Using huntarr? Perhaps you shouldn't. (old.reddit.com)
from ieGod@lemmy.zip to selfhosted@lemmy.world on 23 Feb 18:30
https://lemmy.zip/post/59649386

#selfhosted

threaded - newest

irmadlad@lemmy.world on 23 Feb 18:39 next collapse

I don’t run 'arr anything, but that’s pretty wild.

Yeesh, in the hour since this has been posted the developer has:

  • Made the /r/huntarr subreddit private
  • Wiped and deleted their Reddit account
  • Deleted the GitHub repo for Huntarr
Bishma@discuss.tchncs.de on 23 Feb 18:40 next collapse

Looks like Huntarr’s presence on Github is suddenly gone and their sub went private.

irmadlad@lemmy.world on 23 Feb 21:21 collapse

I’m not so much worried about ‘vibe coding’ as long as the dev actually knows the validity of the code presented in the LLM. At that point, the LLM becomes the assistant, not the dev itself. However, if I were to speculate, this dev team didn’t, got called on it, didn’t know how to respond or validate the code, so they closed up shop.

infeeeee@lemmy.zip on 23 Feb 18:51 next collapse

What is/was huntarr? I love posts without any context.

Kirk@startrek.website on 23 Feb 18:54 next collapse

I believe it was supposed to monitor your jellyfin library and look for potential upgrades.

traches@sh.itjust.works on 23 Feb 19:22 collapse

I guess it was supposed to be a successor to the *arr stack (radarr, lidarr , sonarr, etc). If you’re not familiar, they automate the downloading & organization process for movies, music, and tv.

ITGuyLevi@programming.dev on 23 Feb 22:16 collapse

I’m sure a successor will come around when room forms for them, I don’t know of a reason any of the core *arr stack should need one. If you know of one don’t hesitate to share, I’m just not really aware of any, they are awesome to me.

ZeDoTelhado@lemmy.world on 23 Feb 18:56 next collapse

That is some wild shit. Anyways for anyone else somewhat new to all this: when hosting anything, try to stick to reputable projects 1st and be always wary of shady installation tactics (I believe yesterday someone posted about curl bash. This is just a single example). If you want to try something new (as in brand new project), try it isolated 1st on some VM (proxmox helps a lot with this). When you are confident and more people give an approval, then think about putting on the main environment

irmadlad@lemmy.world on 23 Feb 19:14 next collapse

try to stick to reputable projects 1st and be always wary of shady installation tactics

One of the first things I look for are longevity, last updated/activity, and then I look at the issues posted and responses. I like mature apps because I don’t possess the intelligence to audit code.

i_am_not_a_robot@discuss.tchncs.de on 23 Feb 21:53 collapse

curl bash is not as bad as people think. Nobody downloads and reverse engineers binary packages off of these websites before running them with the same permissions.

brickfrog@lemmy.dbzer0.com on 23 Feb 18:59 next collapse

Earlier post lemmy.world/post/43496203

Bakkoda@sh.itjust.works on 23 Feb 19:29 next collapse

Exposing any of the Arr stack to the internet is just bad practice in general IMO but bad actors will always be out there so it’s even more of a reason to practice good security.

I used huntarr for a minute and found it utterly useless. Didn’t trigger searches like it said it was doing. Uninstalled it after about 5 minutes.

gravitas@lem.ugh.im on 23 Feb 19:54 next collapse

Wow i literally just setup huntarr last night. Guess ill make sure its only accessible on wireguard.

prenatal_confusion@feddit.org on 23 Feb 20:17 collapse

This developed further. Better be done with it and stay safe. Read the linked reddit thread for info.

buffing_lecturer@leminal.space on 23 Feb 22:11 collapse

How so?

[deleted] on 23 Feb 21:06 next collapse
.
LiveLM@lemmy.zip on 23 Feb 21:32 collapse

From the original thread, I bring forth this comment from user sdrmme:

Huntarr2

Too good not to share.

r00ty@kbin.life on 23 Feb 21:38 collapse

Not sure what you mean. I just saw asterisks.