Hey all,

I was looking for a Youtube downloader to self-host, and when I found one that looked really great, it was no longer functional. So, I vibe-coded a new one.

Hermes is a front end app and a REST API for yt-dlp.

This is fully functional but I just got it on Github so give me a few days to publish images. But, feel free to clone it down now and build it yourself!

https://github.com/TechSquidTV/Hermes

  • Daniel Quinn@lemmy.caEnglish
    102·
    4 hours ago

    “Oh hi! Here’s some code. I didn’t write it and don’t understand it, but you should totally run it on your machine.”

  • papertowels@mander.xyzEnglish
    301·
    12 hours ago

    I appreciate the spirit, but to shine some more light around the negativity you’re seeing in the comments, it’s a lot to ask for others to run your code on their machines. If you want folks to be running in docker, that’s oftentimes basically giving root access.

    If I’m giving root access, I’d at least want for the person who wrote the code to have a thorough understanding of what the code, which once again is running as root on my home network, is doing.

    The LastPass hack a few years back was enabled by a self-hoster running an outdated version of Plex on their personal machine. There is weight in choosing what software to run and support in your personal setup. The negativity you’re seeing is due to the belief that vibe coding, while able to produce something functional, is not reflective of solid, sustainable, and secure software development practices, and simply does not meet the bar for code to give root access to. It’s (probably) not personal.

    • TechSquidTV@lemmy.worldOPEnglish
      323·
      11 hours ago

      virtually all home server setups run docker compose. No one is complaining about Docker, they’re complaining about AI. The code is immaculate. Its fully tested as well. No one has looked at the code, they’ve just complained.

      Also idk where you heard Docker is like giving root, thats just not correct on multiple levels. If it were a privledged container, which is unnecessary, then we could have a discussion. If you want a daemonless service, use podman. Use anything you want, the source is there. Docker is not a requirement but is certainly not an issue in any way.

      • papertowels@mander.xyzEnglish
        11·
        8 hours ago

        When you run a self-hosted application, do you first go through and read all the code? I don’t, I’ll tell you that. I’m going to assert that most folks don’t, and unless I hear otherwise I’ll assume you don’t read all the code for every self-hosted application you use.

        No one is complaining about Docker, they’re complaining about AI

        Correct. Saying you “vibe-coded” something up suggests that you didn’t do it yourself, or at least was only loosely invested in it. If you didn’t put much time into it, then it’s not as vetted for folks. Running your code on someones homelab is then akin to pushing the new grads vibe-coded refactor into prod, which I think we all know is a bad idea. The mitigation for that is for the user to vet the code themselves, which we already asserted earlier doesn’t really happen in practice. So we have two options, either push the vibe-coded refactor into prod, or acknowledge that we’ve introduced an additional requirement onto the users to vet the code themselves. Both are not ideal. I’m proposing that it is that friction that you’ve introduced that folks are upset about. The docker issue was just brought up as an example of what could go bad by running poorly vetted code on a machine.

        Also idk where you heard Docker is like giving root

        If I’m not looking through all the code, then as a user I’ll just be following your included instructions, of which the recommended method is to fire up docker-compose. If docker-compose bind mounted mounted /, my understanding is that the container now has default write-access to the entire host - am I mistaken?

        • TechSquidTV@lemmy.worldOPEnglish
          18·
          8 hours ago

          It would, but that *would only work/be possible if *you are running docker as the root user. Though people OFTEN create a docker user that runs docker as root, which is a bad practice and source of confusion. Docker is plenty safe, but I don’t even want to argue that, it’s completely irrelevant. I don’t actually care how you run it. Docker compose is by far the standard for home server applications. You can use podman with it, it’s fine. You can skip it entirely and run it directly. These are merely options provided.

          Here is the install instructions for Sonarr, arguably the most famous example of something people self host. https://sonarr.tv/#downloads-docker

          They have non-docker instructions too of course, as do I. Am I correct that a few of you are mad that I included dockerfiles and docker compose examples in the repo? Where did I go wrong?

