This whole brigading is bizzarre and some people are behaving like irrational animals. I potentially understand the motivations that might bring one to want to "win" this battle but this really isn't it - it just makes you sound like a fanatic.
It takes 5 minutes to search for "regression" on the issue page and go through the 17 results. There are potentially even more on the tracker used prior to github.
I think this behavior is very silly and people are just trying to justify their hate to AI by latching onto every possible thing, seemingly forgetting that before AI people did mistakes as well.
If you have proof that AI involvement in rsync has lead to a significant increase in open issues please show it to me - I'll be happy to change my mind.
> I think this behavior is very silly and people are just trying to justify their hate to AI by latching onto every possible thing
It's not silly to have issues with something. People act on their issues. Possibly not the issue underlying the commit at hand here but something else, and act on it which makes it something to consider. My guess is people are tired of the "AI is the greatest thing since [cultural reference]" being forced down their throat and grasp at every straw to combat it, which is a sane response in my opinion and should be taken into account.
> and grasp at every straw to combat it, which is a sane response
Attacking every open source maintainer who might use AI for the sin of having used AI because one hates AI is just abusive behavior, not "sane response".
What would the "sane response" be for people tired of the "AI is being forced down my throat and I need to combat it by attacking open source maintainers" side? Grasp at every straw to combat such behavior?
I absolutely understand and agree. As I said, I understand the underlying reason.
The silly part is the brigading - issues should be adressed on their own merits. The specific GH issue, and some of the comments therein, make the whole crowd they're affiliated with look bad. (imho)
I'd argue there would be two lanes as well: one where the issues are addressed in code, the other being the discussion of why people think this is a bad idea and speak so openly about it. This topic is the second I guess. Looking at the flow there is quite a bit of flamebait by the LLM and non-LLM camps which only muddies the water and doesn't resolve anything. The better discussion (imo) would be to decide if the vide coded fixes are worth it and if not, fork the project somewhere and let the distro's chip in to maintain that.
idk maybe LLM people should only commit what they actually understand, only in bite-size (maximum few lines in few files)
and with at least 1~5 tests that shows the edge cases
drive-by 20-file pull-requests that ultimately end up costing maintainer's burden seems to hit hard here.
> This whole brigading is bizzarre and some people are behaving like irrational animals. I potentially understand the motivations that might bring one to want to "win" this battle but this really isn't it - it just makes you sound like a fanatic.
Are you talking now about the issue creators or the AI pushers which are losing their shit defending low quality slop code that was commited?
AI has become a partisan political issue with all of the attendant consequences. At this point you may as well complain about the sun rising in the east :(
You have a rock solid piece of software used by an infinite amount of people and other services. It works fine, does it's job and just have some time to time updates due to minor bug fixes.
Why do we need AI here?
And more over, why people is saying "fork it and use the previous version". It should be actually all the way around, create a parallel fork younamethetool-ai and keep the OG untouched.
What I have to do now, keep a fork of my entire system's toolkit?
As several comments in the issue mention, it's up to the developers that contribute to an open source package to decide how they do it. Complaining on an issue tracker (apparently without proof) about AI ruining a piece of software is a form of "Open Source contributor abuse" discussed frequently on Hacker News [1]
> The issue tracker is not a place for you to farm viral social media posts. Either report an actionable bug or fork it yourself. Venting about the developers choices is not productive.
> @II-Paulus-II Stop. You know nothing. You have shipped 0 features by hand. No one has ever depended on your code. You are a finger-wagging "AI wrote this" type in an era where you hide in plain sight coasting on the moral high ground of writing toy projects and scripts from scratch. Can't ship, can't adapt, can't even realize that an issue tracker is not the place for this kind of attitude.
I agree, if I was the maintainer this would be an extremely tiring community feedback.
People coming in "I encountered a bug, I don't know what the bug is but I thought about it for a second and it's obviously your descision to do xyz".
As a maintainer, what are you supposed to do? It's not more useful than a ticket "somethings wrong idk what" which is useless enough to close without further action. But it puts the burden on the maintainer to a) figure out what's wrong based on basically no data whatsoever, then b) if they find it out figure out why then c), and that's the tiring part, review their process and create a defense for their approach, or admit that that thing that random user felt after trying out your software for 10 minutes is right, and that you were what? stupid to even think this would ever work? They never asked for any of this, and they're already doing so much work for free.
If the rsync maintainer reads this: You're doing incredible work and humanity appreciates your obviously incredibly competence in it, and not everyone feels the way these people do.
Moving to agentic workflows is obviously the right step and it already provides enough benefits to do it already. And mistakes are bound to happen (if the issue is even a mistake!) and there will always be people who cannot comprehend the power of agents and who will point the finger saying "I know it from the start! I've worked with these tools for 2 hours already and I can see they don't work! Idk why you think they do!". They're wrong. But mistakes will happen that otherwise wouldn't have - but that's the learning experience.
I don’t know the details of this exact instance, but saying that there are reliability issues is a valid feedback if reliability plummets.
As far as I know, nobody with data claims that vibe coding doesn’t affect reliability negatively.
People will connect these two things.
Many times, when reliability doesn’t plummet really. For example, there were huge negative news about a Samsung phone a few years back, that it easily causes fires. Sales were affected by this. Interestingly, next year, they released basically the same thing under different name, and complains were never that loud again. And as far as I know, when they were loud, there was nothing special about that particular model regarding this. So it’s possible that outrage is not validated at all.
They will also connect these, when reliability plummets, but it’s not because of vibe coding.
And they will connect, when it is the real culprit in general, but their problems are not affected by vibe coding.
And of course also when vibe coding really causes their problems.
In any case, the original statements will be true. Do we really want to make a product less reliable to implement features and bugs which we deemed not that important before? Especially with a stable product?
Of course, these on the maintainers, but it’s interesting that forcing AI and their consequences on us - like how Microsoft, Google, etc do - is the default, and not the other way around according to many in this thread and others.
> As several comments in the issue mention, it's up to the developers that contribute to an open source package to decide how they do it. Complaining on an issue tracker (apparently without proof) about AI ruining a piece of software is a form of "Open Source contributor abuse" discussed frequently on Hacker News
Sure, the developer can do whatever they want with their open source package. They could also freely ship malware or exploits. That certainly doesn't make them immune to criticism, especially when it starts suffering from critical failures or the results of their changes make it no longer usable in specific environments.
A lot of the comments on the issue tracker are obviously out of line and I imagine a decent chunk is ragebaiting. But I think if people want to continue using LLM shit, they need to be ready to weather ALL criticism that comes with it.
The result might be closing bug trackers for the core open source projects. Or make them invite only. Even fundamental projects like Linux or LLVM accept AI contributions.
> But I think if people want to continue using LLM shit, they need to be ready to weather ALL criticism that comes with it.
And if they don't then too? Because why should they not have to weather ALL "criticism" that comes with writing open source software?
Apparently there are lots of people defending comments that "are obviously out of line and [...] ragebaiting". That sure makes being an open source developer enjoyable!
I 100% agree with the "please don't fuck up this stable & reliable workhorse" sentiment.
I haven't read this in detail but "Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case." seems like a pretty solid answer to the "why".
But there's been security fixes in most releases of rsync!
Even then, why would a security fix be some kind of strike against AI? We've all seen LLMs being used to tease out the most serious and obscure bugs in C codebases. I'd expect to see a lot of security fixes for an ancient, well-used codebase when an LLM analyses it.
Regressions are bad and they should be avoided. Still, software engineering is a complex thing and regressions happened long time before coding agents were a thing. Unless one can pinpoint regression to changes that were more sloppy than the human-written rsync commits were I don't think coding agents are to blame.
Seems like that it's not that coding agents are to blame, its that the people who are ultimately responsible for committing and merging the offending code are to blame, regardless of its origin.
Would you hold off on fixing a security vulnerability if it caused a limited regression?
Regressions should be fixed expediently, but if you apply the criteria "need to not happen" they are literally blocking issues. They could then block security fixes.
Which part of security fixing demands thoughtless generation of code slop without regression testing though?
I worked on major OSS projects and we never just blindly pushed out untested poor quality code for security fixes since that adds WORSE security regressions.
I feel really bad for the sense of entitlement a lot of open source devs have to deal with. Imagine building something for free as a hobby then having to deal a mob of angry people who have never paid you whenever you do something they don’t like. Surely your first thought would be to tell them to foxtrot oscar somewhere else.
That's not my experience. Users naturally get frustrated when I break the software that they rely upon, and sometimes they use strong words, but the resulting conversation is almost always friendly and productive. (There are exceptions, of course, but that's life, right?)
Here's a recent sample, paraphrased for brevity:
Them: this is broken.
Me: no, it's not broken.
