According to the release:
Adds experimental PostgreSQL support
The code was written by Cursor and Claude
14,997 added lines of code, and 10,202 lines removed
reviewed and heavily tested over 2-3 weeks
This makes me uneasy, especially as ntfy is an internet facing service. I am now looking for alternatives.
Am I overreacting or do you all share the same concern?
You must log in or # to comment.
“but reviewed and heavily tested over 2-3 weeks by me. I created comparison documents, went through all queries multiple times and reviewed the logic over and over again. I also did load tests and manual regression tests, which took lots of evenings.”
This is the way.
that’s nowhere near enough testing for such a large change… special one written by the slop machine
Creds?
At my company we have been using AI very heavily to write code lately, and if that sentence was used to justify a 10k+ diff, whoever wrote it/vetted the change would have their access to the codebase revoked
So just one cred, I would think weeks of testing could cover things lol
Pretty much.
I’ve started using AI on a project last week and the first thing I do is write tests. Lots of tests.
With enough guardrails, you could actually get pretty decent quality output out of it and with enough regression tests, you can ensure that nothing’s actually breaking.
Similarly, reviewing its changes and actually reading the code that’s being generated to ensure correctness is necessary. However, I am finding ways to automate that and reduce the incident rate of problems to even lower than my co-workers.
At that point, I think: Why not just write the code yourself?
Writing the code is more fun that reviewing code, not to mention less error prone.
A many-month-long refactor on code you’ve already written is less than fun. While I don’t love seeing a project I’m using being 80% replaced by Claude code, I’ve had Claude code look at some of my old projects and find underlying issues I was able to verify, and then suggested a more best-practice approach that I wasn’t even aware of. The real question is, was the claude output better than the original code? If it is and it has unit tests and many eyes on it, it’s quite possible that it’s better off now.
I’ll sit on my current versions for a few months and let everyone else test it out :)
I agree with you, though even when I have just made a change myself, I am looking through the git diff like a crazy person.
So, still I think refactoring my own code is much more fun than telling AI to do it for me and then proceeding to review and test it for weeks (allegedly, lol).
You seem to be using it responsibly by asking it how things could be better.
I’d never copy and paste output from an AI or give it free roam to make a PR, etc myself.
I’ll probably be sitting out on this update for a while too until I gage the general reactions of people heh :)
You’d be amazed at how much an LLM can accomplish while you take a shit.
It looks like that tool is more or less built by a single developer (you already trust their judgment anyways!), and even though the code came through in a single PR it was a merge from a branch that had 79 separate commits: https://github.com/binwiederhier/ntfy/pull/1619
Also glancing through it a bit, huge portions of that are straightforward refactors or even just formatting changes caused by adding a new backend option.
I’m not going to say it’s fine, but they didn’t just throw Claude at a problem and let it rewrite 25k lines of code unnecessarily.
Any AI usage immediately discredits the software for me, because it calls into question all of their past and future work.
Lot of hate for a project maintained by a volunteer and offered for free here. Nobody forces this free stuff on you.
In reality how big of a risk it currently is? I just started to use it just for fun and personal projects. If previous version didn’t have security vulnerabilties then then there is no rush to update or am i missing something?
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System Git Popular version control system, primarily for code IP Internet Protocol MQTT Message Queue Telemetry Transport point-to-point networking NAT Network Address Translation XMPP Extensible Messaging and Presence Protocol (‘Jabber’) for open instant messaging
[Thread #146 for this comm, first seen 8th Mar 2026, 10:40] [FAQ] [Full list] [Contact] [Source code]
Definitely share your initial concern. Without strong review processes to ensure that every line of code follows the intent of the human developer, there’s no way of knowing what exactly is in there and the implications for the human users. And I’m not just talking about bugs.
They say it’s reviewed, but the temptation to blindly trust is there. In this case, developer appears to have taken some care.
The code was written by Cursor and Claude, but reviewed and heavily tested over 2-3 weeks by me. I created comparison documents, went through all queries multiple times and reviewed the logic over and over again. I also did load tests and manual regression tests, which took lots of evenings.
Let us hope so. Handle with care to ensure responsibility is not offloaded to a machine instead of a person.
I’d run for the hills
There are so many issues with AI
Like ppl thinking skilled engineers cannot vet AI output. AI is pretty good for programming.
You’re absolutely right, and the vast majority of people on this platform seem to get offended by anything AI related. Software engineers have been reviewing code made by other people since the dawn of the craft. Guess what y’all, AI generated code looks exactly the same, if not better on the first pass at creating a thing.
Down vote me all you want homies. You’re living in a fantasy if you think all AI is slop. Sure, I can see how it’s ruining some content on the Internet, but for code related tasks, its going to dramatically change the world for the better.
Ppl are fucked lol, I’m over here writing a lot of stuff with AI, maybe it’s not always perfect but nothing ever is, and without iteration or dedication to the craft you’re just gonna sit there be all upset and judgy because you’ve never seen it lol
And yet there are cases like the Huntarr debacle, where the dev simply thought “and make sure your code complies with best security practices” to their vibe code prompts actually made it secure.
