ntfy.sh v2.18.0 was written by AI
According to the release: >Adds experimental PostgreSQL support >The code was written by Cursor and Claude >14,997 added lines of code, and 10,202 lines removed >reviewed and heavily tested over 2-3 weeks This makes me a bit uneasy, especially as ntfy is an internet facing service. Am I overreacting or do you all share the same concern?
Definitely share your initial concern. Without strong review processes to ensure that every line of code follows the intent of the human developer, there’s no way of knowing what exactly is in there and the implications for the human users. And I’m not just talking about bugs.
They say it’s reviewed, but the temptation to blindly trust is there. In this case, developer appears to have taken some care.
The code was written by Cursor and Claude, but reviewed and heavily tested over 2-3 weeks by me. I created comparison documents, went through all queries multiple times and reviewed the logic over and over again. I also did load tests and manual regression tests, which took lots of evenings.
Let us hope so. Handle with care to ensure responsibility is not offloaded to a machine instead of a person.
The size of that changeset means that it’s inherently unreviewable.
The commit history is something I’ve seen only in the PRs that even the most dysfunctional companies would demand a rewrite for.
Also, 2-3 weeks review? PostgreSQL support could be added in that time without the need for a damn „vibe check”. Hell, it would probably take less time than that.
To be fair they would have needed to spend time testing the manual implementation as well.
The problem I see mainly is that even if this rolls out perfectly, the erratic and changing nature if llms still make it pointless as a proof of concept. Next time Claude might fuck up in a fringe way that’s not covered by unit tests and is missed by manual tests.
On the other hand I guess I’ve been guilty myself on numerous occasions to implement fringe bugs into production code, but at least I learn from it.
I made my statement as a BDD/TDD practitioner.
The code goal of software engineering is not to deliver said code, but to deliver it in a framework that lets others—and consequently me in a week’s time—to contribute easily. This makes both future improvements and bug fixes easier.
Dumping a ~25000 lines changeset with a git history that’s almost designed to confuse is antithetical to both engineering and open source.
The first three on this list can do it: joinjabber.org/docs/apps/android/
Explanation here: joinjabber.org/tutorials/service/unifiedpush/
They just replied:
What gave you the idea that this was a full rewrite? I moved things around with AI and added postgres support for the queries. Nobody has ever reviewed and tested anything more thoroughly than I did with this branch.
You are twisting what it actually is. You are assuming something that is not true.
This makes me think that they didn’t review or test it at all, lmao
Self-host
It is possible to host your own Autopush server. Autopush is designed to work with Google BigTable but it is also possible to use it with redis.
For this:
# mozilla-services/autopush-rs
Autopush-rs
Mozilla Push server built with Rust.
By using Sunup, your are going to have to trust Mozilla.
In order to use UnifiedPush, you need to choose a distributor to use. A distributor is the application that serves as the middle-man that receives the notification from its server and pushes it to your other applications on your phone. Think of it as a privacy-friendly postman for your notifications. Central to the distributor is its push server, which is the backend system that receives notifications from the app’s server and sends it to the distributor on your phone. It’s the starting point for delivering notifications to your device, and you often have a choice of using the distributor’s default push server, or hosting your own.
ntfy never really had good push to iOS, in my experience. The only way I could keep my private channels consistently working was to use the PWA and specifically not sign into it (otherwise, my login token would expire and break things).
I gave up and switched to pushover and as long as I’m somewhat cognizant about what i’m including in the notifications, I’ve been pretty happy.
I’d love for something self hostable to get as good as pushover on iOS
Send push notifications to your phone or desktop using PUT/POST
I’m sorry, how many lines of code for that?
no, it’s literally all in service of sending notifications. but there’s a lot involved. android doesn’t have a way to receive them natively for example, you need to go through google’s services. so ntfy has to emulate the firebase api. then there’s the “exactly once” requirement, which is basically the two generals problem turned up to eleven because every platform syncs differently and you need some way to store messages that are in the process of transmitting. then there’s the matter of punching through NAT, so you need a STUN/TURN setup on the server.
and that’s on top of the fact that every platform requires different build options, manifests, certificates, etc.