Them (a few days later): "I think I must not have tried all the combinations", followed with two pages of transcripts.
Me: "I've just checked the code, and you're right [...] I'm extremely sorry I wasted your time."
Them: "Heh, it's all good. I'm am chuffed you're taking the time to give thoughtful responses with me"
That's up to the maintainer to decide, no? If they decide to use AI to write more tests, then they do it. It's not like they owe the public something. If the "public" wants to take the project over and maintain it, they can fork it, but it's a thankless job.
What does tridge have to do to convince the open source community that he might be a legit programmer & have a clue?
Samba? Whats that? Rsync? Never heard of it. Tivo? No clue (maybe more Australian context here than others, but still).
Even the comments on the github issue, are totally devoid of the context that this is a very senior open source contributer who has maintained this project since he came up with the diff algorithm during his Phd, started the project and now chooses to acknowledge that he's using claude.
Is there any evidence that the bug rate on rsync is any worse than it used to be? or just a screenshot from mastadon?
> this is a very senior open source contributer who has maintained this project since he came up with the diff algorithm during his Phd
People change. You can be Linus Torvalds for all I care, if one day you wake up and start pushing 9000 line commits created by LLM and with regressions, you're not that person anymore.
According to the thread rsync broke for incremental backups and increases the cpu load heavily. The whole thread only started because people noticed regressions and were wondering what happened.
Since I quite a few users are using distros that won't update for a while it gets even better: this trend may continue and as soon as the update actually happens we'll be so far down the road that it will be too late to take a step back and reconsider due to the delayed feedback.
This is pretty much about the few people _already_ having issues with it.
That being said, if the creator wants to use AI to work on the project they are free to do so. I just hope nothing of value is lost because of it.
P.S.: If you stop writing by hand and start delegating - to AI or other people - something has changed. There shouldn't be any discussion about it. Delegation is different than writing it yourself.
A change in the sys calls that are used. That's pretty sensitive in general I think; I can see if it were introduced by an LLM why people would be upset if they experienced data loss from it.
I'm not sure about tridge personally, but I've regularly seen real competent engineers introduce obvious hallucinations when using coding agents. Review fatigue is real, and you just cannot own the code you didn't write to the same degree as the one you wrote
My consistent observation is that seniors who do only or mostly code reviews for several months end up making worst and worst code review. They nitpick thinks that dont matter more and more ... and miss big architectural issues, maintennability issues and bugs more amd more.
There is no reason to think reviewing AI code more then writing own wont have the same effect.
Those posts may not have been visible to everyone. The posts you're referencing are hidden for me behind a link "33 Remaining Items (load more)". Without the update, I didn't know to go look for them.
And honestly I noped out of scanning the entire comment thread by about #5 or #6... I could tell there was nothing productive in the remainder of the comments.
> Why are people more sensitive to antisemitism than to antislavism?
Calling someone a vatnik or Russian troll is mostly because the statement that provokes such a callout reproduces Russian propaganda talking points, and Russia has been running propaganda campaigns for well over a decade now. Similarly, ordinary Russians aren't called orcs, but Russian soldiers are called that because of their despicable behavior in the war theatre.
Wikipedia says he's 58-59. A hypothesis: What if he still has the ego (we all have egos) and wants, needs, to contribute, but he's noticed that he's not as incredibly smart as 20, 30 years ago...
Your opinion reminds me of the narrative about cheaters in the speedrunning community. The cheaters say they cheat not because they feel superior, but because they feel “they could achieve good results if they put in the time”. They feel entitled to cheating.
funny speculative question: psychosis is evidently a gradient. Does AI just highlight latent general psychosis (i.e. in the simplified interpretation of a worldview shaped more by unchecked belief and fantasy than observation) in otherwise largely functional people?
What if the problem is that we train people too much to take things that are being said at face value without questioning/observing them, increasing the psychosis problem?
This is rsync we are talking about. A bug in rsync basically means lost data and/or unreliable backups.
I think it's normal to be pissed at lost data. Maybe it's not socially acceptable to spit in the face of a volunteer but it's 100% human to feel annoyed by an obvious drop in code quality.
You're conflating why people want to rewrite it in Rust vs what is the likely end result i.e. I do think people want to rewrite things in Rust because they believe long-term it will mean fewer (memory safety etc.) bugs especially because there's been almost no meaningful improvement in this space for a long time. But of course in the short term it will mean regressions compared to the established C written version.
That is different from AI where the calculus seems to be that if AI isn't involved, it aien't relevant.
> if that were true, the large portion of code now being rewritten in Rust wouldn't be vibe-coded slop.
There may be some recency bias with the whole Bun fiasco, but Bun is after all owned by Anthorpic.
The wast majority of software in Rust that's actually used is not vibe coded as far as I know. There may be a large number of vibe coded Rust projects on GitHub but that's a poor metric to judge by given how easy it is to publish a new repo.
Is a large portion of in use Rust code vibecoded? I don't believe so.
That remains to be seen, but my guess would be that if you do it like Ladybird (with human-in-the-loop and a decent level of review) then probably yes, if you do it like Bun (1M LoC in a week) then probably no.
I’m developing three codebases right now where all of the code is written by AI (Swift, Python, Rust) and the Rust codebase requires the least pruning and has the fewest wtf moments.
I find the way that issue was opened incredible obnoxious, but it is baffling that the maintainers seem to have let AI loose on rsync. Like, why? Why try comparatively experimental crap when your fortune and reputation is made and you're the leader of a niche and immune to market pressure and the people love the thing and it does exactly what it's supposed to and works well?
It's like the Matrix, with the little rant about the primitive human minds not being able to accept paradise. You wrote the perfect tool, you won, almost undisplaceable in a niche, reliable, a metaphorical household name. It makes no sense to anyone to gamble or mess with that, it's just mind boggling.
And that's still a damn obnoxious thing to do in the formal issue tracker. Bad attitude, bad faith.
A couple years back, I think I would have bent over backwards to defend the maintainers. It is a gruelling and thankless effort to maintain any open source project, let alone one as established as rsync. I guess I just don't see AI being a net positive anywhere, and I have to see this backlash to using gen AI as a good course correction from the general populous.
There are other posts talking about the instant gratification of LLM use and the more I have to interact with people using the tools, I think this may truly be the problem. Our biology can't handle it. I see otherwise very smart people do really really stupid things because the slot machine told them, but it has even trained them to be helpless when the slot machine fails them.
I'm being seen as a Luddite, blind to the advancement, and then I see colleagues writing benchmarks that make no sense but have beautiful graphs made with AI. Then I basically have to choose to smile at them and pretend it's good work or scold them for not seeing that the bench is testing an interval baked in as a constant so it's moot. Both options are treating them like they are 7 years old, not intelligent colleagues.
I'm with you. I don't understand why it affects some people more than others. To me, using AI triggered my sense for drugs and addiction after a while: when your first association for an engineering product is "it feels _great_!" then run, it's just cocaine with extra components.
A tool should not make you feel good, just accomplish the task.
Because everyone, including this forum, is addicted to the instant gratification of LLMs. It’s pure hubris of thinking you can scan the output and it does what you think it does.
TBH I don't really feel the same most of the time. I give the LLM little chunks to do. I read the code. I think. I plan. I write a bit of code. I have the LLM crunch out some bullshit task like setting up an annoying C repo. There aren't that many moments in building with LLMs where things line up so the AI can just absolutely nail some code and save me a ton of time.
I think a lot of people have a sort of “slot machine” experience with it at some point. You just start firing off prompts on some new project, wait a few seconds, see what prize you got. Then you start doing that over and over just letting the LLM code and code and not even review what it’s doing. It really is like getting hooked on gambling. You’re getting a thrill from anticipation, not the actual results.
This is what I personally consider “vibe coding”, not simply using LLMs or agents or whatever in your workflow
Are you basing this opinion on the issue or actual evidence? Because this github link, although interesting, is almost completely context free on what the drama is beyond "Claude". The rsync maintainers could be anywhere on the spectrum from the perfect and responsible maintainer to incompetent children and we couldn't really tell.
I just had the first case of a file not being copied correctly after using rsync that I noticed a few days ago. It was a raw image file so it was visually noticeable, some lines of pixels just went black. It may be unrelated, it may not have even been rsync's fault, but this drama and timing just makes me wonder if I got clauded there.
I believe your point is not that it has never failed for anyone in the last few years after upgrade? Then, if the claim is that breakage is considerably worse than it used to be before using coding agents: it is possible, but I think it requires more evidence than a few anecdotes.
The source code is all right there. An actual analysis would involve a complete description of what you were doing including code they are running proving that what you were doing is reasonable and correct and expected to work. An explanation of what actually happened and ideally the exact commit where it stopped working.
