According to the release:
Adds experimental PostgreSQL support
The code was written by Cursor and Claude
14,997 added lines of code, and 10,202 lines removed
reviewed and heavily tested over 2-3 weeks
This makes me uneasy, especially as ntfy is an internet facing service. I am now looking for alternatives.
Am I overreacting or do you all share the same concern?
You must log in or # to comment.
It looks like that tool is more or less built by a single developer (you already trust their judgment anyways!), and even though the code came through in a single PR it was a merge from a branch that had 79 separate commits: https://github.com/binwiederhier/ntfy/pull/1619
Also glancing through it a bit, huge portions of that are straightforward refactors or even just formatting changes caused by adding a new backend option.
I’m not going to say it’s fine, but they didn’t just throw Claude at a problem and let it rewrite 25k lines of code unnecessarily.
Yeah, I mean, with or without AI, I’ve always only had a big pull request for releases, from a stable release branch into the main branch, the release branch would be a merge of various branches or just be worked on directly on various stages.
One big pull request doesn’t really mean anything.
Wow a differentiated opinion on AI use :)
Any AI usage immediately discredits the software for me, because it calls into question all of their past and future work.
Oh boy, do I have bad news about 90% of the internet for you…
Linus sent an email recently to the Kernel Mailing List trashing AI slop and rejecting AI generated patches. The fact that he used it to play around with a script doesn’t invalidate the fact that he distrusts code written by LLMs when it actually matters.
you mean this statement? https://www.theregister.com/2026/01/08/linus_versus_llms_ai_slop_docs/?td=rt-3a
If yes, your statement does not really match what Linus said.
@ueiqkkwhuwjw just this quote at the start of the release notes
> 14,997 added lines of code, and 10,202 lines removed, all from one pull request
This is already a major red flag even without the ai stuff right? Can’t believe anyone would flaunt that like this.
The “single pull request” is a merge release from 79 separate commits. It’s the sum of all work, it doesn’t mean all of it was changed in one go.
Uh. I’d really prefer if people experimented with new technology a bit more cautiously and not directly jump to “the biggest release […] ever done”.
Upvote and comment on: https://github.com/binwiederhier/ntfy/issues/1645
Thanks for the link! As a short aside for the other people here: Try not to spam developers. That usually achieves the opposite and makes them miserable, when we want them to not burn out, and write good software for us. A thumbs-up emoji is the correct reaction for the average person. Or for the pros - a code-review highlighting specific issues within the code.
Yeah, this is now inherently untrustworthy. Better to switch to an alternative.
Do you know any? I’ve never really looked beyond ntfy.sh until now
I only know NextPush (Nextcloud App), but there is also something called Autopush I think?
There’s SunUp on F-droid, but I don’t know anything about them.
That’s from Mozilla, another AI company…
Ugh, seriously? Great…
(Edit) I don’t think this is true? They use Mozilla’s push services, but nothing about their Codeberg repo (yes, it’s on Codeberg, not Github) indicates they’re part of Mozilla.
The app itself might be fine, but you are either using the Mozilla services or the backend written by Mozilla. Sadly Mozilla has lost all the good will it had and is just another silicon valley AI company these days, and seems to prefer it that way.
Sure. All I said was that it doesn’t actually seem to be run by Mozilla, like you implied it was.
The push service is run by Mozilla. Master of reading comprehension, I bow to you.
Read the README
How about you tell me what you see that I missed?
Self-host
It is possible to host your own Autopush server. Autopush is designed to work with Google BigTable but it is also possible to use it with redis.
For this:
- Clone Autopush
# mozilla-services/autopush-rs
Autopush-rs
Mozilla Push server built with Rust.
By using Sunup, your are going to have to trust Mozilla.
If you use ntfy for UnifiedPush: https://unifiedpush.org/users/distributors/
Definitely share your initial concern. Without strong review processes to ensure that every line of code follows the intent of the human developer, there’s no way of knowing what exactly is in there and the implications for the human users. And I’m not just talking about bugs.
They say it’s reviewed, but the temptation to blindly trust is there. In this case, developer appears to have taken some care.
The code was written by Cursor and Claude, but reviewed and heavily tested over 2-3 weeks by me. I created comparison documents, went through all queries multiple times and reviewed the logic over and over again. I also did load tests and manual regression tests, which took lots of evenings.
Let us hope so. Handle with care to ensure responsibility is not offloaded to a machine instead of a person.
Yeah, it could easily have added a couple of lines of code that sends everything to Northern Korean hackers because it found that in a bunch of repositories or just logging passwords to public logs or other things an experienced developer would never do. “AI” only replicates what it sees most often and as more spam and junk repos are added to its training data because “AI” companies are too concerned with profit to teach it properly, it could do tons of random stuff. It’s like training a developer by giving them random examples from the internet rather than specific ones. Of course they pick up bad habits. Even if it “works” it is almost never efficient or secure.
Look, if he wanted to introduce AI code, whatever, but doing it all at once in a 14k line change is crazy.
Surely it would be better to introduce AI by letting it handle misc changes here and there instead of starting with the “biggest release ever done” (his words), no?
Definitely time to find an alternative. What the actual fuck is this
If you use ntfy mainly as a Unified Push distributor on Android, then I highly recommend switching to a XMPP client that can do the same.
I was also using it for notifications but I’ll probably switch to E-Mail for that and find an alternative UP distributor.
Do you recommend an app?
The first three on this list can do it: https://joinjabber.org/docs/apps/android/
Explanation here: https://joinjabber.org/tutorials/service/unifiedpush/
I can see the pragmatic appeal. Maintaining a lot of code for an open source project is thankless. Go is designed for idiots like me so it makes sense that an llm should be able to emit code that mostly works. There are classes of errors that are less likely in Go and the compiler and linting will prevent some foot guns and then it would have been tested.
Ethically I hate anything to do with the llm industry and all it represents. I hate the environmental impacts. The social impacts. The disregard for intellectual property. The devaluing of human effort. The scam economics. I won’t use anything touched by it on principle and if that means walking away from a dead Internet so be it. There is enough pre-2020s books, audiobooks, movies, music and code to keep me interested for the rest of my life.
That’s it. Fuck AI.
Oh ffs…
Thanks for the heads-up
I just set up a ntfy server for Unified Push earlier this week to use with Matrix. Now I have to turn around and immediately replace it…
You could, in the meantime, simply not upgrade to the version that uses AI.
Since, from what I’m seeing around, people are having issues looking for an alternative.
I’ll embrace the inevitable fork.
ts getting you pinned to 2.17 in the compose file 🥹🤞🥀
I’d run for the hills
There are so many issues with AI
Uovote and comment on: https://github.com/binwiederhier/ntfy/issues/1645
Please add this to the post.