They added 14k lines of code in a week, and ripped out 10k lines of existing code. That’s not something that a skilled programmer can reasonably vet in that amount of time. This is showing all the signs of AI slop, and none of the signs of debugged or vetted code.
That’s a bit extreme
It’s not. That’s the problem. It actually sucks ass. It’s super low quality for anything more complex they s very simple CRUD app or a simple function. I say this as someone who s a heavy LLM user. It’s just bad code. It makes all kinds of simple mistakes. Just because code compiles doesn’t mean it’s good or does what you need it to do
I think it largely depends on what you’re building. You’re not gonna get build a company overnight with a few prompts but it’s much more powerful than you’ve described.
It’s really not though. If you think it is I really suggest to re-think your perspective on what maintainable shippable code looks like. It’s basically automating copying from stack overflow. There’s so many little considerations that come into development.
Still sounds like something someone would say who has had a bad time and experience with generating code lol. It really isn’t that hard to be an engineer and to get what you want out of code generation.
I have a few decades programming experience, as a professional software engineer, an open source developer, and a DevOps engineer. There is no way in hell I would do a code review where 15k lines were added and a similar amount of lines removed without having a long discussion with the person who made those changes. I’d want to ask a lot of detailed questions about the changes, questions that an LLM isn’t likely to answer, and most definitely not questions I’d be inclined to try to type into an LLM to try to get an answer.
Over the years I’ve dealt with all manner of bugs, from overflows & underflows, to bad assumptions about logic flow, and much much more. The whole purpose of pointed questioning of the author is to be comfortable with decisions made in the code and to minimize the chances of all sorts of potential bugs.
I think it largely depends on what you’re building. You’re not gonna get what you’ve got over there over night with a few giant prompts.
This doesn’t make me uneasy. It makes me resentful, a little angry, and a lot tired. Thanks for bringing it to attention, I will make sure that nothing of that project or from that author will ever cross my ecosystem again.
You’re gonna have a lot of hate in your blood if you go around acting like the most skilled engineers aren’t using AI to write code.
Most skilled engineers, and even mildly skilled engineers don’t use slopgenerators to write code. Some of them use it sometimes to do some menial tasks, although I’m not convinced it actually saves them time. It sure doesn’t every time we measure it.
There is however a plague of low skilled people who convinced themselves that they’ve found a shortcut to being an engineer. Those people are producing bad things at a fast pace, and the only reason we’re not in an unsolvable crisis yet is that their slop isn’t hitting prod very often on account of being bad.Lol you can definitely generate a large amount of non slop and if you keep believing that then you’ll never see it as a tool to multiply your skills on.
There’s a massive difference between “using AI to write code” and refactoring almost 15k lines in a single push.
The “best” uses of AI in coding are for small blocks. You don’t just tell it “I need a program that does X, Y, and Z” because that will (at best) result in horrible code. Instead, it’s best practice to use it for small blocks of code, where you tell it something more akin to “I need a function that takes {a} as a variable, does {thing}, and outputs {x}.” That way you’re not using it to generate giant swaths of code all at once, you’re just using it to generate individual functions that you can then use as needed.
But it also means that the “most skilled” (as you put it) programmers are basically putting themselves in a permanent debugging seat instead of working as a developer. And in many cases, debugging code can be just as (or more) difficult than writing the initial code. It’s also why senior devs exist to audit code from junior devs, because it’s assumed that junior devs will inevitably make mistakes that need debugging, or will make code that clashes with code from other junior devs. And it’s the senior dev’s job to ensure that the code is both functional and integrated properly.
And this “adding 15k lines of code and ripping out 10k lines” push smells a lot like the former “write me a program to do {thing}” usage.
But 15k likes of code and heavily reviewed over 2-3 weeks is not just adding code and ripping it out. It’s extremely easy to get 15k lines of code changes in a couple hours with AI. And it’s not gonna be all slop.
I’m so tired of that.
I’m using it for scripts notifications + unifiedpush. I don’t know where to start to find the fitting alternative.
The maintainer you and said that they tirelessly tested, reviewed and verified changes over the course of 3 weeks to make sure that things were running and operating correctly.
This is how it should be done. It’s not like they’re vibe coding this.
I’m a developer
I sometimes sometimes use AI for an answer to a complicated problem because normally I’d open up 20 pages , have to go through them all to find the right answer
AI gets me the answer right away, though it likely is completely wrong or at least partially wrong. Either way, it gives me a general direction and with that I only have to search through one or two pages to confirm, so the same process is just a little faster.
I laso have used AI on a couple of occasions to ask it to write code for a complicated problem. Again, you don’t copy the code, god no, it’s always the worst, and it is in 80% of the cases still at least riddled with bugs, or just complete bullshit. However, it might give me an alternative idea or a direction to take to implement or fix this complicated feature problem.