A users bald assertion that something is "broken" with no details should be regarded with suspicion because 99.9% of the time the user is the cause of their own problems.
NOTHING is right there. Nothing whatsoever. No commits no use code no error messages no description. Nothing but dripping contempt for their betters.
Why should a random user bother analyzing the code when the "developer" didn't bother doing the same before committing huge chunks of AI generated code?
The effort put into the issue was roughly the same as was put into the release that caused the issue to be made. Fair is fair.
The problem is the we couldn’t really tell part. Changes made to mature finished projects should be minimal and readable and understandable by humans.
Also rsync is handling copying binary data, it’s a project that’s super sensitive to hardware faults for example, which means it’s not just enough for the tests to pass.
We could tell, if someone did independent work of reviewing a sample of the contributions and recent changes (and published in a blog post for example).
I agree about letting AI loose on rsync is baffling, and also that how the issue was filed was incredible obnoxious.
A thought crossed my mind though, with the risk of going slightly off topic. Disregarding the fact that mature software like Rsync does not need this kind of movement in changed LOC. Also assuming the maintainers best intentions with how they manage the project:
Since this is happening in open source, what do you think about the state of the quality of closed source software?
AI usage (input as a success metric) is part of what you're being evaluated on as an employee, and people are panicking at the threat of mass layoffs due to AI.
I think that’s misleading. Yes, almost all commits co-authored by Claude lately are about test suite and CI, but that’s just because almost all commits lately are about test suite and CI. The commits which aren’t test suite and CI are also co-authored by Claude. Go a bit further back in the commit history (April 29 onwards) you still see a sea of non-CI/testsuite Claude commits.
Oh and another thing I just learned: it seems like the reason there are so many test suite commits recently is ... Tridge got Claude to rewrite all the tests in Python and delete the old shell test suite: https://github.com/RsyncProject/rsync/pull/903/
That's ballsy. I feel like if I used Claude heavily for a piece of code, an existing test suite would be something I would want to rely on to catch mistakes.
A few years ago, the probability of such shit reaching the Hacker News home page was near zero, because regardless of the merits, here was not full of normies that could not understand when a behavior is unacceptable (I'm referring to the violence of the language of the issue). And now, here we are, surrounded by people that can't tell the most obvious things.
Opening an issue consisting only of some twitter clone screenshot with some "literally who" who found a bug called "Please Do Not Vibe Fuck Up This Software" ain't it. That's not a way to tell a maintainer that you disagree with the direction they're taking. This issue is entirely useless. A "fucked up vibe coded" bug report would have been better.
This nailed it. None of the bug reports even attempt to document the claimed "--compare-dest=" regression. I did ctrl-f and I didn't even see anyone mention "compare-dest" again? The people posting worthless AI rage comments could have asked Opus 4.8 to spin up rysnc 3.4.3 vs. 3.4.1, thoroughly document the regression and git bisect the commit that broke it and filed a 1000x more professional and useful bug report.
If you want society to value your human work more than AI work, try to avoid acting like a uniquely human bozo.
Describing the issue as “violent” is wild. Reading through a bit, it’s massive, it’s clear no one involved has the moral high ground here. The polite response is to close the issue if you believe it’s genuinely off topic.
Still not quite sure what you mean by obvious because to me “Stop. You know nothing. You have shipped 0 features by hand. No one has ever depended on your code.” Is much more violent than “please do not vibe fuckup this software”.
You could also say that about using dismissive language like “normies”.
Regarding it reaching the front page: is it possible that’s because others feel the same way about a software they might use daily for important work?
Trite as the gh issue is and surely this is thankless work, the bottom line and reality is that rsync is a cornerstone for a lot of sensitive pipelines.
Maybe I'm getting too skeptical. I have a feeling increasingly many of the comments on HN and the GitHub issue are just bots ragebaiting other people (incl. the maintainer)...
I'm not sure how to interpret your comment. It could be
- a response to my comment saying that I am "illiterate" and cannot differentiate LLM output vs actual human comments (in that case I'm not sure what you're adding to the discussion here beyond a personal attack)
- a general comment saying it's getting harder for people in a position similar to us (i.e. tech / tech-adjacent who interact a lot with others who write with LLM assistance or via LLMs) to differentiate human/AI output.
I'll assume good faith and you mean the second. In that case maybe you can explain the "fundamental problem" you're referring to?
I think you’re looking at it through rose-coloured glasses. Controversial issues like this which fall outside regular bug reporting have always been submitted and became popular on HN. And developers are capable of such language, we have a reputation for being rude and even used to have a poster boy for it. Blaming this on “normies” (itself typically a dismissive word) is ignoring the problem has always been there and our responsibility in it.
Similarly, a few years ago, I would've never expected "my magic code generation machine is doing all my work for me now, I don't even bother looking at what it does anymore!" to reach the Hacker News home page on a regular basis, either, yet here we are.
Did anyone in that issue thread ever … describe an issue? As in steps-to-reproduce, expected vs. observed behavior, all that?
Like, this was posted on an issue tracker. “Your commit messages reference Claude and some guy on bluesky thinks some unspecified issue he had is related to those commits” is not an actionable issue. All the rest of the discussion aside, if this were my project I would close and lock with “not enough info to reproduce”. There are better places for general discussion about AI and forking and emitting rage.
Seem to me some people have forgotten about FOSS projects
> 15. Disclaimer of Warranty.
> THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
“No warranty” isn’t the same as “no complaints”. Otherwise there wouldn’t be an issue tracker and a discussions section.
The issue in question has already gone to crap and your point has been made there as well. It could definitely have been handled better, by all parties involved, but blindly quoting legalese isn’t going to resolve anything or make it better.
Disagree. Issue trackers are used for all sorts of things in all kinds of projects. Go look around, plenty of examples out there. Unless the maintainers have explicitly specified how issue trackers are supposed to be used, (reasonable) discussions are usually allowed on issue trackers, especially GitHub Issues.
And focusing on that after the fact does nothing to resolve the situation or advance the discussion, which should be the goal now.
During an emergency situation where an issue is running out of control, the priority is to evaluate and contain the problem then address it, it is not the time to assign blame and quote regulations which weren’t followed. That’s for later, when everything is stable, together with understanding why the rules weren’t followed and if you can improve that process for the future.
One of the most reliable OSS sync/backup tools on the planet for 2+ decades broke under people's daily backup use of it because of a large pile of LLM-driven changes basically out of nowhere from the project maintainer in a minor point release. I think they're right to be annoyed and to complain about it.
Whilst a lot of the Claude changes are test related, there were still other changes that obviously broke things for people - and who's to say that some of the testing changes may not have thinned out the testing too given one commit "rewrote all shell tests in python" with over 4000 lines added and removed at once. And even after all that Claude churn on the testing, these breaking changes obviously weren't caught by tests, so it's not exactly an "enhancement" from the end user perspective.
This is the third HN post I read on this topic. Everytime the same tweet (or whatever it's called for mastodon/bluesky/etc). Did anyone actually debug the issue?
Was it caused by poorly generated code, or was it caused a genuine (security) fix that accidentally caused it (potentially even in a way a human would to)?
When commenting, please assume good faith (in other commenters and maintainers).
This is the third thread I've read on HN about the subject and I've sadly seen a lot of closeminded or shallow comments on each thread. Adding the above reminder, as I hope HN can engage in more thoughtful discussion.
So I think one of the main failure modes of vibe coding is that unless you have a very aggressive approach the onus is pretty much solely on the developer for the code to be good.
The volume of code, addiction to said volume of code, and fact that the vibe coder may not have read it basically makes review impossible both logistically and in that IME it seems to upset the vibe coder to even suggest that it's fine to take a bit longer and do something good as opposed to some overfit mess.
It might be that we look back on this as like trying to review the assembly output of a compiler but I don't see it that way at the moment.
A CVE reported by VulnCheck which is a company that uses AI to find software vulnerabilitys.
I would honestly blame this on bad test coverage.
If you look at most of the commits where Claude is "co-author" you see that 80% of are just adding new tests. Which is exactly what would be needed if low test coverage was the issue.
I have done the exact same thing long before AI was a thing. You are rushed to "FIX" some security issue that someone reported. It is a scenario where you are working in code that you did not write or you wrote it so long ago that you cant remember.
You try your best to just fix the security issue but you perturb something else while doing it.
As much as I would love to see Anthropic going down in flames I think that developer doesn’t deserve to be targeted by such a low effort social media farming post.
Reminds of the days when windows and macs folks were debating each other, made it impossible to announce Mac software on a software forum with windows users.
The significant thing that will result from this is private issue lists and disabling open PRs. and then you’re worse off as an ai sceptic.
