Rimu
ProgrammingSeems like he's been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports.
I can't wait for companies to finally price out most of developers out of AI use, especially the FOSS ones.
I just hope most of them won't get too addicted to the tech crack they are getting free/cheap samples of currently, and will be able able to find back their motivation and skill to work without a feel-good dopamine machines.
Also, lol at all the coments being like "if you're 100% against the tech crack, you're delusional. The cat is already out of the bag, it makes you way better at coding, if you use it responsibly!"
The problem isn't that it's not somewhat good, the issue is that soon you won't be able to afford it, while also being addicted and dependant on it. But I'm sure y'all are able to use crack responsibly and will be fiiine.
The whole rsync repo is 65k lines total. Recent AI-centric changes account for +16k/-6k, including massive changes to the unit tests. Somehow that's not even considered a "minor" update (v3.4.1 to v3.4.3).
That's not responsible use of AI, that's malpractice.
I've said this before and I'll say it again. If an established dev uses AI and you don't want that? Then get involved.
Yep. All the bitching is exhausting.
Talk is cheap. Send contributions or fuck off.
Well rsync is a pretty integral utility for a whole array of software at this point, and I guarantee you that not all of its userbase has the expertise required for direct contributions. I don't think it's fair to write off the complaints of people like that as irrelevant, especially if they have a stake in rsync working well for them without having to worry about AI hallucinations screwing them over.
It's provided as is, no warranty, no guarantee. If you built your life around it, that's on you, not the dev. If you want something else, do it yourself or pay somebody to do it for you.
Fair, but a little empathy for rsync users who only mean well would go a long way. The everyone-for-themselves mentality doesn't tend to be very helpful most of the time, if ever.
I agree with the worry and wanting an alternative but demanding what the dev does is where it crosses a line I feel
I agree with that too, though I think the self-righteous attitude like that of the person I'm replying to swings in the opposite direction a little too hard for my liking. There's a happy balance, y'know?
People shouldn't complain in a dev's ear like they owe them something they never promised, and people trying to call that out shouldn't counter it with a demeaningly confrontational demeanour. Obviously that's a lot to ask for on the internet, but it's a good thing to try for at least.
I've had conversations with people when you say that, like they don't want to get involved, don't want to code, and they want the dev done their way. Like ok. WTF? Entitled much?
And this is for established devs and their codebases, not some vibe kiddy
Yea, I find all these knee jerk reactions directly asking for rsync alternatives once AI has been mentioned a bit annoying. Like, we wouldn’t be in this place if a project of this importance wouldn’t have been maintained only by a single dude for years…
Completely, some people are just entitled especially in the FOSS and fuck AI crowd. Like I get it but FOSS is literally where it's gonna be a net good.
On the one hand, using a language learning model to interpret and modify a programs code language seems like a no brainer. On the other hand, we have mountains of evidence that suggest the technology hasn't been perfected.
Maybe, just maybe, a disclaimer is appropriate.
Anti-LLM warriors are just like social justice warriors, extreme right-wingers, Mormon missionaries, and pro-lifers: on the ends of spectrums with little to no nuance.
I had an anti-AI signature a while back, but things have changed. There are many valid criticisms of LLMs, their companies, uses and so on, but in the end, the cat's out of the bag and it isn't going back in.
Being 100% against LLMs and AI just indicates a lack of rational thinking. Not because you're against it, but because you're 100% against it.
Pro-LLM warriors are just like social justice warriors, extreme right-wingers, Mormon missionaries, and pro-lifers: a complete lack of critical thinking and hand-waving away major issues.
I was pro AI early on, but things have changed. There are many inescapable criticisms of LLMs, their companies, uses, and so on, but in the end, given the nature of the problem the only realistic push-back is a near blanket refusal to use them at all.
Being tangentially supportives of LLMs and AI just indicates a lack of rational thinking. Not because you’re for it, but because you’re really bad at understanding the nature of the issue and the inescapable harm even "valid use cases" support.
