Just a PSA.
Sorry to link to Reddit, but not only is the dev sloppily using using Claude to do something like 20k line PRs, but they are completely crashing out, banning people from the Discord (actually I think they wiped everything from Discord now), and accusing people forking their code of theft.
It’s a bummer because the app was pretty good… thankfully Calibre-web and Kavita still exist.
You must log in or # to comment.
Quick! Someone add it to Open Slopware!
It seems like the criteria for making it on there is fairly lax. Nextcloud makes a list by simply having an AI assistant as an optional (user-facing) feature, while none of the actual code appears to be AI-generated.
I’d be easier to make a list of all software that doesn’t use any AI at this point
Even if the “has an optional AI assistant” was not a thing, the repo includes an AGENTS.md file, which is also listed in the criteria, and more than qualifies it as slopware.
Man this list is depressing. Good to have handy though. Sad to see SearXNG and a few others on here.
Searxng? Fuck, guess I’m just not pulling a new container.
There is this that popped up the other day, but I haven’t looked into it at all to see if it’s vibecoded or not: https://github.com/fccview/degoog
It’s not, the second I cloned it and gave codex access it found a whole whack of privacy issues. This was 100% human coded
degoog Dev here, definitely not vibecoded. Would you be able to tell me all these whack of privacy issues? I thought I had everything covered, but if you found something concerning it’d be nice to know before I get it out of beta :)
- Fixed credential-exfiltration risk in /api/proxy/image: Previously the endpoint could:
- accept arbitrary auth_id
- load stored API keys
- forward them to attacker-controlled URLs
- Enforced outbound host allowlist globally Previously:
- allowlist existed
- but outgoingFetch() didn’t enforce it
- plugins/engines could bypass it
- Fixed extension store path traversal Previously a malicious store manifest could:
- inject … paths
- escape install directories
- reference arbitrary files
- Hardened proxy IP trust Previously:
- rate limiting trusted any X-Forwarded-For header
- clients could spoof their IP
- Fixed inconsistent settings authentication Previously:
- settings UI stored an auth token
- but the settings modal didn’t send it when saving
- Implemented Improved proxy deployment support
- Added proxy-aware behavior:
- DEGOOG_PUBLIC_BASE_URL for canonical URLs
- secure cookie handling when X-Forwarded-Proto=https
Additional Improvements:
- suggestion fetching hardened
- DuckDuckGo suggestion parsing fixed
- unified outbound request handling
- install state guard properly cleaned up
Made some other changes for my specific deployment. Very happy with your work so far. Thanks so much
Thanks, I’ll individually look into all of these ♥️ I’ll say some of them are more conscious compromises for the sake of an open scalable system where third party extensions can truly edit anything (intentionally) and everything around Auth/secure cookie is also fairly lax due to the fact the Auth is just a protection for the settings (which literally stop the settings from being served by the client), in the moment I decide to add some more structured Auth system/maybe users I’ll look into proper secure cookie handling.
This is an awesome report, thank you so much for sharing it!!!
And every time the use of LLMs for open source development comes up we get the same tired spiel from people about how it’s just a tool and implications that anyone who doesn’t embrace it with jpy in their heart is just a Luddite.
It seems to me that it’s less a tool and more like intentionally infecting your project with cancer. Sure it shows all the signs of rapid growth, but metastasization isn’t sustainable or desirable. Plus I am yet to encounter a strong advocate for LLMs who isn’t a cunt.
I think it kinda depends on the context. If someone is just making a tool for themselves and they slap on MIT or GPL3 just because who cares someone else can have it, then sure. Who cares if it’s trash if the stakes are so low that they’re scraping the ground and the user base is expected to be single digits.
But when you care about the reputation of your project, or if your project requires people trust it, then yeah for sure it’s not appropriate to vibe/slop it.
