The developer used AI and it introduced bugs and that was bad for people.

Was it the AI that introduced bugs, or them, while working with AI there or in other parts?
Would the bugs not have occurred if they made the changes without AI?
Would they have made any changes without AI? Would we be better off without changes for security robustness?

You make it sound like a direct correlation. Having read their response, that seems like an assumption without reasonable foundation.

Changes always have a risk of introducing bugs.
I’m no friend of using AI without the necessariy expertise, but from their response, they seem to have taken a very thorough, reasonable approach, and they seem to have the expertise to do so.

When I rant about polarization of AI discussions I’m talking about on social media generally, not this one remarkably civil thread. But even your use of the term “roles” is doing it - you’re assigning black hats and white hats to the participants instead of focusing on what they’re saying.

Speaking of which, where do you get the idea that the author introduced bugs by using AI? He says that in his work to improve rsync by beefing up test suites, integration testing etc he used AI to do grunt work, and thoroughly reviewed every bit of it. He explains this very clearly, and I don’t see the part where his use of AI created more bugs.

I am pro-AI - I’m interested in its development and looking forward to it getting better. What we have right now can be very useful, but it’s kind of like 1980s 8-bit graphics video games. It hallucinates too often and is unconscionably resource-heavy. I’m very much against its overdeployment and misuse. Companies are charging into implementing AI like middle school boys who just figured out how to find free porn. They see it as yet another magic wand to reduce headcount - which is their endless quest. But blaming AI itself for this is like blaming a saw for wasting lumber or for not being a better saw. Blame shitty carpenters who use it wrong.

I think there is more nuance or spectrum than good or bad. Vibe is one extreme, but along the dial from traditional to pure vibe are degrees of involvement. I’d characterize the degrees something like:

0. No AI, just elbow grease
1. AI as just auto complete on steroids
2. AI generating more complete change sets, but still from focused, more surgical specs, and still a human review on everything
3. “Spec-driven development” where, as I see it, you’re engineering a multi-agent-role workflow to intersect different contexts and iterating to try to converge on carefully designed specs

In 3 of those 4, the human is fundamentally the one owning the output, and AI is an accelerator and potentially an influence, kind of like pair programming. And even the SDD workflow can be a human-in-the-loop approach, although the more agents produce autonomously, the harder it might be for a human to be effective at reviewing the output.

So I’ll agree that “use it or don’t” is a binary, but I’d just add that there’s still a spectrum of how it’s used.

You absolutely don’t need to wax all of them, where did you get that idea? It’s okay to only wax a few of them.

Not even every bug AI finds is a bug.

How do you know those were the result of the AI?

I quite deliberately tried to err on the side of fixing security issues for that release, and there were some valid (but unusual) use cases that got caught up in the changes.

Seems to me like it was just his own fault. AI may very well have had nothing to do with the regressions, other than maybe not identifying them?

But where will the maintainers for these alternatives come from, when barely anybody has stepped up in the 30 years of rsync’s existence? Your comment implies that tridge didn’t call for help before, which is far from the truth.

This is thankless maintenance on critical software, not some *-arr toy project for hobbyist self-hosters.

He’s been asking for help but nobody took him up on it.

Is that your assumption given that they’re using AI? Because it’s not at all what I have taken away from their article.

Is “not properly maintained anymore” your interpretation of them using AI? Or what do you base that on?

Do you mind describing what black pill means in this context? I’m familiar with the red/blue pill references, but could only find the incel context of black pill online. Is it just a “harsh truth” kinda thing?

You gotta get up on ai start using it yourself, good or bad it is what it is and people will be left behind.

Okay then you’re just bitching at a dev with nothing to help him might as well yell at the wind.

In your eyes, is all AI-produced text and code slop? Or did you check on the Python tests they designed and implemented with the help of AI, and after analysis of that, you came to the conclusion that it’s slop (as in nonsensical, incoherent, faulty, or similar)?

Don’t worry, they want to replace your hardware with a “cloud based computing solution” as well.

When did that absurdity come back? I thought we killed the cloud computer nonsense a decade ago.

What hardware that needs? My issue with running local models was that it’s too much of a resource hog to be able to do gamedev on the same machine, and any sensible model needs pretty expensive hardware to just get a server for it. Especially with current prices.

Well you aren’t a brain dead business man then.

qwen is garbage. it can’t even count the elements within an array of numbers.

to be clear though, it’s not just qwen. all code models are fucking trash.

most people are going to destroy their home servers running these workloads

Well rsync is a pretty integral utility for a whole array of software at this point, and I guarantee you that not all of its userbase has the expertise required for direct contributions. I don’t think it’s fair to write off the complaints of people like that as irrelevant, especially if they have a stake in rsync working well for them without having to worry about AI hallucinations screwing them over.

Yeah, everyone with a local LLM running on their PC who suddenly thinks they’re an expert in software development: time to bombard the creator of Rsync with AI bullshit that he will need to wade through.

I’ve had conversations with people when you say that, like they don’t want to get involved, don’t want to code, and they want the dev done their way. Like ok. WTF? Entitled much?

And this is for established devs and their codebases, not some vibe kiddy

Contributions are not enough. It needs people to maintain it. That means dedicating time long term. It’s not a small undertaking.