That’s the extent to which I’ve used AI and for the foreseeable future that won’t change because AI still can’t code. It’s still wildly flailing around and it might produce something that implements a certain functionality, but it’s a guarantee that that functionality will have more bugs and security holes than features
I understand this comment. AI sometimes saves a ton of mental power and time when I’m stuck on an issue. It can give some really good suggestions. Also, AI is a godsend for frontend shit. I don’t care what y’all say, I’m never touching CSS and HTML ever again. lmao.
Nah, wouldn’t do that. CSS needs to be well designed to function properly, you need actual developers for that or you’ll screw over your users.
But yeah, to give quick pointers and ideas to flesh out, it’s reasonably useful
If that is enough to warrant it’s extreme energy use, the spread of AI slop everywhere, the pollution, the uncontrolled datacenter expansions, the explosion in hardware costs it created, the countless death and suffering it caused through AI psychosis, the AI childporn bots (hello grok, are you still the world’s biggest child porn producer or did Elmo finally reign you in to again be mecha Hitler?), the…
Long story short, AI will likely end this world in a long list of fucked up ways, I don’t think it’s worth it
Until then, I’ll use it as a suggestion tool, not much more
Bro, what the hell. Lmao. “Hey AI is horrible in all ways and is doing harm to the planet and people and kids, but I’ll use it regardless. Hear me I’m a good guy. I hate AI, but I’ll use it”. That’s virtu signaling, isn’t it?
It’s not virtue signalling, I know very well what I’m doing is hypocritical at best, but it’s also unavoidable for me. For one, I’m using it like this at work where they’d love nothing better than for me to start vibe coding. This is the compromise I’ve been able to make so far.
No judgement. I just thought it was funny.
Well yeah
I’m not proud of it, in any case :)
there is this repo that lists some slopware : https://codeberg.org/small-hack/open-slopware maybe someone can add it
I think there’s room for a little bit of nuance that page doesn’t do a great job of describing. In my opinion there’s a huge difference between volunteer maintainers using AI PR checks as a screening measure to ease their review burden and focusing their actual reviews on PRs that pass the AI checks, and AI-deranged lone developers flooding the code with “AI features” and slopping out 10kloc PRs for no obvious reason.
Just because a project is using AI code reviews or has an AGENTS.md is not necessarily a red flag. A yellow flag, maybe, but the evidence that the Linux Kernel itself is on that list should serve as an example of why you can’t just kneejerk anti-AI here. If you know anything about Linus Torvalds you know he has zero tolerance for bad code, and the use of AI is not going to change that despite everyone’s fears. If it doesn’t work out, Linus will be the first one to throw it under the bus.
@ueiqkkwhuwjw just this quote at the start of the release notes
> 14,997 added lines of code, and 10,202 lines removed, all from one pull request
This is already a major red flag even without the ai stuff right? Can’t believe anyone would flaunt that like this.
The “single pull request” is a merge release from 79 separate commits. It’s the sum of all work, it doesn’t mean all of it was changed in one go.
Doesn’t matter, it’s entirely too much for one PR
Why? What difference does it make if he packages these commits in 1 or 10 PRs?
Keep in mind this is a single maintainer project, there are no PR reviews. He could be just pushing straight to the branch anyway with no PR at all.
I mean, yeah, he could also not use git and just write some random bullshit directly on prod while blindfolded and blackout drunk.
However if you want a good product and good code you need to follow best practices, and those include meaningful and small PRs that you can easily review, check, debug, and revert if necessary.You should tell that to Linus Torvalds, he’s developing the Linux kernel without using GitHub at all. I’m sure he will appreciate being told git is insuffient to develop a good product and write good code, the best practice is to use a Microsoft service in a particular way and nothing else can work.
Tell me, when I work on a project alone, who am I exactly requesting to pull my code and why do I need to use a feature of some git hosting website instead of reviewing, checking, debugging, merging, and reverting if necessary my change locally and using my CI/CD?
Send push notifications to your phone or desktop using PUT/POST
I’m sorry, how many lines of code for that?
if you want to send one notification from your desktop to your phone, it’s easy. but from any device to (m)any other, with guaranteed delivery and no doubles? shit gets complicated.
So it’s a little more than just sending notifications, then.
Yeah, this is now inherently untrustworthy. Better to switch to an alternative.
Do you know any? I’ve never really looked beyond ntfy.sh until now
I recently switched to gotify. Push notifications to iOS aren’t as good but I’m happy with it.
ntfy never really had good push to iOS, in my experience. The only way I could keep my private channels consistently working was to use the PWA and specifically not sign into it (otherwise, my login token would expire and break things).
I gave up and switched to pushover and as long as I’m somewhat cognizant about what i’m including in the notifications, I’ve been pretty happy.
I’d love for something self hostable to get as good as pushover on iOS
Uh. I’d really prefer if people experimented with new technology a bit more cautiously and not directly jump to “the biggest release […] ever done”.
Upvote and comment on: https://github.com/binwiederhier/ntfy/issues/1645
They just replied:
What gave you the idea that this was a full rewrite? I moved things around with AI and added postgres support for the queries. Nobody has ever reviewed and tested anything more thoroughly than I did with this branch.
You are twisting what it actually is. You are assuming something that is not true.
This makes me think that they didn’t review or test it at all, lmao