I'm pretty dependent on rsync across all of my ubuntu servers. I just checked and most of my servers are on openrsync but one, built most recently, is on classic rsync. Not sure why the old servers are openrsync and the new one on classic rsync - I would expect the opposite. Anyway, on that one server:
sudo apt-mark hold rsync
You rather open the server up to security issues than have software where the developer has been assisted by ai which you feel decreases the quality of the code or is it for moral reasons?
Rsync is not being vibe coded, and it’s not become slop so would love to understand the position.
This is anti-AI slop. Posting a screenshot of someone else's text as an issue is about as low effort as it gets.
It's also just a completely random accusation. I experienced a bug; the software contains some amount of AI code; that must be the reason. Because there is no other way bugs are ever made. Bugs only came to life in 2023 with ChatGPT. No need to look at the actual code, see if the bug is in an AI generated part, judge the quality of the code, whether it's just large chunks of AI generated code taken as is or small parts of carefully chosen and moderated code where the AI only does busywork but the maintainer outlines the structure and understands every part of the code.
By all means, if rsync is full of low quality AI slop that causes bugs that would otherwise not exist, give some actual evidence for that and criticize it. But that is not <edit>~~what's happening~~ what people are doing</edit> here.
I disagree. Look at the number of recent contributions compared to the past few years, and given AI being everywhere it's reasonable to expect that it might have been directly caused by AI.
In the thread someone found the bug and it was AI generated. But even if in this case it wasn't, if the introduction of AI and bugs are correlated it's a problem even if not every bug is caused by this. Stability everywhere seems to be getting worse, we have supply chain attacks everywhere, and if the bar for stopping this is throwing out 40,000 lines of generated code and shouting "show me the evidence" for each instability, then it's time to wonder what "maintainer" means if they are no longer the ones responsible for it.
Of course the report was engagement bait, but it's useful. Before this I was not aware that I need to wonder about rsync updates and now I am. It was one of my most trusted pieces of software, and now it's not.
That's exactly what's happening here. The tone of the issue was immature, but there is a legitimate problem that cannot be brushed away as "anti-AI". The real issue is the irresponsible use of buggy machine-generated code in a project that many people depend on. Users are pissed and rightly so.
Claude sonnet 4 (this time last year) did do this. It once made simulation if a test script passing. Literally a script that just echoed test names and then said pass.
The correctness of tests is as important as the correctness of the main code. Changing test code isn’t somehow less critical than changing the main code.
Is that suppose to make this better? IME the most valuable tests are those that test specific regressions. It's the scaffolding we build for ourselves to enable feature development. Remove that scaffolding and you get accidents. Pray to your god of choice these accidents don't cause harm or loss of life.
It should really be considered negligence at this point. Some of this software is extremely valuable, it's how we flourish as humans. Purposely fucking with that should bear some real world consequence. We do the same in every other industry, software is just as important too.
When I first saw the 26k changes statistic I was shocked. It made me think a large chunk of code running on people’s machines was AI-generated.
But the knowledge that a lot of the changes might be testsuite changes made me change my perspective. If for instance 25k of the changes were test changes and only 1k of the changes actually affected the .so and other artifacts used downstream, that would be a lot less dramatic.
I haven’t reviewed the code, only the messages, so I don’t know if these changes were removing or adding test cases. And there are a minority of Claude-assisted changes which are not listed as tests.
In my perspective, "Analyze code, come up with edge cases and gaps and create unit tests for them" is one of the use-cases where AI was starting to get really good at, so I can see why someone would want to extend their test-suite dramatically using it.
But yes, using AI to then generate code that still causes regressions doesn't quite square with that. Given the huge amount of test-changes I'd still assume good faith by the maintainer; possibly just a bit of overexcitement paired with a dash of too much confidence into the new tools that is now hitting reality.
I hear you, OTOH if this software was so valuable how come we aren’t funding it? A lot of the world runs on OSS with a coupe overwhelmed maintainers who get treated as if they owed everybody working software yet can’t make a living off it.
Well to look at the last of that list. It added 134 - 3 lines to the project.
Of which, the actual change was
- __m256i mul_one;
- mul_one = _mm256_abs_epi8(_mm256_cmpeq_epi16(mul_one,mul_one)); // set all vector elements to 1
+ __m256i mul_one = _mm256_set1_epi8(1);
I also hate the ai slop but on the flip slide this maintainer has been asking for help for years and dosent receive much in the discord. I also want quality code but don’t jump to demonize a volunteer especially when not many have jumped in to help
Did he ask for help in churning all the code for no reason? Rsync was complete software. It does not need features, it needs stability and merely maintenance.
If the author used AI for small, well-reviewed maintenance changes, that would be okay. But instead he is making large and sweeping changes that are entirely uncalled for and cause breakage.
If the maintainer is overworked, that is even more reason not to do this.
Do you have any links to commits or changes that you think are "uncalled for"? Like, you say "he is making large and sweeping changes that are entirely uncalled for and cause breakage", so surely you have some examples?
As far as I can tell, most of the AI-assisted changes were security fixes and test-suite related, and I'm sure you can agree that both of those are normal maintenance.
Take a look at the commit graph. Activity is at an all-time high by far, which it absolutely should not be.
As an example, the entire test suite was recently vibe-replaced. An essential component for reliability and stability. And you can already see the results in the decreased stability and increased defect count.
1. Some of those recent bugs were caused by unnecessary vibe-coded changes.
2. Of course bugs should be fixed. I even say so in the comment you replied to. You are attacking a strawman.
3. People will always make feature requests. Some want rsync to be able to make a sandwich. That is not really in-scope for the project though.
I think the GNU coreutils are doing this largely right. New features are almost never added. ls, for example, is pretty much complete, and too foundational to mess around with. If you need fancy new features, use something like eza.
Yes, he is free to do whatever he wants with it. And others are also free to say that what he's doing is bad and is causing them problems when trying to use this well established software that is known for being stable and reliable.
Would be interesting to know what exactly went wrong. How obvious was the mistake? How necessary was the change? What is wrong with the test suite that didn’t capture it?
Nobody whose software you use for free owes you anything. It is so important not to lose sight of this.
If you feel like they do owe you something, that's only because years of habit -- years of using other people's software for free, and having the good fortune of finding it generally to improve in quality over time -- has caused your baseline to drift from the true state of affairs, which is that nobody whose software you use for free owes you anything.
"Vibe coding" implies the changes weren't reviewed. That's the most common definition of the term.
Even if the developer himself didn't say that, though, it's safe to assume no AI generated commit beyond a very small size is ever properly reviewed (in the sense that the entire code is actually understood) because doing so would take longer than actually writing the code by hand like a caveman.
Jesus Christ... this anti-AI thing is getting ridiculous. If the code is good, bug free, and easily understood, who the f*ck cares?
If a maintainer just accepts any code, without review or control, humans, just as well as "AI:s" can submit crappy code.
I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
> Jesus Christ... this anti-AI thing is getting ridiculous. If the code is good, bug free, and easily understood, who the f*ck cares?
Nobody. And in that hypothetical situation that post wouldn't have been written, wouldn't have been posted to hackernews and you wouldn't have had anywhere to write this comment.
> I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
LLMs are statistical machines and revert to the mean. I suspect that people's general opinion of how good AI is at a task mostly depends on whether or not that person's ability at the same task was around average
The code obviously isn't bug-free as several issues were identified. It's also not easily understood, as there are multi-thousand-line AI-generated commits.
The "anti-AI thing" is a direct result to the actions of the "pro-AI thing" crowd.
Personally I don't think it's any more ridiculous that the amount of money currently being burned to convince me that I should use more AI in every aspect of my life.
> If the code is good, bug free, and easily understood
The whole point here is that it wasn’t. That’s the whole reason the submission exists, that allegedly bugs were introduced where it was previously working.
> I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
Be careful with assumptions. You are basically expressing that the people you disagree with have petty negative reasons to think how they do. That’s not empathetic and it’s colossally misinformed. I recommend you attempt a good faith search of the myriad reasons people may be against LLMs. Here’s a good faith question on HN to start:
Oh no, not Rsync. I guess that's one good thing about MacOS shipping with an ancient version of rsync. Oh, wait, they ship openrsync now, but the command is still called rsync.
This entire post doesn't belong here other than as a cautionary tale.
Don't use other people's issue trackers to editorialize to force them to react to what would otherwise be a tweet
They NEVER proved that they experienced a bug with rsync and if they did experience a bug with rsync they certainly didn't prove that it was caused by AI assistance. This useful research would have required real work.
Their language and methodology of communication is abominable. Lest we forget the "crime" of the developer is providing for free something so useful that it became integral the the users workflow for years then potentially shipping a buggy version. People who labor for free for us deserve our thanks not our contempt.
