Someone made a 128k line PR to OpenCut
github.com

102 points

agtestdvn

2 days ago

96 comments

soraminazuki a day ago

This shouldn't be flagged. This is a new type of spam that will have serious consequences for open source.

LLMs have made it possible to effortlessly produce plausible looking garbage at scale and open source maintainers will soon have to deal with a high volume of these PRs going forward.

Just look at how much spammers it attracted when Digital Ocean offered free T-shirts to open source contributors [1]. Now, imagine what will happen when job prospects are involved and anyone can mass produce plausible looking garbage PRs in one single click.

LLMs will accelerate maintainer burnouts in the open source world and there's no good solution for that right now.

[1]: https://news.ycombinator.com/item?id=24643894

  • aydyn a day ago

    There is actually a really simple solution to this: auto reject PRs from people you dont know.

    If someone is new to the project, ask them to write an issue explaining the bug/feature and how they plan to address/implement it. Make them demonstrate a human understanding of the code first.

    This is not a purely technical problem but a social one too.

    • rowanG077 5 hours ago

      How will that help? LLM are more coherent and better at communicating than a lot of developer.

    • soraminazuki a day ago

      Making people go through hoops will just discourage legitimate potential contributors and not stop AI slop. LLMs are good at generating legitimate sounding wall of text. Without actual code, it'll be harder to distinguish legitimate contributors from spammers.

      • phaistra 20 hours ago

        You could ask the submitter to show a quick video recording of the new feature being used. Or if its a bugfix, show the failure scenario and then the fixed non-buggy scenario. If they can't be bothered to show a basic before/after demo of whatever they are working on, then you probably don't want to work with them and accept their code changes anyway.

      • aydyn 20 hours ago

        People already go through hoops and live with it just fine. I don't claim to have the best solution but fundamentally its a social problem and therefore solvable. Perhaps some form of chain of trust.

fn-mote a day ago

The discussion here is amusing to read, but this is obviously a submission to instant-reject. No need for waste your time reading the PR, and I’m sure the maintainer won’t.

This is like spam making the front page of HN. Why?

  • cloudbonsai a day ago

    I actually checked the PR because I was curious if a cutting-edge AI can generate 128k lines of quality code. I mean, if that's true it's great!

    Here is what I noticed while reading the PR:

    - The PR has surpurisingly little meat. It contains 128k lines, but most of them are AI-generated documentation (86K lines, 68%). It also contains 9K lines of AI-generated tests (7%). So the actual code is just 32K lines (25%).

    - For what it's worth mentioning, the documentation is bad. It mostly feels like a copy-and-paste from someone's LLM session. You can check it out yourself: https://github.com/OpenCut-app/OpenCut/blob/b883256/docs/iss...

    - I have no deep understanding of OpenCut project, but the code seems buggy? I observe that it casually removes a few logics from the original code without any reason. So it's plausible that the PR is not only useless but harmful to merge.

    So my takeaway is that a latest commercial LLM is not getting there, at least yet.

    • phendrenad2 a day ago

      Great, so now the old "add 30k lines of auto-generated selenium tests to a project and put it on your resume" has a new AI step that amplifies it to 130k lines.

    • potato3732842 a day ago

      >- The PR has surprisingly little meat. It contains 128k lines, but most of them are AI-generated documentation (86K lines, 68%). It also contains 9K lines of AI-generated tests (7%). So the actual code is just 32K lines (25%).

      When you hear about a huge PR or change this should be your default assumption regardless of whether AI or otherwise.

      Most huge PRs are only a few thousand lines of "serious logic" code. That code then spawns a bunch of duplication of logic, stuff like adding a dozen few thousand line handling routines to convert a dozen inputs into some single thing. Those then spawn several times their own line count in docs and tests and whatnot.

  • brookst a day ago

    It’s got something for everyone.

    1. Outrage is fun! 2. “This confirms my biases!” 3. It’s kind of a funny extreme of bad behavior we’ve all had to deal with

  • bbor a day ago

    It's interesting and funny and indicative of a broader problem in open-source development, reaching not only technical projects but also stuff like Wikipedia. 90% of the reason I'm here is for the discussion, not literally for the links to news -- there's much better ways to curate news directly to my phone these days.

    Plus, again: it's just downright funny. It starts funny b/c he's clearly well-meaning ("I do not think this can be directly merged into the project"), and then you get to the part where there's 300+ commits (20 of which are just "Updated project files") and you just can't help but crack a little smile!

  • morkalork a day ago

    It's novel spam? At least today it is, tomorrow probably not. 128k is impressive!

  • bwfan123 a day ago

    Because we need to celebrate BullShit at scale ! and celebrate the fearless data-scientists turned software engineers who aided by AI are setting PR records while we software engineers watch with envy and sarcasm.

bee_rider a day ago

I wonder, based on the start of the thread:

> I do not think this can be directly merged into the project. I think it requires some manual reviewing if something (I mean some part of code) is useful for the project development.