          • papertowels@mander.xyzEnglish
            8·
            8 hours ago

            Am I correct that a few of you are mad that I included dockerfiles and docker compose examples in the repo? Where did I go wrong?

            No, we’re not upset about docker. Did you read the majority of my last comment?

            Correct. Saying you “vibe-coded” something up suggests that you didn’t do it yourself, or at least was only loosely invested in it. If you didn’t put much time into it, then it’s not as vetted for folks. Running your code on someones homelab is then akin to pushing the new grads vibe-coded refactor into prod, which I think we all know is a bad idea. The mitigation for that is for the user to vet the code themselves, which we already asserted earlier doesn’t really happen in practice. So we have two options, either push the vibe-coded refactor into prod, or acknowledge that we’ve introduced an additional requirement onto the users to vet the code themselves. Both are not ideal. I’m proposing that it is that friction that you’ve introduced that folks are upset about. The docker issue was just brought up as an example of what could go bad by running poorly vetted code on a machine.

            • TechSquidTV@lemmy.worldOPEnglish
              17·
              8 hours ago

              I don’t care what you do but you are placing a lot of assumptions on the word vibe coded. If you’re interested, look at the code and see for yourself, that’s why it’s open source. If you aren’t that’s fine, because nothing is for sale here.

              • papertowels@mander.xyzEnglish
                9·
                8 hours ago

                Do you understand why folks are upset though?

                I have not had to look at the code for any other self-hosted application when considering whether or not to use it. You can say that this is a self-levied requirement due to the suspicions of vibe-coding, and I’d fully agree.

                I took a quick peek at your github profile, and you’ve been working on FOSS stuff before LLMs were a thing (thank you!), suggesting that you are more likely to actually know what you’re doing. However when you say you vibe-coded up an application, you’ve placed yourself in the same bucket as the vibe-coder who’s ai agent deleted a database despite being instructed that there was a code freeze. Yes, it was a developing product, and not prod, but yeah you’ve advertised that you use the same tools and techniques as this guy, which does not inspire confidence.

                • TechSquidTV@lemmy.worldOPEnglish
                  11·
                  20 minutes ago

                  Correct. I have been a developer for many many years and know what I am doing. Everyone making assumptions is an idiot

      • DoPeopleLookHere@sh.itjust.worksEnglish
        191·
        10 hours ago

        Hokay. So docker does run as root. Podman can run rootless, but docker does run as root.

        So if you have any vulnerabilities in your code, like say remote code execution, than your app already has access to root.

        Also, don’t pretend like your shit don’t stink. My code has bugs. And I’ve been at this a a decade. Your vibe coded thing isnt going to be secure because you probably don’t even know how to make it secure if you don’t know docker runs as root.

        Here’s where I interject my opnion

        Its fine to do this for yourself. If you wanted to hear how great your AI produced slop go to LinkedIn.

        When you share things to be used by others, you have a responsibility yourself. How will you monitor and package up security updates? What kind of depenecinies do you have? Are they up to date? Do they have any CVEs?

        There’s so much more to publishing than good intentions. Its fine to do something like this for yourself. But to publish and then absolve yourself of any responsibility is not a way to get taken seriously.

        • TechSquidTV@lemmy.worldOPEnglish
          115·
          10 hours ago

          No to be clear, open source code owes you absolutely nothing at all and has zero responsibilities. It’s important that you know that.

          • papertowels@mander.xyzEnglish
            11·
            8 hours ago

            Personally, whether or not this will be maintained in the future is the biggest reason why I’m unlikely to try this. If the main developer vibe-coded it up, then in my book there’s a lower chance that the codebase will be maintained in the future.

            If your response to “How will you maintain this?” is “nothing is owed”, it really cements the idea that this will not be maintained.

            If an application is unlikely to be maintained in the future, then the risk-reward ratio will rarely justify me incorporating it into my workflow.