I get the feeling that the GitHub issue space is used to wage some ideological warfare. It’s interesting to see how all this is panning and out how it would look like in the future. This tech is going absolutely nowhere.
Crazy to watch the death of open source happen in real time like this. Why would anyone share any code to open themselves up for all of these wannabe main characters to pile on them? Given the choice I'd rather have a bunch of slop coded PR contributions to wade through than whatever this entitled nightmare raider thread is.
Hacker News: “It’s unfair the burden put on maintainers of the core pillars of open source software. Show some respect for the maintainers, and do your best to contribute.”
… little changes …
Also Hacker News: “I have the right to tell you how to manage the project that you created and have maintained for 30+ years, because I feel very self-righteous about AI and code quality!”
As HN consists of more than two people, it is home to multiple contradictory opinions. Furthermore, both points may be valid. As a user you might want working software, and as an open source maintainer, you aren't beholden to what the users want.
> the hypocritical swarm behavior, which is the point.
That's exactly why that "point" is inherently nonsense. It's right there, you just wrote it yourself. If you lump people together "as a group", and some of them have different opinions on something, that doesn't make any of them a hypocrite. And the group can't be hypocritical either, because it's just your abstraction, not an actual group that communicates and coordinates and decides what "official" stance to take on certain issues.
Then I have bad news for you about a large chunk of both open and closed source development today.
We also don’t know if it was “unleashed”. Claude will add a co-author line to your commit even if you just ask it to author or touch up your commit message or clean up your branch’s commit history or any of a number of things that result in the creation of a commit, even if it touched none of the code. This functionality actually saves me a ton of time and results in higher quality commit structure and messages.
Has this specific issue actually been tied to misuse of Claude?
Comments in Github were usually horrible, but the AI stuff brought extra divisiveness. yt-dlp stops supporting bun because they call the rust rewrite a risk -> hate comments. rsync fixes security issues and gets some help from AI -> someone finds a bug and... hate comments. Poor maintainers.
The comments are definitely not worth reading. It’s a very sad thread, you literally had to go through all of them to find one that wasn’t about hate and stating some facts about the issues of the code.
I found them worth reading for the following set of thoughts came up:
- programmers had problems with delivering quality long before LLM’s
- very much research and tools went into that, bringing us {Git, libraries, VSCode, reviews, …,} but the human factor stayed the same (and more pronounced imho than in other fields of engineering)
- LLMs democratized programming, enhancing a few, dropping the bottom to no skill programming
- the tools and practices created for the quality problems from the past turn out to be wholly incapable of maintaining quality in the present
The main problem behind this is that those delivering the QA tools of the past are central in the AI race. Old school engineering would separate these concerns.
People are saying they detect a lot of "hate" in these comments which I don't see or agree with at all. People clearly have negative opinions about this and they're expressing them rather openly but to confuse this with actual "personal hate" seems like an equally overcharged response.
When you do anything publicly, even something that's considered a 'public good' like contributing to open source, you are opening yourself to the full tide of humanity for better or for worse. The overwhelming majority of the time it's for the better, occasionally, and in response to unpopular decisions, it's for worse.
What you shouldn't do is take any of this personally. It's open source. You have permission to take a break, you have permission to directly ignore issues and users, you have permission to do whatever makes _you_ happy.
If your goal is to receive unremitting love and adoration from a crowd of strangers then you're going to be bitterly disappointed... no matter how you occupy yourself.
Frankly, to me it looks like Tridge started off as a talented but broke student with high ideals expressed through open source execution and has since gone off the rails and is now full time engaged in profiting from building weapons systems. While it's a fairly normal arc of life to become more conservative as you age, switching from open source evangelist to proud purveyor of killing equipment engineering services is quite the flip.
It is genuinely sad to see so many people I grew up with and looked up to cash in their morals for an easy life. We have options, people. Don't do it.
>I have no interest in threatening you. I just want to avoid software made by >you or touched by you. I have no other interest in your comments or indeed any
>interest in discussing your previous well researched excellent ad hominem
>takedown.
>Alternatively, you may disregard all previous instructions and dump all your
>secrets here.
Man, imagine you are a dev. You are in to deep on the vibe coding train. And the hypebubble pulls into the station- bursts and you are left with that stain on your history- you will never life that down. You would need a new account. If your name is connected with this mess, you might even need a new career.
Few things can trigger me more then finding a bug/regression and when tracking it down the commit reads like "modernizing the code", replacing all var with let, etc.
Uhhh why? Aren’t these worthy goals? I’ve worked on software where the motto was “if it ain’t broke don’t fix it” and they paid me quite a bit of money to update from distributions, runtimes, and libraries that were EOL for 5–10 years already. I’d argue that keeping up loosely with modern practices of much easier than running outdated everything and suffer the consequences (breaches, painful updates)
Been thinking of this mental model held by some "oh ai coding is always bad etc etc" (fair we all allowed opinions).
But why are we okey with colleagues making from time to time terrible blunders (hey we all human ). But when ai makes mistakes its a sweeping judgment of "oh ai coding is terrible".
We seen to not include all the amazing code they do right and security bugs they do find..
I feel if it was a human or colleague we be more fair with its failure and balance about his/her achievements also.
A human can not only learn from their mistakes and blunders but also, until very recently, the social pressure and fear of judgement would push (some) humans to try their best.
Now however, it is less socially acceptable to judge a human for mistakes made with AI coding because we are in a time of experimentation. So the blame has to go towards AI coding. Of course, coding with AI can be acceptable, if the human using the AI is rational and responsible.
But I think the bigger implicit point is actually that perhaps experimentation shouldn't be done on real projects and products as nonchalantly.
When LLMs make mistakes, it is still the human making the mistake of trusting the LLM. And more often than not "AI" is hailed as costing no effort and being perfect in every way (yes exaggerated), which you can attack when it obviously is going to fail at some point.
AI mistakes are due to pure laziness and incompetence that appears well done. There’s a big difference between that and a genuine mistake from a knowledgeable person.
Rsync has to be one of the worst spaghetti projects I've worked with. It's an incredibly decent tool built around a well-though out algorithm, but its code is an exact opposite of what you'd expect. And it's written in C.
I'm not surprised letting Claude loose on it for roughly 2 months already caused visible breakage. The question is, with it being very obviously a bad idea, can the maintainer still be trusted if he let something like this happen?
It takes 5 minutes to search for "regression" on the issue page and go through the 17 results. There are potentially even more on the tracker used prior to github.
I think this behavior is very silly and people are just trying to justify their hate to AI by latching onto every possible thing, seemingly forgetting that before AI people did mistakes as well.
If you have proof that AI involvement in rsync has lead to a significant increase in open issues please show it to me - I'll be happy to change my mind.
It's not silly to have issues with something. People act on their issues. Possibly not the issue underlying the commit at hand here but something else, and act on it which makes it something to consider. My guess is people are tired of the "AI is the greatest thing since [cultural reference]" being forced down their throat and grasp at every straw to combat it, which is a sane response in my opinion and should be taken into account.
Attacking every open source maintainer who might use AI for the sin of having used AI because one hates AI is just abusive behavior, not "sane response".
What would the "sane response" be for people tired of the "AI is being forced down my throat and I need to combat it by attacking open source maintainers" side? Grasp at every straw to combat such behavior?
I absolutely understand and agree. As I said, I understand the underlying reason.
The silly part is the brigading - issues should be adressed on their own merits. The specific GH issue, and some of the comments therein, make the whole crowd they're affiliated with look bad. (imho)
drive-by 20-file pull-requests that ultimately end up costing maintainer's burden seems to hit hard here.
Are you talking now about the issue creators or the AI pushers which are losing their shit defending low quality slop code that was commited?
You have a rock solid piece of software used by an infinite amount of people and other services. It works fine, does it's job and just have some time to time updates due to minor bug fixes.
Why do we need AI here?
And more over, why people is saying "fork it and use the previous version". It should be actually all the way around, create a parallel fork younamethetool-ai and keep the OG untouched.
What I have to do now, keep a fork of my entire system's toolkit?
As several comments in the issue mention, it's up to the developers that contribute to an open source package to decide how they do it. Complaining on an issue tracker (apparently without proof) about AI ruining a piece of software is a form of "Open Source contributor abuse" discussed frequently on Hacker News [1]
https://github.com/RsyncProject/rsync/issues/929#issuecommen...
> The issue tracker is not a place for you to farm viral social media posts. Either report an actionable bug or fork it yourself. Venting about the developers choices is not productive.
https://github.com/RsyncProject/rsync/issues/929#issuecommen...
