212
Rsync author responds to online outrage about his usage of LLMs (medium.com)
submitted 1 day ago by rimu@piefed.social to c/programming@programming.dev
125 comments fedilink hide all child comments

Seems like he's been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports.

top 50 comments
sorted by: hot top controversial new old
[-] Bazoogle@lemmy.world 20 points 14 hours ago

Seems like he’s been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports

It's not just LLM generated security reports, but vulnerabilities discovered by AI. Your wording implies they were just reports, and of less validity. Lazy LLM reports are not what he is trying to cope with, since there is nothing to do but close those reports. He is talking about real, verified, vulnerabilities that weren't discovered until AI tools. Not because humans couldn't find them, but none ever did. When it comes to finding, it really doesn't matter if it's found by human or AI, since that doesn't change its existence or severity.

[-] Nalivai@lemmy.world 5 points 8 hours ago

I am reporting that every line of your code has 17 errors. I just generated 1562364 bug reports for you. Now you just need to close those that are false, no big deal.

[-] iglou@programming.dev 26 points 16 hours ago

I used AI tools to do the grunt work because they are good at that.

This is something people complaining should remember. AI is good at some parts of the work of a software engineer: the grunt work.

[-] wewbull@feddit.uk 21 points 14 hours ago

People pointing at new breakages are trying to say "No it isn't and here's the proof".

[-] Bazoogle@lemmy.world 2 points 14 hours ago

How do you know those were the result of the AI?

I quite deliberately tried to err on the side of fixing security issues for that release, and there were some valid (but unusual) use cases that got caught up in the changes.

Seems to me like it was just his own fault. AI may very well have had nothing to do with the regressions, other than maybe not identifying them?

[-] Nalivai@lemmy.world 4 points 8 hours ago

If the generator made a mistake, it's actually not its fault, and you can't prove it. If the code works, it's an amazing achievement of the machine, singularity is here, you don't need to look any further.

[-] ChairmanMeow@programming.dev 2 points 9 hours ago

He rewrote the test suite to Python using AI tools, which I believe people are saying caused some otherwise detected cases to be missed.

[-] Mikina@programming.dev 45 points 1 day ago* (last edited 1 day ago)

I can't wait for companies to finally price out most of developers out of AI use, especially the FOSS ones.

I just hope most of them won't get too addicted to the tech crack they are getting free/cheap samples of currently, and will be able able to find back their motivation and skill to work without a feel-good dopamine machines.

Also, lol at all the coments being like "if you're 100% against the tech crack, you're delusional. The cat is already out of the bag, it makes you way better at coding, if you use it responsibly!"

The problem isn't that it's not somewhat good, the issue is that soon you won't be able to afford it, while also being addicted and dependant on it. But I'm sure y'all are able to use crack responsibly and will be fiiine.

[-] Bogus007@lemmy.zip 6 points 18 hours ago

If the project is understaffed and mistakes were made, wouldn't it be more constructive to help maintain it or encourage broader participation, rather than dogpiling on a volunteer maintainer?

[-] COASTER1921@lemmy.ml 1 points 12 hours ago

Even if too expensive for FOSS devs the mega corps relying on their software will still be able to afford them to run their own security testing, feeding the bug reports back to the project. And with time the hardware and models are only getting more efficient (for a comparable performance level).

load more comments (14 replies)
[-] ooterness@lemmy.world 44 points 1 day ago* (last edited 1 day ago)

The whole rsync repo is 65k lines total. Recent AI-centric changes account for +16k/-6k, including massive changes to the unit tests. Somehow that's not even considered a "minor" update (v3.4.1 to v3.4.3).

That's not responsible use of AI, that's malpractice.

[-] Kissaki@programming.dev 5 points 20 hours ago* (last edited 20 hours ago)

Have you read the linked article? They explain how they used AI. It's not like AI produced the code and that's it.

They also explain about this version and the next minor version.

[-] Buddahriffic@lemmy.world 5 points 22 hours ago

Any specific issues though? Yeah, it's a large change and I'd be more surprised if it didn't have issues, but are there any specific issues with the updates that have been found so far?

[-] ooterness@lemmy.world 6 points 19 hours ago
[-] fruitcantfly@programming.dev 4 points 15 hours ago* (last edited 15 hours ago)

Yes, there’s been several regressions that would’ve been caught by the original tests, but missed by the new vibe-coded tests.

That is directly contradicted by what the developer of rsync wrote in the linked article:

yes, there were regressions in some use cases of rsync in the 3.4.3 release. ... None of those cases were covered by the existing rsync test suite or by all the manual testing I did (yes, I use rsync, I don’t just develop it).

It's possible that somebody in the issue you linked to pointed to a test that would have caught one of the regressions, but I was not able to find it in the 327 comment mess. A direct link would be appreciated, if that is the case.

But I doubt that you will find such a comment. Because I tried running the 3.4.1 test-suite with the 3.4.3 binary, and all tests passed

[-] ooterness@lemmy.world 1 points 9 hours ago* (last edited 9 hours ago)

Seems I was mistaken. My previous statement was based on what others have said, but I haven't actually run the tests myself. In any case, I have learned not to rely on statements made by the accused in this type of dispute.

[-] Bluescluestoothpaste@sh.itjust.works 2 points 8 hours ago

No you learned to rely on the accusers lol

load more comments (1 replies)
[-] slacktoid@lemmy.ml 51 points 1 day ago

I've said this before and I'll say it again. If an established dev uses AI and you don't want that? Then get involved.

[-] bignose@programming.dev 8 points 1 day ago* (last edited 1 day ago)

No. If an established dev leans on LLMs for coding and shovels it into the main branch, they have abdicated their responsibility and trashed their reputation. We get to point that out

without any obligation to do their work for them.

[-] slacktoid@lemmy.ml 7 points 1 day ago

Point it out, doesn't change the fact that you're not addressing the core problem, which is developer burnout in these FOSS projects.

Also no its not their work, its literally a voluntary job so stop dictating how people spend their free time.

But that's just me, you do you.

load more comments (1 replies)
[-] VitoRobles@lemmy.today 35 points 1 day ago

Yep. All the bitching is exhausting.

Talk is cheap. Send contributions or fuck off.

[-] wewbull@feddit.uk 1 points 14 hours ago

Contributions are not enough. It needs people to maintain it. That means dedicating time long term. It's not a small undertaking.

Contributions can be a step on the road though.

[-] RamenJunkie@midwest.social 2 points 14 hours ago

Yes, that is what people are saying, make the effort and contribute.

[-] prole 1 points 14 hours ago

Yeah, everyone with a local LLM running on their PC who suddenly thinks they're an expert in software development: time to bombard the creator of Rsync with AI bullshit that he will need to wade through.

load more comments (10 replies)
load more comments (5 replies)
load more comments
view more: next ›
this post was submitted on 03 Jun 2026
212 points (100.0% liked)

Programming

27148 readers
779 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 3 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev