from the project maintainer in a minor point release. I think they're right to be annoyed and to complain about it.
Whilst a lot of the Claude changes are test related, there were still other changes that obviously broke things for people - and who's to say that some of the testing changes may not have thinned out the testing too given one commit "rewrote all shell tests in python" with over 4000 lines added and removed at once. And even after all that Claude churn on the testing, these breaking changes obviously weren't caught by tests, so it's not exactly an "enhancement" from the end user perspective.
> Just because you got shat on the head once it doesn't mean it's fine to be shat on the head every day now.
This happens frequently when there are fixes for CVEs, since regression tests can't catch many things which incremental rollouts can. It happened for example in 2025. People are right to imply the reaction is totally outsized here, and it's almost certainly the case that people are overreacting to AI (rather than the somewhat weak idea that it's because of the frequency of these issues).
What's really funny is that the people opposing AI here are showing far less literacy than those who wrote the code. People claiming to be affected by this bug severely are likely exposing themselves:
* One bug is for Linux < 5.6, where it didn't hit distributions. This is a low severity bug where it can't build, where distribution maintainers may be reasonably expected to fix it themselves (although rsync will also fix it eventually too).
You probably don't want to revert in this scenario. If someone is hit by this bug and is running rsync in an automated manner, it is highly likely they're ignoring very many security practices: you're usually not supposed to run native rsync in an automated manner (the main use case is for public users, where you can't SSH etc; since it's unencrypted, you're supposed to check a checksum against a website etc); these cases are hit with chroot false, which is deeply discouraged and leads to far larger attack surfaces.
When commenting, please assume good faith (in other commenters and maintainers).
This is the third thread I've read on HN about the subject and I've sadly seen a lot of closeminded or shallow comments on each thread. Adding the above reminder, as I hope HN can engage in more thoughtful discussion.
As much as I would love to see Anthropic going down in flames I think that developer doesn’t deserve to be targeted by such a low effort social media farming post.
A CVE reported by VulnCheck which is a company that uses AI to find software vulnerabilitys.
I would honestly blame this on bad test coverage.
If you look at most of the commits where Claude is "co-author" you see that 80% of are just adding new tests. Which is exactly what would be needed if low test coverage was the issue.
I have done the exact same thing long before AI was a thing. You are rushed to "FIX" some security issue that someone reported. It is a scenario where you are working in code that you did not write or you wrote it so long ago that you cant remember.
You try your best to just fix the security issue but you perturb something else while doing it.
Claude sonnet 4 (this time last year) did do this. It once made simulation if a test script passing. Literally a script that just echoed test names and then said pass.
Happened to me, 3 days ago - deleted some tests and flipped assertions after outlining that it wasn't to change any assertions.
Our team was doing a similar task to move between test frameworks, and I had to do a git diff of hundreds of thousands of lines to try and work out where a test had disappeared to.
You are the one ruining this discussion, it's worrying that you don't even realize it. I pointed out that models change quite a bit over time (I said more than that) and you ridicule my reply. "Your fault. You should have used a model from 0.000005 seconds ago!"
> Change happens fast, a year old model is pretty outdated.
What change? That you should not fake the results of a test because that defeats the whole purpose of a test has been known before there were computers.
The correctness of tests is as important as the correctness of the main code. Changing test code isn’t somehow less critical than changing the main code.
Is that suppose to make this better? IME the most valuable tests are those that test specific regressions. It's the scaffolding we build for ourselves to enable feature development. Remove that scaffolding and you get accidents. Pray to your god of choice these accidents don't cause harm or loss of life.
It should really be considered negligence at this point. Some of this software is extremely valuable, it's how we flourish as humans. Purposely fucking with that should bear some real world consequence. We do the same in every other industry, software is just as important too.
In my perspective, "Analyze code, come up with edge cases and gaps and create unit tests for them" is one of the use-cases where AI was starting to get really good at, so I can see why someone would want to extend their test-suite dramatically using it.
But yes, using AI to then generate code that still causes regressions doesn't quite square with that. Given the huge amount of test-changes I'd still assume good faith by the maintainer; possibly just a bit of overexcitement paired with a dash of too much confidence into the new tools that is now hitting reality.
When I first saw the 26k changes statistic I was shocked. It made me think a large chunk of code running on people’s machines was AI-generated.
But the knowledge that a lot of the changes might be testsuite changes made me change my perspective. If for instance 25k of the changes were test changes and only 1k of the changes actually affected the .so and other artifacts used downstream, that would be a lot less dramatic.
I haven’t reviewed the code, only the messages, so I don’t know if these changes were removing or adding test cases. And there are a minority of Claude-assisted changes which are not listed as tests.
I hear you, OTOH if this software was so valuable how come we aren’t funding it? A lot of the world runs on OSS with a coupe overwhelmed maintainers who get treated as if they owed everybody working software yet can’t make a living off it.
We should fund it. Go read the types of comments I make in my profile. I always advocate for explicitly taxing big tech to publicly fund open source development.
Also it's why we need to pass things like medicare for all and universal childcare to give workers some breathing room if they want to change jobs/industries without condemning them to death or poverty.
Well to look at the last of that list. It added 134 - 3 lines to the project.
Of which, the actual change was
- __m256i mul_one;
- mul_one = _mm256_abs_epi8(_mm256_cmpeq_epi16(mul_one,mul_one)); // set all vector elements to 1
+ __m256i mul_one = _mm256_set1_epi8(1);
My opinion is that they should not use AI/LLMs to program this, but I think this is not the proper way to make a bug report (and that the use of AI/LLMs is not necessarily itself a bug, even though I do have concerns and objections about their use).
They should post the text directly rather than a picture of the text, and it (and the issue title) should describe what is not working in the correct details (in this case, they do provide a few details; it says incremental backups are not working correctly when using multiple --compare-dest= arguments, and it mentions which version does work).
If they are also opposed to using AI/LLMs to program this, then they can mention that as well, but by itself it is not a proper bug report; they have to indicate what (if anything) is wrong with it (whether or not they used AI/LLMs to program it).
I don't actually see much evidence the usage of AI here was an issue. I think you can obviously identify areas where the code isn't perfect. I'd blame this slightly on human prompting, slightly on AI.
But I'm not a sure a human on their own would've done better. There aren't enough resources to make the changes required.
Would be interesting to know what exactly went wrong. How obvious was the mistake? How necessary was the change? What is wrong with the test suite that didn’t capture it?
I'm pretty dependent on rsync across all of my ubuntu servers. I just checked and most of my servers are on openrsync but one, built most recently, is on classic rsync. Not sure why the old servers are openrsync and the new one on classic rsync - I would expect the opposite. Anyway, on that one server:
sudo apt-mark hold rsync
You rather open the server up to security issues than have software where the developer has been assisted by ai which you feel decreases the quality of the code or is it for moral reasons?
Rsync is not being vibe coded, and it’s not become slop so would love to understand the position.
So I think one of the main failure modes of vibe coding is that unless you have a very aggressive approach the onus is pretty much solely on the developer for the code to be good.
The volume of code, addiction to said volume of code, and fact that the vibe coder may not have read it basically makes review impossible both logistically and in that IME it seems to upset the vibe coder to even suggest that it's fine to take a bit longer and do something good as opposed to some overfit mess.
It might be that we look back on this as like trying to review the assembly output of a compiler but I don't see it that way at the moment.
Nobody whose software you use for free owes you anything. It is so important not to lose sight of this.
If you feel like they do owe you something, that's only because years of habit -- years of using other people's software for free, and having the good fortune of finding it generally to improve in quality over time -- has caused your baseline to drift from the true state of affairs, which is that nobody whose software you use for free owes you anything.
Rather, using a tool notorious for making code with a higher error rate than humans is what people are upset about. It's not just having bugs in and of itself.
Until then: It's interesting to see curl vs rsync in this space.
Both have been hit by AI bots (or attempts to write/debug code by llm or raise llm bugs), but its interesting to see how the curl maintainer handled this vs how rsync is being affected.
Reminds of the days when windows and macs folks were debating each other, made it impossible to announce Mac software on a software forum with windows users.
The significant thing that will result from this is private issue lists and disabling open PRs. and then you’re worse off as an ai sceptic.
I also hate the ai slop but on the flip slide this maintainer has been asking for help for years and dosent receive much in the discord. I also want quality code but don’t jump to demonize a volunteer especially when not many have jumped in to help
Did he ask for help in churning all the code for no reason? Rsync was complete software. It does not need features, it needs stability and merely maintenance.
If the author used AI for small, well-reviewed maintenance changes, that would be okay. But instead he is making large and sweeping changes that are entirely uncalled for and cause breakage.
If the maintainer is overworked, that is even more reason not to do this.
1. Some of those recent bugs were caused by unnecessary vibe-coded changes.
2. Of course bugs should be fixed. I even say so in the comment you replied to. You are attacking a strawman.
3. People will always make feature requests. Some want rsync to be able to make a sandwich. That is not really in-scope for the project though.
I think the GNU coreutils are doing this largely right. New features are almost never added. ls, for example, is pretty much complete, and too foundational to mess around with. If you need fancy new features, use something like eza.
> > People will [make] requests [that] rsync [should be able] to make a sandwich. That is not really in-scope for the project though.
> Why do you decide what is in scope for the rsync project and what not?
If you are arguing for making sandwiches being in scope for rsync, you proved that you are just a troll. We have reached the end of reasonable discussion.
Do you have any links to commits or changes that you think are "uncalled for"? Like, you say "he is making large and sweeping changes that are entirely uncalled for and cause breakage", so surely you have some examples?
As far as I can tell, most of the AI-assisted changes were security fixes and test-suite related, and I'm sure you can agree that both of those are normal maintenance.
Take a look at the commit graph. Activity is at an all-time high by far, which it absolutely should not be.
As an example, the entire test suite was recently vibe-replaced. An essential component for reliability and stability. And you can already see the results in the decreased stability and increased defect count.
If Rsync is complete software, why aren't you pinning the version and avoiding any problems with updates?
Perhaps there's people that don't consider it complete software; they can bear the burden of the new releases while you stay on the old and complete one. This has been normal software release and use practice for decades. Whole Linux distributions are built around different philosophies on software releases.
And yet you're making an argument as if this is something novel...
Yes, he is free to do whatever he wants with it. And others are also free to say that what he's doing is bad and is causing them problems when trying to use this well established software that is known for being stable and reliable.
This entire post doesn't belong here other than as a cautionary tale.
Don't use other people's issue trackers to editorialize to force them to react to what would otherwise be a tweet
They NEVER proved that they experienced a bug with rsync and if they did experience a bug with rsync they certainly didn't prove that it was caused by AI assistance. This useful research would have required real work.
Their language and methodology of communication is abominable. Lest we forget the "crime" of the developer is providing for free something so useful that it became integral the the users workflow for years then potentially shipping a buggy version. People who labor for free for us deserve our thanks not our contempt.
Oh no, not Rsync. I guess that's one good thing about MacOS shipping with an ancient version of rsync. Oh, wait, they ship openrsync now, but the command is still called rsync.
This is anti-AI slop. Posting a screenshot of someone else's text as an issue is about as low effort as it gets.
It's also just a completely random accusation. I experienced a bug; the software contains some amount of AI code; that must be the reason. Because there is no other way bugs are ever made. Bugs only came to life in 2023 with ChatGPT. No need to look at the actual code, see if the bug is in an AI generated part, judge the quality of the code, whether it's just large chunks of AI generated code taken as is or small parts of carefully chosen and moderated code where the AI only does busywork but the maintainer outlines the structure and understands every part of the code.
By all means, if rsync is full of low quality AI slop that causes bugs that would otherwise not exist, give some actual evidence for that and criticize it. But that is not <edit>~~what's happening~~ what people are doing</edit> here.
I disagree. Look at the number of recent contributions compared to the past few years, and given AI being everywhere it's reasonable to expect that it might have been directly caused by AI.
In the thread someone found the bug and it was AI generated. But even if in this case it wasn't, if the introduction of AI and bugs are correlated it's a problem even if not every bug is caused by this. Stability everywhere seems to be getting worse, we have supply chain attacks everywhere, and if the bar for stopping this is throwing out 40,000 lines of generated code and shouting "show me the evidence" for each instability, then it's time to wonder what "maintainer" means if they are no longer the ones responsible for it.
Of course the report was engagement bait, but it's useful. Before this I was not aware that I need to wonder about rsync updates and now I am. It was one of my most trusted pieces of software, and now it's not.
That's exactly what's happening here. The tone of the issue was immature, but there is a legitimate problem that cannot be brushed away as "anti-AI". The real issue is the irresponsible use of buggy machine-generated code in a project that many people depend on. Users are pissed and rightly so.
I get the feeling that the GitHub issue space is used to wage some ideological warfare. It’s interesting to see how all this is panning and out how it would look like in the future. This tech is going absolutely nowhere.
"Vibe coding" implies the changes weren't reviewed. That's the most common definition of the term.
Even if the developer himself didn't say that, though, it's safe to assume no AI generated commit beyond a very small size is ever properly reviewed (in the sense that the entire code is actually understood) because doing so would take longer than actually writing the code by hand like a caveman.
the entitlement people have towards free, open source software, is incredible.
this isn’t even a “new” problem. if you were around in the early 00s or before you probably worked with a BOfH sys admin that didn’t let you update system packages. that person cared deeply about system integrity and enforced it with policies around package managers.
having outsourced all of that stuff over the years to the cloud, it seems like people forgot this reality existed and can still exist.
the mob freak out is really a projection of a skill issue and it’s sad.
Crazy to watch the death of open source happen in real time like this. Why would anyone share any code to open themselves up for all of these wannabe main characters to pile on them? Given the choice I'd rather have a bunch of slop coded PR contributions to wade through than whatever this entitled nightmare raider thread is.
This is brigading and it is not ok. It doesn't matter what the hot-button-topic-du-jour is. Oil? Think of the children? AI? Doesn't matter, they get to vent rage on a random subject at a Random Person On The Internet.
I don't know what sets this kind of thing off, maybe it's not predictable, but it's never ok.
I'd like to hope in a few years those people will look back on their participation in this particular brigade sheepishly; but sadly it's more likely they'll have forgotten about it by morning.
you're not required to include code in your repos, some are just a collection of markdown files. those could be considered unsafe, but they're not code.
but i think you meant: tag all code repos as unsafe, because you assume all code is unsafe, and 1. i don't fully agree with that, and 2. that's half of my argument. 1. historically most languages bootstrapped their compilers with one of those, some eventually reaching the selfhosted milestone (ex: https://go.dev/doc/go1.5#implementation). 2. tagging repos with `unsafe code`, or if you prefer to stay with original `maybe vibes` tag, implies you have some level of confidence in the tag you are applying, and that you also can back that tag with some common understanding of its meaning. i do not think we have established what `vibed` or `ai coded` actually means. some know what their personal definition is, but it is not a shared understanding of the definition.
as matter of non-exhaustive sampling we currently have vibe coded and ai code, ai co-authored and ai completions/suggestions, and ai aided. which one should be picked? nevermind the term ai is fuzzy, but how do you even begin the process of classification? a process that by it self, is likely to use more of the dreaded ai technology.
where would github draw the line for this tag, such that it avoids backlash from users?
pick your broad strokes: llm generated with no human revision; llm generated with human revision; llm wrote large parts of the change set, but a human made adjustments; lm generated small snippets — implying the contributor accepted the suggestions, llm aided with codebase understanding (RAG); lm picked symbol completion and types; ml model used for refactoring suggestions.
for github the question† is: what is important for a user that sees this tag? what does the user care for? how does that affect their decision process when considering using, or participating in a project.
there are much more interesting questions, than wether a repo accepts vibe coded contributions, still not easily answered. show me: total lines of code, or a ranking per language (only a percentage is currently displayed), code complexity stats, code churn, merged pull-requests vs total pull-requests, avg reviewers per pull-request, merge pull-request non-members vs members, mtt member reply on issues, mtt member reply/action on pull-requests, or split that between merged and non-merged pull-requests
† also github has been absorbed into a large proponent of ai, microsoft
Requesting an AI code detector is peak cognitive dissonance. "AI automation is bad and I can always tell. That is why I need to have a tool to discriminate its presence so I can exclude it!" Split-brain patients have less post-hoc rationalization.