          • cheesemoo@lemmy.worldEnglish
            8·
            8 hours ago

            Sure, you’re providing some code for free. Obviously you don’t owe anyone anything. But conversely, nobody owes you their time or attention just because you wrote something.

            If you want people to actually use your code, you probably need to take some responsibility. And listen to the criticisms others have shared here.

      • DoPeopleLookHere@sh.itjust.worksEnglish
        101·
        10 hours ago

        Also since you complained no one looked at your code, you have support for plain text passwords in your code. That’s a huge no no.

      • Natanox@discuss.tchncs.deEnglish
        91·
        11 hours ago

        The code is immaculate. Its fully tested as well. No one has looked at the code, they’ve just complained.

        Even if that’s correct it isn’t even the main reason why people are pissed about the use of AI. No matter if the code is “perfect” or not, it was created primarily using inherently immoral and outright dangerous tools.

        • TechSquidTV@lemmy.worldOPEnglish
          112·
          11 hours ago

          Ok but the comment I am responding to was specifically talking about that, so… irrelevant.

      • deleted@lemmy.worldEnglish
        84·
        11 hours ago

        I wouldn’t trust an ai code even though it is tested.

        It’s like living in a house built by 12 year old and the reasoning behind it that it didn’t collapse. Yet.

    • Nikkii@lemmy.blahaj.zoneEnglish
      374·
      13 hours ago

      At least they admitted it. That said, I’ll never fuck with anything ‘vibe coded’, AI sucks.

      • TechSquidTV@lemmy.worldOPEnglish
        1035·
        13 hours ago

        It sucks but you wont try it and have no frame of reference. Give it a download. Try it out. Give me your honest opinion without this weird bias about how it was made.

        • raspberriesareyummy@lemmy.worldEnglish
          1·
          2 hours ago

          That’s like asking the world’s best FPS gamers to “just try an aimbot”. Actual programmers do far better than a machine-learned bullshit printer.

        • GreenKnight23@lemmy.worldEnglish
          7·
          8 hours ago

          we are giving you our honest opinion.

          we don’t appreciate our hard work and efforts being stolen by companies and then slopped together by people who wouldn’t know the first thing about our community.

          take your slop somewhere else because it’s not welcome here.

      • raspberriesareyummy@lemmy.worldEnglish
        1·
        2 hours ago

        is this “AI” you speak of in the room with you right now? If you believe that machine-learned pattern recognition and word prediction algorithms are “AI”, you shouldn’t be left anywhere near a compiler or production code.

    • Avid Amoeba@lemmy.caEnglish
      14·
      14 hours ago

      Goddamn I’ve been looking (not too hard) for a “not so terrible” yt-dlp UI and not finding one for a while! This is exactly whay I needed. I recently setup Pinchflat and was thinking about shoehorning downloading from random sources in it. This should solve it.

    • TechSquidTV@lemmy.worldOPEnglish
      92·
      14 hours ago

      I saw that one and cobalt.tools. I liked cobalt better, but cobalt is currently broken. Honestly, I mostly just wanted a different style UI.

    • Eager Eagle@lemmy.worldEnglish
      4·
      13 hours ago

      lol the readme reads “a not so terrible” but the repo description reads like

      A terrible web ui and RPC server for yt-dlp

  • muusemuuse@sh.itjust.worksEnglish
    41·
    12 hours ago

    Was pinchflat flawed in some way? I’m all for having more options but if this uses yt-dlp anyway I’m not sure this is contributing to anything.

    • TechSquidTV@lemmy.worldOPEnglish
      34·
      11 hours ago

      pinchflat I hadn’t seen that one before. No it’s pretty similar to be honest. I am planning on small feature that would make it slightly different but, ya same idea. I do like my UI more 🤷. That was my main issue with most of the existing ones that I had seen, I just didn’t liek the UI. Except for cobalt.tools, but it’s broken.