this post was submitted on 03 Jun 2026
223 points (96.7% liked)

Programming

27160 readers
388 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 3 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
223
Rsync author responds to online outrage about his usage of LLMs (medium.com)
submitted 3 days ago by rimu@piefed.social to c/programming@programming.dev
233 comments fedilink hide all child comments
 

Seems like he's been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports.

you are viewing a single comment's thread
view the rest of the comments
[–] ExLisper@lemmy.curiana.net 7 points 2 days ago* (last edited 2 days ago) (3 children)

https://github.com/rclone/rclone

https://github.com/restic/restic

https://github.com/bcpierce00/unison

https://syncthing.net/

The thing with old, critical software is that after some time people don't really want to dig through decades of C code and prefer to write something new using modern tools. Those projects get plenty of support because people actually do want to work on them. If no one wants to work on rsync than what the maintainer is doing now is just prolong it's agony a couple of years. I would say he should do the minimum work, announce end of life date and move on. People that need tools like rsync will develop something.

Also, having critical software depend on one guy is not safe. We should avoid that. If critical software depends on one guy it should be phased out.

[–] Zos_Kia@jlai.lu 2 points 1 day ago

Also, having critical software depend on one guy is not safe. We should avoid that. If critical software depends on one guy it should be phased out.

I'm sorry to say 90% of the internet's load bearing infrastructure is in this situation. It's just how the story goes, everybody wants to build low-stakes toy projects, nobody wants to do high-effort low-reward infrastructure work.

"Writing something new using modern tools" is all fun and sparkles, but then you run into the same issues as rsync except without the experience. Then you get attention from attackers, you get security issues, which you have to patch with defensive code which is not appealing to read and zero fun to write. Before you know it your project is "decades of Rust/Zig/Lisp" which nobody wants to touch and you're back at square one. All you've accomplished is give the attackers a few years of low hanging fruit and easy exploits.

There's a reason why we get a million shiny toys a year but solutions like rsync stay entrenched for decades.

[–] fruitcantfly@programming.dev 6 points 2 days ago (1 children)

Also, having critical software depend on one guy is not safe. We should avoid that. If critical software depends on one guy it should be phased out.

Here are the percent of commits from the top committer in each repository you mentioned, as well as rsync, over the last 3 months:

  • rsync: 99.0%
  • restic: 93.2%
  • rclone: 87.5%
  • union: 82.9%
  • syncthing: 74.4%

As you can see, each of this projects depends heavily on a single person, though to a lesser degree than rsync. That's just the nature of most open-source software.

Note that I excluded dependabot commits from the calculations and counted Claude commits as the lead developer for rsync

[–] ExLisper@lemmy.curiana.net 2 points 2 days ago* (last edited 2 days ago) (1 children)

How I imagine this:

  1. rsync gets end of life date
  2. People that rely on rsync start looking for alternatives
  3. They try to switch and figure out what functionality is missing
  4. They contribute to some of the alternative to fill the gaps

For example, I'm about to setup some syncing for my homelab and I will not use rsync for that. That's why talking about the state of rsync is important. As I said, it's not about attacking the dev for not working hard enough. It's about long term planning.

[–] captcha_incorrect@lemmy.world 3 points 2 days ago (1 children)

I remember when the maintainer for discord.py stepped down. He eventually stepped back in because no one wanted took over the project and he didn't want to see it die. This was before the current AI era, all someone had to do was continue to develop it.

I think almost everyone will do step 2 and 3 but not step 4.

[–] ExLisper@lemmy.curiana.net 4 points 2 days ago (1 children)

The fact that open source exist and functions so well for decades shows that people do step 4. If no one wants to step in it usually means the project is not important.

[–] Zos_Kia@jlai.lu 2 points 1 day ago (1 children)

I think what you're missing is that the number of people doing step 4 has been going downhill steadily since the 2000s. People start open source projects yes, which for 99% of them don't bring in any users and barely get maintained over the long run, but the pool of people willing to contribute to large established projects is so small it is becoming problematic.

Even Wikipedia is having its own editor crisis, where most of the power editors are greying out and barely anyone is stepping up to replace them.

And this is happening exactly because most people, like you, think that the free infrastructure around us is a fait accompli which doesn't require us to personally get involved in their maintenance, and that we can even afford to scare away those that do contribute.

[–] ExLisper@lemmy.curiana.net 0 points 1 day ago (1 children)

most people, like you, think that the free infrastructure around us is a fait accompli which doesn’t require us to personally get involved in their maintenance

I do contribute time and donate money to open source project so... miss?

With less contributors simply mean we will have to be smarter about which projects we supports. In open source it's a natural process. People support projects they actually use and need. If we can't get enough resources to support even the most basic infrastructure then the experiment will end.

[–] Zos_Kia@jlai.lu 1 points 1 day ago (1 children)

I do contribute time and donate money to open source project so… miss?

You're missing the point. Sure you do, that's a nice anecdote, but the data shows most people don't. You are part of a shrinking cohort that is already insufficient to maintain what we need in the long run.

If we can’t get enough resources to support even the most basic infrastructure then the experiment will end

And then what ? Only large corporations can finance their own in-house tools and they gain even greater advantage against the rest of society ? What a great outcome...

Your point of view is not crazy but i think it suffers from too much optimism in the face of bleak data.

[–] ExLisper@lemmy.curiana.net 1 points 1 day ago* (last edited 1 day ago) (1 children)

You’re missing the point. Sure you do, that’s a nice anecdote, but the data shows most people don’t. You are part of a shrinking cohort that is already insufficient to maintain what we need in the long run.

But you accused me specifically of not contributing. If you're making a broader point don't single me out.

And then what ? Only large corporations can finance their own in-house tools and they gain even greater advantage against the rest of society ? What a great outcome…

Yes, that will be the outcome. And it will suck. I'm not optimistic, I'm realistic. If people wills top caring about open source it will die. Throwing AI at the problem may buy us some time but in the end LLMs also require resources and without support from community all the models will be controlled by corporations.

My sensation is that we're doing fine for now. The community is still big enough for a decade or two. No idea what will happen after that.

[–] Zos_Kia@jlai.lu 1 points 1 day ago (1 children)

If you’re making a broader point don’t single me out

Yes that is a communication lapse on my end, i try to make issues personal to emphasize them but it's not always relevant. I don't think it should detract from the broader point, sorry if it does.

My sensation is that we’re doing fine for now

I think the data shows that we're far from fine and already resource-constrained on most critical projects. It's not that people stop caring about open source, it is still fundamental to the way the web works. It's just that they don't feel personally compelled to pitch in because they think we're doing fine now. The wikipedia analogy works well here : it is still fundamental to the way people get information, but it's chronically understaffed and may already be in a death spiral.

[–] ExLisper@lemmy.curiana.net 1 points 1 day ago (1 children)

Maybe you're right. People have less resources and less spare time. Maybe we are fucked, even in the short-mid term. It looks pretty good to me (a lot of big players rely on Linux and core open source infrastructure, open source/self hosted tools are generally recognized as better for the business, we moved out from proprietary standards to open ones, there's push for interoperability and so on) but maybe there are deeper issues I don't see and it will all collapse sooner than I think.

[–] Zos_Kia@jlai.lu 2 points 1 day ago

Maybe you’re right

oh man while i do love being correct, deep down i hope you're the one who's right and i'm overreacting

[–] wewbull@feddit.uk 4 points 2 days ago

The trouble with some of those projects (e.g. unison and sun thing) is that they don't solve the same problem, not really.

A rewrite with modern tooling would be better done if it was incremental.