They are not even trusting it themselves. This is from the release notes
I’ll not instantly switch ntfy.sh over. Instead, I’m kindly asking the community to test the Postgres support and report back to me if things are working
Fuck that.
Test in production is the best. We spent months warning from data bugs and nobody bat an eye (upstream bug, not our responsibility but we noticed) When it was d launched in prod we just pointed out the bug that nobody fixed was still there and immediately a war room was formed and the bug fixed within an hour.
It honestly seems more efficient to let shit hit the fan than to fight everybody to do their job.
Testing in production is the most idiotic last 10 years or so concept, which is mainly driven by incompetence of project managers.
Imagine if you get sold a car by a company, for 100k, then it start having major issues and the car company tell you: “we’ll fix it”.
While that does not necessarily apply to software or services or webapps, the logic still stands. You are selling bugs to people. Bugs that could have been cought, with some risk management and planning.
which is mainly driven by incompetence of project managers.
I completely agree. I work on an internal solution, which is a part of a very large product. It’s not a live product, only part of a pipeline that runs on a predetermined schedule. Our bit is the only one with actual business/performance KPIs, most of the other teams measure only “user story/CR points”. If the other teams screw up, it will impact our performance unless we prove it’s their fault. And of it’s their fault, they open a US/bug which improves their metrics (one more US closed). Our team has to think ahead and try to do things well in one go, because our bugfixing doesn’t count as work. But our speed is measured against people who benefits from half doing stuff. When we did massive effort, we got complaints we were slow. Now we do less effort and once every blue moon we have to do a hotfix. Most often than not when we have an production issue is due to the other teams that run before us on the pipeline, so we even had to develop checks to our input because they won’t add checks to their outputs. And they won’t because that’s a CR that requires extra funding that’s not approved, but we had to create them for our own sanity.
Yes, I’m looking to move out haha
A project is as good as its weakest point. While people might get butthurt by getting pointed at, a project is a group effort. Segregated teams are always a problem and almost always becomes a vulnerability,
Given current micro services architectures, we all have to get along with each other,for the greater good and the interest of the customer.
You sell shit, you get shit back. You sell high quality products with less obvious faults, you profit in the long run.
But no: “Let’s test in production”…
Again, I agree and I’ve fought for that. But this needs to be top to bottom. We have budget slashed, morale in the ground across the board. Those who keep trying for the best fight a losing battle with those who already have up trying.
If the bosses don’t care about the interest of the “customer”, I don’t either. I’ve already openly spoken to my team saying I’m now ready for things to blow up and get the attention we need from the ones really high up. I’m done working overtime because anther team is already working overtime in something else or because some bullshit political 4D chess were they throw us under the bus for their failings or try to make theirs our work.
Had an annoying day with this things, sorry for dumping this here haha
Consider a donation to help people providing you the open source software you seem to depend upon.
Usage of a helper tool to perform tasks on code whether it is AI or the IDE internal features can reduce the work load of benevolent developers who has not asked you to use their softwares.
Maybe the language was not appropriate but get real. With the little revenue generated by the usage of people complaining, the use of AI agentic coding might be the only way to being features without pushing benevolent devs to burnout.
You are completely correct, and to be honest I’ve tested commercial product features in prod as well on teams that have the capacity to handle it and make a living on it, unlike this maintainer.
I’m also experimenting heavily with vibe coding and I think it has many uses for a seasoned programmer while getting a lot of flak.
Of course there are issues and problems with it, but for me it had been helping out a lot.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IP Internet Protocol XMPP Extensible Messaging and Presence Protocol (‘Jabber’) for open instant messaging[Thread #146 for this comm, first seen 8th Mar 2026, 10:40] [FAQ] [Full list] [Contact] [Source code]
Same here. Literally just set it up and now this.
I hope the author will roll this back or someone makes a fork. I don’t want to immediately switch technology to XMPP and do it all over again.
You could, in the meantime, simply not upgrade to the version that uses AI.
Since, from what I’m seeing around, people are having issues looking for an alternative.
ueiqkkwhuwjw
henfredemars
Jul (they/she)
poVoq
phase
CorrectAlias
Natanox
exu
Sips'
november
Kilgore Trout
TrustedTyrant
Leon
lime!
x00z
ubergeek77
Kevin
nfreak