It seems like maybe his idea was to make a bunch of code, and then see if the maintainers want to pluck anything out of it. This is, of course, not how things are done and not very helpful. Projects don’t need a bunch of AI generated brainstorming. But, I guess, at least it seems well-intentioned? Over-enthusiastic.

  • thih9 a day ago

    My guess is they wanted to share some ideas; as in: what features could be added and what would an example implementation look like. They have no interest in deeper discussions or in forking the project.

    To me a large PR with a disclaimer that it should not be merged seems a decent way of doing this and better than not sharing anything at all.

    But I see how this could get distracting if more people do this. I assume this is a one time thing. In future I would recommend creating some fork with a note that it is not going to be maintained.

    • bee_rider a day ago

      It just seems overwhelming and, therefore, very unlikely to get any traction. But I guess we’ll see.

    • em3rgent0rdr a day ago

      Better if the submitter opened a feature request clearly describing the feature. As part of such a request, they could provide some screenshots and maybe a link to their AI-slop generated code for anyone curious to demo as a proof-of-concept, but without burdening any human with having to look at the slop.

  • blitzar a day ago

    Low signal, high noise. Why waste time looking for the needle in the haystack?

delecti 2 days ago

The fact that this wasn't immediately rejected with a stern "GTFO" tells me the project maintainers have way more patience than me.

  • gpm a day ago

    I don't see any evidence that a maintainer has responded? It looks like all the responses are by

    - Some bot the maintainers are using to do preliminary code review

    - Trolls saying "lgtm" and the like.

kelseyfrog 2 days ago

> A .claude/settings.local.json

We'll at least it's easy to find the root cause of the problem :/

  • tyre 2 days ago

    I don’t think that’s the root cause here. The submitter decided that a 128k line PR was a good thing.

    AI is a tool. The problem is software engineering best practices (small, reviewable, incremental self-contained PRs.)

    • rurban a day ago

      No, he did not. He said it was bad thing. He presented a couple of new features for discussion, with a new electron target. He decided to split it up into individual PR's after positive feedback.

    • hsbauauvhabzb 2 days ago

      The problem is I can automatically ban tabs if I don’t like them. I Can limit the number of characters per line with a script. I cannot prevent you from sending prs with AI slop, nor can I easily detect it

      • Aeolun a day ago
        2 more

        You can make a bot that auto rejects everything over 5k lines though

        • hsbauauvhabzb 2 hours ago

          ‘Hey claude, break this up into 1000 line commits!’

      • cr125rider a day ago
        8 more

        Ah if you can’t easily detect it, wouldn’t that mean it passes muster?

        • p1necone a day ago
          3 more

          Human beings make relatively predictable mistakes, to the extent that I can skim read large PRs with mental heuristics and work out whether the dev thought carefully about the problem when designing a solution, and whether they hit common pitfalls etc.

          AI code generation tends to pass a bunch of those heuristics while generating code that you can only identify as nonsense by completely understanding it, which takes a lot more time and effort. It can generate sensible variable and function names, concise functions, relatively decent documentation etc while misunderstanding the problem space in subtle ways that human beings very rarely do.

          • shadowgovt a day ago
            2 more

            Sounds like it raises the bar on verification requirements.

            ... In a world where someone almost compromised SSL via a detail-missed trust attack... Maybe that's okay?

            • hsbauauvhabzb 15 hours ago

              It’s easy to point out case studies of humans when AI is relatively new and case studies of its commits are limited.

        • handsclean a day ago

          No. They’re not hard to detect because they’re good, they’re “hard” to detect because understanding code takes time, and you’re putting that work on the maintainer.

          I find it hard to believe that people who don’t intuit this have ever been on the receiving end. If I fill up your email inbox with LLM slop, would you consider that I’ve done you a favor because some of it’s helpful? Or would you care more about the time you’re wasting on the rest, and that it’d take longer to find the good bits than to make them yourself, and just block me?

        • 112233 a day ago

          That's like saying if you could not tell the person calling you was a scammer and lost money, then the call passes muster.

          As long as the person submitting PR has put in the effort to ensure it is of high quality, it should not matter what tool they used, right?

          Well, overwhelming majority vibies seem not to. Welcome to "block all chinese and russian IPs" era, open source AI edition.

        • hsbauauvhabzb 15 hours ago

          If I want to ban variables that end in an ‘S’ I can, and I can write a script to detect them.

          I want to ban AI PRs because they cause technical, social and potentially legal problems, but I can’t. If I put a policy in place, people will ignore it, and I can’t write a script to detect it.

          This will cause problems for many open source products because ignorant accidental and/or wilful ‘contributors’ will choose to do so and now the responsibility on me is to detect their contributions at scale.

      • johnisgood a day ago
        3 more

        It depends. Could you easily determine in this case that it was "AI slop"? I have used LLMs before for PRs, but not with having my brain turned off, and it got merged because it was legitimate, and I would have never sent the PR without doing my own careful review. I may be in the minority, who knows.