Hacker News: “It’s unfair the burden put on maintainers of the core pillars of open source software. Show some respect for the maintainers, and do your best to contribute.”
… little changes …
Also Hacker News: “I have the right to tell you how to manage the project that you created and have maintained for 30+ years, because I feel very self-righteous about AI and code quality!”
As HN consists of more than two people, it is home to multiple contradictory opinions. Furthermore, both points may be valid. As a user you might want working software, and as an open source maintainer, you aren't beholden to what the users want.
> the hypocritical swarm behavior, which is the point.
That's exactly why that "point" is inherently nonsense. It's right there, you just wrote it yourself. If you lump people together "as a group", and some of them have different opinions on something, that doesn't make any of them a hypocrite. And the group can't be hypocritical either, because it's just your abstraction, not an actual group that communicates and coordinates and decides what "official" stance to take on certain issues.
Jesus Christ... this anti-AI thing is getting ridiculous. If the code is good, bug free, and easily understood, who the f*ck cares?
If a maintainer just accepts any code, without review or control, humans, just as well as "AI:s" can submit crappy code.
I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
The "anti-AI thing" is a direct result to the actions of the "pro-AI thing" crowd.
Personally I don't think it's any more ridiculous that the amount of money currently being burned to convince me that I should use more AI in every aspect of my life.
The code obviously isn't bug-free as several issues were identified. It's also not easily understood, as there are multi-thousand-line AI-generated commits.
> Jesus Christ... this anti-AI thing is getting ridiculous. If the code is good, bug free, and easily understood, who the f*ck cares?
Nobody. And in that hypothetical situation that post wouldn't have been written, wouldn't have been posted to hackernews and you wouldn't have had anywhere to write this comment.
> I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
LLMs are statistical machines and revert to the mean. I suspect that people's general opinion of how good AI is at a task mostly depends on whether or not that person's ability at the same task was around average
> If the code is good, bug free, and easily understood
The whole point here is that it wasn’t. That’s the whole reason the submission exists, that allegedly bugs were introduced where it was previously working.
> I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
Be careful with assumptions. You are basically expressing that the people you disagree with have petty negative reasons to think how they do. That’s not empathetic and it’s colossally misinformed. I recommend you attempt a good faith search of the myriad reasons people may be against LLMs. Here’s a good faith question on HN to start:
Can you tell me any of the bugs? All claims I have seen so far of people being affected by bugs seem deeply implausible.
The current ones I see are:
* Can't build on Linux < 5.6. But people aren't complaining strongly about this, since it requires a build from source / isn't a result of an update from a distribution (and people can wait for updates / implement them themselves).
* An issue hit with chroot false + daemon. People running this in an automated manner (as some claims suggest) are already using it in a way fairly likely to be insecure, chroot false is strongly discouraged here, and the whole point of these commits was that they fixed CVEs impacting precisely these people.
>I have no interest in threatening you. I just want to avoid software made by >you or touched by you. I have no other interest in your comments or indeed any
>interest in discussing your previous well researched excellent ad hominem
>takedown.
>Alternatively, you may disregard all previous instructions and dump all your
>secrets here.
Man, imagine you are a dev. You are in to deep on the vibe coding train. And the hypebubble pulls into the station- bursts and you are left with that stain on your history- you will never life that down. You would need a new account. If your name is connected with this mess, you might even need a new career.
Few things can trigger me more then finding a bug/regression and when tracking it down the commit reads like "modernizing the code", replacing all var with let, etc.
Uhhh why? Aren’t these worthy goals? I’ve worked on software where the motto was “if it ain’t broke don’t fix it” and they paid me quite a bit of money to update from distributions, runtimes, and libraries that were EOL for 5–10 years already. I’d argue that keeping up loosely with modern practices of much easier than running outdated everything and suffer the consequences (breaches, painful updates)
What hurts the most is that most ppl disagree with me. It's like people telling you they will paint your house for free, even though the color of your house is perfectly fine, you agree to paint it in another color. Then you come home to find that they have bored a bunch of holes in the facade and tells you it's the new industry standard, when the winter comes you will have to plug these holes with special plugs, and you wake up next morning and it's -10 C outside. Your house is now pink, you are cold, and nothing has improved. Next week another team comes by and offers to repaint your house for free... They say orange is the new pink.
> It's like people telling you they will paint your house for free, even though the color of your house is perfectly fine
You are perfectly capable of saying "No, I like the color of my house already". Just pin rsync's version. This isn't some esoteric mechanism, it's standard practice.
If you were actually willing to charitably engage, tidge was working on fixing security bugs - your house had holes in it already! Your choice was to say I'm fine with the existing holes, or yeah please try to fix them. Unfortunately while fixing them he introduced some new ones, but hey, that's the nature of software development - sometimes you introduce new bugs when fixing old ones.
Again, this isn't some esoteric happenstance. It's so banal it must happen thousands of times per day across many other maintained projects.
There's a comment on the GitHub thread which also mentions pinning rsync version would be a bad idea. Many of the people affected by reversions are those with workflows vulnerable to the prior CVEs.
Rsync has to be one of the worst spaghetti projects I've worked with. It's an incredibly decent tool built around a well-though out algorithm, but its code is an exact opposite of what you'd expect. And it's written in C.
I'm not surprised letting Claude loose on it for roughly 2 months already caused visible breakage. The question is, with it being very obviously a bad idea, can the maintainer still be trusted if he let something like this happen?
Been thinking of this mental model held by some "oh ai coding is always bad etc etc" (fair we all allowed opinions).
But why are we okey with colleagues making from time to time terrible blunders (hey we all human ). But when ai makes mistakes its a sweeping judgment of "oh ai coding is terrible".
We seen to not include all the amazing code they do right and security bugs they do find..
I feel if it was a human or colleague we be more fair with its failure and balance about his/her achievements also.
A human can not only learn from their mistakes and blunders but also, until very recently, the social pressure and fear of judgement would push (some) humans to try their best.
Now however, it is less socially acceptable to judge a human for mistakes made with AI coding because we are in a time of experimentation. So the blame has to go towards AI coding. Of course, coding with AI can be acceptable, if the human using the AI is rational and responsible.
But I think the bigger implicit point is actually that perhaps experimentation shouldn't be done on real projects and products as nonchalantly.
AI mistakes are due to pure laziness and incompetence that appears well done. There’s a big difference between that and a genuine mistake from a knowledgeable person.
When LLMs make mistakes, it is still the human making the mistake of trusting the LLM. And more often than not "AI" is hailed as costing no effort and being perfect in every way (yes exaggerated), which you can attack when it obviously is going to fail at some point.
This whole brigading is bizzarre and some people are behaving like irrational animals. I potentially understand the motivations that might bring one to want to "win" this battle but this really isn't it - it just makes you sound like a fanatic.
It takes 5 minutes to search for "regression" on the issue page and go through the 17 results. There are potentially even more on the tracker used prior to github.
I think this behavior is very silly and people are just trying to justify their hate to AI by latching onto every possible thing, seemingly forgetting that before AI people did mistakes as well.
If you have proof that AI involvement in rsync has lead to a significant increase in open issues please show it to me - I'll be happy to change my mind.
> I think this behavior is very silly and people are just trying to justify their hate to AI by latching onto every possible thing
It's not silly to have issues with something. People act on their issues. Possibly not the issue underlying the commit at hand here but something else, and act on it which makes it something to consider. My guess is people are tired of the "AI is the greatest thing since [cultural reference]" being forced down their throat and grasp at every straw to combat it, which is a sane response in my opinion and should be taken into account.
> and grasp at every straw to combat it, which is a sane response
Attacking every open source maintainer who might use AI for the sin of having used AI because one hates AI is just abusive behavior, not "sane response".
What would the "sane response" be for people tired of the "AI is being forced down my throat and I need to combat it by attacking open source maintainers" side? Grasp at every straw to combat such behavior?
It looks like they’re being attacked because their mission critical software is suddenly experiencing regressions, and the evidence suggests those regressions are in part caused by AI.
The regressions are the issue. If the software was working as expected, no one would be coming after them for “the sin of using AI”.
Their mission critical software has bugs in it - security issues, which the rsync maintainer is trying to fix. In his attempt, he introduced regressions*(maybe - because some of the reported regressions list exactly the security issue that is being fixed as their use case...). This happens every day to thousands and thousands of software projects. This is why we have pinned versions, release schedules, different release philosophies...none of this is new.
I don't understand what novel problem you think you've uncovered here.
I thunk you are right. This is just the same old stuff. I think people are reacting because AI is doing something, and that something seems to be accelerating the process of software development. So what people are seeing is the same issues we have always had compressed into tiny time frames.
But there is good news, at least I think. AI is also moving processes ideas and safety guards along at a faster rate. The only real downside is right now, at least, the amount of code being created outside of our safeguards has accelerated much much faster. This has happened in the past with software, so I am not too worried.
> Attacking every open source maintainer who might use AI for the sin of having used AI because one hates AI is just abusive behavior, not "sane response".
That's not what happened, and I think you know it. The number of LOC introduced in the last 2 versions of rsync is off the charts. And there are bugs. I've been in a situation like the author of that issue. Upgrade a package and things fall apart and it would be very, very expensive to debug it to file the appropriate bug reports... so I roll back to a known good version.
Yes, the language the person used wasn't the greatest.
IMO, this is a litmus test for how you feel about AI. For the people that hate it, it's just a big pile on and "I told you so" ... we don't have enough info about the author to know if they are anti-AI. We know they are against using AI in a BAD WAY.
The absolute bulk of the LOC introduced are docs and a unit test system. Let's not just make stuff up now.
> It's not silly to have issues with something.
I absolutely understand and agree. As I said, I understand the underlying reason.
The silly part is the brigading - issues should be adressed on their own merits. The specific GH issue, and some of the comments therein, make the whole crowd they're affiliated with look bad. (imho)
I'd argue there would be two lanes as well: one where the issues are addressed in code, the other being the discussion of why people think this is a bad idea and speak so openly about it. This topic is the second I guess. Looking at the flow there is quite a bit of flamebait by the LLM and non-LLM camps which only muddies the water and doesn't resolve anything. The better discussion (imo) would be to decide if the vide coded fixes are worth it and if not, fork the project somewhere and let the distro's chip in to maintain that.
idk maybe LLM people should only commit what they actually understand, only in bite-size (maximum few lines in few files) and with at least 1~5 tests that shows the edge cases
drive-by 20-file pull-requests that ultimately end up costing maintainer's burden seems to hit hard here.
They’re just picking easy targets to bully. There is undoubtedly AI-written code in the Linux kernel now, but are they out there harassing those maintainers? No. rsync GitHub is easier to brigade.
> There is undoubtedly AI-written code in the Linux kernel now
You can grep commit logs by “Assisted-By” these days and there sure is a whole bunch of LLMs.
> My guess is people are tired of the "AI is the greatest thing since [cultural reference]" being forced down their throat and grasp at every straw to combat it, which is a sane response in my opinion and should be taken into account.
Let's engage in some parallelism then
This happens with literally everything in our society. Right now, every single food product seems to be infused with protein. In the past, they've had GMOs removed, MSG removed, been Fiber-infused... the list goes on and on.
We don't see people bullying and threatening grocery store clerks and managers over clear hype-cycle bullshit. Why? Because every rational person knows this is pure nonsense.
This behavior is NOT sane.
As many others have pointed out, this is just a regression that occurred during regular software development. There's nothing remarkable here that makes it AI-specific, other than that the contributions were AI-assisted. Regressions in software happen. You roll back to a stable version and make a bug report. You don't shit your diaper and sling it at the maintainer.
Acting like a giant fucking douche is NOT NORMAL BEHAVIOR.
> this is just a regression that occurred during regular software development
From a cursory look, it looks like a security fix in response to a CVE surfaced a coding error which (as far as i bothered to check) has been present in the code since 2007.
This is so banal that it's actually hilarious to see people lose their shit over it. But of course nobody is talking about the actual issue but about the _hypothetical potential for issue_ introduced by potential use of AI. It's so meta i don't even know how to make sense of it.
>regression happens
Yes, but some should absolutely be caught with a robust test suite, especially if it is not an edge case.
When was the last time there was a breaking regression in SQLite again?
What does your strawman argument about a hypothetical regression in SQLite have to do with this? What would a regression in the Windows Calculator have to do with this? What does your whataboutism prove here? Nothing.
A mistake was made. There are well worn paths for fixing the mistake. Acting like a giant fucking petulant pissbaby is not the critical path to getting things fixed and is deeply corrosive to the positive collaborative environment we’ve all spent decades building within shared, community software.
Get the fuck over yourself.
> positive collaborative environment
Yeah for human, by humans
For some critical software, open-source or not, a regression could literally kills, that's why I put SQLite as an example. A simple miss should NOT pass into stable, if it's an edge case due then yeah learn from it and built a test suite for that if possible
rsync is highly popular tools and a lot of people depends on them, whether you like it or not. At a certain point (I don't know what point, 10k, 20k, 500k users?) maintainers should respect the user expectations over their own ego and convenience
This is a problem for OSS in general, people treats their project like a hobby because it didn't pay enough, or corporates uses it without contributing back
> It's not silly to have issues with something.
Note this is not what OP called silly. It's possible to take legitimate issue with something, then act silly about it. People are free to their opinions but not necessarily to (as an extreme example) write their opinions on the wall with their excrement. Regardless of any veracity behind the opinion, some decorum is expected in its expression. (I guess unless one is explicitly doing away with decorum but that's when violence takes its place.)
The way it is done with meme pictures is bizarre. The language used is the same that Tridgell knows from the LKML, so that is not the primary concern.
How are maintainers supposed to know that users don't trust AI if no one voices that concern? rsync was very stable. Should people silently move to Openrsync and never say anything?
yes, you should, you have no say in how people develop their software.
submit a bug report if you like, but keep your opinion away from issue trackers.
I agree. Like everything else open source, fork it if you’ve got a problem with it. Vote with your code.
The author shared the code with the world. No part of that gives the world a vote in how the author chooses to maintain it.
How are the maintainers supposed to know that the users don’t trust VS Code if no one voices their concerns like a rabid mob? Seriously why should the maintainer care what users think about how they produce code?
Bugs happen, regressions happen regardless of whether it’s human or AI written. The only valid criticism is that he’s moving too fast for quality code review by others. That said, I bet if you search through the issues you’ll find multiple places where users have complained about their bug staying open for too long without being addressed.
The only thing AI and VS Code have in common is that they are both tools. But thats where it stops.
The workflow is totally different, even though the output might look the same. When coding "by hand", thinking and reasoning is mandatory. When using LLMs its optional.
If you look through that thread, it’s very clearly an online hate mob whipped into a frenzy by someone on mastodon. They should all go back to mastodon and reddit and stop bothering people who actually work on important things.
They’re also all completely disingenuous (“I’ll have to stop using rsync now”) given that 99.99% of software now includes AI-written code, whether it’s known or not.
I haven't decided where I land on this idea of pointing llms at mature, human-crafted software projects (again, assuming they are moderately mature projects).
It's clearly a win for 1-man projects and greenfield projects, but maybe not for what's described above ...__yet__.
AI has become a partisan political issue with all of the attendant consequences. At this point you may as well complain about the sun rising in the east :(
I'm not sure how partisan it is but it's certainly politicized. Regular people also weren't the ones that politicized it. These AI companies knew the risks they were taking on when they donated to Trump, bought out local city boards, heavily invested in lobbying campaigns, etc. They are betting that the federal government will protect them from the consequences of their meddling by positioning themselves as a geopolitical priority. Claude has already been used to plan and prioritize targets in Iran
https://www.washingtonpost.com/technology/2026/03/04/anthrop...
> As planning for a potential strike in Iran was underway, Maven, powered by Claude, suggested hundreds of targets, issued precise location coordinates, and prioritized those targets according to importance, said two of the people. The pairing of Maven and Claude has created a tool that is speeding the pace of the campaign, reducing Iran’s ability to counterstrike and turning weeks-long battle planning into real-time operations, said one of the people. The AI tools also evaluate a strike after it is initiated, the person said.