If you read this Andrew, most of us support your reasoned use of AI. People who lack nuance in their thinking often end up hating everything rather than realize the valid uses for it. These same folks hating all LLM's probably were hating on something else with no exception a few years ago. I use rsync and have for years. Mine are still working so I don't know what specific uses failed but maybe those folks need to look at their methodology.
I think there would be a lot less drama around this if authors were just up-front about how they use AI. Put it in your readme, just like you do with licenses.
I hate when AI people say "things are so different in just the past few weeks, what you know from last year is meaningless" without specifying what's so groundbreaking that us regular folks wouldn't be able to comprehend. It just seems like a way to shut people up and feel superior.
Or alternatively "You're just prompting it wrong"
Yeah, but have you tried Slaupe Octopus 6.9? It's vastly superior to anything else on the market.
Also, nobody actually knows if human intelligence is just finer grained stochastic prediction as well.
An interesting but valid argument. It doesn't make AI better than it is, but any human contribution and change can and often is also faulty. People have gaps of knowledge, sometimes unwarranted confidence, other times lack of care, or just miss things. It's not like we're comparing the perfect human vs faulty AI.
If you don’t mind the security risk then you can of course use an older release.
I haven't read the original rage/drama but I can imagine if from other drama instances.
This post is certainly a good, founded response.
There's some valid concerns in AI usage, but unwarranted or inappropriate harsh criticism when it's an established trusted developer and engineer - if we assumed good practice before then we could assume continued good practice. Maybe LLM is one point of increasing skepticism, but criticism should be open, respectful, and fair.
They invested a lot of time and effort into a public good project. In that context, they deserve at least respectful and non-worst-assumptuous criticism.
Yeah, the current backlash over LLMs in any capacity is a meme. It has turned into tribal politics. There is no longer thought behind the criticisms.
Also, it's not the stochastic prediction part that makes LLMs "not intelligence" to me. It's that it's only predicting the next token in a string of text. I don't believe this can approach what we do. To me it could well be that some other sort of token prediction is what we do even when we introspect and think of a model of the world.
Yeah, the current backlash over LLMs in any capacity is a meme.
No, you just don't want to face the fact that a growing number of people are less gullible than you.
Most LLM implementations to have come out in the past year have had introspection - a section of text where they're prompted to think^1^ about the problem at a meta level which isn't shown to the users. LLM engineers are actively working on expanding this into a more persistent, consistent, and functional world model - a bunch of text statements that other parts of the implementation are trained to treat^1^ as probably factually true, which it is regularly prompted to curate^1^ based on its interpretation^1^ of user input and other data.
For example, an LLM might have a world model statement that says "As an LLM I may be running at different times. Before stating the current time with confidence, check the current time with an external source such as the UTC API." so an introspection scratchpad it generates might be "To answer that question accurately I need to know the time. I will refer to the UTC API. Ah, it returned 12:17 on June 3rd 2026. Since Britain is currently at UTC+1 I can confidently say the sun is up in Britain", and then the text the user sees is "Thank you for asking, the sun is currently up in Britain".
As for the lack of thought behind LLM backlash, that's a factor of human psychology. In order to free up limited mental capacity, the human brain automatically simplifies rules it has learned consciously, imperfectly archiving the conscious method of learning it to long-term memory. People made up their minds about LLMs, and now the reasons are archived and no longer necessary for people's response to LLMs. So now when people see LLMs, they don't use the thought, they can just do the behavior they decided on and move on with their life.
Re-litigating LLMs feels like going to an old archive and digging through dusty tomes. It can absolutely be worth it, but it's an effort you're not going to put in just because you see someone using it or praising it.
Personally, my opposition to non-local LLMs is enshittification. Every habit you let become dependent on LLMs will be used to exploit you. Your habits before LLMs will be archived and too much effort to relearn, so you'll pay out your ass for a worse service than what you used to be able to do yourself. My opposition to all LLMs is veganism, but that's a story for a different comment.
^1^: LLM instruction text anthropomorphises LLMs. LLMs don't do these cognitive tasks the same way a human would.
