You must log in or # to comment.
What is/was huntarr? I love posts without any context.
I guess it was supposed to be a successor to the *arr stack (radarr, lidarr , sonarr, etc). If you’re not familiar, they automate the downloading & organization process for movies, music, and tv.
I’m sure a successor will come around when room forms for them, I don’t know of a reason any of the core *arr stack should need one. If you know of one don’t hesitate to share, I’m just not really aware of any, they are awesome to me.
I would love to see alternatives/replacements to them that are less opinionated. If you aren’t ready to consign your entire library to destructive edits and file replacements then it really is hard to fit any arr program into your workflow. Because I have a few files I want to keep pristine and a few opinions on what gets downloaded, I’ve hit a snag every time I try to set up any arr program. Lidarr, for example, simply refuses to allow a root dir to be read only. I still have yet to get any up and running.
Personally I hate that sonarr is stuck on thetvdb when plex/jellyfin both primarily use tmdb. Usually it’s fine but for certain shows the differences can be unreconcilable.
I’ve been eyeballing https://github.com/maxdorninger/MediaManager but haven’t gotten around to it yet
Maybe it is a necessary evil…
I always get into problems with old shows/anime when I stick with Plex’s tmdb… If I switch to tvdb all my issues are gone.
Personally I prefer my software to give me options, I hate when stuff like this is picked for me when equally valid options exist
There was no reason for this in the first place in my opinion. The ONLY positive use I can see would be managing the whole arr stack from one place, but I imagine you would still need to manage individual shows\movies\whathaveyou if it wasn’t found in the first place.
I have my stacks set up to auto upgrade and find missing stuff already. It’s literally built into their programming. I manage them individually and anything that isn’t found on my indexers I typically go out and find manually as needed (old or very obscure media).
Not really sure what this bought anyone at all other than an extra layer of convenience?
Seems to be some sort of a tool that scans your media library and fetches missing media (the one that failed to download or something)
I am getting very annoyed reading “What is Huntarr?”, “The Real Problem: Why You Need Huntarr” and “Understanding the Gap Problem”. Am I too non-native english speaker to understand it or is it really the same 3 paraphrased paragraphs?
As the code was vibecoded, I guess that landing page was also llm generated, that could be the reason for the duplicate sections.
I’m desperate for a community driven review system for open source. We’re drowning in vibe-coded slop, and I honestly don’t have the time or a good slop detector to audit every tool I download. I know I should be checking under the hood, but the sheer volume of low-quality projects makes it impossible to keep up
You’re here, that’s a good start…
I tend to look at a project’s Issues tracker, that gives me a feel for how the author(s) deal with feedback… some projects have hundreds of open tickets with barely any interactions, yet code updates “2 days ago”.
Being here and reading about who’s using what will help remove the major outliers
All opensource needs more eyeballs, which is still the advantage over closed source.
Sounds like the solution would be a public code sharing platform that specifically bans AI generated code. Then, at least, we’re moving in the right direction. Do any alts to GitHub provide such a rule?
It doesn’t need to be perfect nor catch every offender. No need for magic AI-coded detection sauce. If it just detected slop, human or otherwise, and obviously AI-written code, with a reporting mechanism for user-driven monitoring, that could be a good start
But, should we worry about it being a source for AI companies to scrape? How should we deter that?
This is what good distros do, well some of them, I don’t think low touch repos like AUR/Homebrew/PPA’s would catch this, but I doubt huntarr will ever make it to Debian.
Ofc the trend of running upstream unverted containers undermines this.
Vibe-coded slop is horribly insecure and the dev doesn’t understand the codebase?
shocked_pikachu.png
I don’t run 'arr anything, but that’s pretty wild.
Yeesh, in the hour since this has been posted the developer has:
- Made the /r/huntarr subreddit private
- Wiped and deleted their Reddit account
- Deleted the GitHub repo for Huntarr
I can’t believe they banned that user for calling them out.
Thry sound like arrseholes
They banned the user that did the robust cybersecurity audit. They banned everyone who pointed it out or linked to the post or mentioned it. They took the subreddit private. The clown dev has a donate feature and claims that it will be used to put his daughter through school. Just scum all around.
From the original thread, I bring forth this comment from user sdrmme:
Huntarr2
Too good not to share.
Holy shit you unlocked a hidden memory I forget existed. Thank you.
What do you mean?, I don’t get what he/she is talking about.
“If you type your password, it automatically gets filters into asterisks. For example, my password is ********!”
Someone believed this. His password was hunter2.
******** ?
Not sure what you mean. I just saw asterisks.
Wow i literally just setup huntarr last night. Guess ill make sure its only accessible on wireguard.
This developed further. Better be done with it and stay safe. Read the linked reddit thread for info.
How so?
Vibe dev literally deleted the GitHub, the reddit and his accounts after being called out.
Looks like Huntarr’s presence on Github is suddenly gone and their sub went private.
I’m not so much worried about ‘vibe coding’ as long as the dev actually knows the validity of the code presented in the LLM. At that point, the LLM becomes the assistant, not the dev itself. However, if I were to speculate, this dev team didn’t, got called on it, didn’t know how to respond or validate the code, so they closed up shop.
The term ‘vibe coding’ I think was originally about generating and using code without understanding it
Yeah doesn’t sound like vibe coding if you actually go through the necessary dances anyway, i.e double-check the produced code and validate it and actually understand it and the domain.
Edit: But almost nobody does. Because then you’d rather just write it yourself and save time, money and energy…
Well, I have used LLM to do code for in house type stuff. Very simple. In that scenario, it’s fairly good. I’ve found that LLM are good at compose files for instance. But that’s much different than producing a piece of software for thousands of people to use with confidence. Especially when dealing with anything 'arr and the mitigation that takes place to operate that in a secure, private, and anonymous manner.
That is some wild shit. Anyways for anyone else somewhat new to all this: when hosting anything, try to stick to reputable projects 1st and be always wary of shady installation tactics (I believe yesterday someone posted about curl bash. This is just a single example). If you want to try something new (as in brand new project), try it isolated 1st on some VM (proxmox helps a lot with this). When you are confident and more people give an approval, then think about putting on the main environment
try to stick to reputable projects 1st and be always wary of shady installation tactics
One of the first things I look for are longevity, last updated/activity, and then I look at the issues posted and responses. I like mature apps because I don’t possess the intelligence to audit code.
Hey friend, don’t undersell yourself. You do possess the intelligence, but maybe just not the skills.
Well, you’re very kind. I do know some coding, as in basic stuff. I can get around as it were. Most of it was learned from manually typing in pages of code from outlets like Byte magazine (zoom in) only to find out when you went to run the program, that you left out a semicolon on line # 5362 and a errant indent on line # 9241.
The huntarr project released a new docker image 3 times a day…
So that takes care of the ‘last updated/acticity’ portion of the trifecta. How about longevity and issues posted and responses. I really know very little about the project as 'arr apps aren’t my bag.
My point was that the frequency of updates doesn’t correlate with quality at all
curl bash is not as bad as people think. Nobody downloads and reverse engineers binary packages off of these websites before running them with the same permissions.
Yes and no. It is definitely absolutely bad And yes people do embed things in binaries