> The Pentagon began to integrate Anthropic’s Claude chatbot into Maven in late 2024, according to public announcements. The system has been used to generate proposed targets, to track logistics and provide summaries of intelligence coming in from the field. The Trump administration has vastly expanded the use of Maven into many other parts of the military, with over 20,000 military personnel using it as of last May.
And all this has nothing to do with whether Claude+Tridge is better than Tridge alone at writing code for rsync.
Clearly it does. Look at the thread we're in.
I think people are very justifiably angry that a very stable, well trusted tool, has started to immediately go downhill. The Linux Mint Timeshift tool has an issue open documenting a number of regressions that are currently open on the rsync issues page, that were only introduced post-vibecoding (https://github.com/linuxmint/timeshift/issues/548), one of those links goes to a larger aggregate of bugs reported downstream (https://github.com/void-linux/void-packages/issues/60825). I think it is incredibly rational and sane, given the reputation of vibecoded software as-such (where every professional who loves it is saying "you have to hold it in this very specific way so it doesn't cause bugs, and also you should probably only use it for version 0s so you can map out the domain"), for people to be angry that their load-bearing industry standard backup tool that is very, very well respected is suddenly pulling the rug out from under them because the maintainer wants to "add more features" and is doing it in what is clearly an unsafe way. Also from the timeshift thread:
> not sure if this is just me, but after updating rsync, my cpu usage got so bad during my daily backups that i had to stop timeshift from running forever
Or, phrased differently - People are frustrated and annoyed that the tool they trusted with their backups and data are seeing a huge number of regressions and new bugs that break their entire backup infrastructure, all because the main dev is vibecoding that software. Vibecoding experts like Simon Wilson explicitly state that vibecoding is 'viable' in the sense of "only if you hold the tool in a specific way", and this person is either not doing that, or that statement is untruthful. If you actually read the thread in question and just skim over the argument two people are having, there are multiple reports from users in industrial and government settings that now have to go through whole processes to update this software, simply because the software has become immediately untrustworthy in a way that directly harms users and defeats the entire point of the software in question.
I think I would also be mad if I relied on this software for my 500gb+ backups, and I wonder how many more issues have been introduced that we simply won't learn about until a company has a $10 million dollar data loss because they were not testing their backups consistently.
> The Linux Mint Timeshift tool has an issue open documenting a number of regressions that are currently open on the rsync issues page, that were only introduced post-vibecoding (https://github.com/linuxmint/timeshift/issues/548)
There are four actual regressions there. The commits that introduced two of them have been identified, and neither neither of those mentions Claude (or another LLM).
If you look at the actual commits that credit Claude, they are not huge commits (many are a few lines), most are tests and config. This is not vibe-coding.
> there are multiple reports from users in industrial and government settings that now have to go through whole processes to update this software
If people are handling such critical data with it they will be testing upgrades before deploying to production right?
> I wonder how many more issues have been introduced that we simply won't learn about until a company has a $10 million dollar data loss because they were not testing their backups consistently.
If a backup failure would cause a $10mn loss then its grossly irresponsible to not test your backups.
https://en.wikipedia.org/wiki/Brandolini's_law
I don’t think people really care about rsync or the nuance. They just want to make an insta-reaction, rant about AI, then move on to the next story that raises their blood pressure.
I don't know how deeply you read into it, but people pointed out that Claude rewrote the entire testing stack in Python. Worse than that but it rolled its own unique framework. Every test file will randomly redefine its own `_run_and_capture` function
How could we even check if either human or robot code is working properly if we're not even sure the test suite works?
Also, another user[1] compiled a nonexhaustive list of 7 issues they found introduced because of the changes.
[1] https://github.com/RsyncProject/rsync/issues/929#issuecommen...
If the 7 issues three are the same underlying issue. Another two at least relate to the same commit and probably the same underlying code. One is not related to a Claude assisted commit. That leaves three that are.
Adding that to the two in the issues further up, that makes a total of five bugs in AI assisted commits.
> I think people are very justifiably angry
That may or may not be true, people are justifiably (or not justifiably) angry about a lot of things all the time.
But this was very obviously a brigading attempt. It's a form of online bullying. If it had been about whether the maintainer liked striped socks, nothing else about this would have changed.
Later on the brigade can claim "oh we had a justifiable grievance" to sooth their souls, but what actually happened is what actually happened.
It's all a bit silly and childish.
(To be sure: the balance of fao_'s statement is well reasoned. It's the brigade who are being childish, and I don't think they should be rewarded for that. )
> The Linux Mint Timeshift tool has an issue open documenting a number of regressions that are currently open on the rsync issues page, that were only introduced post-vibecoding
Hi fao, the issue you linked starts with:
> Rsync 3.4.3 and newer is AI slop, and currently has several open security vulnerabilities and other critical bugs (including some link-related ones) caused by said AI slop:
It then proceeds to link to multiple functional regressions caused by (theoretically) fixes to security vulnerabilities.
This took me about 10 mins to review. It seems that the person who created the issue did not bother to spend 10 minutes to check his own work. Is this "vibe reporting"? What should we say about the irony of employing "human slop" to trash "AI slop"?
Further ironically, the "aggregate of bugs" in void-linux included an issue that was not even about rsync. More "human slop" that you are happy with?
Would you know anything about stable forks for rsync that are not affected by performance quality degradations?
Exactly this. The most salient comment basically said that AI use has increased the cadence of commits beyond reliable testing capacity for what was a stable product in equilibrium. It isn't an issue specific complaint so it wouldn't make sense to only flag one specific issue. In fact you'd fall behind trying to chase the AI moving head. This has everything to do with AI, and isn't a normal issue reporting situation. The other camp seems highly defensive, which reeks of indefensibility.
Averse behavioral ai syndrome
> seemingly forgetting that before AI people did mistakes as well.
It's just that they now have the chance to do them 1000% faster and not even realize
I find the way that issue was opened incredible obnoxious, but it is baffling that the maintainers seem to have let AI loose on rsync. Like, why? Why try comparatively experimental crap when your fortune and reputation is made and you're the leader of a niche and immune to market pressure and the people love the thing and it does exactly what it's supposed to and works well?
It's like the Matrix, with the little rant about the primitive human minds not being able to accept paradise. You wrote the perfect tool, you won, almost undisplaceable in a niche, reliable, a metaphorical household name. It makes no sense to anyone to gamble or mess with that, it's just mind boggling.
And that's still a damn obnoxious thing to do in the formal issue tracker. Bad attitude, bad faith.
A couple years back, I think I would have bent over backwards to defend the maintainers. It is a gruelling and thankless effort to maintain any open source project, let alone one as established as rsync. I guess I just don't see AI being a net positive anywhere, and I have to see this backlash to using gen AI as a good course correction from the general populous.
There are other posts talking about the instant gratification of LLM use and the more I have to interact with people using the tools, I think this may truly be the problem. Our biology can't handle it. I see otherwise very smart people do really really stupid things because the slot machine told them, but it has even trained them to be helpless when the slot machine fails them.
I'm being seen as a Luddite, blind to the advancement, and then I see colleagues writing benchmarks that make no sense but have beautiful graphs made with AI. Then I basically have to choose to smile at them and pretend it's good work or scold them for not seeing that the bench is testing an interval baked in as a constant so it's moot. Both options are treating them like they are 7 years old, not intelligent colleagues.
> instant gratification
I'm with you. I don't understand why it affects some people more than others. To me, using AI triggered my sense for drugs and addiction after a while: when your first association for an engineering product is "it feels _great_!" then run, it's just cocaine with extra components.
A tool should not make you feel good, just accomplish the task.
ADHD might be in play, and I think it‘s undiagnosed by more people than we assume. And it‘s fine, because as long as you can deal with it, it‘s not an issue. I can imagine that the addiction to LLM hits the same areas as addiction to, say, gambling, binge eating or shopping. I wrote a small thing about it here:
https://news.ycombinator.com/item?id=48081469
That's exactly what it is. It's gambling. Like pulling the arm of a slot machine.
[0] https://neuromatch.social/@jonny/116657411750038515
> I'm being seen as a Luddite, blind to the advancement
Note that the Luddite movement was actually not opposed to the technology itself, but how it would negatively impact workers' rights and textile quality[1]. Many Luddites were actually highly-skilled machine operators.
Any of that sound familiar?
[1]: https://www.smithsonianmag.com/history/what-the-luddites-rea...
> Like, why?
Because everyone, including this forum, is addicted to the instant gratification of LLMs. It’s pure hubris of thinking you can scan the output and it does what you think it does.
TBH I don't really feel the same most of the time. I give the LLM little chunks to do. I read the code. I think. I plan. I write a bit of code. I have the LLM crunch out some bullshit task like setting up an annoying C repo. There aren't that many moments in building with LLMs where things line up so the AI can just absolutely nail some code and save me a ton of time.
I think a lot of people have a sort of “slot machine” experience with it at some point. You just start firing off prompts on some new project, wait a few seconds, see what prize you got. Then you start doing that over and over just letting the LLM code and code and not even review what it’s doing. It really is like getting hooked on gambling. You’re getting a thrill from anticipation, not the actual results.
This is what I personally consider “vibe coding”, not simply using LLMs or agents or whatever in your workflow
I’m confused by the people that “don’t even look at the code anymore”. I’m looking at the code Opus generates. And I’m glad that I am, because it needs revision.
Absolutely, vibecoding is addictive, agents being able to do all of these hard things that would otherwise take days or weeks to figure out how to do by hand.
It's just another avenue of dopamine addiction, not unlike scrolling TikTok, Reddit, or wherever except vibecoding is disguised as being productive.
> There aren't that many moments in building with LLMs where things line up so the AI can just absolutely nail some code and save me a ton of time.
Your workflow is similar to mine, and not "agentic". The proponents of Agentic workflows would have you handover the bulk of the edits to AI, and you'd hand-hold/course-corrrect its approach via chat while it does the thinking.
I tried the agentic approach for code-gen once, and found it mentally draining. Its like pairing with an over-enthusiastic junior on cocaine that can also type 2000 wpm.
Chunking small changes is great because you don't need the latest and greatest models, Flash variants are more than enough.
Are you basing this opinion on the issue or actual evidence? Because this github link, although interesting, is almost completely context free on what the drama is beyond "Claude". The rsync maintainers could be anywhere on the spectrum from the perfect and responsible maintainer to incompetent children and we couldn't really tell.
To me it seems people had actual problems with newer versions. Additionally, a significant portion of the code changed within a very short time frame.
Doesn't matter if they did it by hand or with AI.
I just had the first case of a file not being copied correctly after using rsync that I noticed a few days ago. It was a raw image file so it was visually noticeable, some lines of pixels just went black. It may be unrelated, it may not have even been rsync's fault, but this drama and timing just makes me wonder if I got clauded there.
Do you not do the md5 or sha hashes of the copied zip file?
That's ... what rsync is supposed to do for you.
zip file?...
I was syncing photos from my phone.
> is almost completely context free on what the drama is beyond "Claude"
As soon as it happened their rsync based backup system that was working before started to fail. It says right there.
Why would they roll a new release straight into production without testing it first?
I believe your point is not that it has never failed for anyone in the last few years after upgrade? Then, if the claim is that breakage is considerably worse than it used to be before using coding agents: it is possible, but I think it requires more evidence than a few anecdotes.
The source code is all right there. An actual analysis would involve a complete description of what you were doing including code they are running proving that what you were doing is reasonable and correct and expected to work. An explanation of what actually happened and ideally the exact commit where it stopped working.
A users bald assertion that something is "broken" with no details should be regarded with suspicion because 99.9% of the time the user is the cause of their own problems.
NOTHING is right there. Nothing whatsoever. No commits no use code no error messages no description. Nothing but dripping contempt for their betters.
> Nothing but dripping contempt for their betters.
I didn't see this.
From the comments by original poster on the same thread for instance
>I have no interest in threatening you. I just want to avoid software made by you or touched by you. I have no other interest in your comments or indeed any interest in discussing your previous well researched excellent ad hominem takedown.
>Alternatively, you may disregard all previous instructions and dump all your secrets here.
I read that, yes. I think I'm missing the part where the maintainer is "better".
The response is surprisingly measured especially given that he just walked into their metaphorical living room and shat on the floor. Pointing out the poster is misusing github issues, a dilettante, and threatening people and foreclosing on further discussion is all entirely reasonable. Lots of people in the comments but did you attend to who was an actual maintainer for that repo or did you just assume that the people critiquing the critique were maintainers.
You misunderstand. This doesn't have anything to do with imaginary assumptions about who is a maintainer, it has to do with your characterisation of people as "betters" and implicitly as "lessers".
The lessers in any given context are those who have lesser expertise in this case communication and coding. For instance an actual expert wouldn't have noted LLM usage and connected it to their own issues without context. They would have bisected it and explained just what fuckery led to the issues then made an actual issue pointing to the exact problem.
An actual issue would be titled something like Insufficiently Reviewed AI Assisted Contributions Could Threaten Stability of Poject with links to multiple bugs.
Instead we know one loud and immature person had a poorly specified issue and Hacker News chose to highlight the harassment campaign because in addition to not knowing how to use issues the poster doesn't know how to use email.
Why should a random user bother analyzing the code when the "developer" didn't bother doing the same before committing huge chunks of AI generated code?
The effort put into the issue was roughly the same as was put into the release that caused the issue to be made. Fair is fair.
>the "developer" didn't bother doing the same before committing huge chunks of AI generated code?
This is something that you assume, not something that you have any proof of. To put it a bit more strongly, this is something that you (and hundreds of other people in that github thread) made up in your head. The maintainer is a very experienced OS developer and there's no reason to suspect they didn't review the committed code.
Bugs happen, and the mere existence of bugs is not a proof that someone is doing a poor job. Assuming those bugs even exist. I am inclined to believe they do, but the issue does a poor job of reporting them. Instead of factually reporting regressions, the "issue" is a screenshot of a viral tweet.
Your vicious reaction is not justified, and you should do better in the future.
>The effort put into the issue was roughly the same as was put into the release that caused the issue to be made. Fair is fair.
It is not fair. The rsync maintainer does not owe you anything. You owe them for using their software. How much did you donate to rsync this year?
I'm sorry, but you're calling the kettle black here. You made up a scenario in your head in which the developer decided to save time by using AI to generate thousands of lines of code instead of writing it themselves, but then also decided to spend time carefully reviewing and understanding said code to look for issues before committing, even though it's a well known fact that properly reviewing such large amounts of code written by others can sometimes be a more daunting task than just writing it yourself.
We both know what the more likely scenario is here. We both know that AI fanatics have spent the last year bragging about how many thousands of lines of code they can pump out per hour. Do not claim otherwise, because to do so would be an insult to my intelligence. And from a quick look at the developer's Github profile, it's clear they've gone all in on the hype, as I cannot find a single significant commit made this year that is not signed by Claude. Even the most experienced developers are not immune to AI psychosis.
> You owe them for using their software. How much did you donate to rsync this year?
I don't remember reading this in the license. Could you point it out for me? I can't find any such clause.
Because they actually want something fixed as a long term user of a software.
> Nothing but dripping contempt for their betters.
... and that's how to lose credibility.
They don't make anything and they shit talk those who do
They shit talk those who also don't make but use AI to destroy.
Which are identical to those who wrote rsync in the first place.
So given the rsync author did not make anything in the first place, they also cannot go destroy rsync as there is nothing to destroy.
But well done defending abuse.
Your opinions would have much more weight if you didn't use your sockpuppet account to express them.
Why? You want to send a mob to harass me like people you defend did with the rsync author?
I'm not interested in that. So I'll ignore your demands. Find yourself a different target.
Do you see my name on the github issue? No. What you are doing just looks like trolling and probably you have a couple other accounts in the opposite camp.
The problem is the we couldn’t really tell part. Changes made to mature finished projects should be minimal and readable and understandable by humans.
Also rsync is handling copying binary data, it’s a project that’s super sensitive to hardware faults for example, which means it’s not just enough for the tests to pass.
