i plan to package openrsync this weekend in alpine as an alternative to rsync (and probably switch the default rsync implementation in future)
-
i plan to package openrsync this weekend in alpine as an alternative to rsync (and probably switch the default rsync implementation in future)
yes, this is because our entire infrastructure is built on rsync, which is now being vibe coded, and that seems like a problem
-
yes, this is because our entire infrastructure is built on rsync, which is now being vibe coded, and that seems like a problem
i honestly do not know how i feel entirely about vibe coding? i think it is cool that people can theoretically get any program they want at any time.
but that's theory.
in practice, the code the tools generate has a tendency to be unreliable and frequently also has security issues.
and rsync is being vibecoded by just tridge without any supervision.
-
i honestly do not know how i feel entirely about vibe coding? i think it is cool that people can theoretically get any program they want at any time.
but that's theory.
in practice, the code the tools generate has a tendency to be unreliable and frequently also has security issues.
and rsync is being vibecoded by just tridge without any supervision.
i think at the very least, you need someone else to review the code which has been generated. there is too much self-confirmation bias otherwise.
-
R relay@relay.an.exchange shared this topic
-
i think at the very least, you need someone else to review the code which has been generated. there is too much self-confirmation bias otherwise.
@ariadne "Let's have LLMs do the code reviews!"
-
E em0nm4stodon@infosec.exchange shared this topic
-
i honestly do not know how i feel entirely about vibe coding? i think it is cool that people can theoretically get any program they want at any time.
but that's theory.
in practice, the code the tools generate has a tendency to be unreliable and frequently also has security issues.
and rsync is being vibecoded by just tridge without any supervision.
@ariadne i don't need to know about how it's being done to see that it's been a disaster already.
-
R relay@relay.infosec.exchange shared this topic
-
i think at the very least, you need someone else to review the code which has been generated. there is too much self-confirmation bias otherwise.
@ariadne People at my job have suggested having the coding agents review themselves, because since they are nondeterministic, they'll notice different things the second time. Or, similarly, have different LLMs review one another.
I'm just sitting over here in my devops corner
-
i think at the very least, you need someone else to review the code which has been generated. there is too much self-confirmation bias otherwise.
sidebar: given that there is interest in alternatives to GPL software that is now being vibecoded, and these alternatives largely tend to not be copyleft...
will vibe coding mean the death of copyleft?
-
i honestly do not know how i feel entirely about vibe coding? i think it is cool that people can theoretically get any program they want at any time.
but that's theory.
in practice, the code the tools generate has a tendency to be unreliable and frequently also has security issues.
and rsync is being vibecoded by just tridge without any supervision.
@ariadne even without these, the ethical and the environmental issues one thing that bothers me is that someone has to maintain all that code.
there is a reason why software engineering is hard and it certainly isnt because we aint producing enough code.
-
i plan to package openrsync this weekend in alpine as an alternative to rsync (and probably switch the default rsync implementation in future)
@ariadne
Bug#1138239: rsync: Consider reverting to pre-LLM version
https://bugs.debian.org/1138239 -
sidebar: given that there is interest in alternatives to GPL software that is now being vibecoded, and these alternatives largely tend to not be copyleft...
will vibe coding mean the death of copyleft?
@ariadne majority-AI code cannot be copyrighted. it immediately becomes public domain, basically.
-
i honestly do not know how i feel entirely about vibe coding? i think it is cool that people can theoretically get any program they want at any time.
but that's theory.
in practice, the code the tools generate has a tendency to be unreliable and frequently also has security issues.
and rsync is being vibecoded by just tridge without any supervision.
@ariadne I want to trust tridge because of his tremendously impressive resume (plus I've also worked directly with him on ArduPilot and he's a debugging wizard) but I actually don't trust anyone to resist vibesickness
-
@ariadne majority-AI code cannot be copyrighted. it immediately becomes public domain, basically.
@AmyZenunim that wasn't the question.
let me break it down:
1. alpine is interested in a reliable rsync implementation.