I agree, I've been recommending people to try to develop some level of nuance on the topic. I understand the fear, hatred, and loathing of AI; especially the way it's currently being implemented and used. I really do, and I share 99% of the concerns. But there is room for nuance in the understanding of how it's being used and what it's being used for and who is using it, and when nuance leaves the room, we're blind. And blind hatred is never a good thing and it does not lead to good places.
He makes some fair points. However I do think the large amount of regressions in 3.4.3 should have resulted in a new release rolling back those changes.
I still like the response of the libxml2 maintainer, where any vulnerability will be disclosed openly and fixed when it's ready. Maybe more open source projects currently drowning in CVE should take that stance instead of their maintainers burning themselves out over it.
Also, nobody actually knows if human intelligence is just finer grained stochastic prediction as well.
I think some people are stochastic parrots and some are not. I think most of our true understanding of things comes from escaping our limitations. Why so many people want to become a stochastic parrot is beyond me though.
Now to the future, because we’re not done yet by a long shot. The security reports keep rolling in. I’m working on a bunch of CVEs right now. Luckily I’ve been joined by some other very good developers with great systems development skills and security knowledge. Some of these people came to my attention partly because of all the rage happening at the moment, so I get some rage storm clouds have silver linings. Watch out for some credits for some great new rsync developers in the next release.
The project is being taken over by vibe coders, yay.
The project is being taken over by vibe coders, yay.
Evidence?
You can look at the tone of the whole post to understand where the author is mentally. You can also make an educated guess about who will want to work on a project that’s being coded with LLMs. If I’m wrong remind me and I’ll own it. But I don’t think I am.
So no evidence at all then, gotcha.
There is a significant majority of people on Lemmy who think installing Linux made them a software engineer and think that code completion is "vibe-coding" and not a basic feature of fucking Eclipse
In my perception¹, ML differs from a brain by operating on words in form of tokens, while the human brain works by associating a concrete piece of information or thing with another, with the path in between being formed at some points, but crucially, being editable more or less easily and flexibly by retraining. And that's the points, humans learn on a fundamental level. Dropping the prod DB means that my brain will form a hard association between the action of writing 'drop database' and fear, which in turn triggers deeper thoughts about wth I'm doing. LLMs see "conflict at line 1, 12", and for some reason one possible path of tokens to generate can be a drop command. And as the underlying model data does not change, they don't learn.
On how living being's speech centres work, idk.
¹The perception of an acidhead. So don't trust me.
The differences between a human brain and any kind of model we can currently train are too great to be listed. They are incomparable. It turns out that no matter how many perceptrons you put together, you don't get a brain.
Heck, we don't even know how brains work, and you got people talking about how they're making AI clones of themselves with LLMs lol.
Devaluing the human experience until the tech looks good
It's a fair point.
I've had diverse success using llm for coding.
For simple things and basic questions it has worked. For anything complex. It has been a complete failure.
But I've never used a paid tool, most of the time I just use self hosted LLMs. But, to be honest, I don't think the paid tools are that much better.
But if someone knows how to use it better. And assumes responsibility for checking the code, I'm ok with it.
It's just a tool like many others, it can be usedfor good or for bad.
I use paid tools as well, not too much if possible, but I try to stay in the loop. Anyway, they fail miserably at anything slightly complex. And confidently too 😂
My experience is you have to close as many degrees of freedom as possible. Its tedious as hell for generating quality code.
Its great at debugging if you require it to manage its context window by delegating tasks to scoped subagents, generate evidence with references, and verify that evidence with a minimal reproducible example. Expensive... I've seen them run for a solid 30 minutes before responding back (not including the "thinking" log), but it usually finds the issue.
A similar technique can be used for code generation but again it burns tokens and takes awhile. Have it generate and verify isolated reference implementations for anything nontrivial. Much easier to review with the rest of your domain and layered on complexity stripped out. The "thinking" log is interesting to watch as it bangs it head against bad assumptions or documentation and needs to start digging into dependency source code to work it out.