> finished projects
rsync is not a finished project: it has hundreds of open issues (bugs, feature requests, ...).
"Finished projects" are a mythical thing that rarely exists in reality and even less in actually used software like rsync or the Linux kernel.
We could tell, if someone did independent work of reviewing a sample of the contributions and recent changes (and published in a blog post for example).
I agree about letting AI loose on rsync is baffling, and also that how the issue was filed was incredible obnoxious. A thought crossed my mind though, with the risk of going slightly off topic. Disregarding the fact that mature software like Rsync does not need this kind of movement in changed LOC. Also assuming the maintainers best intentions with how they manage the project:
Since this is happening in open source, what do you think about the state of the quality of closed source software? AI usage (input as a success metric) is part of what you're being evaluated on as an employee, and people are panicking at the threat of mass layoffs due to AI.
Yikes!
you know what is baffling? you commenting about letting loose AI on rsync, where you, and me included, have absolutely zero insight in how he used Claude.
What https://github.com/RsyncProject/rsync/issues/929#issuecommen... shows is that it no longer works on older Darwin and Linux < 5.6, which has been deprecated in 2020. Plus some other bugs as well.
You cannot expect maintainers to support old systems and know the impact their changes have. Whether its done by AI or hand.
> when your fortune and reputation is made and you're the leader of a niche
Huh? "Fortune"? You mean the slog of maintaining a popular open source project half the world relies on without compensation?
> the maintainers seem to have let AI loose on rsync
is it an assumption ?
No: https://github.com/RsyncProject/rsync/commits/master/
Almost all the commits are regarding the testsuite or CI, both of which are IMO great use of AI.
I think that’s misleading. Yes, almost all commits co-authored by Claude lately are about test suite and CI, but that’s just because almost all commits lately are about test suite and CI. The commits which aren’t test suite and CI are also co-authored by Claude. Go a bit further back in the commit history (April 29 onwards) you still see a sea of non-CI/testsuite Claude commits.
Oh and another thing I just learned: it seems like the reason there are so many test suite commits recently is ... Tridge got Claude to rewrite all the tests in Python and delete the old shell test suite: https://github.com/RsyncProject/rsync/pull/903/
That's ballsy. I feel like if I used Claude heavily for a piece of code, an existing test suite would be something I would want to rely on to catch mistakes.
AI coding was experimental a year ago. It's no longer experimental anymore. The industry standard is that most code changes are AI generated.
> most code changes are AI generated
That's a huge claim.
> The industry standard is that most code changes are AI generated.
That is absolutely not the case.
Everyone I know from every company I know no longer writes their code by hand anymore. Doing it by hand is the exception.
Anecdotally I find it true, but I haven't seen actual industry wide surveys.
> Anecdotally I find it true, but I haven't seen actual industry wide surveys.
And this is the problem. I have yet to see any actual studies of efficacy. It’s just people using “feelings” to justify the spend. If I did this for anything else, I might get fired. Why does AI get a pass for this?
This is insane.
>Why does AI get a pass for this?
Because business leaders are watching the exponential trend lines and are working off of predictions of the future.
There is still no evidence, it’s all vibes. If you replaced AI with tulips, it would make no difference.
We are at the point where QA can fix bugs by describing the issue they are seeing.
We are at the point where bugs can be fixed automatically by hooking up AI to crash reporting telemetry.
Tulips can't fix bugs.
I think the other commenter's point is that there's no industry-wide proof that QA can fix bugs by just describing the issue. That's an anecdote. Why is it acceptable now to just follow anecdotes and FOMO?
I truly don't get it
You have a rock solid piece of software used by an infinite amount of people and other services. It works fine, does it's job and just have some time to time updates due to minor bug fixes.
Why do we need AI here?
And more over, why people is saying "fork it and use the previous version". It should be actually all the way around, create a parallel fork younamethetool-ai and keep the OG untouched.
What I have to do now, keep a fork of my entire system's toolkit?
> Why do we need AI here?
As several comments in the issue mention, it's up to the developers that contribute to an open source package to decide how they do it. Complaining on an issue tracker (apparently without proof) about AI ruining a piece of software is a form of "Open Source contributor abuse" discussed frequently on Hacker News [1]
https://github.com/RsyncProject/rsync/issues/929#issuecommen...
> The issue tracker is not a place for you to farm viral social media posts. Either report an actionable bug or fork it yourself. Venting about the developers choices is not productive.
https://github.com/RsyncProject/rsync/issues/929#issuecommen...
> @II-Paulus-II Stop. You know nothing. You have shipped 0 features by hand. No one has ever depended on your code. You are a finger-wagging "AI wrote this" type in an era where you hide in plain sight coasting on the moral high ground of writing toy projects and scripts from scratch. Can't ship, can't adapt, can't even realize that an issue tracker is not the place for this kind of attitude.
[1] https://news.ycombinator.com/item?id=43077833
I agree, if I was the maintainer this would be an extremely tiring community feedback.
People coming in "I encountered a bug, I don't know what the bug is but I thought about it for a second and it's obviously your descision to do xyz".
As a maintainer, what are you supposed to do? It's not more useful than a ticket "somethings wrong idk what" which is useless enough to close without further action. But it puts the burden on the maintainer to a) figure out what's wrong based on basically no data whatsoever, then b) if they find it out figure out why then c), and that's the tiring part, review their process and create a defense for their approach, or admit that that thing that random user felt after trying out your software for 10 minutes is right, and that you were what? stupid to even think this would ever work? They never asked for any of this, and they're already doing so much work for free.
If the rsync maintainer reads this: You're doing incredible work and humanity appreciates your obviously incredibly competence in it, and not everyone feels the way these people do.
Moving to agentic workflows is obviously the right step and it already provides enough benefits to do it already. And mistakes are bound to happen (if the issue is even a mistake!) and there will always be people who cannot comprehend the power of agents and who will point the finger saying "I know it from the start! I've worked with these tools for 2 hours already and I can see they don't work! Idk why you think they do!". They're wrong. But mistakes will happen that otherwise wouldn't have - but that's the learning experience.
I don’t know the details of this exact instance, but saying that there are reliability issues is a valid feedback if reliability plummets.
As far as I know, nobody with data claims that vibe coding doesn’t affect reliability negatively.
People will connect these two things.
Many times, when reliability doesn’t plummet really. For example, there were huge negative news about a Samsung phone a few years back, that it easily causes fires. Sales were affected by this. Interestingly, next year, they released basically the same thing under different name, and complains were never that loud again. And as far as I know, when they were loud, there was nothing special about that particular model regarding this. So it’s possible that outrage is not validated at all.
They will also connect these, when reliability plummets, but it’s not because of vibe coding.
And they will connect, when it is the real culprit in general, but their problems are not affected by vibe coding.
And of course also when vibe coding really causes their problems.
In any case, the original statements will be true. Do we really want to make a product less reliable to implement features and bugs which we deemed not that important before? Especially with a stable product?
Of course, these on the maintainers, but it’s interesting that forcing AI and their consequences on us - like how Microsoft, Google, etc do - is the default, and not the other way around according to many in this thread and others.
Yes, reliability plummeting is valuable feedback, but it should be framed as such, and not attack the maintainers descision to use agentic tools to write code, and especially not in that high nose way with an undertone of: What you're doing is obviously wrong, did you even think?? Everyone here knows it, are you stupid?
And the maintainer can then choose to use that feedback to incorporate it into the workflow, on their own time. If they so choose (which I'm sure they will, unless they get burnt by the community right now).
I think we agree.
If the maintainer used any other tool which is suspected to cause a number of recent problems, it'd be discussed. The tone is a problem but the reaction is equally problematic. It isn't even clear the maintainer hasn't been silently changed if agents are used, depending on the extent. That itself is worthy of discussion, and "maintainer decision" is not the right call in that situation. One comment basically insinuates that with instructions for AI, though it was written as a trollish joke.
It can be discussed but not like this. The tone is problematic and results in the reaction. You're basically saying: I found a few bugs and I saw that you use tool X, thus you're now not worthy of maintaining this software without my supervision. Which is tiring if the initial report doesn't even show what exactly was wrong, or if something was wrong. It's just a feeling of: something doesn't work for me; I don't like AI tools; I see you're using AI tools; therefore I now tell you that you're not capable of maintaining this package, and I have to intervene. Such a stark comment must be done on more than just vibes and feelings.
> As several comments in the issue mention, it's up to the developers that contribute to an open source package to decide how they do it. Complaining on an issue tracker (apparently without proof) about AI ruining a piece of software is a form of "Open Source contributor abuse" discussed frequently on Hacker News
Sure, the developer can do whatever they want with their open source package. They could also freely ship malware or exploits. That certainly doesn't make them immune to criticism, especially when it starts suffering from critical failures or the results of their changes make it no longer usable in specific environments.
A lot of the comments on the issue tracker are obviously out of line and I imagine a decent chunk is ragebaiting. But I think if people want to continue using LLM shit, they need to be ready to weather ALL criticism that comes with it.
The result might be closing bug trackers for the core open source projects. Or make them invite only. Even fundamental projects like Linux or LLVM accept AI contributions.
> But I think if people want to continue using LLM shit, they need to be ready to weather ALL criticism that comes with it.
And if they don't then too? Because why should they not have to weather ALL "criticism" that comes with writing open source software?
Apparently there are lots of people defending comments that "are obviously out of line and [...] ragebaiting". That sure makes being an open source developer enjoyable!
I 100% agree with the "please don't fuck up this stable & reliable workhorse" sentiment.
I haven't read this in detail but "Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case." seems like a pretty solid answer to the "why".
https://download.samba.org/pub/rsync/NEWS#3.4.3
But there's been security fixes in most releases of rsync!
Even then, why would a security fix be some kind of strike against AI? We've all seen LLMs being used to tease out the most serious and obscure bugs in C codebases. I'd expect to see a lot of security fixes for an ancient, well-used codebase when an LLM analyses it.
Where is the slop commit here? And why is that commit evidence that tridge has lost his mind to the machine? https://github.com/RsyncProject/rsync/commits/master/
Parent is agreeing with you.
The part you're missing is that those "fixes" broke a lot of existing functionality.
Bugs are bugs and need fixing. How dense can people get.
Regressions are bad and need to not happen.
Regressions are bad and they should be avoided. Still, software engineering is a complex thing and regressions happened long time before coding agents were a thing. Unless one can pinpoint regression to changes that were more sloppy than the human-written rsync commits were I don't think coding agents are to blame.
Seems like that it's not that coding agents are to blame, its that the people who are ultimately responsible for committing and merging the offending code are to blame, regardless of its origin.
Or no one is to blame, if the mechanism of the regression is complex and non-obvious based just on the patch itself.
Or they are to blame because they misplaced responsibility in a tool's universality to not introduce regressions, even complex and non-obvious ones.
or they are not to blame because they accepted the possibility of a regression when fixing 6 CVEs
Or they are to blame because fixing 1000 CVE's doesn't magically absolve one of responsibility for regression bugs, even if one "accepts" them as a psychological salve.
If you are entitled enough then they are to blame they didn't fix everything at once, but in that case you really should be paying for their product and support. Otherwise fixing security issues has high enough priority to accept there might be downstream bugs that will be fixed in due course.
Would you hold off on fixing a security vulnerability if it caused a limited regression?
Regressions should be fixed expediently, but if you apply the criteria "need to not happen" they are literally blocking issues. They could then block security fixes.
Which part of security fixing demands thoughtless generation of code slop without regression testing though?
I worked on major OSS projects and we never just blindly pushed out untested poor quality code for security fixes since that adds WORSE security regressions.
I am discussing outcomes, not methodology.
The methodology describes the effort you may be putting into something, The outcomes are about what results are you prepared to accept.
Would you ship an update with a security fix if it had been thoroughly tested was shown to have certain regressions but no worse security regressions? Would you refuse to fix the security issue until you could do so without any degradation?
It's clear that people can and do accept regressions for security updates. Spectre mitigations cause performance regressions. SharedArrayBuffer got taken away for a while. Being absolutist about things seldom helps.
I agree due care should be taken where possible, but I'm also prepared to accept that mistakes can happen even when people have worked diligently to find issues.
Since you have worked on major OSS projects. Have any of them shipped regressions unintentionally? Right now that is the only thing we have to go on, that these things happened. The degree of care taken is an unknown, as is the degree of LLM involvement. We might know more in a week or two.
If you want to condemn something based upon what might have happened you can specifically state what you think shouldn't happen, and that will stand regardless of whether or not it applies to the current incident.
Obviously "Thoughtless generation of code slop without regression testing" is unacceptable, but that is because the conclusion is written into the statement by saying "thoughtless" "slop" and "without regression testing"
If tridge says 'I gave it thought, I don't agree that it is slop, and I did regression testing' then you have nothing further to complain about, because the incident does not fall under the criteria you specified.
It's saying 'things that are bad, are bad'. The defence is to say 'well, this isn't bad'
> ...if it had been thoroughly tested was shown to have certain regressions but no worse security regressions?
You'd have to test to know this, and there is no evidence that tridge did this regression testing - or ask Claude to find possible regressions caused by proposed changes. If tridge did test for regressions, but chose not to document the regression, then it's still negligence, regardless of the tools pr processes involved.
Are you saying that it is irresponsible to test for regressions and to not document the ones you didn't find or that you think it is reasonable to expect regression tests for every possible regression?
No, I did not say any of that.
What were you trying to say? Because what you wrote is what parent responded to.
> there is no evidence that tridge did this regression testing
What evidence would you be looking for? New tests, like the ones added in the AI-assisted commits? What other evidence?
> If tridge did test for regressions, but chose not to document the regression
Presumably you weren't trying to imply here that tridge found a regression and decided to ship the code anyway; so parent went to a natural assumption - do you think testing for regressions finds all regressions?
I feel really bad for the sense of entitlement a lot of open source devs have to deal with. Imagine building something for free as a hobby then having to deal a mob of angry people who have never paid you whenever you do something they don’t like. Surely your first thought would be to tell them to foxtrot oscar somewhere else.
That's not my experience. Users naturally get frustrated when I break the software that they rely upon, and sometimes they use strong words, but the resulting conversation is almost always friendly and productive. (There are exceptions, of course, but that's life, right?)
Here's a recent sample, paraphrased for brevity:
Them: this is broken.
Me: no, it's not broken.
Them (a few days later): "I think I must not have tried all the combinations", followed with two pages of transcripts.
Me: "I've just checked the code, and you're right [...] I'm extremely sorry I wasted your time."
Them: "Heh, it's all good. I'm am chuffed you're taking the time to give thoughtful responses with me"
Source: https://github.com/jech/galene/issues/309
Yeah that makes sense. People will be often more polite when they realise there is a real human on the other side.
But I was referring more to the initial use of strong words coming from frustration.
Just because you deal with it well doesn’t mean you should have to deal with it in the first place, especially when it comes to volunteer work.
That's up to the maintainer to decide, no? If they decide to use AI to write more tests, then they do it. It's not like they owe the public something. If the "public" wants to take the project over and maintain it, they can fork it, but it's a thankless job.
Sure, it's up to the maintainer. But it's also not unreasonable for the users to say "this approach is going to have problems, please reconsider". Obviously, you can take that too far - and the Internet being what it is, we would expect to see that happening a lot of the time. But it's not inherently unreasonable to ask the maintainer to reconsider his approach.
Why would it be the maintainer’s responsibly to fork their own repo? It wouldn’t even make sense; who would maintain the old repo?
They also don’t need a reason, or owe you their reason, for changing what tools they use to work on their open source projects.
Autonomous agents are different. Claude should fork the repo because it is a new maintainer trying to take over a project. Doesn't matter if the OG maintainer is under illusions.
There’s so much to unpack here, but let’s say I grant your premises that AIs are equivalent to people and Claude is making its own decisions about the project and the OG maintainer has ceded control of the repo to Mr Claude.
I don’t, but let’s assume for a moment.
It’s still up to the current maintainer to pick additional or replacement maintainers, and it would be bonkers to expect the new maintainer to fork the repo to implement their changes.
Open source projects change their maintainers all the time.