I have ethical concerns about the realities of how this tech is used, mainly in what it’s doing to the economic and power dynamics in society. But I don’t have a problem with the tech itself. That said, I have to admit that it may not be realistic to separate the tech from its inevitable impact. Now I have become death, the destroyer of worlds, and all that.
How do people gain the ability to make these major projects if not for cutting their teeth on the small ones though. We cut the apprentice and journeyman stages of mastering an art out, replace it with slop, and then ten years from now we wonder why kids these days are so incapable of actually creating anything.
I have talked to kids who have told me that the assignments they got at school were so trivial they just ran them through ChatGPT rather than waste their time. When I pointed out that the reason the assignments were “trivial” was to give them the skills and confidence to do the big projects when the time came I got, at best, blank looks.
I said it somewhere else, if you are using an LLM to generate unit tests I find it hard to be terribly mad at that. If it’s scaffolding documentation, meh whatever. If it’s generating the main body of your project, I have concerns. Plus I circle back to how can you open source code that may have been stolen from a copyrighted work?
I did a better job explaining my position in another comment, the problem is one of culture. We live in a culture that pressures people to use AI in this bad way, and pressures the creators of AI to court bad people as customers, and throw away their ethics. If we weren’t in a rat race, I feel like a lot of the problems would go away.
But we live in the culture that we live in, and at some point you simply cannot practically view the technology in isolation.
The problems are human nature, capitalism and greed. Doesn’t mean we have to give in, and frankly all the appeasers out there that keep saying “You have to use it or you will be left behind.” are effectively the drug pusher in the locker room telling the insecure young man “Oh yeah everyone else is juicing, you don’t do it you won’t be able to compete.”
Nobody believes the drug dealers are handing out drugs because they are humanitarians, they have a financial interest in destroying that kids life while he tries to justify it to himself.
We know LLMs are harmful on SO many different levels, but the US economy would literally collapse if people acknowledged that and stopped supporting them. So we race headlong towards societal collapse to keep the plates spinning. Sam Altman, Jensen Huang, Elon Musk, and so many others should all be tried for genocide and crimes against humanity once the collapse occurs. The sooner our societies start stringing these monsters up rather than celebrating them the more hope we have as a species.
I agree with everything you said except that I think too much nurture is attributed to nature. I don’t think it’s human nature, i think this is the nature of our culture. To say it is human nature is, imo, unnecessarily fatalistic.
I’d love to be wrong, but I feel like we are wired in certain ways by the evolutionary process we are the product of. I think the nurture comes in to play with regards to overcoming some of those baser instincts and drives. Anyone who has raised boys can tell you that for most boys they go through phases of being overly aggressive and or violent, that can often be redirected into better ways of getting that out. Can’t speak for girls or people on the intersection due to lack of first hand experience and want to reiterate that I am fully aware that my anecdotes are not universal and everyone falls into a range of behaviours. I feel like what we lack is an elder species we can look up to and emulate, so we are going to need to figure it out for ourselves. I like to think we have the ability, here’s hoping.
What is your argument that that phase of boyhood is nature rather than nurture?
Kids that age are typically emulating their older peers, and things they’ve seen at school, in media, at home, in public, etc. if anything, I think that the behaviour difference we observe between adolescent boys and girls suggests that kids absorb gender roles very early. Even from before they can walk, the typical common toy selection differs greatly; girls get toys that teach them about working with people and caring, but get toys that teach them about manual labour(?!?!). Even if you don’t do that with your children, at school and daycare they’re surrounded by kids who are raised like that.
When my son was a preschooler, he loved to wear dresses, but as he approached school age he would wear them less and less, and completely stopped since he started school. I don’t think he grew out of it and we didn’t tell him to stop, but he learned that lesson from his peers.
All the abilities that set humans apart from other animals are social in nature, humans evolved to help each other (at least in small groups)
accusing people forking their code of theft
AGPL 3.0 license
Too fucking bad, pussy.
Hey, pussies are great, don’t compare them to that idiot.
