nikodindonI built a local AI movie recommender for Radarr using Ollama
Built with Claude by the looks of things. Not sure if Claude was used to generate the boilerplate and whether the dev reviewed it after or whether Claude did all of it, but definitely Claude was used for some of it. I recognise the coding style that Claude outputs and the bugs that it implements that will cause TypeErrors if not handled.
FWIW, I’m not against using AI as an assistant for coding (I do it too, using Claude and Vercel as assistants) just as long as the code is reviewed and understood in full by the dev before publishing.
irmadladFWIW, I’m not against using AI as an assistant for coding (I do it too, using Claude and Vercel as assistants) just as long as the code is reviewed and understood in full* by the dev before publishing. *my emphasis
A very sane take. I do wish devs would fully disclose this on their github or other. That way, if the project is seasoned, well starred, et al, and the dev used AI as an assistant, then the user gets to decide. Given all the criteria are met, I would deploy it.
I will say that I have observed what seems like a pretty decent up tick in selfhosted apps, and I would be willing to bet a goodly amount of them have at the very least, used AI in some capacity, if not most/all code. I don’t have any solid evidence to back that up but it just seems that way to me.
Yeah. Maybe it’s time to adopt some new rule in the selfhosted community. Mandading disclosure. Because we got several projects coded by some AI assistant in the last few days or weeks.
I just want some say in what I install on my computer. And not be fooled by someone into using their software.
I mean I know why people deliberately hide it, and say “I built …” when they didn’t. Because otherwise there’s an immediate shitstorm coming in. But bulshitting people about the nature of the projects isn’t a proper solution either. And it doesn’t align with the traditional core values of Free Software.
Warning, anecdote:
I was unexpectedly stuck in Asia for the last month (because of the impact of the war), turning an in-person dev conference I was organising into an “in-person except for me” one at a few days notice.
I needed a simple countdown timer/agenda display I could mix into the video with OBS; a simple requirement, so I tried a few from the standard package repos (apt, snap store, that kind of thing.)
None of them worked the way I wanted or at all - one of them written in Python installed about 100 goddamned dependencies (because, Python,) and then crashed because, well, Python.
So I gave up and asked my local hosted LLM model to write it for me in Rust. In less than 10 minutes I had exactly what I wanted, in a few hundred lines of Rust. And yeah, I did tidy it up and publish it to the snap store as well, because it’s neat and it might help someone else.
Which is more secure? The couple of hundred lines of Rust written by my LLM, or the Python or node.js app that the developer pinky-promises was written entirely by human hand, and which downloads half the Internet as dependencies that I absolutely am not going to spend time auditing just to display a goddamned countdown clock in a terminal window?
The solution to managing untrusted code isn’t asking developers for self-declared purity test results. It’s sandboxing, containers, static analysis… All the stuff that you are doing already with all the code/apps you download if you’re actually concerned. You are doing those things, right?
Good comment. The main issue is that: Back in the day I could have a quick look at the code and tell within a minute whether something was coded by a 12 year old or by some experienced programmer. Whether someone put in as much effort, I could be pretty sure they’re gonna maintain the project. Put in some love because it solves some use-case in their life and it’s going to do the same for me. Assess their skill-level in languages I’m fluent in.
These days not so much. All code quality looks pretty the same. Could be utter garbage. Could be good software, could be maintained. There’s also new ulterior motives why software exists. And it takes me a good amount of time and detective work to find out. And I often can’t rely on other people either, because they’re enraged or bots and the entire arguments are full of falsehoods.
As a programmer and avid Linux user, I rely a lot on other people’s software. And the Free Software community indeed used to be super reliable. I could take libraries for my software projects. Could install everything from the Debian repo and I hever had any issues. It’s mostly rock solid. There were never any nefarious things going on.
And now we added deceit to the mix. Try to keep the true nature of projects a secret. And i think that’s super unhealthy. I had a lot of trust in my supply chain. And now I’m gonna need to put in a lot of effort to keep it that way. And not fall prey to some shiny new thing which might be full of bugs and annoyances and security vulnerabilities, and gone by tomorrow once someone stops their OpenClaw… Yet the project looks like some reliable software.
And I don’t share the opinion on sandboxing. Linux doesn’t have sandboxing on the Desktop. That’s a MacOS thing. All we have is Flatpak. But you’re forcing me to install 10GB of runtimes. Pass on the distro maintainers who always had a second pair of eyes on what software does, if it had tracking or weird things in it, whether it had security vulnerabilities in the supply chain. Maintainers who also provided a coherent desktop experience to me. And now I’m gonna pull software from random people/upstreams on the internet, and trust them? Really? Isn’t that just worse in any aspect?
And I don’t think Flatpak’s permission system is even fine-granular enough. Plus how does it even help in many cases? If I want to use a password manager, it obviously needs access to my passwords. I can’t sandbox that away. So if the developers decide to steal them, there’s no sandboxing stopping them in any way. Same for all the files on my Nextcloud. So I don’t see how sandboxing is gonna help with any of that. We somehow need trust and honesty.
I mean, don’t get me wrong here. I’m not saying we need to ban AI in software development. I’m also not saying 12 year olds aren’t allowed to code. I did. And some kids do great things.
Yeah. Maybe it’s time to adopt some new rule in the selfhosted community.
Tho I chafe against rules and regulations, I realize they are necessary.
I just want some say in what I install on my computer. And not be fooled by someone into using their software.
Me too. It’s why I try to carefully pick seasoned projects, and I don’t jump on the bandwagon just because it’s a new twist to an old solution. I selfishly want others to be my beta testers. LOL Hey, I admit it. Also, I am truly thankful that there exists in the community, those who can and do look at the code and understand the issues involved. I do not possess those skills. I know a limited amount of code and use it for me locally. I would never dare publish it tho. I’m too afraid of what the ramifications would be should someone use my code and the wheels fall off their server. I would feel very responsible. It’s the reason I do not even publish my notes to a wiki of some sort.