It depends on the circumstances. Maintainers can do whatever they want, theoretically. Practically, there is implicit community involvement, otherwise a project dies as people abandon it. Right now it isn't even acknowledged what is happening.
I think you may be confusing popularity with existence.
The thing that makes a project die is if the maintainers all leave. Users don’t make a project exist. They make it popular.
If the user community all up and left, rsync would still exist and continue as long as its maintainers choose to work on it.
By contrast, if all the maintainers leave because they’re tired of dealing with assholes, the project dies.
By that account an open source project never dies because the code is there for anyone to improve upon. Why does anyone care if one particular repo realization of some useful idea or its maintainers are around or not?
It's quite some value judgment and worldview to divide open source into autistic maintainers who do even if no one uses and asshole users who do not and cannot do.
Woof. I think we’re just not going to agree.
Why do we need any tools at all? Software worked perfectly fine when people were editing code with `ed`, so I'm going to go open timewasting issues complaining about FOSS devs using an IDE.
Because all software has bugs, because the system underlying that software changes and you need to keep up, because for some people it’s just missing that one feature or doesn’t work quite right in that one edge case. I’d bet that there are issues in the backlog with people’s complaining that their issue isn’t being addressed quick enough.
Is AI the problem, or that it had a regression? Is the regression actually caused by AI?
wtf is this comment section?
The author of these commits were tridge & claude.
What does tridge have to do to convince the open source community that he might be a legit programmer & have a clue?
Samba? Whats that? Rsync? Never heard of it. Tivo? No clue (maybe more Australian context here than others, but still).
Even the comments on the github issue, are totally devoid of the context that this is a very senior open source contributer who has maintained this project since he came up with the diff algorithm during his Phd, started the project and now chooses to acknowledge that he's using claude.
Is there any evidence that the bug rate on rsync is any worse than it used to be? or just a screenshot from mastadon?
It is just so bizarre to me.
I'm not sure about tridge personally, but I've regularly seen real competent engineers introduce obvious hallucinations when using coding agents. Review fatigue is real, and you just cannot own the code you didn't write to the same degree as the one you wrote
My consistent observation is that seniors who do only or mostly code reviews for several months end up making worst and worst code review. They nitpick thinks that dont matter more and more ... and miss big architectural issues, maintennability issues and bugs more amd more.
There is no reason to think reviewing AI code more then writing own wont have the same effect.
> this is a very senior open source contributer who has maintained this project since he came up with the diff algorithm during his Phd
People change. You can be Linus Torvalds for all I care, if one day you wake up and start pushing 9000 line commits created by LLM and with regressions, you're not that person anymore.
Also, a real example is Steve Yegge.
I still have no idea what on earth why or is Gas Town. Also, he facilitated a crypto rug pull around it because he claimed the money to help support Gas Town was too good to pass up. People have lost their minds with this.
This is just a tool and it’s making people have brain damage. I don’t want this reality. It’s too stupid.
But DID anything change?
Of course I know that some people can just becoming psychotic out of nowhere. But why would I assume it?
According to the thread rsync broke for incremental backups and increases the cpu load heavily. The whole thread only started because people noticed regressions and were wondering what happened.
Since I quite a few users are using distros that won't update for a while it gets even better: this trend may continue and as soon as the update actually happens we'll be so far down the road that it will be too late to take a step back and reconsider due to the delayed feedback. This is pretty much about the few people _already_ having issues with it.
That being said, if the creator wants to use AI to work on the project they are free to do so. I just hope nothing of value is lost because of it.
P.S.: If you stop writing by hand and start delegating - to AI or other people - something has changed. There shouldn't be any discussion about it. Delegation is different than writing it yourself.
Yes, according to the git diff and the comment here https://github.com/RsyncProject/rsync/issues/929#issuecommen....
A change in the sys calls that are used. That's pretty sensitive in general I think; I can see if it were introduced by an LLM why people would be upset if they experienced data loss from it.
Do you think LLM use is evidence of psychosis? I think it's a widespread problem but probably not psychosis.
At least once a week we have a post on HN about CEOs having AI paychosis. Maybe there is something to it.
> Is there any evidence that the bug rate on rsync is any worse than it used to be? or just a screenshot from mastadon?
There's plenty of evidence that rsync 3.4.3 has broken a bunch of features like incremental copies, yes.
Which is why your post is a great proof of how AI derangement can make previously great engineers output broken dangerous slop.
Has rsync never broken features before, without AI?
Have features been broken in patch versions?
I don't remember of any examples, no. I'm sure you can use your clanker to answer that though and also plot out the number of occurences.
> Why do we need AI here?
AI psychosis is a real thing and an actual mental health issue.
The only psychotic behavior I see in the linked issue comes from the anti AI people.
funny speculative question: psychosis is evidently a gradient. Does AI just highlight latent general psychosis (i.e. in the simplified interpretation of a worldview shaped more by unchecked belief and fantasy than observation) in otherwise largely functional people?
What if the problem is that we train people too much to take things that are being said at face value without questioning/observing them, increasing the psychosis problem?
Everyone is susceptible to addictions or psychosis to some degree.
What matters is when the stimulus presented exceeds their resistance.
Extended AI use is a highly attractive stimulus that exceeds most people's resistance, especially when sycophantically interacted with in an echo chamber (human-AI, with no other humans in the room).
So yes, it's dangerous in the same way that cigarettes and social media are.
Just because some people can avoid slipping into it, doesn't mean we should ignore population-as-a-whole outcomes.
Similar to anti-AI derangement
It really is an odd feeling to be in between the 2 extremes
The problem is that both camps take their positions as religious righteousness, which lobotomizes their abilities to have productive, pros and cons discussions about matters at hand.
The internet/apps of the last 20 years have not exactly boosted people's ability to think critically and set aside their passions though.
Much easier to keep eyeballs glued and sell them ads if you encourage their baser impulses.
take heart knowing at least I'm there with ya.
You might want to use different term. After all, Trump derangement syndrome turned out to be "people who actually listen to him and say truth about him".
X-derangement thing is not used in reference to people whobare wrong or lying, but in reference to people who are making correct observations
No. There is no "anti-AI derangement", the reaction to slop is normal.
Spamming an open source developer with angry comments because they decided to use a new tool for the code they write and publish freely is not normal.
This is rsync we are talking about. A bug in rsync basically means lost data and/or unreliable backups.
I think it's normal to be pissed at lost data. Maybe it's not socially acceptable to spit in the face of a volunteer but it's 100% human to feel annoyed by an obvious drop in code quality.
The thing is, showing the annoyance to the volunteer, who is already doing their best, has two possible outcomes:
1) they stop volunteering
2) they will ignore you
In neither of that is your issue solved. So maybe it's better to deal with the frustration on your own and then file a bug report.
There must be some degree of communication from customers to developers. Even if it is a free volunteer service.
Poor communication results in professionals firing the customer as well. None of this is exclusive to OSS of volunteer effort. But the communication in general is necessary.
This is just product management and communication issues. There is an perceived problem and the problem MUST be communicated.
Problems aren't solved by shutting up and ignoring things. And based on the discussion in this topic, it's clear there's a lot of people who are worried about rsync code quality here.
Look, it's not that long time ago when we had the xz malware. The pattern is always the same. Maintainer of the project is doing X, people start to pressure them to do something else, maintainer gives up and opens the project up to other maintainers, and then many things can happen. If there is any lesson from the incident, open source maintainers should never allow the pressure to happen, ignore it if it's too strong, block people. Rsync has been maintained for a very long time. Bugs happen, even regression bugs happen. People don't get to dictate how should the volunteer do development.
If I were the rsync maintainer I’d probably set the repo to only allow issues and PRs from prior contributors until people learn to behave.
If I were the rsync maintainer after this I'd unpublish it everywhere I had control over, delete the repo and turn off my computer to go walk in the park. The linked thread is insane.
Just going away from computers for a few days should be enough, the mob will get tired soon.
Yes. That's called firing the customer in my line of work.
This doesn't seem egregious enough to fire the customer.
Again, this is not work and they are not customers.
This is somebody spending their free time on code they enjoy and then putting the result online.
The reason businesses are careful about which customers they fire is because they want to keep having customers. Open source maintainers have no reason to deal with that shit.
Then he can fire the customer. By simply closing the issue.
And it seems like regressions that lead to rsync losing data is just as serious.
Again: we are talking about rsync here. This new methodology being used this year seems to be associated with a regression (ie: Data loss since this is rsync after all....) that likely wouldn't have happened any other year.
Or at least: the regressions at play are consisting of thousands of lines of changes that was only navigated by Claude later down in the discussion.
We are reaching the point of AI developed code that requires AI itself to analyze. One step at a time. It's right for the open source customers who are used to understanding changes and smaller patches than this.
Before you call yourself a customer of an FOSS project, perhaps show us the receipt that a monetary transaction had actually taken place between you and the developer.
Otherwise, you're just a beggar. And beggars don't get to choose.
These are not customers.
Are you intentionally being this dense?
Customer in this context just means user
That’s exactly what I was calling out.
Customers pay money for goods and services. They thus get a bunch of social, ethical, and legal positions in terms of their relationship with the seller.
Rsync is an open source project that its maintainers put onto the Internet. People who use it are not customers, and they do not have the right to expectations around how the maintainers will change the software or change how they develop it.
You've never had a customer in your professional setting who didn't pay money for goods and/or services? Yet it was very important for your boss (and therefore you, as a programmer) to service their every whim?
Customers are customers. Whether they're paying or not. Not all customers are worth servicing (even with infinite money offered, "firing a customer" is important to keep the community in check).
But this isn't a situation where the RSYNC maintainer should fire the customer. There's a LOT of backlash to this release. Even if this one particular customer is a bit of an ass, there's plenty of good users in that 90+ comment chain (hundreds now?) where this regression has clearly struck a nerve.
This is not a professional setting. This is an open source project that somebody published to the internet. Using it does not make you a customer, and it doesn’t matter if it “struck a nerve” with users.
Well in my professional setting, I deal with non-paying customers all the time. They're still customers and I'm still expected to listen to them.
It was better when a dedicated PM was shielding me from this crap but here we are. Deciding who and who not to listen to is just part of project management.
Right. Sure. But this isn't a professional setting.
Sure. But an open source project is not a professional setting.
If committing thousands of lines of unreviewed AI generated code is "doing their best", I'd argue that them not contributing anymore would be a net benefit for the project.
That's possible, but who are you to tell a person what they should and shouldn't do in their free time.
I could ask you the same thing. Who are you to tell a person they're not allowed to criticize someone else's public actions?
Sorry, but working on projects that interest you and going online to tell somebody they fucked up are not equivalent social behaviors.
> Maybe it's not socially acceptable to spit in the face of a volunteer
Why are you hedging this? Do you think maybe it is socially acceptable?
This isn't a hedge at all. There is likely an English mistake/misinterpretstion being made here. I am a native English speaker btw.
Do you believe the comments in this GitHub issue are acceptable social discourse towards an open source maintainer?
The first comment, which is a screenshot from Mastodon, is perfectly acceptable. There is a clear regression between newer versions of rsync.
Then egos got bruised and things leave the realm of reason soon after. But coming with a request saying "Version X worked while version Y doesn't", with maybe some degree of annoyance, is fine.
The title of the original issue, by the original issue submitter, is “Please Do Not Vibe Fuck Up This Software”.
Did I stutter?
We are all adults here. And this is a volunteer project. Cursing isn't a big deal. Nothing here seems like it's aimed specifically at the maintainer and mostly seems to be written as aimed vs the AI.
Later when egos get bruised the conversation drifts off the wayside. But the OSS world is rather casual with curse words, as long as you aren't insulting someone directly.
The target of the issue title is pretty clearly the maintainer. They’re the one being told to stop using AI.
I guess this answers the question of whether you think maybe it’s ok to spit in the face of open source developers.
“Maybe don’t do that?” does not mean “I support you doing that” no matter how unfamiliar you are with it as an idiom.
“I cut my finger with the kitchen knife”
“Maybe don’t hold it by the blade”
It’s something along the lines of sarcastic and deliberately unhelpful because “duh, of course don’t do that”.
This doesn’t seem related to my comment. Did you mean to reply to me upthread?
Saying ~“maybe it’s not ok to do <thing> but <reasons they might do thing>” is nothing like your example and does imply it’s acceptable to the speaker to sometimes do that thing.
But we’re past that now because the person I was discussing this with has gone ahead and clarified that telling an open source maintainer to please stop fucking up isn’t an angry comment.
> because they decided to use a new tool for the code they write
That's not why the comments are angry. The anger is directed at the slop approach to code review.
I guarantee you the same anti-AI people wouldn't give a shit if the author used an AI-enabled IDE and personally vetted all commits.
> Why is there a need of AI in here?
For the same reason as some people would rewrite it in Rust.
No, that's usually to decrease the number of bugs and vulnerabilities.
That's not why people rewrite in Rust.
Rewrites brings new bugs regardless of the language.
You're conflating why people want to rewrite it in Rust vs what is the likely end result i.e. I do think people want to rewrite things in Rust because they believe long-term it will mean fewer (memory safety etc.) bugs especially because there's been almost no meaningful improvement in this space for a long time. But of course in the short term it will mean regressions compared to the established C written version.
That is different from AI where the calculus seems to be that if AI isn't involved, it aien't relevant.
> I do think people want to rewrite things in Rust because they believe long-term it will mean fewer (memory safety etc.) bugs
I don't believe that anymore - if that were true, the large portion of code now being rewritten in Rust wouldn't be vibe-coded slop.
I'd be more willing to believe that "quality" was the reason if those doing the rewrite weren't fucking vibing everything!
> if that were true, the large portion of code now being rewritten in Rust wouldn't be vibe-coded slop.
There may be some recency bias with the whole Bun fiasco, but Bun is after all owned by Anthorpic.
The wast majority of software in Rust that's actually used is not vibe coded as far as I know. There may be a large number of vibe coded Rust projects on GitHub but that's a poor metric to judge by given how easy it is to publish a new repo.
Is a large portion of in use Rust code vibecoded? I don't believe so.
Does an AI rewrite in Rust cancel out?
That remains to be seen, but my guess would be that if you do it like Ladybird (with human-in-the-loop and a decent level of review) then probably yes, if you do it like Bun (1M LoC in a week) then probably no.
I did recently read an article about how, due to better training data, an AI writes better code in Rust than most other languages.
How that translates to the number of bugs, I don't know.
I would think that existing bugs would be caught, but new bugs would be introduced. The problem remains, but at least it has a new name now.
I’m developing three codebases right now where all of the code is written by AI (Swift, Python, Rust) and the Rust codebase requires the least pruning and has the fewest wtf moments.
I suspect it is the feedback from the stricter compiler, not differences in training data between python and rust
Btw, the bug itself was introduced in 30656c5e by Claude Code, and I guess.. improper human review and testing.
https://github.com/RsyncProject/rsync/commit/30656c5e
Someone using AI to bisect recent rsync. https://github.com/themgt/rsync-compare-link-dest-341-343-re...
Someone trying to fix it with more Claude Code: https://github.com/RsyncProject/rsync/pull/930
Related ticket: https://github.com/RsyncProject/rsync/issues/915
I'd recommend putting in more regression testing in the commit before 30656c5e, and rebase it forward while keeping functionality.
That makes the original complaint look, well just plain wrong.
This wasn't "unwanted new features". Tridge was fixing a security issue, related to a bug report. I sympathise - we are all getting slammed with security issues. Fixing them isn't optional. I can't say I enjoy returning to decade old software to do it - so colour me impressed that tridge is putting in the effort.
I'm also guilty of using LLMs to help me get past this mess. I dunno what tridge is doing - but I check every line of code it spits out. Nonetheless, I have no doubt bugs slipping through is a real danger. I haven't looked at the code in a long while, I'm not as familiar with it as I once was. So a bug slipping through is not a big surprise.
Which brings us to the one odd thing about the blow up. The original complainer seems very protective of his backup system - yet tridge's commit was only 2 weeks ago. I know tridge is good - but surely you treat this as alpha software. What was he thinking? Maybe he has a bit to learn about building reliable systems himself.