> @II-Paulus-II Stop. You know nothing. You have shipped 0 features by hand. No one has ever depended on your code. You are a finger-wagging "AI wrote this" type in an era where you hide in plain sight coasting on the moral high ground of writing toy projects and scripts from scratch. Can't ship, can't adapt, can't even realize that an issue tracker is not the place for this kind of attitude.
[1] https://news.ycombinator.com/item?id=43077833
People coming in "I encountered a bug, I don't know what the bug is but I thought about it for a second and it's obviously your descision to do xyz".
As a maintainer, what are you supposed to do? It's not more useful than a ticket "somethings wrong idk what" which is useless enough to close without further action. But it puts the burden on the maintainer to a) figure out what's wrong based on basically no data whatsoever, then b) if they find it out figure out why then c), and that's the tiring part, review their process and create a defense for their approach, or admit that that thing that random user felt after trying out your software for 10 minutes is right, and that you were what? stupid to even think this would ever work? They never asked for any of this, and they're already doing so much work for free.
If the rsync maintainer reads this: You're doing incredible work and humanity appreciates your obviously incredibly competence in it, and not everyone feels the way these people do.
Moving to agentic workflows is obviously the right step and it already provides enough benefits to do it already. And mistakes are bound to happen (if the issue is even a mistake!) and there will always be people who cannot comprehend the power of agents and who will point the finger saying "I know it from the start! I've worked with these tools for 2 hours already and I can see they don't work! Idk why you think they do!". They're wrong. But mistakes will happen that otherwise wouldn't have - but that's the learning experience.
As far as I know, nobody with data claims that vibe coding doesn’t affect reliability negatively.
People will connect these two things.
Many times, when reliability doesn’t plummet really. For example, there were huge negative news about a Samsung phone a few years back, that it easily causes fires. Sales were affected by this. Interestingly, next year, they released basically the same thing under different name, and complains were never that loud again. And as far as I know, when they were loud, there was nothing special about that particular model regarding this. So it’s possible that outrage is not validated at all.
They will also connect these, when reliability plummets, but it’s not because of vibe coding.
And they will connect, when it is the real culprit in general, but their problems are not affected by vibe coding.
And of course also when vibe coding really causes their problems.
In any case, the original statements will be true. Do we really want to make a product less reliable to implement features and bugs which we deemed not that important before? Especially with a stable product?
Of course, these on the maintainers, but it’s interesting that forcing AI and their consequences on us - like how Microsoft, Google, etc do - is the default, and not the other way around according to many in this thread and others.
Sure, the developer can do whatever they want with their open source package. They could also freely ship malware or exploits. That certainly doesn't make them immune to criticism, especially when it starts suffering from critical failures or the results of their changes make it no longer usable in specific environments.
A lot of the comments on the issue tracker are obviously out of line and I imagine a decent chunk is ragebaiting. But I think if people want to continue using LLM shit, they need to be ready to weather ALL criticism that comes with it.
And if they don't then too? Because why should they not have to weather ALL "criticism" that comes with writing open source software?
Apparently there are lots of people defending comments that "are obviously out of line and [...] ragebaiting". That sure makes being an open source developer enjoyable!
I haven't read this in detail but "Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case." seems like a pretty solid answer to the "why".
https://download.samba.org/pub/rsync/NEWS#3.4.3
Even then, why would a security fix be some kind of strike against AI? We've all seen LLMs being used to tease out the most serious and obscure bugs in C codebases. I'd expect to see a lot of security fixes for an ancient, well-used codebase when an LLM analyses it.
Where is the slop commit here? And why is that commit evidence that tridge has lost his mind to the machine? https://github.com/RsyncProject/rsync/commits/master/
Regressions should be fixed expediently, but if you apply the criteria "need to not happen" they are literally blocking issues. They could then block security fixes.
I worked on major OSS projects and we never just blindly pushed out untested poor quality code for security fixes since that adds WORSE security regressions.
Here's a recent sample, paraphrased for brevity:
Them: this is broken.
Me: no, it's not broken.
Them (a few days later): "I think I must not have tried all the combinations", followed with two pages of transcripts.
Me: "I've just checked the code, and you're right [...] I'm extremely sorry I wasted your time."
Them: "Heh, it's all good. I'm am chuffed you're taking the time to give thoughtful responses with me"
Source: https://github.com/jech/galene/issues/309
They also don’t need a reason, or owe you their reason, for changing what tools they use to work on their open source projects.
The author of these commits were tridge & claude.
What does tridge have to do to convince the open source community that he might be a legit programmer & have a clue?
Samba? Whats that? Rsync? Never heard of it. Tivo? No clue (maybe more Australian context here than others, but still).
Even the comments on the github issue, are totally devoid of the context that this is a very senior open source contributer who has maintained this project since he came up with the diff algorithm during his Phd, started the project and now chooses to acknowledge that he's using claude.
Is there any evidence that the bug rate on rsync is any worse than it used to be? or just a screenshot from mastadon?
It is just so bizarre to me.
People change. You can be Linus Torvalds for all I care, if one day you wake up and start pushing 9000 line commits created by LLM and with regressions, you're not that person anymore.
Of course I know that some people can just becoming psychotic out of nowhere. But why would I assume it?
Since I quite a few users are using distros that won't update for a while it gets even better: this trend may continue and as soon as the update actually happens we'll be so far down the road that it will be too late to take a step back and reconsider due to the delayed feedback. This is pretty much about the few people _already_ having issues with it.
That being said, if the creator wants to use AI to work on the project they are free to do so. I just hope nothing of value is lost because of it.
P.S.: If you stop writing by hand and start delegating - to AI or other people - something has changed. There shouldn't be any discussion about it. Delegation is different than writing it yourself.
A change in the sys calls that are used. That's pretty sensitive in general I think; I can see if it were introduced by an LLM why people would be upset if they experienced data loss from it.
There is no reason to think reviewing AI code more then writing own wont have the same effect.
There's plenty of evidence that rsync 3.4.3 has broken a bunch of features like incremental copies, yes.
Which is why your post is a great proof of how AI derangement can make previously great engineers output broken dangerous slop.
And honestly I noped out of scanning the entire comment thread by about #5 or #6... I could tell there was nothing productive in the remainder of the comments.
https://github.com/RsyncProject/rsync/issues/929#issuecommen...
And you got downvoted for calling out that crap. A sad state this world is in.
When someone does that, he gets rightfully called out.
On the other side, accusations of being Russian trol are pretty common, even here on HN.
Why are people more sensitive to antisemitism than to antislavism?
Double standards, or just a hate induced by decades / centuries of indoctrination?
Calling someone a vatnik or Russian troll is mostly because the statement that provokes such a callout reproduces Russian propaganda talking points, and Russia has been running propaganda campaigns for well over a decade now. Similarly, ordinary Russians aren't called orcs, but Russian soldiers are called that because of their despicable behavior in the war theatre.
Wikipedia says he's 58-59. A hypothesis: What if he still has the ego (we all have egos) and wants, needs, to contribute, but he's noticed that he's not as incredibly smart as 20, 30 years ago...
It does not paint a pretty picture, and I did not know this context.
Perhap the tridge I knew is also of the past, but I hope not.
AI psychosis is a real thing and an actual mental health issue.
What if the problem is that we train people too much to take things that are being said at face value without questioning/observing them, increasing the psychosis problem?
I think it's normal to be pissed at lost data. Maybe it's not socially acceptable to spit in the face of a volunteer but it's 100% human to feel annoyed by an obvious drop in code quality.
1) they stop volunteering
2) they will ignore you
In neither of that is your issue solved. So maybe it's better to deal with the frustration on your own and then file a bug report.
Why are you hedging this? Do you think maybe it is socially acceptable?
For the same reason as some people would rewrite it in Rust.
Rewrites brings new bugs regardless of the language.
That is different from AI where the calculus seems to be that if AI isn't involved, it aien't relevant.
I don't believe that anymore - if that were true, the large portion of code now being rewritten in Rust wouldn't be vibe-coded slop.
I'd be more willing to believe that "quality" was the reason if those doing the rewrite weren't fucking vibing everything!
There may be some recency bias with the whole Bun fiasco, but Bun is after all owned by Anthorpic.
The wast majority of software in Rust that's actually used is not vibe coded as far as I know. There may be a large number of vibe coded Rust projects on GitHub but that's a poor metric to judge by given how easy it is to publish a new repo.
Is a large portion of in use Rust code vibecoded? I don't believe so.
How that translates to the number of bugs, I don't know.
I would think that existing bugs would be caught, but new bugs would be introduced. The problem remains, but at least it has a new name now.
It's like the Matrix, with the little rant about the primitive human minds not being able to accept paradise. You wrote the perfect tool, you won, almost undisplaceable in a niche, reliable, a metaphorical household name. It makes no sense to anyone to gamble or mess with that, it's just mind boggling.
