hendrik

Lol. For someone who says they expect other people to learn something, you’re a bit short in supply. I mean this would be an opportunity for someone (me) to learn something. But a down-vote won’t do it. And lessons on what not to do (discuss 2.5h, expect it to think) don’t lead anywhere either. I’d need to know what to do in my situation. Or where to find such information?!

Or was it because I said I value efficiency and for some reason you’re team bloat? I seriously don’t get it.

I don’t have a definite answer to it. Could be the case I’m somehow intelligent enough to remember all the quirks of C and C++. Eat a book on my favorite microcontroller in 3 days and remember details about the peripherals and processor. But somehow I’m too stupid to figure out how AI works. I can’t rule it out. At least I’ve tried.

I still think microcontroller programming is way more fun than coding some big Node.JS application with a bazillion of dependencies.

And I sometimes wish people would write an instant messenger like we have 4MB of RAM available and not eat up 1GB with their Electron app, which then also gets flagged by the maintainers for using some components that have open vulnerabilities, twice a year.

I mean I don’t see any reason why I shouldn’t be allowed to complain about it.

But yeah, software development is always changing. And sometimes I wonder if things are for the better or the worse.

I’ve had a lot of bad experience with embedded stuff and trying to let AI do it for me. I mostly ended up wasting time. I always thought it must be because these LLMs are mainly trained on regular computer code, without these constraints and that’s why they always smuggle in silly mistakes. And while fixing one thing, they break a different thing. But could also be my stupidity.
I’ve had a way better time letting it do webfrontends, CSS, JavaScript… even architecture.

But I don’t think this (specifically) is one of the big issues with AI anyway. People are free to learn whatever they want. There’s a lot if niches in computer science. And diversity is a good thing.

We also have issues with young people in the industry. As some junior developer stuff is now done by AI, we’re lacking more and more positions to start in, and learn the ropes. And you can’t start out as a senior, either. So that got more complicated as well.

Haha. I think there’s often a rough idea on what kind of programmer people are, judging by their opinion on these AI tools.

Have you tried arguing with your AI assistant for 2.5h straight about memory allocation, and why it can’t just take some example code from some documentation? And it keeps doing memory allocation wrong? Scold it over and over again to use linear algebra instead of trigonometric functions which won’t cut it? Have you tried connecting Claude Code to your oscilloscope and soldering iron to see what kind of mess its code produces?

I’m fairly sure there are reasons to use AI in software development. And there are also good reasons to do without AI, just use your brain and be done with it in one or two hours instead of wasting half a workday arguing and then still ending up doing it yourself 😅

I don’t think these programmers are idiots. There’s a lot of nuance to it. And it’s not easy at all to apply AI correctly so it ends up saving you time.

Good comment. The main issue is this: Back in the day I could have a quick look at the code and tell within a minute whether something was coded by a 12 year old or by some experienced programmer. Whether someone put in so much effort, I could be pretty sure they’re gonna maintain the project. Put in some love because it solves some use-case in their life and it’s going to do the same for me. Assess their skill-level in languages I’m fluent in.

These days not so much. All code quality looks pretty much the same. Could be utter garbage. Could be good software, could be maintained. Could be anything, Claude always makes it look good on a first glance. There’s also new ulterior motives why software exists. And it takes me a good amount of time and detective work to find out. And I often can’t rely on other people either, because they’re either enraged or bots and the entire arguments are full of falsehoods.

As a programmer and avid Linux user, I rely a lot on other people’s software. And the Free Software community indeed used to be super reliable. I could take libraries for my software projects. Could install everything from the Debian repo and I never had any issues. It’s mostly rock solid. There were never any nefarious things going on.

And now we added deceit to the mix. Try to keep the true nature of projects a secret. And i think that’s super unhealthy. I had a lot of trust in my supply chain. And now I’m gonna need to put in a lot of effort to keep it that way. And not fall prey to some shiny new thing which might be full of bugs and annoyances and security vulnerabilities, and gone by tomorrow once someone stops their OpenClaw… Yet the project looks like some reliable software.