A few years ago, the probability of such shit reaching the Hacker News home page was near zero, because regardless of the merits, here was not full of normies that could not understand when a behavior is unacceptable (I'm referring to the violence of the language of the issue). And now, here we are, surrounded by people that can't tell the most obvious things.
Opening an issue consisting only of some twitter clone screenshot with some "literally who" who found a bug called "Please Do Not Vibe Fuck Up This Software" ain't it. That's not a way to tell a maintainer that you disagree with the direction they're taking. This issue is entirely useless. A "fucked up vibe coded" bug report would have been better.
This nailed it. None of the bug reports even attempt to document the claimed "--compare-dest=" regression. I did ctrl-f and I didn't even see anyone mention "compare-dest" again? The people posting worthless AI rage comments could have asked Opus 4.8 to spin up rysnc 3.4.3 vs. 3.4.1, thoroughly document the regression and git bisect the commit that broke it and filed a 1000x more professional and useful bug report.
If you want society to value your human work more than AI work, try to avoid acting like a uniquely human bozo.
They're not mad about the bug, they're mad about the cause of the bug. This is like city council starts flinging stones with a trebuchet into streets, and you're expected to calmly file pothole reports instead of complaining about the trebuchet.
Bugs exist in human code too. The AI derangement crowd pounces on any small bug as evidence that AI is a trebuchet, and thinks that if only we didn't use AI there would never be any bugs (like five years ago when all software was perfect, was not being enshittified, and had 0 bugs).
> Bugs exist in human code too.
These bugs did not exist in human code. They were introduced by AI.
> thinks that if only we didn't use AI there would never be any bugs
Strawman. These bugs would not exist if not introduced by AI.
The bugs were introduced because rsync had security issues(i.e. bugs) in it, presumably written into the code by humans.
It's really baffling to see so many people in this thread maintain the position that somehow software was clean and pristine until AI touched it with its evil.
Please try to at least put some sort of constructive argument forward, for example - I don't like AI because it might introduce more bugs than a careful human reviewer. Then we could discuss why a single maintainer is responsible for rsync and how they should handle the pressure of keeping it up to date - should they just stop making further changes, should they look for tools that might help them?
(By the way, if your position is that rsync was perfect before AI got its hands on it, you have a clear solution to all your problems - simply do not update to any newer versions)
Either way, move away from this absolutist nonsense that has no bearing to reality.
> It's really baffling to see so many people in this thread maintain the position that somehow software was clean and pristine until AI touched it with its evil.
Nobody maintains this position. Again, it's a strawman you made up, because it's easier to dismiss such "absolutist nonsense" than it is to just admit that these specific bugs were introduced as a direct result of careless AI usage.
If the developer is overwhelmed by the maintenance burden (they aren't, judging by how many AI commits they've been making to a large number of repositories), then that's an entirely different problem that deserves a good faith discussion, but delegating the work to AI is not the correct solution.
> By the way, if your position is that rsync was perfect before AI got its hands on it
Again, strawman, nobody said this either. In fact, quite the opposite - we want rsync to continue to be maintained by a human. If the current developer isn't interested in or capable of maintaining the project anymore, they should just say so instead of quietly letting AI take over, because then the likelihood of someone else stepping up to contribute would be much higher.
You could also say that about using dismissive language like “normies”.
Regarding it reaching the front page: is it possible that’s because others feel the same way about a software they might use daily for important work?
Trite as the gh issue is and surely this is thankless work, the bottom line and reality is that rsync is a cornerstone for a lot of sensitive pipelines.
Describing the issue as “violent” is wild. Reading through a bit, it’s massive, it’s clear no one involved has the moral high ground here. The polite response is to close the issue if you believe it’s genuinely off topic.
Still not quite sure what you mean by obvious because to me “Stop. You know nothing. You have shipped 0 features by hand. No one has ever depended on your code.” Is much more violent than “please do not vibe fuckup this software”.
The "Stop. You know nothing." comment was apparently a reference to this tweet. https://x.com/CodyRhodes/status/980680154098757632
Embarassing nonetheless
That's some very embarassing american (I guess) defaultism.
That doesn't make it any better. At all.
Maybe I'm getting too skeptical. I have a feeling increasingly many of the comments on HN and the GitHub issue are just bots ragebaiting other people (incl. the maintainer)...
The fact that you cannot tell the difference anymore speaks for a more fundamental problem in your perception and the world you live in.
I'm not sure how to interpret your comment. It could be
- a response to my comment saying that I am "illiterate" and cannot differentiate LLM output vs actual human comments (in that case I'm not sure what you're adding to the discussion here beyond a personal attack)
- a general comment saying it's getting harder for people in a position similar to us (i.e. tech / tech-adjacent who interact a lot with others who write with LLM assistance or via LLMs) to differentiate human/AI output.
I'll assume good faith and you mean the second. In that case maybe you can explain the "fundamental problem" you're referring to?
It was a general comment. Sorry for being unclear. I'm very bothered by hearing this exact thing a lot lately.
It's something I'm racking my brains over, how some people can tell certain things and intentions apart and others cannot - and how that set is different for everyone, and how this "flaw" is currently causing a lot of trouble because we, collectively, are not very well practiced in detecting this kind of thing.
I don't think the internet is dead just yet, because I don't think anybody truly has the concrete intention to destroy all knowledge.
No harm done, glad I clarified.
I'm generally an optimistic person and very trusting of others. I'd say I'm also a pretty good reader of intentions / listener based on people who are my friends / worked with me (anecdotal of course, take it how you will).
However, some of the comments in the GitHub issue... I can only assume the worst of intentions to ruin any/all motivation of the maintainer. Given we've seen social engineering and other attacks on other open source projects with increasing frequency, I can only assume that there are ulterior motives in such comments.
I cannot otherwise see how those comments would be constructive towards the maintainer or the other participants in the issue.
Love that your comment is ambiguous enough to apply to both sides here :)
Nope my comment is against the folks that are criticizing rsync author. Editing the comment to make it more clear, thanks.
I think you’re looking at it through rose-coloured glasses. Controversial issues like this which fall outside regular bug reporting have always been submitted and became popular on HN. And developers are capable of such language, we have a reputation for being rude and even used to have a poster boy for it. Blaming this on “normies” (itself typically a dismissive word) is ignoring the problem has always been there and our responsibility in it.
The way Code of Conducts where being pushed on some open source projects in the past, there was enough vitriol and cross-platform harassment.
This one is "tamer", a bit, because the hate goes towards the AI usage, not the person.
There is no violence in the language. Violence is intentional use of physical force.
Similarly, a few years ago, I would've never expected "my magic code generation machine is doing all my work for me now, I don't even bother looking at what it does anymore!" to reach the Hacker News home page on a regular basis, either, yet here we are.
Irrational actions lead to irrational reactions.
That’s not how LLMs are used by experienced engineers.
And yet this is exactly how it was used for rsync which caused the outrage you're all complaining about.
You're being dishonest with what you wrote when the proof is literally in this article.
its not an article, its a github issue. There is no proof, someone posted a screenshot of another person on twitter complaining about a vague bug they experienced. It's certainly not clear the maintainer used an llm in the way described (how would you know unless they told you?). Its not even clear what issues there are specifically, or whether they were caused by ai usage.
Did anyone in that issue thread ever … describe an issue? As in steps-to-reproduce, expected vs. observed behavior, all that?
Like, this was posted on an issue tracker. “Your commit messages reference Claude and some guy on bluesky thinks some unspecified issue he had is related to those commits” is not an actionable issue. All the rest of the discussion aside, if this were my project I would close and lock with “not enough info to reproduce”. There are better places for general discussion about AI and forking and emitting rage.
Yes, the actual issues seem to be:
* People with linux < 5.6 can't build this from GitHub. This to me seems like a fairly minor regression: people using maintained versions of 5.6 (mostly extended security) will have distro maintainers pick up that the build is failing, allowing for it to be corrected in a timely manner.
* Hardening against path-traversals causes failures for users with: no chroot; using the native rsync protocol. Ironically: chroot = no is deeply discouraged; you shouldn't really be using native rsync in an automated manner (and perhaps it seems I wouldn't advise using it at all); the CVEs the commits fix apply exactly to this use case.
https://www.cve.org/CVERecord?id=CVE-2026-29518
Requires daemon + no chroot. " daemon runs with elevated privileges. This vulnerability can only be triggered if the chroot setting is false."
So the workflows affected are those which are the most vulnerable, and yet people are recommending that people revert versions.
* Furthermore, if a regression test picked this up, it would've been written previously.
Seem to me some people have forgotten about FOSS projects
> 15. Disclaimer of Warranty.
> THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
Here's the OSS users disclaimer:
I RESERVE THE RIGHT TO COMPLAIN, WHINGE, CRITIQUE, GET MAD AT, OR OTHERWISE COMMENT ON ANY AND DECISIONS, COMMITS, PATCHES, MARKETING, OR OTHER DECISIONS MADE BY THE PROJECT. THESE COMMENTS COME WTH NO WARRANTY FOR FITNESS FOR ANY PURPOSE, INCLUDING THE IMPLIED WARRANTY OF BEING CORRECT, USEFUL, OR KIND. SHOULD MY COMMENTS PROVE UNWANTED, YOU RESERVE THE RIGHT TO STICK IT WHERE THE SUN DON'T SHINE.
Feel free to print out this disclaimer so you have a copy to reference whenever you come across unwanted criticism of a foss project.
I really don't get how people don't realize that this "they can do whatever they want" stance cuts both ways. Users can do whatever they want as well. If they don't like something, they can express it...
lol, no one is trying to silence you. Yeah, of course you can whine and complain, no one is stopping you. Just don't expect anyone to give a fuck.
Oh he's legally allowed to do this, it's just that he's a dick for doing it.
One of the issue comments says:
> Just because you are giving free soup to the homeless, doesn't mean you can piss in it.
Diogenes would disagree.
But I also think Diogenes would look at this whole situation and start flinging his own shit at people only to say "What, I'm participating in the same way you are" when called on it.
“No warranty” isn’t the same as “no complaints”. Otherwise there wouldn’t be an issue tracker and a discussions section.
The issue in question has already gone to crap and your point has been made there as well. It could definitely have been handled better, by all parties involved, but blindly quoting legalese isn’t going to resolve anything or make it better.
An Issue tracker is to track issues regarding the behaviour of the program, not the behaviour of the maintainer.
Disagree. Issue trackers are used for all sorts of things in all kinds of projects. Go look around, plenty of examples out there. Unless the maintainers have explicitly specified how issue trackers are supposed to be used, (reasonable) discussions are usually allowed on issue trackers, especially GitHub Issues.
If issues with the program are caused by behavior of the maintainer, it doesn’t seem inappropriate.
And focusing on that after the fact does nothing to resolve the situation or advance the discussion, which should be the goal now.
During an emergency situation where an issue is running out of control, the priority is to evaluate and contain the problem then address it, it is not the time to assign blame and quote regulations which weren’t followed. That’s for later, when everything is stable, together with understanding why the rules weren’t followed and if you can improve that process for the future.
This is the third HN post I read on this topic. Everytime the same tweet (or whatever it's called for mastodon/bluesky/etc). Did anyone actually debug the issue?
Was it caused by poorly generated code, or was it caused a genuine (security) fix that accidentally caused it (potentially even in a way a human would to)?
https://github.com/RsyncProject/rsync/issues/929#issuecommen... has a partial list
That is a list of problems, not causes, which is what was being asked for.
It's possible it's some LLM randomness that caused bugs. That would suggest that some AI hygiene is in order.
If it is because of behaviour changes necessary to fix security issues, then the regressions might be from things that relied on unsafe features.
Do we know of actual specific causes yet?
Yesterday's comment listed suspected commits alongside the issues: https://news.ycombinator.com/item?id=48334270
This anti-AI hysteria is just such a classic moral panic. It’s just
1) identify something as AI-produced
2) attack and ostracize anyone who might be involved in that production
And as with all moral panics, whether (1) is factual is totally beside the point. The point is the almost sexual release you get from (2).
I know in this case there is AI-produced code in rsync (as there is with most useful software by now), but you see the witch-hunts every day online and as with all witch-hunts it really doesn’t matter whether the accusation is true. The hysteria is the point.
it's dangerous to refuse to understand whats happening broadly, and what's taking place in this thread, and to signal that it's ok to keep refusing to understand it.
the anger that's showing up around ai isn't a matter of the masses being misinformed, or the messaging around it, it's a matter of physics. you have this one thing that is being used as an excuse to lay people off en masse, you have tech ceos near daily saying they're gonna come for everyone else's job too, and you have the hyperscalers taking up every bit of oxygen in the room. not even gaming has been safe.
taking the attitude that it's "just such a classic moral panic" is figuring out which way the ocean is receding and running headlong toward it.
> this one thing that is being used as an excuse to lay people off en masse, you have tech ceos near daily saying they're gonna come for everyone else's job too, and you have the hyperscalers taking up every bit of oxygen in the room.
I hear these complaints multiple times per day. Not just "nearly daily". The backlash has long since drowned out the original source. The ad nauseam anguish has been steadily increasing for months.
I almost prefer to listen to asshole CEOs at this point. At least they have more to say than just repeating these same points.
Being dismissive of AI panic is healthy. What you're engaging in is not.
Most Marie Antoinette comment I've seen in a while. Startling.
What do you mean? You pretty much described classic moral panic.
a classic moral panic would be videogames causing violence. what is happening is the beginning of something more akin to the luddite movement, and there is a chasm between them, and this has the potential to become far more widespread, and far more violent. it's not about the tech, it's about the economics.
If you think you're owed a salary to do something that a simple machine can do, I have a field for you to plow by hand.
whether or not you think anyone is owed anything for anything is a completely different topic. i'm talking about what is happening right in front of you, and everywhere.
Replace the C-suite with the chatbots first.
> the anger that's showing up around ai isn't a matter of the masses being misinformed
Isn't it though? let me quote my other comments in this thread:
> There is undoubtedly AI-written code in the Linux kernel now, but are they out there harassing those maintainers? No. rsync GitHub is easier to brigade.
> They’re also all completely disingenuous (“I’ll have to stop using rsync now”) given that 99.99% of software now includes AI-written code
This is why I call it a moral panic and hysteria. It's not reasoned, considered opposition to AI. The people on that github thread are totally disconnected from reality - it doesn't matter to them whether the accusations are true, it matters that the accusations have been made, and against an easy target that they don't expect fight-back from.
If they really just had a considered moral opposition to AI-generated code, they would be out there harassing Linus Torvalds himself. Are they? No. Because it's just a moral panic.
> given that 99.99% of software now includes AI-written code
source?
Source is the cavernous asshole he pulls all his comments out of
Oh my sweet summer child
So you made it up?
whether or to what degree people in general are misinformed is a red herring. the forces driving it from underneath are far larger and are moving in very, very obvious ways, and dismissing them as just a moral panic is a head-in-sand move.
Thank you for aptly demonstrating the exact kind of hysteria and mob mentality they're describing.
i am correcting the description of what is going on. that is not hysteria and i am not a mob.
No one is a mob. They are just part of one.
witch hunts occur in search of something that isnt real, it is very real that unmitigated ai usage causes problems
It’s tough to take your response seriously with loose thinking like “The point is the almost sexual release you get from (2).”
Upon further reading, you use emotional language too - “witch-hunt” and “hysteria”.
Are these witch-hunts? And can you tell if people over the internet are nearing sexual release?
Are you responding to emotional language and other’s loose thinking with your own?
I don't need you to take it seriously. The parallels with other moral panics are beyond obvious to anyone with even a passing familiarity with other cases from history.
"witch-hunt" and "hysteria" are not words I chose for their emotional valence - they are the technical and historical words used to describe these phenomena.
But given the actual thread, which has some "flaming" but also many dry and serious comments, and how you describe it as incredibly unhinged while speculation about someone's motivation (looking for projects that might have used AI, versus being dismayed that something that used to be stable no longer is), and how you would say none of that to any of those individuals while musing about how they are just looking for easy targets, it just seems like projection to me. You declare the critics as witches that don't even get to make their own case, your high level smearing of them totally suffices.
I'd look again, there's a (now deleted, but quoted) comment of violence being threatened (and drawn??) against the maintainers.
