Comment on [deleted]
papertowels@mander.xyz 1 day ago
I appreciate the spirit, but to shine some more light around the negativity you’re seeing in the comments, it’s a lot to ask for others to run your code on their machines. If you want folks to be running in docker, that’s oftentimes basically giving root access.
If I’m giving root access, I’d at least want for the person who wrote the code to have a thorough understanding of what the code, which once again is running as root on my home network, is doing.
The LastPass hack a few years back was enabled by a self-hoster running an outdated version of Plex on their personal machine. There is weight in choosing what software to run and support in your personal setup.
TechSquidTV@lemmy.world 1 day ago
virtually all home server setups run docker compose. no one is complaining about Docker, they’re complaaining about AI. The code is immaculate. Its fully tested as well. No one as looked at the code.
Also idk where you heard Docker is like giving root, thats just not correct on multiple levels. If it were a privledged container, which is unnecessary, then we could have a discussion. If you want a daemonless service, use podman. Use anythign you want, the source is there. Docker is not a requirement but is certainly not an issue in any way.
DoPeopleLookHere@sh.itjust.works 1 day ago
Hokay. So docker does run as root. Podman can run rootless, but docker does run as root.
So if you have any vulnerabilities in your code, like say remote code execution, than your app already has access to root.
Also, don’t pretend like your shit don’t stink. My code has bugs. And I’ve been at this a a decade. Your vibe coded thing isnt going to be secure because you probably don’t even know how to make it secure if you don’t know docker runs as root.
Here’s where I interject my opnion
Its fine to do this for yourself. If you wanted to hear how great your AI produced slop go to LinkedIn.
When you share things to be used by others, you have a responsibility yourself. How will you monitor and package up security updates? What kind of depenecinies do you have? Are they up to date? Do they have any CVEs?
There’s so much more to publishing than good intentions. Its fine to do something like this for yourself. But to publish and then absolve yourself of any responsibility is not a way to get taken seriously.
TechSquidTV@lemmy.world 1 day ago
No to be clear, open source code owes you absolutely nothing at all and has zero responsibilities. It’s important that you know that.
papertowels@mander.xyz 1 day ago
Personally, whether or not this will be maintained in the future is the biggest reason why I’m unlikely to try this. If the main developer vibe-coded it up, then in my book there’s a lower chance that the codebase will be maintained in the future.
If your response to “How will you maintain this?” is “nothing is owed”, it really cements the idea that this will not be maintained.
If an application is unlikely to be maintained in the future, then the risk-reward ratio will rarely justify me incorporating it into my workflow.
DoPeopleLookHere@sh.itjust.works 1 day ago
And it’s important to know, if that’s your attitude, your gonna get laughed out of every open source circle.
cheesemoo@lemmy.world 1 day ago
Sure, you’re providing some code for free. Obviously you don’t owe anyone anything. But conversely, nobody owes you their time or attention just because you wrote something.
If you want people to actually use your code, you probably need to take some responsibility. And listen to the criticisms others have shared here.
papertowels@mander.xyz 1 day ago
When you run a self-hosted application, do you first go through and read all the code? I don’t, I’ll tell you that. I’m going to assert that most folks don’t, and unless I hear otherwise I’ll assume you don’t read all the code for every self-hosted application you use.
If I’m not looking through all the code, then as a user I’ll just be following your included instructions, of which the recommended method is to fire up docker-compose. If docker-compose bind mounted mounted
/, my understanding is that the container now has default write-access to the entire host - am I mistaken?TechSquidTV@lemmy.world 1 day ago
It would, but that *would only work/be possible if *you are running docker as the root user. Though people OFTEN create a docker user that runs docker as root, which is a bad practice and source of confusion. Docker is plenty safe, but I don’t even want to argue that, it’s completely irrelevant. I don’t actually care how you run it. Docker compose is by far the standard for home server applications. You can use podman with it, it’s fine. You can skip it entirely and run it directly. These are merely options provided.
Here is the install instructions for Sonarr, arguably the most famous example of something people self host. sonarr.tv/#downloads-docker
They have non-docker instructions too of course, as do I. Am I correct that a few of you are mad that I included dockerfiles and docker compose examples in the repo? Where did I go wrong?
papertowels@mander.xyz 1 day ago
No, we’re not upset about docker. Did you read the majority of my last comment?
DoPeopleLookHere@sh.itjust.works 1 day ago
Also since you complained no one looked at your code, you have support for plain text passwords in your code. That’s a huge no no.
TechSquidTV@lemmy.world 1 day ago
Thanks for looking. Make a pr.
DoPeopleLookHere@sh.itjust.works 1 day ago
Why the fuck would I when your this hostile?
deleted@lemmy.world 1 day ago
I wouldn’t trust an ai code even though it is tested.
It’s like living in a house built by 12 year old and the reasoning behind it that it didn’t collapse. Yet.
TechSquidTV@lemmy.world 1 day ago
Are you incapable of reading the source for yourself? It is freely available.
Natanox@discuss.tchncs.de 1 day ago
Even if that’s correct it isn’t even the main reason why people are pissed about the use of AI. No matter if the code is “perfect” or not, it was created primarily using inherently immoral and outright dangerous tools.
TechSquidTV@lemmy.world 1 day ago
Ok but the comment I am responding to was specifically talking about that, so… irrelevant.