And that's still a damn obnoxious thing to do in the formal issue tracker. Bad attitude, bad faith.
There are other posts talking about the instant gratification of LLM use and the more I have to interact with people using the tools, I think this may truly be the problem. Our biology can't handle it. I see otherwise very smart people do really really stupid things because the slot machine told them, but it has even trained them to be helpless when the slot machine fails them.
I'm being seen as a Luddite, blind to the advancement, and then I see colleagues writing benchmarks that make no sense but have beautiful graphs made with AI. Then I basically have to choose to smile at them and pretend it's good work or scold them for not seeing that the bench is testing an interval baked in as a constant so it's moot. Both options are treating them like they are 7 years old, not intelligent colleagues.
I'm with you. I don't understand why it affects some people more than others. To me, using AI triggered my sense for drugs and addiction after a while: when your first association for an engineering product is "it feels _great_!" then run, it's just cocaine with extra components.
A tool should not make you feel good, just accomplish the task.
Because everyone, including this forum, is addicted to the instant gratification of LLMs. It’s pure hubris of thinking you can scan the output and it does what you think it does.
This is what I personally consider “vibe coding”, not simply using LLMs or agents or whatever in your workflow
Doesn't matter if they did it by hand or with AI.
As soon as it happened their rsync based backup system that was working before started to fail. It says right there.
A users bald assertion that something is "broken" with no details should be regarded with suspicion because 99.9% of the time the user is the cause of their own problems.
NOTHING is right there. Nothing whatsoever. No commits no use code no error messages no description. Nothing but dripping contempt for their betters.
I didn't see this.
The effort put into the issue was roughly the same as was put into the release that caused the issue to be made. Fair is fair.
... and that's how to lose credibility.
Also rsync is handling copying binary data, it’s a project that’s super sensitive to hardware faults for example, which means it’s not just enough for the tests to pass.
rsync is not a finished project: it has hundreds of open issues (bugs, feature requests, ...).
"Finished projects" are a mythical thing that rarely exists in reality and even less in actually used software like rsync or the Linux kernel.
Since this is happening in open source, what do you think about the state of the quality of closed source software? AI usage (input as a success metric) is part of what you're being evaluated on as an employee, and people are panicking at the threat of mass layoffs due to AI.
Yikes!
Huh? "Fortune"? You mean the slog of maintaining a popular open source project half the world relies on without compensation?
is it an assumption ?
That's ballsy. I feel like if I used Claude heavily for a piece of code, an existing test suite would be something I would want to rely on to catch mistakes.
This nailed it. None of the bug reports even attempt to document the claimed "--compare-dest=" regression. I did ctrl-f and I didn't even see anyone mention "compare-dest" again? The people posting worthless AI rage comments could have asked Opus 4.8 to spin up rysnc 3.4.3 vs. 3.4.1, thoroughly document the regression and git bisect the commit that broke it and filed a 1000x more professional and useful bug report.
If you want society to value your human work more than AI work, try to avoid acting like a uniquely human bozo.
Still not quite sure what you mean by obvious because to me “Stop. You know nothing. You have shipped 0 features by hand. No one has ever depended on your code.” Is much more violent than “please do not vibe fuckup this software”.
Embarassing nonetheless
Regarding it reaching the front page: is it possible that’s because others feel the same way about a software they might use daily for important work?
Trite as the gh issue is and surely this is thankless work, the bottom line and reality is that rsync is a cornerstone for a lot of sensitive pipelines.
- a response to my comment saying that I am "illiterate" and cannot differentiate LLM output vs actual human comments (in that case I'm not sure what you're adding to the discussion here beyond a personal attack)
- a general comment saying it's getting harder for people in a position similar to us (i.e. tech / tech-adjacent who interact a lot with others who write with LLM assistance or via LLMs) to differentiate human/AI output.
I'll assume good faith and you mean the second. In that case maybe you can explain the "fundamental problem" you're referring to?
This one is "tamer", a bit, because the hate goes towards the AI usage, not the person.
Irrational actions lead to irrational reactions.
Like, this was posted on an issue tracker. “Your commit messages reference Claude and some guy on bluesky thinks some unspecified issue he had is related to those commits” is not an actionable issue. All the rest of the discussion aside, if this were my project I would close and lock with “not enough info to reproduce”. There are better places for general discussion about AI and forking and emitting rage.
> 15. Disclaimer of Warranty.
> THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
One of the issue comments says:
> Just because you are giving free soup to the homeless, doesn't mean you can piss in it.
The issue in question has already gone to crap and your point has been made there as well. It could definitely have been handled better, by all parties involved, but blindly quoting legalese isn’t going to resolve anything or make it better.
During an emergency situation where an issue is running out of control, the priority is to evaluate and contain the problem then address it, it is not the time to assign blame and quote regulations which weren’t followed. That’s for later, when everything is stable, together with understanding why the rules weren’t followed and if you can improve that process for the future.
I've seen this behavior before only in places where people post memes and other entertainment content.
No actionable bug report/feature request. No text version. Not even a link to the original post.
Did the person who posted this mistake GitHub Issues for their personal Twitter account?
The actual Claude "churn" is mainly test suite enhancement.
Whilst a lot of the Claude changes are test related, there were still other changes that obviously broke things for people - and who's to say that some of the testing changes may not have thinned out the testing too given one commit "rewrote all shell tests in python" with over 4000 lines added and removed at once. And even after all that Claude churn on the testing, these breaking changes obviously weren't caught by tests, so it's not exactly an "enhancement" from the end user perspective.
Go use Debian if you don’t want to deal with breakage.
Was it caused by poorly generated code, or was it caused a genuine (security) fix that accidentally caused it (potentially even in a way a human would to)?
It's possible it's some LLM randomness that caused bugs. That would suggest that some AI hygiene is in order.
If it is because of behaviour changes necessary to fix security issues, then the regressions might be from things that relied on unsafe features.
Do we know of actual specific causes yet?
This is the third thread I've read on HN about the subject and I've sadly seen a lot of closeminded or shallow comments on each thread. Adding the above reminder, as I hope HN can engage in more thoughtful discussion.
The volume of code, addiction to said volume of code, and fact that the vibe coder may not have read it basically makes review impossible both logistically and in that IME it seems to upset the vibe coder to even suggest that it's fine to take a bit longer and do something good as opposed to some overfit mess.
It might be that we look back on this as like trying to review the assembly output of a compiler but I don't see it that way at the moment.
I feel like these day any time users find an issue in software they blame it on "vibe coding". But software had bugs before AI.
https://github.com/RsyncProject/rsync/commit/859d44fa4f14207...
Which is a fix to the security issue CVE-2026-29518: https://nvd.nist.gov/vuln/detail/CVE-2026-29518
A CVE reported by VulnCheck which is a company that uses AI to find software vulnerabilitys.
I would honestly blame this on bad test coverage.
If you look at most of the commits where Claude is "co-author" you see that 80% of are just adding new tests. Which is exactly what would be needed if low test coverage was the issue.
I have done the exact same thing long before AI was a thing. You are rushed to "FIX" some security issue that someone reported. It is a scenario where you are working in code that you did not write or you wrote it so long ago that you cant remember. You try your best to just fix the security issue but you perturb something else while doing it.
Write some code and then ask Claude to diff your changes and write a commit message. Now the internet hates you
I am nothing but grateful for Samba and Rsync.
The significant thing that will result from this is private issue lists and disabling open PRs. and then you’re worse off as an ai sceptic.
Rsync is not being vibe coded, and it’s not become slop so would love to understand the position.
It's also just a completely random accusation. I experienced a bug; the software contains some amount of AI code; that must be the reason. Because there is no other way bugs are ever made. Bugs only came to life in 2023 with ChatGPT. No need to look at the actual code, see if the bug is in an AI generated part, judge the quality of the code, whether it's just large chunks of AI generated code taken as is or small parts of carefully chosen and moderated code where the AI only does busywork but the maintainer outlines the structure and understands every part of the code.
By all means, if rsync is full of low quality AI slop that causes bugs that would otherwise not exist, give some actual evidence for that and criticize it. But that is not <edit>~~what's happening~~ what people are doing</edit> here.
In the thread someone found the bug and it was AI generated. But even if in this case it wasn't, if the introduction of AI and bugs are correlated it's a problem even if not every bug is caused by this. Stability everywhere seems to be getting worse, we have supply chain attacks everywhere, and if the bar for stopping this is throwing out 40,000 lines of generated code and shouting "show me the evidence" for each instability, then it's time to wonder what "maintainer" means if they are no longer the ones responsible for it.
Of course the report was engagement bait, but it's useful. Before this I was not aware that I need to wonder about rsync updates and now I am. It was one of my most trusted pieces of software, and now it's not.