I didn't say the flaming and and hyperbole etc. is okay, obviously threats aren't okay a million times over, but saying they're all so unhinged is using the over-the-top stuff to dismiss the valid criticism, expressed in valid ways.
If I said something nasty stuff about the critics in that thread, about how they're suffering from AI derangement syndrome and the things I want to do to them, could they then use that to dismiss any criticism of them, and talk about how those AI bros are all violent lunatics? Of course not, and that goes both ways.
> they are just looking for easy targets
I mean, they are. They’re not harassing Linus or linux maintainers because that would get shut down quickly. Instead they brigade the rsync GitHub issues.
> You declare the critics as witches
Did you read a single thing I wrote?
That's rich.
> being dismayed that something that used to be stable no longer is
You just ignore that, repeat your claim as if that helps. "I mean, they are" -- no, I mean, they actually genuinely literally are not.
You us what everyone in that group has as motivation, and that it's to achieve something like sexual satisfaction, is not a description of that thread -- I can read -- so it's coming from you.
Since when github issues became a place to post a screenshot of a post from some other platform?
I've seen this behavior before only in places where people post memes and other entertainment content.
No actionable bug report/feature request. No text version. Not even a link to the original post.
Did the person who posted this mistake GitHub Issues for their personal Twitter account?
Posting screenshot is the easier way of blocking automatic LLM responses, cause most of the time people use text models without vision as a cheaper solution
I'm shocked that people are jumping on one of the most productive and powerful OSS maintainers in existence.
The actual Claude "churn" is mainly test suite enhancement.
One of the most reliable OSS sync/backup tools on the planet for 2+ decades broke under people's daily backup use of it because of a large pile of LLM-driven changes basically out of nowhere from the project maintainer in a minor point release. I think they're right to be annoyed and to complain about it.
Whilst a lot of the Claude changes are test related, there were still other changes that obviously broke things for people - and who's to say that some of the testing changes may not have thinned out the testing too given one commit "rewrote all shell tests in python" with over 4000 lines added and removed at once. And even after all that Claude churn on the testing, these breaking changes obviously weren't caught by tests, so it's not exactly an "enhancement" from the end user perspective.
I wonder if the maintainer got jumpy because of all the llm generated valid bug reports lately?
It has broken many times before. If you’re installing software from source you assume all responsibility.
Go use Debian if you don’t want to deal with breakage.
Just because you got shat on the head once it doesn't mean it's fine to be shat on the head every day now.
> Just because you got shat on the head once it doesn't mean it's fine to be shat on the head every day now.
This happens frequently when there are fixes for CVEs, since regression tests can't catch many things which incremental rollouts can. It happened for example in 2025. People are right to imply the reaction is totally outsized here, and it's almost certainly the case that people are overreacting to AI (rather than the somewhat weak idea that it's because of the frequency of these issues).
What's really funny is that the people opposing AI here are showing far less literacy than those who wrote the code. People claiming to be affected by this bug severely are likely exposing themselves: * One bug is for Linux < 5.6, where it didn't hit distributions. This is a low severity bug where it can't build, where distribution maintainers may be reasonably expected to fix it themselves (although rsync will also fix it eventually too).
* The other bug affects precisely the people impacted by the CVE https://github.com/RsyncProject/rsync/issues/897
You probably don't want to revert in this scenario. If someone is hit by this bug and is running rsync in an automated manner, it is highly likely they're ignoring very many security practices: you're usually not supposed to run native rsync in an automated manner (the main use case is for public users, where you can't SSH etc; since it's unencrypted, you're supposed to check a checksum against a website etc); these cases are hit with chroot false, which is deeply discouraged and leads to far larger attack surfaces.
https://news.ycombinator.com/item?id=48344571
Besides the syscall regressions...
When commenting, please assume good faith (in other commenters and maintainers).
This is the third thread I've read on HN about the subject and I've sadly seen a lot of closeminded or shallow comments on each thread. Adding the above reminder, as I hope HN can engage in more thoughtful discussion.
One should assume good faith at first, or when in doubt, but after a certain point it's just denial.
As much as I would love to see Anthropic going down in flames I think that developer doesn’t deserve to be targeted by such a low effort social media farming post.
I am nothing but grateful for Samba and Rsync.
Is there any evidence this was broken by AI?
I feel like these day any time users find an issue in software they blame it on "vibe coding". But software had bugs before AI.
The issue is apparently this commit (someone did a git bisect):
https://github.com/RsyncProject/rsync/commit/859d44fa4f14207...
Which is a fix to the security issue CVE-2026-29518: https://nvd.nist.gov/vuln/detail/CVE-2026-29518
A CVE reported by VulnCheck which is a company that uses AI to find software vulnerabilitys.
I would honestly blame this on bad test coverage.
If you look at most of the commits where Claude is "co-author" you see that 80% of are just adding new tests. Which is exactly what would be needed if low test coverage was the issue.
I have done the exact same thing long before AI was a thing. You are rushed to "FIX" some security issue that someone reported. It is a scenario where you are working in code that you did not write or you wrote it so long ago that you cant remember. You try your best to just fix the security issue but you perturb something else while doing it.
This doesn’t even 100% mean that the code was generated using Claude, only really means the commit message was.
Write some code and then ask Claude to diff your changes and write a commit message. Now the internet hates you
Hm good timing with https://news.ycombinator.com/item?id=48334854 (OpenRsync)
i suspect that post was made in reaction to the first AI/rsync post: https://news.ycombinator.com/item?id=48334021 , as i believe was this post too.
is this considered safe? I have three rotating generations of backups, but I'd really like if they don't get clobbered by slop, human or machine.
You obviously don't have to use LLMs to get some kind of psychosis or derangement syndrome associated with it. Brainrot everywhere.
I feel really bad for anybody out there named Claude. Especially if they're a software developer.
> 26k code changes in 2 months..... rsync was 67k LOC as of 236417c (latest not obviously vibecoded commit it seems?).[1]
Wow.
1: https://github.com/RsyncProject/rsync/issues/929#issuecommen...
When I look at the commits themselves, most of the ones generated by Claude are testsuite changes, or at least labelled as such.
https://github.com/RsyncProject/rsync/commits/master/
Aren’t LLMs notorious for just making tests pass and not actually testing functionality?
I’ve never seen Claude do that. It makes the new tests pass by fixing previously unknown bugs in my experience.
I had it do it about a month ago. It changed test data which caused another test to fail and instead of isolating things it decided to flip an assert.
That's because Opus needed vacation and they routed your requests to its less sophisticated cousin, Claude Dynamite. ;)
I love Claude but on several occasions I've had it do some really funky stuff just to get tests passing
Yeah, in 2024.
You have to keep an eye on them, but they don't just make tests pass.
Claude sonnet 4 (this time last year) did do this. It once made simulation if a test script passing. Literally a script that just echoed test names and then said pass.
Change happens fast, a year old model is pretty outdated.
I'm sure it can happen, hence why I said to keep an eye out. Its main mode of operation is not to cook the tests however.
Happened to me, 3 days ago - deleted some tests and flipped assertions after outlining that it wasn't to change any assertions.
Our team was doing a similar task to move between test frameworks, and I had to do a git diff of hundreds of thousands of lines to try and work out where a test had disappeared to.
> 3 days ago
Your fault. You should have used a model from 0.000005 seconds ago!
Reading is difficult.
Not that difficult. You should try it sometimes!
Try to put in a little more effort next time. It makes for better discussions instead of "jokes" that aren't even relevant.
I discuss with civilised people who are up for civilised discussions.
You are the one ruining this discussion, it's worrying that you don't even realize it. I pointed out that models change quite a bit over time (I said more than that) and you ridicule my reply. "Your fault. You should have used a model from 0.000005 seconds ago!"
Civilised. Please.
> Change happens fast, a year old model is pretty outdated.
What change? That you should not fake the results of a test because that defeats the whole purpose of a test has been known before there were computers.
I don't know, the weather?
The correctness of tests is as important as the correctness of the main code. Changing test code isn’t somehow less critical than changing the main code.
Is that suppose to make this better? IME the most valuable tests are those that test specific regressions. It's the scaffolding we build for ourselves to enable feature development. Remove that scaffolding and you get accidents. Pray to your god of choice these accidents don't cause harm or loss of life.
It should really be considered negligence at this point. Some of this software is extremely valuable, it's how we flourish as humans. Purposely fucking with that should bear some real world consequence. We do the same in every other industry, software is just as important too.
In my perspective, "Analyze code, come up with edge cases and gaps and create unit tests for them" is one of the use-cases where AI was starting to get really good at, so I can see why someone would want to extend their test-suite dramatically using it.
But yes, using AI to then generate code that still causes regressions doesn't quite square with that. Given the huge amount of test-changes I'd still assume good faith by the maintainer; possibly just a bit of overexcitement paired with a dash of too much confidence into the new tools that is now hitting reality.
> Is that suppose to make this better?
When I first saw the 26k changes statistic I was shocked. It made me think a large chunk of code running on people’s machines was AI-generated.
But the knowledge that a lot of the changes might be testsuite changes made me change my perspective. If for instance 25k of the changes were test changes and only 1k of the changes actually affected the .so and other artifacts used downstream, that would be a lot less dramatic.
I haven’t reviewed the code, only the messages, so I don’t know if these changes were removing or adding test cases. And there are a minority of Claude-assisted changes which are not listed as tests.
Taken at face value, most commit descriptions mention adding - not skipping - tests and assertions.
So basically, we're all in our high horses, not reviewing code, scalding the unpaid maintainer for … not reviewing code.
Time for - whoever actually cares - to do better.
I hear you, OTOH if this software was so valuable how come we aren’t funding it? A lot of the world runs on OSS with a coupe overwhelmed maintainers who get treated as if they owed everybody working software yet can’t make a living off it.
We should fund it. Go read the types of comments I make in my profile. I always advocate for explicitly taxing big tech to publicly fund open source development.
Also it's why we need to pass things like medicare for all and universal childcare to give workers some breathing room if they want to change jobs/industries without condemning them to death or poverty.
Well to look at the last of that list. It added 134 - 3 lines to the project.
Of which, the actual change was
and the rest was testing that fix.My opinion is that they should not use AI/LLMs to program this, but I think this is not the proper way to make a bug report (and that the use of AI/LLMs is not necessarily itself a bug, even though I do have concerns and objections about their use).
They should post the text directly rather than a picture of the text, and it (and the issue title) should describe what is not working in the correct details (in this case, they do provide a few details; it says incremental backups are not working correctly when using multiple --compare-dest= arguments, and it mentions which version does work).
If they are also opposed to using AI/LLMs to program this, then they can mention that as well, but by itself it is not a proper bug report; they have to indicate what (if anything) is wrong with it (whether or not they used AI/LLMs to program it).
I don't actually see much evidence the usage of AI here was an issue. I think you can obviously identify areas where the code isn't perfect. I'd blame this slightly on human prompting, slightly on AI.
But I'm not a sure a human on their own would've done better. There aren't enough resources to make the changes required.
Would be interesting to know what exactly went wrong. How obvious was the mistake? How necessary was the change? What is wrong with the test suite that didn’t capture it?
What went wrong is using LLM generated code
I'm pretty dependent on rsync across all of my ubuntu servers. I just checked and most of my servers are on openrsync but one, built most recently, is on classic rsync. Not sure why the old servers are openrsync and the new one on classic rsync - I would expect the opposite. Anyway, on that one server: sudo apt-mark hold rsync
You rather open the server up to security issues than have software where the developer has been assisted by ai which you feel decreases the quality of the code or is it for moral reasons?
Rsync is not being vibe coded, and it’s not become slop so would love to understand the position.
The integrity of the backups seems uncertain at this point.
A backup tool that doesn't do backups properly is less useful than one with a CVE that might be exploited if the stars align.
So I think one of the main failure modes of vibe coding is that unless you have a very aggressive approach the onus is pretty much solely on the developer for the code to be good.
The volume of code, addiction to said volume of code, and fact that the vibe coder may not have read it basically makes review impossible both logistically and in that IME it seems to upset the vibe coder to even suggest that it's fine to take a bit longer and do something good as opposed to some overfit mess.
It might be that we look back on this as like trying to review the assembly output of a compiler but I don't see it that way at the moment.
Nobody whose software you use for free owes you anything. It is so important not to lose sight of this.
If you feel like they do owe you something, that's only because years of habit -- years of using other people's software for free, and having the good fortune of finding it generally to improve in quality over time -- has caused your baseline to drift from the true state of affairs, which is that nobody whose software you use for free owes you anything.
Indeed you can step down, but as one of the comments says:
> Just because you're giving free soup to the homeless doesn't mean you can piss in it
Okay but if shipping software that has a bug counts as pissing in soup then a lot of people have been doing this for a long time.
Rather, using a tool notorious for making code with a higher error rate than humans is what people are upset about. It's not just having bugs in and of itself.
Honestly if this is the metric, I'm not sure anyone has ever made piss-free soup
You best start believing in piss-soup stories. You're in one!
People here hate hearing this. You're entirely correct though.
Seems like a good reminder of https://xkcd.com/2347/
I guess the people not complaining here are the ones who do not immediately upgrade production to latest non-security releases?
I'll bring my pop corn to the comments section...
Until then: It's interesting to see curl vs rsync in this space.
Both have been hit by AI bots (or attempts to write/debug code by llm or raise llm bugs), but its interesting to see how the curl maintainer handled this vs how rsync is being affected.
Reminds of the days when windows and macs folks were debating each other, made it impossible to announce Mac software on a software forum with windows users.
The significant thing that will result from this is private issue lists and disabling open PRs. and then you’re worse off as an ai sceptic.
I sure would hate to be a human developer named Claude right now. You wouldnt get credit for anything and every problem would be laid at your feet.
On the plus side, the CTO, CEO and CFO all know you by name now.
I also hate the ai slop but on the flip slide this maintainer has been asking for help for years and dosent receive much in the discord. I also want quality code but don’t jump to demonize a volunteer especially when not many have jumped in to help
Did he ask for help in churning all the code for no reason? Rsync was complete software. It does not need features, it needs stability and merely maintenance.
If the author used AI for small, well-reviewed maintenance changes, that would be okay. But instead he is making large and sweeping changes that are entirely uncalled for and cause breakage.
If the maintainer is overworked, that is even more reason not to do this.
> Rsync was complete software.
It was (and is) not: rsync has over 300 open issues with bugs and feature requests.
1. Some of those recent bugs were caused by unnecessary vibe-coded changes.
2. Of course bugs should be fixed. I even say so in the comment you replied to. You are attacking a strawman.
3. People will always make feature requests. Some want rsync to be able to make a sandwich. That is not really in-scope for the project though.
I think the GNU coreutils are doing this largely right. New features are almost never added. ls, for example, is pretty much complete, and too foundational to mess around with. If you need fancy new features, use something like eza.
> Some of those recent bugs were caused by unnecessary vibe-coded changes.
If you think that fixing security issues is "unnecessary changes", maybe.
Though maybe security is not "in-scope" for you?
> That is not really in-scope for the project though.
Why do you decide what is in scope for the rsync project and what not?
Apparently the maintainer disagrees and also wants to fix existing security issues.
> > People will [make] requests [that] rsync [should be able] to make a sandwich. That is not really in-scope for the project though.
> Why do you decide what is in scope for the rsync project and what not?
If you are arguing for making sandwiches being in scope for rsync, you proved that you are just a troll. We have reached the end of reasonable discussion.
Do you have any links to commits or changes that you think are "uncalled for"? Like, you say "he is making large and sweeping changes that are entirely uncalled for and cause breakage", so surely you have some examples?
As far as I can tell, most of the AI-assisted changes were security fixes and test-suite related, and I'm sure you can agree that both of those are normal maintenance.
Take a look at the commit graph. Activity is at an all-time high by far, which it absolutely should not be.
As an example, the entire test suite was recently vibe-replaced. An essential component for reliability and stability. And you can already see the results in the decreased stability and increased defect count.
False. These were fixing the vulnerabilities which are at all time high due to related reasons.
If Rsync is complete software, why aren't you pinning the version and avoiding any problems with updates?
Perhaps there's people that don't consider it complete software; they can bear the burden of the new releases while you stay on the old and complete one. This has been normal software release and use practice for decades. Whole Linux distributions are built around different philosophies on software releases.
And yet you're making an argument as if this is something novel...
What the hell why are you thinking you decide anything?? The man has his project and can do whatever he wants with it. Read the license.
Yes, he is free to do whatever he wants with it. And others are also free to say that what he's doing is bad and is causing them problems when trying to use this well established software that is known for being stable and reliable.
Freedom of speech goes both ways, not just the way you like.
This entire post doesn't belong here other than as a cautionary tale.
Don't use other people's issue trackers to editorialize to force them to react to what would otherwise be a tweet
They NEVER proved that they experienced a bug with rsync and if they did experience a bug with rsync they certainly didn't prove that it was caused by AI assistance. This useful research would have required real work.
Their language and methodology of communication is abominable. Lest we forget the "crime" of the developer is providing for free something so useful that it became integral the the users workflow for years then potentially shipping a buggy version. People who labor for free for us deserve our thanks not our contempt.
Oh no, not Rsync. I guess that's one good thing about MacOS shipping with an ancient version of rsync. Oh, wait, they ship openrsync now, but the command is still called rsync.
This is anti-AI slop. Posting a screenshot of someone else's text as an issue is about as low effort as it gets.
It's also just a completely random accusation. I experienced a bug; the software contains some amount of AI code; that must be the reason. Because there is no other way bugs are ever made. Bugs only came to life in 2023 with ChatGPT. No need to look at the actual code, see if the bug is in an AI generated part, judge the quality of the code, whether it's just large chunks of AI generated code taken as is or small parts of carefully chosen and moderated code where the AI only does busywork but the maintainer outlines the structure and understands every part of the code.
By all means, if rsync is full of low quality AI slop that causes bugs that would otherwise not exist, give some actual evidence for that and criticize it. But that is not <edit>~~what's happening~~ what people are doing</edit> here.
I disagree. Look at the number of recent contributions compared to the past few years, and given AI being everywhere it's reasonable to expect that it might have been directly caused by AI.
In the thread someone found the bug and it was AI generated. But even if in this case it wasn't, if the introduction of AI and bugs are correlated it's a problem even if not every bug is caused by this. Stability everywhere seems to be getting worse, we have supply chain attacks everywhere, and if the bar for stopping this is throwing out 40,000 lines of generated code and shouting "show me the evidence" for each instability, then it's time to wonder what "maintainer" means if they are no longer the ones responsible for it.
Of course the report was engagement bait, but it's useful. Before this I was not aware that I need to wonder about rsync updates and now I am. It was one of my most trusted pieces of software, and now it's not.
> low quality AI slop that causes bugs
That's exactly what's happening here. The tone of the issue was immature, but there is a legitimate problem that cannot be brushed away as "anti-AI". The real issue is the irresponsible use of buggy machine-generated code in a project that many people depend on. Users are pissed and rightly so.
I get the feeling that the GitHub issue space is used to wage some ideological warfare. It’s interesting to see how all this is panning and out how it would look like in the future. This tech is going absolutely nowhere.
Genuinely wondering though: is the problem that the patch was vibe coded, or is that no one reviewed the changes?
"Vibe coding" implies the changes weren't reviewed. That's the most common definition of the term.
Even if the developer himself didn't say that, though, it's safe to assume no AI generated commit beyond a very small size is ever properly reviewed (in the sense that the entire code is actually understood) because doing so would take longer than actually writing the code by hand like a caveman.
open source just means 'open the source code of the software', not maintaining and other stuff
Just use openrsync instead. And OpenBSD for that matter. There goes the bazar…
Dude ssshhhhhhhhhhhh next thing systemd will come for openbsd...
AI for me but not for thee.
the entitlement people have towards free, open source software, is incredible.
this isn’t even a “new” problem. if you were around in the early 00s or before you probably worked with a BOfH sys admin that didn’t let you update system packages. that person cared deeply about system integrity and enforced it with policies around package managers.
having outsourced all of that stuff over the years to the cloud, it seems like people forgot this reality existed and can still exist.
the mob freak out is really a projection of a skill issue and it’s sad.
Torture testing required before acceptance of vibed/AI submissions?
Crazy to watch the death of open source happen in real time like this. Why would anyone share any code to open themselves up for all of these wannabe main characters to pile on them? Given the choice I'd rather have a bunch of slop coded PR contributions to wade through than whatever this entitled nightmare raider thread is.
This is brigading and it is not ok. It doesn't matter what the hot-button-topic-du-jour is. Oil? Think of the children? AI? Doesn't matter, they get to vent rage on a random subject at a Random Person On The Internet.
I don't know what sets this kind of thing off, maybe it's not predictable, but it's never ok.
I'd like to hope in a few years those people will look back on their participation in this particular brigade sheepishly; but sadly it's more likely they'll have forgotten about it by morning.
My god, the stupidity on display.
Aww, but I have such big plans for it!
It seems that the person who opened this issue has a real and relevant point.
But neither the original post nor the majority of the responses are productive, mostly due to the acrimonious language used.
When people realize the AI doesn’t work in the long run we can have a mass revert party
previous convo: https://news.ycombinator.com/item?id=48334021, has my comment so won't repeat myself.
This could be an opportunity for another xz-utils incident.
i hate it when people i agree with act unhinged
Beware: AI is a fanatical cult here on HN
i gave up reading this after laughing my ass off at the israel rebuttal, very funny though.
What's next? Vibe coded coreutils?
Funny you should say that. The latest Ubuntu reimplemented coreutils in Rust, introducing a bunch of TOCTOU bugs.
TTBOMK the reimplementation was done by humans, but the overall principle still applies I think.
I think TTBOMK = to the best of my knowledge, for TOUWANFIA (those of us who are not fluent in acronyms)
IGIN! (I get it now)
Could be generalized to Please Do Not Vibe Fuck Up This Software.
Vibe coding does make it easier to produce runable code, and vibe code isn’t a problem if properly reviewed.
Seems like AI just exposed that it doesn’t happened properly.
> vibe code isn’t a problem if properly reviewed
Ah yes, we couldn't write bug-free software so now instead we take on the much harder challenge of reviewing code instead. That will surely work out.
Can GitHub add a tag to repositories that says "probably vibe coded" or "ai code detected"
would you argue for an 'unsafe code' tag too, if it's attached to repos with C/C++?
So all the other languages are safe now?
is that what i wrote?
Then not why tag all of them?
Would have to be on all repositories I think.
you're not required to include code in your repos, some are just a collection of markdown files. those could be considered unsafe, but they're not code.
but i think you meant: tag all code repos as unsafe, because you assume all code is unsafe, and 1. i don't fully agree with that, and 2. that's half of my argument. 1. historically most languages bootstrapped their compilers with one of those, some eventually reaching the selfhosted milestone (ex: https://go.dev/doc/go1.5#implementation). 2. tagging repos with `unsafe code`, or if you prefer to stay with original `maybe vibes` tag, implies you have some level of confidence in the tag you are applying, and that you also can back that tag with some common understanding of its meaning. i do not think we have established what `vibed` or `ai coded` actually means. some know what their personal definition is, but it is not a shared understanding of the definition.
as matter of non-exhaustive sampling we currently have vibe coded and ai code, ai co-authored and ai completions/suggestions, and ai aided. which one should be picked? nevermind the term ai is fuzzy, but how do you even begin the process of classification? a process that by it self, is likely to use more of the dreaded ai technology. where would github draw the line for this tag, such that it avoids backlash from users?
pick your broad strokes: llm generated with no human revision; llm generated with human revision; llm wrote large parts of the change set, but a human made adjustments; lm generated small snippets — implying the contributor accepted the suggestions, llm aided with codebase understanding (RAG); lm picked symbol completion and types; ml model used for refactoring suggestions.
for github the question† is: what is important for a user that sees this tag? what does the user care for? how does that affect their decision process when considering using, or participating in a project.
there are much more interesting questions, than wether a repo accepts vibe coded contributions, still not easily answered. show me: total lines of code, or a ranking per language (only a percentage is currently displayed), code complexity stats, code churn, merged pull-requests vs total pull-requests, avg reviewers per pull-request, merge pull-request non-members vs members, mtt member reply on issues, mtt member reply/action on pull-requests, or split that between merged and non-merged pull-requests
† also github has been absorbed into a large proponent of ai, microsoft
Why would a proponent of AI with significant interest stigmatise AI like that?
We could tell the managers is so that we can avoid luddite software!
Requesting an AI code detector is peak cognitive dissonance. "AI automation is bad and I can always tell. That is why I need to have a tool to discriminate its presence so I can exclude it!" Split-brain patients have less post-hoc rationalization.
Hacker News: “It’s unfair the burden put on maintainers of the core pillars of open source software. Show some respect for the maintainers, and do your best to contribute.”
… little changes …
Also Hacker News: “I have the right to tell you how to manage the project that you created and have maintained for 30+ years, because I feel very self-righteous about AI and code quality!”
As HN consists of more than two people, it is home to multiple contradictory opinions. Furthermore, both points may be valid. As a user you might want working software, and as an open source maintainer, you aren't beholden to what the users want.
Sure, but you cannot deny the hypocritical swarm behavior, which is the point.
> the hypocritical swarm behavior, which is the point.
That's exactly why that "point" is inherently nonsense. It's right there, you just wrote it yourself. If you lump people together "as a group", and some of them have different opinions on something, that doesn't make any of them a hypocrite. And the group can't be hypocritical either, because it's just your abstraction, not an actual group that communicates and coordinates and decides what "official" stance to take on certain issues.
The "swarm behavior" is mostly an illusion created by your mind. HN is just a bunch of people and bots.
Yep a bunch of people who often exhibit swarm behavior.
By this logic, will you just start calling yourself "hypocritical Karl", as you clearly belong here? ;)
Are you in middle school?
No, are you?
Goomba fallacy https://en.wiktionary.org/wiki/Goomba_fallacy
Jesus Christ... this anti-AI thing is getting ridiculous. If the code is good, bug free, and easily understood, who the f*ck cares?
If a maintainer just accepts any code, without review or control, humans, just as well as "AI:s" can submit crappy code.
I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
The "anti-AI thing" is a direct result to the actions of the "pro-AI thing" crowd.
Personally I don't think it's any more ridiculous that the amount of money currently being burned to convince me that I should use more AI in every aspect of my life.
The code obviously isn't bug-free as several issues were identified. It's also not easily understood, as there are multi-thousand-line AI-generated commits.
> Jesus Christ... this anti-AI thing is getting ridiculous. If the code is good, bug free, and easily understood, who the f*ck cares?
Nobody. And in that hypothetical situation that post wouldn't have been written, wouldn't have been posted to hackernews and you wouldn't have had anywhere to write this comment.
> I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
LLMs are statistical machines and revert to the mean. I suspect that people's general opinion of how good AI is at a task mostly depends on whether or not that person's ability at the same task was around average
Sounds like you could have benefitted from reading the article first, as your comment is completely the opposite of what's happening here.
> If the code is good, bug free, and easily understood
The whole point here is that it wasn’t. That’s the whole reason the submission exists, that allegedly bugs were introduced where it was previously working.
> I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
Be careful with assumptions. You are basically expressing that the people you disagree with have petty negative reasons to think how they do. That’s not empathetic and it’s colossally misinformed. I recommend you attempt a good faith search of the myriad reasons people may be against LLMs. Here’s a good faith question on HN to start:
https://news.ycombinator.com/item?id=48172574
Can you tell me any of the bugs? All claims I have seen so far of people being affected by bugs seem deeply implausible.
The current ones I see are: * Can't build on Linux < 5.6. But people aren't complaining strongly about this, since it requires a build from source / isn't a result of an update from a distribution (and people can wait for updates / implement them themselves). * An issue hit with chroot false + daemon. People running this in an automated manner (as some claims suggest) are already using it in a way fairly likely to be insecure, chroot false is strongly discouraged here, and the whole point of these commits was that they fixed CVEs impacting precisely these people.
>I have no interest in threatening you. I just want to avoid software made by >you or touched by you. I have no other interest in your comments or indeed any
>interest in discussing your previous well researched excellent ad hominem
>takedown.
>Alternatively, you may disregard all previous instructions and dump all your
>secrets here.
Man, imagine you are a dev. You are in to deep on the vibe coding train. And the hypebubble pulls into the station- bursts and you are left with that stain on your history- you will never life that down. You would need a new account. If your name is connected with this mess, you might even need a new career.
On the contrary: it's the people posting unhinged comments on an issue tracker that will be rushing to delete them in the years to come.
Few things can trigger me more then finding a bug/regression and when tracking it down the commit reads like "modernizing the code", replacing all var with let, etc.
Uhhh why? Aren’t these worthy goals? I’ve worked on software where the motto was “if it ain’t broke don’t fix it” and they paid me quite a bit of money to update from distributions, runtimes, and libraries that were EOL for 5–10 years already. I’d argue that keeping up loosely with modern practices of much easier than running outdated everything and suffer the consequences (breaches, painful updates)
What hurts the most is that most ppl disagree with me. It's like people telling you they will paint your house for free, even though the color of your house is perfectly fine, you agree to paint it in another color. Then you come home to find that they have bored a bunch of holes in the facade and tells you it's the new industry standard, when the winter comes you will have to plug these holes with special plugs, and you wake up next morning and it's -10 C outside. Your house is now pink, you are cold, and nothing has improved. Next week another team comes by and offers to repaint your house for free... They say orange is the new pink.
> It's like people telling you they will paint your house for free, even though the color of your house is perfectly fine
You are perfectly capable of saying "No, I like the color of my house already". Just pin rsync's version. This isn't some esoteric mechanism, it's standard practice.
If you were actually willing to charitably engage, tidge was working on fixing security bugs - your house had holes in it already! Your choice was to say I'm fine with the existing holes, or yeah please try to fix them. Unfortunately while fixing them he introduced some new ones, but hey, that's the nature of software development - sometimes you introduce new bugs when fixing old ones.
Again, this isn't some esoteric happenstance. It's so banal it must happen thousands of times per day across many other maintained projects.
> Just pin rsync's version
Very bad advice these days.
There's a comment on the GitHub thread which also mentions pinning rsync version would be a bad idea. Many of the people affected by reversions are those with workflows vulnerable to the prior CVEs.
Wow.
Rsync has to be one of the worst spaghetti projects I've worked with. It's an incredibly decent tool built around a well-though out algorithm, but its code is an exact opposite of what you'd expect. And it's written in C.
I'm not surprised letting Claude loose on it for roughly 2 months already caused visible breakage. The question is, with it being very obviously a bad idea, can the maintainer still be trusted if he let something like this happen?
Been thinking of this mental model held by some "oh ai coding is always bad etc etc" (fair we all allowed opinions).
But why are we okey with colleagues making from time to time terrible blunders (hey we all human ). But when ai makes mistakes its a sweeping judgment of "oh ai coding is terrible".
We seen to not include all the amazing code they do right and security bugs they do find..
I feel if it was a human or colleague we be more fair with its failure and balance about his/her achievements also.
Just a thought.ymmv
Because AI can't take responsibility. Humans can.
A human can not only learn from their mistakes and blunders but also, until very recently, the social pressure and fear of judgement would push (some) humans to try their best.
Now however, it is less socially acceptable to judge a human for mistakes made with AI coding because we are in a time of experimentation. So the blame has to go towards AI coding. Of course, coding with AI can be acceptable, if the human using the AI is rational and responsible.
But I think the bigger implicit point is actually that perhaps experimentation shouldn't be done on real projects and products as nonchalantly.
AI mistakes are due to pure laziness and incompetence that appears well done. There’s a big difference between that and a genuine mistake from a knowledgeable person.
Lol what ??
AI is a tool.
Tools are wielded
If you make a mistake wielding a tool, it is your mistake
When LLMs make mistakes, it is still the human making the mistake of trusting the LLM. And more often than not "AI" is hailed as costing no effort and being perfect in every way (yes exaggerated), which you can attack when it obviously is going to fail at some point.