And I don’t share the opinion on sandboxing. Linux doesn’t have sandboxing (on the Desktop). That’s a MacOS thing (and Android and iOS). All we have is Flatpak. But you’re forcing me to install 10GB of runtimes. Pass on the distro maintainers who always had a second pair of eyes on what software does, if it had tracking or weird things in it, whether it had security vulnerabilities in the supply chain. Maintainers who also provided a coherent desktop experience to me. And now I’m gonna pull software from random people/upstreams on the internet, and trust them? Really? Isn’t that just worse in any aspect?

And wasn’t there some line in devops? Why is it now every operators job to do static analysis on the millions of moving parts on their servers… Isn’t that a development job?

And I don’t think Flatpak’s permission system is even fine-granular enough. Plus how does it even help in many cases? If I want to use a password manager, it obviously needs access to my passwords. I can’t sandbox that away. So if the developers decide to steal them, there’s no sandboxing stopping them in any way. Same for all the files on my Nextcloud. So I don’t see how sandboxing is gonna help with any of that.

I just don’t think it’s a good argument. I mean if you have a solution on how sandboxing helps with these things, feel free to teach me. I don’t see a way around trust and honesty as the basic building blocks. And then sandboxing/containerization etc on top to help with some specific (limited) attack vectors.

I mean, don’t get me wrong here. I’m not saying we need to ban AI in software development. I’m also not saying 12 year olds aren’t allowed to code. I did. And some kids do great things. That in itself isn’t any issue.

Yeah. Maybe it’s time to adopt some new rule in the selfhosted community. Mandating disclosure. Because we got several AI coded projects in the last few days or weeks.

I just want some say in what I install on my computer. And not be fooled by someone into using their software.

I mean I know why people deliberately hide it, and say “I built …” when they didn’t. Because otherwise there’s an immediate shitstorm coming in. But deceiving people about the nature of the projects isn’t a proper solution either. And it doesn’t align well with the traditional core values of Free Software. I think a lot of value is lost if honesty (and transparency) isn’t held up anymore within our community.

Did you build it, though, or did Claude code it?

Yes. I think determinism a misunderstood concept. In computing, it means exact same input leads to always the same output. Could be a correct result or entirely wrong, though. As long as it stays the same, it’s deterministic. There’s some benefit in introducing randomness to AI. But it can be run in an entirely deterministic way as well. Just depends on the settings. (It’s called “temperature”.)

Sloppy sloppy slop slop?

100% AI text. Not even proof-read. Or they would have noticed the last paragraph is ChatGPT talking to them, not the blog audience.

Interesting. Thanks for the info. I’ll re-think whether I recommend it to random people around the world, then.

In Germany it’s great. I’ve been using it for many years now. But we have some good/strong hacker organizations, digital sovereignty and privacy groups, nonprofits and some generous IT companies. Maybe it’s random private individuals in other countries and they’re not as reliable.

Seems right now there’s something going wrong anyway. I don’t think the amount of “offline” servers is normal. And a good amount of them isn’t even offline, but still answer my DNS queries.

After a few “Delete junk” commits, “Broken”, “PATCH: Hope this fixes it”, and “Basic Reverse-Proxy”, it’s now at version 1.0.1-alpha.1.
Don’t know what they did to Git. But their “minor commit” touches almost the entire code in their repo. Rest of it (and the general confusion and the edgy commit messages) look to me like something done by OpenClaw.

100% wouldn’t use it.

I think the Tiers work the other way around. But I keep forgetting how DNS and recursive lookup works and I might be wrong.
I don’t think you’re supposed to query Tier 1 servers as a client. The Tier 2 servers would be what people connect to and who do the heavy lifting. The Tier 1 just do the root, authoritative stuff and their custom TLDs for the following network. So we’re not worried about where those are located.