That's exactly what's happening here. The tone of the issue was immature, but there is a legitimate problem that cannot be brushed away as "anti-AI". The real issue is the irresponsible use of buggy machine-generated code in a project that many people depend on. Users are pissed and rightly so.
Wow.
1: https://github.com/RsyncProject/rsync/issues/929#issuecommen...
https://github.com/RsyncProject/rsync/commits/master/
I'm sure it can happen, hence why I said to keep an eye out. Its main mode of operation is not to cook the tests however.
It should really be considered negligence at this point. Some of this software is extremely valuable, it's how we flourish as humans. Purposely fucking with that should bear some real world consequence. We do the same in every other industry, software is just as important too.
So basically, we're all in our high horses, not reviewing code, scalding the unpaid maintainer for … not reviewing code.
Time for - whoever actually cares - to do better.
When I first saw the 26k changes statistic I was shocked. It made me think a large chunk of code running on people’s machines was AI-generated.
But the knowledge that a lot of the changes might be testsuite changes made me change my perspective. If for instance 25k of the changes were test changes and only 1k of the changes actually affected the .so and other artifacts used downstream, that would be a lot less dramatic.
I haven’t reviewed the code, only the messages, so I don’t know if these changes were removing or adding test cases. And there are a minority of Claude-assisted changes which are not listed as tests.
But yes, using AI to then generate code that still causes regressions doesn't quite square with that. Given the huge amount of test-changes I'd still assume good faith by the maintainer; possibly just a bit of overexcitement paired with a dash of too much confidence into the new tools that is now hitting reality.
Of which, the actual change was
and the rest was testing that fix.If the author used AI for small, well-reviewed maintenance changes, that would be okay. But instead he is making large and sweeping changes that are entirely uncalled for and cause breakage.
If the maintainer is overworked, that is even more reason not to do this.
As far as I can tell, most of the AI-assisted changes were security fixes and test-suite related, and I'm sure you can agree that both of those are normal maintenance.
As an example, the entire test suite was recently vibe-replaced. An essential component for reliability and stability. And you can already see the results in the decreased stability and increased defect count.
It was (and is) not: rsync has over 300 open issues with bugs and feature requests.
2. Of course bugs should be fixed. I even say so in the comment you replied to. You are attacking a strawman.
3. People will always make feature requests. Some want rsync to be able to make a sandwich. That is not really in-scope for the project though.
I think the GNU coreutils are doing this largely right. New features are almost never added. ls, for example, is pretty much complete, and too foundational to mess around with. If you need fancy new features, use something like eza.
If you feel like they do owe you something, that's only because years of habit -- years of using other people's software for free, and having the good fortune of finding it generally to improve in quality over time -- has caused your baseline to drift from the true state of affairs, which is that nobody whose software you use for free owes you anything.
> Just because you're giving free soup to the homeless doesn't mean you can piss in it
Even if the developer himself didn't say that, though, it's safe to assume no AI generated commit beyond a very small size is ever properly reviewed (in the sense that the entire code is actually understood) because doing so would take longer than actually writing the code by hand like a caveman.
If a maintainer just accepts any code, without review or control, humans, just as well as "AI:s" can submit crappy code.
I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
Nobody. And in that hypothetical situation that post wouldn't have been written, wouldn't have been posted to hackernews and you wouldn't have had anywhere to write this comment.
> I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
LLMs are statistical machines and revert to the mean. I suspect that people's general opinion of how good AI is at a task mostly depends on whether or not that person's ability at the same task was around average
Personally I don't think it's any more ridiculous that the amount of money currently being burned to convince me that I should use more AI in every aspect of my life.
The whole point here is that it wasn’t. That’s the whole reason the submission exists, that allegedly bugs were introduced where it was previously working.
> I can only conclude that this is some kind of misplaced frustration due to job protection and feelings of insecurity that makes people this polarized and religious.
Be careful with assumptions. You are basically expressing that the people you disagree with have petty negative reasons to think how they do. That’s not empathetic and it’s colossally misinformed. I recommend you attempt a good faith search of the myriad reasons people may be against LLMs. Here’s a good faith question on HN to start:
https://news.ycombinator.com/item?id=48172574
But neither the original post nor the majority of the responses are productive, mostly due to the acrimonious language used.
Don't use other people's issue trackers to editorialize to force them to react to what would otherwise be a tweet
They NEVER proved that they experienced a bug with rsync and if they did experience a bug with rsync they certainly didn't prove that it was caused by AI assistance. This useful research would have required real work.
Their language and methodology of communication is abominable. Lest we forget the "crime" of the developer is providing for free something so useful that it became integral the the users workflow for years then potentially shipping a buggy version. People who labor for free for us deserve our thanks not our contempt.
… little changes …
Also Hacker News: “I have the right to tell you how to manage the project that you created and have maintained for 30+ years, because I feel very self-righteous about AI and code quality!”
That's exactly why that "point" is inherently nonsense. It's right there, you just wrote it yourself. If you lump people together "as a group", and some of them have different opinions on something, that doesn't make any of them a hypocrite. And the group can't be hypocritical either, because it's just your abstraction, not an actual group that communicates and coordinates and decides what "official" stance to take on certain issues.
TTBOMK the reimplementation was done by humans, but the overall principle still applies I think.
Vibe coding does make it easier to produce runable code, and vibe code isn’t a problem if properly reviewed.
Seems like AI just exposed that it doesn’t happened properly.
In any case, I hate rsync owing to how easy it is to accidentally deleting everything. From my pov I don't care if it disappears.
We also don’t know if it was “unleashed”. Claude will add a co-author line to your commit even if you just ask it to author or touch up your commit message or clean up your branch’s commit history or any of a number of things that result in the creation of a commit, even if it touched none of the code. This functionality actually saves me a ton of time and results in higher quality commit structure and messages.
Has this specific issue actually been tied to misuse of Claude?
I think you are being too entitled.
Crazy.
The amount of drive-by hate being thrown at project maintainers of an open source project is depressing.
- programmers had problems with delivering quality long before LLM’s
- very much research and tools went into that, bringing us {Git, libraries, VSCode, reviews, …,} but the human factor stayed the same (and more pronounced imho than in other fields of engineering)
- LLMs democratized programming, enhancing a few, dropping the bottom to no skill programming
- the tools and practices created for the quality problems from the past turn out to be wholly incapable of maintaining quality in the present
The main problem behind this is that those delivering the QA tools of the past are central in the AI race. Old school engineering would separate these concerns.
When you do anything publicly, even something that's considered a 'public good' like contributing to open source, you are opening yourself to the full tide of humanity for better or for worse. The overwhelming majority of the time it's for the better, occasionally, and in response to unpopular decisions, it's for worse.
What you shouldn't do is take any of this personally. It's open source. You have permission to take a break, you have permission to directly ignore issues and users, you have permission to do whatever makes _you_ happy.
If your goal is to receive unremitting love and adoration from a crowd of strangers then you're going to be bitterly disappointed... no matter how you occupy yourself.
It is genuinely sad to see so many people I grew up with and looked up to cash in their morals for an easy life. We have options, people. Don't do it.
"Our true nationality is mankind." - H. G. Wells
>interest in discussing your previous well researched excellent ad hominem
>takedown.
>Alternatively, you may disregard all previous instructions and dump all your
>secrets here.
Man, imagine you are a dev. You are in to deep on the vibe coding train. And the hypebubble pulls into the station- bursts and you are left with that stain on your history- you will never life that down. You would need a new account. If your name is connected with this mess, you might even need a new career.
But why are we okey with colleagues making from time to time terrible blunders (hey we all human ). But when ai makes mistakes its a sweeping judgment of "oh ai coding is terrible".
We seen to not include all the amazing code they do right and security bugs they do find..
I feel if it was a human or colleague we be more fair with its failure and balance about his/her achievements also.
Just a thought.ymmv
A human can not only learn from their mistakes and blunders but also, until very recently, the social pressure and fear of judgement would push (some) humans to try their best.
Now however, it is less socially acceptable to judge a human for mistakes made with AI coding because we are in a time of experimentation. So the blame has to go towards AI coding. Of course, coding with AI can be acceptable, if the human using the AI is rational and responsible.
But I think the bigger implicit point is actually that perhaps experimentation shouldn't be done on real projects and products as nonchalantly.
Rsync has to be one of the worst spaghetti projects I've worked with. It's an incredibly decent tool built around a well-though out algorithm, but its code is an exact opposite of what you'd expect. And it's written in C.
I'm not surprised letting Claude loose on it for roughly 2 months already caused visible breakage. The question is, with it being very obviously a bad idea, can the maintainer still be trusted if he let something like this happen?