2. we presently use rsync, which is GPL, and now vibe-coded.
3. openrsync is an alternative rsync implementation, which is maintained by the OpenBSD project, and thus ISC licensed.
4. if we repeat this cycle over and over, to avoid other regressions from other unreliable vibecoded software, then the pool of influential GPL software wanes over time.
-
sidebar: given that there is interest in alternatives to GPL software that is now being vibecoded, and these alternatives largely tend to not be copyleft...
will vibe coding mean the death of copyleft?
@ariadne I think we will be seeing before-LLM and after-LLM repositories showing-up.
It's only fair.
-
i honestly do not know how i feel entirely about vibe coding? i think it is cool that people can theoretically get any program they want at any time.
but that's theory.
in practice, the code the tools generate has a tendency to be unreliable and frequently also has security issues.
and rsync is being vibecoded by just tridge without any supervision.
@ariadne in theory i do think it's really cool that a nonprogrammer could make a program without going through a lengthy process of learning how to code. however, the history of low code and no code (and prior synonyms and related ideas) makes me wonder if that's something many people really want and whether it will be undermined by increasing complexity (or even existing complexity).
-
@ariadne majority-AI code cannot be copyrighted. it immediately becomes public domain, basically.
@ariadne @AmyZenunim If that's the case, doesn't that mean components of rsync that were LLM-generated aren't under the GPL?
(This is a response to only the comment I'm replying to, not OP.)
-
sidebar: given that there is interest in alternatives to GPL software that is now being vibecoded, and these alternatives largely tend to not be copyleft...
will vibe coding mean the death of copyleft?
@ariadne I kinda think so and I wrote up some thoughts awhile ago: https://www.quippd.com/writing/2026/04/08/ai-code-is-hollowing-out-open-source-and-maintainers-are-looking-the-other-way.html
-
yes, this is because our entire infrastructure is built on rsync, which is now being vibe coded, and that seems like a problem
@ariadne especially for a tool known to be both powerful and dangerous when used uncarefully, and one buried in a zillion automated systems....
-
@ariadne @AmyZenunim If that's the case, doesn't that mean components of rsync that were LLM-generated aren't under the GPL?
(This is a response to only the comment I'm replying to, not OP.)
it's not relevant, or at least, the maintainer's choice to publicly document his decision to shoot himself in the foot regarding intellectual property rights is not relevant to distributions, because the overall package remains GPL regardless of the presence of uncopyrightable code.
-
i honestly do not know how i feel entirely about vibe coding? i think it is cool that people can theoretically get any program they want at any time.
but that's theory.
in practice, the code the tools generate has a tendency to be unreliable and frequently also has security issues.
and rsync is being vibecoded by just tridge without any supervision.
@ariadne My work experience has been interesting. I do catch the LLMs introducing some things that if a human did them I would describe as very poor judgement (I'm not ascribing judgement of any sort to the LLMs). On the other hand, I've had them catch subtle downstream impacts that I missed, including avoiding introducing bugs that would have been a pain to track down. On balance they are improving, I think.
But I also don't count myself as a second reviewer and the LLM as the author; I am the author using the tool, and I still want real third party human review. Confirmation bias is there — I asked the agent to build something, so I'm clearly predisposed, even when consciously trying to read its plan and its code skeptically, to accept it at a light reading.
I'm not sure this is much different in practice from trusting people who have learned how to project confidence in their writing. The machine is statistically likely to produce writing that is at first glance like a person confident in their own analysis. I think it's a difference in degree, since the machines create so much more of it. But I recognize the same temptation to accept specious confidence.
-
it's not relevant, or at least, the maintainer's choice to publicly document his decision to shoot himself in the foot regarding intellectual property rights is not relevant to distributions, because the overall package remains GPL regardless of the presence of uncopyrightable code.
@ariadne @AmyZenunim I just wonder what would happen if non-copyleft software is discovered with the specific components that were generated by LLMs. (Not really relevant to OP; just a thought exercise.)
