I don’t run 'arr anything, but that’s pretty wild.
Yeesh, in the hour since this has been posted the developer has:
- Made the /r/huntarr subreddit private
- Wiped and deleted their Reddit account
- Deleted the GitHub repo for Huntarr
Using huntarr? Perhaps you shouldn't.
Submitted 2 weeks ago by ieGod@lemmy.zip to selfhosted@lemmy.world
Comments
irmadlad@lemmy.world 2 weeks ago
angrywaffle@piefed.social 2 weeks ago
I’m desperate for a community driven review system for open source. We’re drowning in vibe-coded slop, and I honestly don’t have the time or a good slop detector to audit every tool I download. I know I should be checking under the hood, but the sheer volume of low-quality projects makes it impossible to keep up
Cyber@feddit.uk 2 weeks ago
You’re here, that’s a good start…
I tend to look at a project’s Issues tracker, that gives me a feel for how the author(s) deal with feedback… some projects have hundreds of open tickets with barely any interactions, yet code updates “2 days ago”.
Being here and reading about who’s using what will help remove the major outliers
All opensource needs more eyeballs, which is still the advantage over closed source.
Mubelotix@jlai.lu 2 weeks ago
There are projects turning issues to discussions
partofthevoice@lemmy.zip 2 weeks ago
Sounds like the solution would be a public code sharing platform that specifically bans AI generated code. Then, at least, we’re moving in the right direction. Do any alts to GitHub provide such a rule?
RIotingPacifist@lemmy.world 2 weeks ago
This is what good distro do, well some of them, I don’t think low touch repos like AUR/Homebrew/PPA’s would catch this, but I doubt huntarr will ever make it to Debian.
Ofc the trend of running upstream unverted containers undermines this.
Trilogy3452@lemmy.world 2 weeks ago
Sometimes it’s really easy, open a bunch of code files and see if it’s littered witb comments. If it is: likely sloppified
currycourier@lemmy.world 2 weeks ago
I saw a project yesterday where the two main contributors were some guy and ‘Claude’. So, y’know, that one at least was an easy tell 😂
Bishma@discuss.tchncs.de 2 weeks ago
Looks like Huntarr’s presence on Github is suddenly gone and their sub went private.
irmadlad@lemmy.world 2 weeks ago
I’m not so much worried about ‘vibe coding’ as long as the dev actually knows the validity of the code presented in the LLM. At that point, the LLM becomes the assistant, not the dev itself. However, if I were to speculate, this dev team didn’t, got called on it, didn’t know how to respond or validate the code, so they closed up shop.
chicken@lemmy.dbzer0.com 2 weeks ago
The term ‘vibe coding’ I think was originally about generating and using code without understanding it
LiveLM@lemmy.zip 2 weeks ago
From the original thread, I bring forth this comment from user sdrmme:
Huntarr2
Too good not to share.
kcweller@feddit.nl 2 weeks ago
******** ?
Zanathos@lemmy.world 2 weeks ago
Holy shit you unlocked a hidden memory I forget existed. Thank you.
kratoz29@lemmy.zip 2 weeks ago
What do you mean?, I don’t get what he/she is talking about.
Bakkoda@sh.itjust.works 2 weeks ago
Exposing any of the Arr stack to the internet is just bad practice in general IMO but bad actors will always be out there so it’s even more of a reason to practice good security.
I used huntarr for a minute and found it utterly useless. Didn’t trigger searches like it said it was doing. Uninstalled it after about 5 minutes.
ZeDoTelhado@lemmy.world 2 weeks ago
That is some wild shit. Anyways for anyone else somewhat new to all this: when hosting anything, try to stick to reputable projects 1st and be always wary of shady installation tactics (I believe yesterday someone posted about curl bash. This is just a single example). If you want to try something new (as in brand new project), try it isolated 1st on some VM (proxmox helps a lot with this). When you are confident and more people give an approval, then think about putting on the main environment
irmadlad@lemmy.world 2 weeks ago
try to stick to reputable projects 1st and be always wary of shady installation tactics
One of the first things I look for are longevity, last updated/activity, and then I look at the issues posted and responses. I like mature apps because I don’t possess the intelligence to audit code.
PlutoniumAcid@lemmy.world 2 weeks ago
Hey friend, don’t undersell yourself. You do possess the intelligence, but maybe just not the skills.
lepinkainen@lemmy.world 2 weeks ago
The huntarr project released a new docker image 3 times a day…
i_am_not_a_robot@discuss.tchncs.de 2 weeks ago
curl bash is not as bad as people think. Nobody downloads and reverse engineers binary packages off of these websites before running them with the same permissions.
KeenFlame@feddit.nu 2 weeks ago
Yes and no. It is definitely absolutely bad And yes people do embed things in binaries
eleijeep@piefed.social 2 weeks ago
Vibe-coded slop is horribly insecure and the dev doesn’t understand the codebase?
shocked_pikachu.png
smooth_criminal1990@infosec.pub 2 weeks ago
I can’t believe they banned that user for calling them out.
Thry sound like arrseholes
PerogiBoi@lemmy.ca 2 weeks ago
They banned the user that did the robust cybersecurity audit. They banned everyone who pointed it out or linked to the post or mentioned it. They took the subreddit private. The clown dev has a donate feature and claims that it will be used to put his daughter through school. Just scum all around.
brickfrog@lemmy.dbzer0.com 2 weeks ago
Earlier post lemmy.world/post/43496203
gravitas@lem.ugh.im 2 weeks ago
Wow i literally just setup huntarr last night. Guess ill make sure its only accessible on wireguard.
prenatal_confusion@feddit.org 2 weeks ago
This developed further. Better be done with it and stay safe. Read the linked reddit thread for info.
infeeeee@lemmy.zip 2 weeks ago
What is/was huntarr? I love posts without any context.
traches@sh.itjust.works 2 weeks ago
I guess it was supposed to be a successor to the *arr stack (radarr, lidarr , sonarr, etc). If you’re not familiar, they automate the downloading & organization process for movies, music, and tv.
ITGuyLevi@programming.dev 2 weeks ago
I’m sure a successor will come around when room forms for them, I don’t know of a reason any of the core *arr stack should need one. If you know of one don’t hesitate to share, I’m just not really aware of any, they are awesome to me.
imetators@lemmy.dbzer0.com 2 weeks ago
Seems to be some sort of a tool that scans your media library and fetches missing media (the one that failed to download or something)
I am getting very annoyed reading “What is Huntarr?”, “The Real Problem: Why You Need Huntarr” and “Understanding the Gap Problem”. Am I too non-native english speaker to understand it or is it really same 3 paraphrased paragraphs?
infeeeee@lemmy.zip 2 weeks ago
As the code was vibecoded, I guess that landing page was also llm generated, that could be the reason for the duplicate sections.