• infeeeee@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        As the code was vibecoded, I guess that landing page was also llm generated, that could be the reason for the duplicate sections.

    • traches@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      I guess it was supposed to be a successor to the *arr stack (radarr, lidarr , sonarr, etc). If you’re not familiar, they automate the downloading & organization process for movies, music, and tv.

      • ITGuyLevi@programming.dev
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        I’m sure a successor will come around when room forms for them, I don’t know of a reason any of the core *arr stack should need one. If you know of one don’t hesitate to share, I’m just not really aware of any, they are awesome to me.

          • kratoz29@lemmy.zip
            link
            fedilink
            English
            arrow-up
            0
            ·
            4 months ago

            Maybe it is a necessary evil…

            I always get into problems with old shows/anime when I stick with Plex’s tmdb… If I switch to tvdb all my issues are gone.

            • MolochAlter@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              Personally I prefer my software to give me options, I hate when stuff like this is picked for me when equally valid options exist

  • irmadlad@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    4 months ago

    I don’t run 'arr anything, but that’s pretty wild.

    Yeesh, in the hour since this has been posted the developer has:

    • Made the /r/huntarr subreddit private
    • Wiped and deleted their Reddit account
    • Deleted the GitHub repo for Huntarr
  • Bakkoda@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    4 months ago

    Exposing any of the Arr stack to the internet is just bad practice in general IMO but bad actors will always be out there so it’s even more of a reason to practice good security.

    I used huntarr for a minute and found it utterly useless. Didn’t trigger searches like it said it was doing. Uninstalled it after about 5 minutes.

    • irmadlad@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      I’m not so much worried about ‘vibe coding’ as long as the dev actually knows the validity of the code presented in the LLM. At that point, the LLM becomes the assistant, not the dev itself. However, if I were to speculate, this dev team didn’t, got called on it, didn’t know how to respond or validate the code, so they closed up shop.

      • chicken@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        The term ‘vibe coding’ I think was originally about generating and using code without understanding it

        • orgrinrt@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Yeah doesn’t sound like vibe coding if you actually go through the necessary dances anyway, i.e double-check the produced code and validate it and actually understand it and the domain.

          Edit: But almost nobody does. Because then you’d rather just write it yourself and save time, money and energy…

        • irmadlad@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Well, I have used LLM to do code for in house type stuff. Very simple. In that scenario, it’s fairly good. I’ve found that LLM are good at compose files for instance. But that’s much different than producing a piece of software for thousands of people to use with confidence. Especially when dealing with anything 'arr and the mitigation that takes place to operate that in a secure, private, and anonymous manner.

  • ZeDoTelhado@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    That is some wild shit. Anyways for anyone else somewhat new to all this: when hosting anything, try to stick to reputable projects 1st and be always wary of shady installation tactics (I believe yesterday someone posted about curl bash. This is just a single example). If you want to try something new (as in brand new project), try it isolated 1st on some VM (proxmox helps a lot with this). When you are confident and more people give an approval, then think about putting on the main environment

    • irmadlad@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      try to stick to reputable projects 1st and be always wary of shady installation tactics

      One of the first things I look for are longevity, last updated/activity, and then I look at the issues posted and responses. I like mature apps because I don’t possess the intelligence to audit code.

        • irmadlad@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Well, you’re very kind. I do know some coding, as in basic stuff. I can get around as it were. Most of it was learned from manually typing in pages of code from outlets like Byte magazine (zoom in) only to find out when you went to run the program, that you left out a semicolon on line # 5362 and a errant indent on line # 9241.

    • i_am_not_a_robot@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      curl bash is not as bad as people think. Nobody downloads and reverse engineers binary packages off of these websites before running them with the same permissions.

      • KeenFlame@feddit.nu
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Yes and no. It is definitely absolutely bad And yes people do embed things in binaries

  • gravitas@lem.ugh.im
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Wow i literally just setup huntarr last night. Guess ill make sure its only accessible on wireguard.

  • eleijeep@piefed.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Vibe-coded slop is horribly insecure and the dev doesn’t understand the codebase?

    shocked_pikachu.png

    • PerogiBoi@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 months ago

      They banned the user that did the robust cybersecurity audit. They banned everyone who pointed it out or linked to the post or mentioned it. They took the subreddit private. The clown dev has a donate feature and claims that it will be used to put his daughter through school. Just scum all around.