Contributions can be a step on the road though.

Completely, some people are just entitled especially in the FOSS and fuck AI crowd. Like I get it but FOSS is literally where it’s gonna be a net good.

It’s his project. He can do whatever he wants to with it. He doesn’t have a “responsibility” to you or anybody else. Stop being so entitled.

Point it out, doesn’t change the fact that you’re not addressing the core problem, which is developer burnout in these FOSS projects.

Also no its not their work, its literally a voluntary job so stop dictating how people spend their free time.

But that’s just me, you do you.

This reasoning assumes any LLM-assisted change is faulty, right?

The linked article doesn’t make me concerned. They seem to have the expertise, seem to apply due diligence and good practice around (selectively) using LLM.

Can people not directly involved in and working on the project assess the risks well? Do we not have to depend on author and project leadership expertise just like we had to before with any parts of development, management, and tool and infrastructure use?

I haven’t looked up the original communication or drama, but I assume communication could have been much better. Maybe the commits didn’t say much about the reasoning and due diligence that they describe in this article? Other than that, how can you make a better judgment about the changes than them without taking a thorough look and assessment?

Yes, there’s been several regressions that would’ve been caught by the original tests, but missed by the new vibe-coded tests. That’s what prompted the blog post linked by OP.

Yes it all broke which is how people noticed

Yeah, the current backlash over LLMs in any capacity is a meme.

No, you just don’t want to face the fact that a growing number of people are less gullible than you.

Most LLM implementations to have come out in the past year have had introspection - a section of text where they’re prompted to think¹ about the problem at a meta level which isn’t shown to the users. LLM engineers are actively working on expanding this into a more persistent, consistent, and functional world model - a bunch of text statements that other parts of the implementation are trained to treat¹ as probably factually true, which it is regularly prompted to curate¹ based on its interpretation¹ of user input and other data.

For example, an LLM might have a world model statement that says “As an LLM I may be running at different times. Before stating the current time with confidence, check the current time with an external source such as the UTC API.” so an introspection scratchpad it generates might be “To answer that question accurately I need to know the time. I will refer to the UTC API. Ah, it returned 12:17 on June 3rd 2026. Since Britain is currently at UTC+1 I can confidently say the sun is up in Britain”, and then the text the user sees is “Thank you for asking, the sun is currently up in Britain”.

As for the lack of thought behind LLM backlash, that’s a factor of human psychology. In order to free up limited mental capacity, the human brain automatically simplifies rules it has learned consciously, imperfectly archiving the conscious method of learning it to long-term memory. People made up their minds about LLMs, and now the reasons are archived and no longer necessary for people’s response to LLMs. So now when people see LLMs, they don’t use the thought, they can just do the behavior they decided on and move on with their life.

Re-litigating LLMs feels like going to an old archive and digging through dusty tomes. It can absolutely be worth it, but it’s an effort you’re not going to put in just because you see someone using it or praising it.

Personally, my opposition to non-local LLMs is enshittification. Every habit you let become dependent on LLMs will be used to exploit you. Your habits before LLMs will be archived and too much effort to relearn, so you’ll pay out your ass for a worse service than what you used to be able to do yourself. My opposition to all LLMs is veganism, but that’s a story for a different comment.

¹: LLM instruction text anthropomorphises LLMs. LLMs don’t do these cognitive tasks the same way a human would.

Lmao bro, what do you think “stochastic prediction” means? It’s always the people who don’t even understand LLMs defending them the hardest.

I agree, I’ve been recommending people to try to develop some level of nuance on the topic. I understand the fear, hatred, and loathing of AI; especially the way it’s currently being implemented and used. I really do, and I share 99% of the concerns. But there is room for nuance in the understanding of how it’s being used and what it’s being used for and who is using it, and when nuance leaves the room, we’re blind. And blind hatred is never a good thing and it does not lead to good places.

It’s that it’s only predicting the next token in a string of text.

An LLM has an internal state while predicting text. The “next token” chosen takes that state - a model of the world - into account. So a LLM is predicting the next token based on a world model and the previous text.

Saying that it is “only predicting the next token”, without more context, while technically true is very misleading.

But what they’re also implying is is that most people just can’t keep up. But they can, apparently.

About the security stuff, I don’t think it is a question of whether AI could do it or couldn’t do it, it just wasn’t extensively used for it. For a long time there have been LLM bots trying to automatically identify security vulnerabilities in hopes of making “free money”, but it wasn’t effective. Now there’s people actually trying to find real issues. And I would argue that AI is not good at it. You can just let it ponder for as long as you can feed it with money, and you will definitely find vulnerabilities. The false-positive rate is very likely high. If I try to roll a dice 12 times, and 3 out of those were 6, then that doesn’t make me a good dice roller.

I think it’s just more the act of discovering what we can do with AI. It’s like openclaw, that could’ve been around last year, it’s not like AI wasn’t capable enough at that point, it’s just that no-one thought of using it like that (or at least no-one built it to the extent of openclaw and got it that popular).

Yeah, but have you tried Slaupe Octopus 6.9? It’s vastly superior to anything else on the market.

My reply would be the equivalent of sloperator for prompsitutes.