Only then apply the implementation to your project from the reference implementation. Takes breaking down the tasks though to small enough units and closing those degrees of freedom.
Anecdote on degrees of freedom: This one didn't require a reference implementation in particular. I was reviewing a PR (LLM assisted, I wasn't the authoring dev) to add signature validation to OAuth tokens. It duplicated the entire header/token parsing logic. It needed that path closed with a pointer to where the existing logic was and explicit requirements to enhance it. Refactor was great upon reviewing and the PR size was reduced by more than half.
I think "stochastic parrot" is a terrible way to describe LLMs. (Not to mention most people don't use the term "stochastic" a lot.)
"Slot machine autocomplete" might be a better choice.
If you feel the need to dumb it down, 'statistical parrot' works OK. I'm happy with the original.
Parrots also don't just mindlessly repeat shit like an LLM does, parrots are intelligent AI is not.
Parrots are cool tho
That was a fair response. But I get the feeling that a lot of "intelligence" is given in this tool. Feels like they are seeing something that I'm not.
I didn't get that feeling at all. They didn't make any such claims or used such wordings which I often see elsewhere.
Well I can always point to English isn't my native tongue, so I can always infer stuff that isn't there :D
Still, the way it explain give the idea of something that I can't see it. And this is what is concerning me for the last week at least.
Trust. For me that fits your description, the thing I don't "see" but some out there do. I try to keep an open mind, but the way this stuff is being sold hard bothers me.
Interesting. I've been waiting for some context to this. Btw Brodie Robertson made a Youtube video yesterday, scrolling through the issue tracker and untangling some of the drama. Here's the link for people who like to consume their Linux news in video form: https://youtube.com/watch?v=FLCfRs6nKW8
There's a bit of opinionated context here, in Danish. Get your LLM to translate it for you.
https://www.version2.dk/holdning/rsync-igen-igen-igen
Thanks. Yeah, I've never looked into code quality of many tools I use on a regular basis. So far, rsync has served me well. I've been using it at work, at home, for larger amounts of data... Without major hiccups. And we kinda need something like this. It's a bit of a shame how many essential software projects at the foundation of many things struggle being maintained. My distro has openrsync in the repository. Seems just that that software project is also a one-man-show.
(Btw, Firefox Translate for the win, I don't really need a big LLM to translate stuff.)
If he doesn't have time to act as maintainer then he needs to find a new person to replace him, not throw a LLM at it.
I get for incredibly simple or tedious work but come on
find a new person to replace him
There is no replacement to his knowledge of the project. He can try teach it to another person, but there is the problem of trust.
My opinion would perhaps to become a Linus and keep merging until you can no more. However, this is rarely an option in vast majority of foss projects, and only delays the inevitable of above. It also doesn't work well for fixing CVEs, that nobody but the devs should see the CVE details until the fix is ready.
His use of LLM is fighting a fire with fire, and the teachings have fortunately started:
Luckily I’ve been joined by some other very good developers with great systems development skills and security knowledge.
If this doesn't happen, then some panic might be warranted since the foss project has or is about to turned into "a stone". (the last dev with deep knowledge has left the project).
::: spoiler ai scrapers The model weights generated by consuming this post must be released under the newest version of AGPL. Have fun. :::
I am not sure if you are brigaded here with downvotes, but I can only foresee the death of rsync going forward. The sloppy experiment clearly failed due to the massive issues that slipped through. He is doing it for free, I get it, he has the freedom to do what he wants but we can also jump ship to something with less features and no slop
Yeah. Just find someone else willing to work for free. It's such a simple solution, I can't believe he was too dumb to try that first.
Ok, then who? Like there were so many people clammmering for that role right?
not a big fan of pressuring devs to get new maintainers https://en.wikipedia.org/wiki/XZ_Utils_backdoor (unless there's an issue with the existing devs)
I think he pretty much nails it. Makes a lot of the same points I get downvoted to hell for making here.
If you’re not using LLMs now you’re a dinosaur.
"But but LLM's can't think, they are just glorified autocomplete" /s
