According to the release:
Adds experimental PostgreSQL support
The code was written by Cursor and Claude
14,997 added lines of code, and 10,202 lines removed
reviewed and heavily tested over 2-3 weeks
This makes me uneasy, especially as ntfy is an internet facing service. I am now looking for alternatives.
Am I overreacting or do you all share the same concern?
You must log in or # to comment.
Fuck, I love ntfy, it’s one of the best self hosted push notification systems I’ve used. It has been flawless so far.
Don’t like this.
Well now I certainly am glad I didn’t migrate from Gotify as I’ve been slowly planning.
I’m assuming this is some sort of canary message to indicate that the code base has been compromised, the author can’t talk about it, and everyone should immediately stop using the service. Surely no-one would be unwise enough to commit this otherwise?
Even ignoring the huge red LLM flag, a 25kLOC delta in a single PR should be cause for instant rejection as there’s no way to fully understand or test it, let alone in 2-3 weeks.
25kLOC delta in a single PR should be cause for instant rejection
Not to pick at nits, but it would be VERY different if it was 1k lines added and 24k lines removed. There’s something extremely satisfying about removing 10k+ lines of unnecessary code.
Sure, that would be a little different, but unless you could make a convincing argument, backed up with a solid set of unit tests, at the least, as to why and how you were able to remove that much code whilst only adding a comparatively small amount, I’d still be inclined to reject it and ask for it to be broken down into smaller units.
Now, that explaination might be something along the lines of it being dead code that is not called from anywhere, or even that it was a patched version of an upstream library, and the patch is now included in that upstream, in which case, fair enough, good work, and thanks very much. As a rewrite or refactor though, it’s too big to sensibly review and needs breaking down into separate features.
Absolutely, the author needs to be able to reason about their changes, no matter what. However, the reason why I think the two situations are fundamentally different, though, is that it’s a lot easier to validate the existence of features than it is the non-existence of bugs or malicious behavior. The biggest risk to removing code is breaking preexisting features, whereas the biggest risk to adding code is introducing malicious behavior.
That’s concerning. If it was “I generated a function with an LLM and reviewed it myself” I’d be much less concerned, but 14k added lines and 10k removed lines is crazy. We already know that LLMs don’t generate up to scratch code quality…
I won’t use PostgreSQL with ntfy, and keep an eye on it to see if they continue down this path for other parts of ntfy. If so I’ll have to switch to another UP provider.
No thumb down reaction emoji 🤔
Sigh. Time to switch to gotify
been using EMQX plus an MQTT client on my phone for a few months now, I like it better than gotify since the app was chewing through my battery like a vampire.
it might be better now since my issues happened three-ish years ago.
This EMQX?
Seems it’s no longer FOSS?
I’ve been using Gotify for a few notifications from Home Assistant and it doesn’t appear to be eating my battery.
It’s a little more responsive than ntfy - sometimes ntfy doesn’t alert for ages after the trigger (could be phone power saving the wifi…), but then I also get realerts from yesterday… not had that with Gotify.
that’s the one.
FOSS or not, it still runs just fine on my infra. I prefer it over something like rabbitmq because it has a pretty slick admin webgui.
I’ll have to give gotify another try.
It looks like that tool is more or less built by a single developer (you already trust their judgment anyways!), and even though the code came through in a single PR it was a merge from a branch that had 79 separate commits: https://github.com/binwiederhier/ntfy/pull/1619
Also glancing through it a bit, huge portions of that are straightforward refactors or even just formatting changes caused by adding a new backend option.
I’m not going to say it’s fine, but they didn’t just throw Claude at a problem and let it rewrite 25k lines of code unnecessarily.
Wow a differentiated opinion on AI use :)
Any AI usage immediately discredits the software for me, because it calls into question all of their past and future work.
Oh boy, do I have bad news about 90% of the internet for you…
Linus sent an email recently to the Kernel Mailing List trashing AI slop and rejecting AI generated patches. The fact that he used it to play around with a script doesn’t invalidate the fact that he distrusts code written by LLMs when it actually matters.
you mean this statement? https://www.theregister.com/2026/01/08/linus_versus_llms_ai_slop_docs/?td=rt-3a
If yes, your statement does not really match what Linus said.
Something like https://graphite.com/ to create stacked PRs that are reviewable probably would have helped. Can be replicated with local LLMs or remote AI providers with locally configured agentic workflows. Never used graphite personally, but I’ve seen some open source maintainers use it to split up large PRs.
Yeah, I mean, with or without AI, I’ve always only had a big pull request for releases, from a stable release branch into the main branch, the release branch would be a merge of various branches or just be worked on directly on various stages.
One big pull request doesn’t really mean anything.
Damn, I guess I’ll stick to the older release for now. Hopefully a viable alternative/fork comes around.
Look, if he wanted to introduce AI code, whatever, but doing it all at once in a 14k line change is crazy.
Surely it would be better to introduce AI by letting it handle misc changes here and there instead of starting with the “biggest release ever done” (his words), no?
What’s the difference between ntfy (android app) and ntfy.sh?
Ntfy.sh is the hosted version. Hosted by the author. Ntfy (android, ios) is the app that you use as a client.
I’ve never used ntfy.sh
I’ve only used Ntfy app for Universal Push that some apps need, and they recommend ntfy. Does this affect the app then? Ah, if so, what alternative can I use for just that purpose?