Isn’t it a global effort? According to what I see, they list a bunch of servers in all Europe, USA, Canada, Australia, …Japan?!

I did one DNS query and it took 22 msec with the nearest OpenNIC server and 24 msec with Cloudflare’s 1.1.1.1
So dunno… roughly same responsiveness? Maybe OpenNIC is a tad faster? For a proper answer we’d need to do more measurements, though. And with OpenNIC you definitely need to pick a good server, not just any random one. They’ll have different locations, different policies and they’re in widely different datacenters.

Even if you control your router/modem, they still control the other end, it connects to. And some more infrastructure along the path. So i think it depends a bit where you’re going with this. If you’re worried about them doing packet inspection, or logging IP numbers you connect to, I don’t think there’s a big difference. They could do it anywhere. And they’ll likely do it in some datacenter.

A router interfaces with your local network, though. So in theory a router can be used to connect to your internal devices and computers and maybe you have an open network share without password protection or something like that. But we’re talking violating your constitutional rights here. It’s highly illegal in most jurisdictions to enter your home and go through your stuff.

I’ll buy my own router because I can then configure it to my liking. And my ISP charges way too much for renting one. And what I also do is not use my ISP’s DNS service. That’d just send every domain name I open to their logfiles. Instead I use one from OpenNIC

Oh man, why didn’t I slop-code it. Hold it for two months and then sell out to some mega-corporation… Sounds like easy money. Any other very stupid (and easy) ideas still left?

deleted by creator

Thanks for the link! As a short aside for the other people here: Try not to spam developers. That usually achieves the opposite and makes them miserable, when we want them to not burn out, and write good software for us. A thumbs-up emoji is the correct reaction for the average person. Or for the pros - a code-review highlighting specific issues within the code.

Uh. I’d really prefer if people experimented with new technology a bit more cautiously and not directly jump to “the biggest release […] ever done”.

I feel Anti-DDOS and Cloudflare as a web application firewall has traditionally been a lot of snake-oil as well. Sure there’s applications for it. Especially for the paid plans with all the enterprise functions. And all the way at the other end of the spectrum, where it serves as a means to circumvent NAT and replace DynDNS. But there’s a lot in-between where I (personally) don’t think it’s needed in any way. Especially before AI.

From my own experience, personal blogs, websites of your local club, church, random smaller projects, small businesses… rarely need professional DDoS protection. I’ve been fine hotsing it myself for decades now. And I’m not sure if people know what they’re paying with. I mean everytime we get a Cloudflare hiccup (or AWS…) we can see how the internet has become very centralised. Half of it just goes down for an hour or so, because we all rely on the same few, big tech services. And if you’re terminating SSL there, or use it to look inside of the packets to prevent attacks, you’re giving away all information about you and your audience/customers. They don’t just get all metadata, but also read all the transferred content/data.

It all changed a bit with the AI crawlers. We definitely need countermeasures these days. I’m still fine without Anubis or Cloudflare. I block their IP ranges and that seems to do most of the job. I think we need to pay a bit more attention to what’s really happening. Which tools we have, instead of always going with the market leader with the biggest marketing budget. Which problems we’re faced with in the first place and what tools are effective. I don’t think there’s a one size fits all solution. And you can’t just roll out random things without analyzing the situation properly. Maybe the correct answer is Cloudflare, but there’s also other way less intrusive and very effective means available. And maybe you’re not even the target of script kiddies or annoyed users. And maybe your your convoluted Wordpress setup isn’t even safe with the standard web application firewall in front.

Anubis is an entirely different story. It’s okay concerning privacy and centralisation. It doesn’t come without downsides, though. I personally hate if that thing pops up instead of the page I requested. I don’t like how JavaScript is mandatory now to do anything on the web. And certain kinds of crawler protection contribute to the situation how we can’t google anything anymore. With all the people locking down everything and constructing walled gardens, the internet becomes way less useful and almost impossible to navigate. That’s all direct consequences of how we decide to do things.