Gotify is probably the next best thing, at least in terms of self hosted. Though doesn’t have the wide support of ntfy.
Uovote and comment on: https://github.com/binwiederhier/ntfy/issues/1645
Please add this to the post.
Well, Telegram does the something for free.
Telegram does the thing for your sweet juicy data
Oh goddamn it, I’m using this and don’t have an alternative lined up
If using ntfy for UnifiedPush: https://unifiedpush.org/users/distributors/
What is your concern? If it’s a generic “AI”, then I can assure you tha pretty much every software has AI code in it already. Heck, Linus is accepting PRs where AI has been used.
AI is useful. It produces useful code.
Like creative writing, it won’t produce something novel. But man, 75% of code is just boiler plate. AI can do a lot.
That does not absolve anyone of committing crap code. Put your name to it. Own it. Take the consequence of delivering shit code or great code, no matter how it was written. Don’t let AI be a crutch. But you’d be god damn fooling not to use it, where it’s right.
Massive changes made by robit in what has been a pretty stable utility for years is (obviously?) my main concern. It’s absolutely a crutch, and seeing a dev lean on it like this gives me the same feeling Coach must’ve got seeing his star player limping into the big game on a real one. If dude wants to check out and let the machine run his project fine, but I’ll be looking for something someone still cares about and works on.
I think you’d be a fool to use it. At this point it’s subsidized by their need for training data/desire to manufacture dependency, but that won’t be the case for long. It’s expensive, detrimental to your skills, and damaging to both our planet and society. It centralizes and gatekeeps access to information, the most powerful resource of all. “Treat it like an inexperienced dev” managers say, while it replaces their opportunities to gain experience. How are they supposed to even tell great code from shit when everything they’re exposed to has been run through the averaging machine?
I saved your comment for the added arguments against AI.
There’s a big difference between “AI was used in some capacity” and “Entirely vibe coded”
Of course. And when I hear “vibe coded”, I hear someone starting with “make me a cool app” and going from there, with zero understanding of the technical architecture.
If you have a thorough, deeply thought through technical spec, then AI can write a great amount of tests up against that spec, say, and you’ve got a fantastic base for TDD.
I honestly feel like a lot of the downvotes are people thinking AI means “clueless programmer having an AI do its work for you”. Many highly productive, deeply technical developers use it every day.
Idk man by the sounds of it, the AI implemented the entire back end change, adding 14k lines of generated code. The dev doesn’t even seem confident with his own testing. Sounds like it’s closer to the vibe-coded end of the scale to me.
I’ve been meaning to give Ntfy a shot but now I likely won’t. If I wanted a vibe coded project I’d just do it myself.
I’m a developer
I sometimes sometimes use AI for an answer to a complicated problem because normally I’d open up 20 pages , have to go through them all to find the right answer
AI gets me the answer right away, though it likely is completely wrong or at least partially wrong. Either way, it gives me a general direction and with that I only have to search through one or two pages to confirm, so the same process is just a little faster.
I laso have used AI on a couple of occasions to ask it to write code for a complicated problem. Again, you don’t copy the code, god no, it’s always the worst, and it is in 80% of the cases still at least riddled with bugs, or just complete bullshit. However, it might give me an alternative idea or a direction to take to implement or fix this complicated feature problem.
That’s the extent to which I’ve used AI and for the foreseeable future that won’t change because AI still can’t code. It’s still wildly flailing around and it might produce something that implements a certain functionality, but it’s a guarantee that that functionality will have more bugs and security holes than features
I understand this comment. AI sometimes saves a ton of mental power and time when I’m stuck on an issue. It can give some really good suggestions. Also, AI is a godsend for frontend shit. I don’t care what y’all say, I’m never touching CSS and HTML ever again. lmao.
Nah, wouldn’t do that. CSS needs to be well designed to function properly, you need actual developers for that or you’ll screw over your users.
But yeah, to give quick pointers and ideas to flesh out, it’s reasonably useful
If that is enough to warrant it’s extreme energy use, the spread of AI slop everywhere, the pollution, the uncontrolled datacenter expansions, the explosion in hardware costs it created, the countless death and suffering it caused through AI psychosis, the AI childporn bots (hello grok, are you still the world’s biggest child porn producer or did Elmo finally reign you in to again be mecha Hitler?), the…
Long story short, AI will likely end this world in a long list of fucked up ways, I don’t think it’s worth it
Until then, I’ll use it as a suggestion tool, not much more
Bro, what the hell. Lmao. “Hey AI is horrible in all ways and is doing harm to the planet and people and kids, but I’ll use it regardless. Hear me I’m a good guy. I hate AI, but I’ll use it”. That’s virtu signaling, isn’t it?
It’s not virtue signalling, I know very well what I’m doing is hypocritical at best, but it’s also unavoidable for me. For one, I’m using it like this at work where they’d love nothing better than for me to start vibe coding. This is the compromise I’ve been able to make so far.
No judgement. I just thought it was funny.
I am also a developer and agree entirely.
Asking for advice, examples or the occasional boilerplate is at most how I use AI and certainly not integrated directly into my IDE.
I switched to Gotify when I ran into an issue where ntfy would delete old api tokens when creating more than 20. Only thing missing in Gotify is UniversalPush, other than that it feels actually more solid than ntfy to me.