        • hsbauauvhabzb 15 hours ago
          2 more

          You are a minority.

          • johnisgood an hour ago

            That is quite sad if this is true. I would have never submitted a PR without knowing everything about the code I had generated. I manually looked up the RFC for test vectors, because the LLM sucked at it, and I generated the tests and made sure it is correct and in accordance to the RFC. The test included edge cases, too, and all the tests found in the RFC. I had to know a lot, and do my own research a lot, for the LLM to be useful, to be honest. I do not think LLMs are there (yet at least).

    • lokar 2 days ago

      [flagged]

bob1029 a day ago

This is a perfect example of a PR that makes GitHub's react client run like shit.

Click on the Files changed tab and start scrolling if you want to see for yourself. It wasn't always this way. There was a time when you could review PRs containing 500+ modified files without any jank.

Ancalagon 2 days ago

How much do we think was spent on claude code for this?

  • Arrowmaster a day ago

    He's still going. Just saw a new commit using Claude to add .vscode to .gitignore and untrack the files. How much did it just cost to do something that can be done in two cli commands.

cadamsdotcom 2 days ago

This is a fork.

We are going to have to learn some new etiquette with this new tech, but that’s always how it’s been.

  • dgfitz a day ago

    I appreciate your point and your candor, however forking is not new tech. This 'etiquette' is not at all new.

mat_b a day ago

The attitude of "I will do only the fun part. I'll create some barely workable code and expect others to fix it" existed long before AI code generation. Vibe coding is really enabling it to be taken to another level.

  • soraminazuki a day ago

    > The attitude of "I will do only the fun part.

    It would've been better if the PR author actually had any fun thing they wanted to do. They didn't, hence the PR title "Try to help but need some help." This PR literally has no purpose.

a2128 a day ago

I had a pull request like this on my project somewhat recently, thousands of files changed, the author seemed unsure of what exactly they added, and names suggested use of AI tools.

I think it's a cool use case for AI, for non-programmers to be able to customize open source software for themselves with AI tools (just hope it doesn't introduce a data loss bug or security vulnerability...) But obviously these tools as of today will make an absolute mess over time without a lot of guidance, and being a non-programmer makes it impossible to give it that guidance. I guess it's fine if the only user is the non-programmer and they're never gonna maintain it themselves, but sometimes they assume some of the code somewhere will somehow be useful for the project and so they open a pull request like this without realizing the insanity they're doing

RGBCube 2 days ago

Holy slop.

This does reflect my experience with Claude Code too. It just writes TOO MUCH damn code. It's never able to understand the tiny change that would make the software actually be better without guidance, and at that point I'd rather write it myself.

It's fine for gruntwork though.

  • Ancalagon 2 days ago

    my experience as well - it would rather re-invent the wheel over and over

    • tough 2 days ago

      their owners charge per token so...

      • kirb a day ago

        On the Pro tier, it’s a fixed monthly price with fixed quota per 5 hour window.

        That said, every time I’ve tried it, it’s spent ages writing code that barely works, where it keeps writing over-engineered workarounds to obvious errors. Eventually, it gives up and decides broken is good enough, and returns to the prompt. So you still have a point…

  • blitzar a day ago

    It was trained on the code the finest leet coders wrote. I do wish it would look at my existing code base and write more shit code like I write.

  • koakuma-chan 2 days ago

    Looks like it's mostly tests and AI specs.

    • azemetre 2 days ago

      It all amounts to chargeable tokens in the end.

      • brookst a day ago
        2 more

        Conspiracy theories need to at least have a passing compatibility with reality. Anthropic loses money with more tokens used to solve the same problem.

        • azemetre 21 hours ago

          Is it really a conspiracy theory that these companies want to charge by throughput? What exactly is out of the realm of possibility when these companies literally charge by the token...

  • genewitch 19 hours ago

    This isn't directed at you, but rather the general "A!", "No, A is no good. B!" thing that HN does. Lots of people swear by Claude Code on HN; nearly any post that could shoehorn an AI discussion has someone saying "But I just use Claude Code and it works fine!", with others saying that gemini is better if you pay, etc.

    The issue is, very few actually publish the AI code. I have, at least three times on HN. I don't pay for AI - well, i put $10 on deepseek to check it out and have spent less than a penny. I mostly use local or copilot. I've never used chatgpt to write code, nor claude, gemini, grok, or meta.

    So, the result is, this comes off as:

      "My football team is best because A,B,C!"
  "No, A & B aren't important, C,X,Y are, and my football team has those!"
  "So you agree C is important?"
    Anyhow, in support of my point, here's some of my AI output:

    https://news.ycombinator.com/item?id=44652138 I used copilot to add static, and fix the digits spoken to singular digits instead of groups, "7, 3, 4" instead of "seven hundred and thirty four." Done with copilot.exe; final version without pops, clicks, and crash at: https://github.com/genewitch/opensource/blob/master/numbers-...

    https://github.com/genewitch/opensource/blob/master/specific... and https://github.com/genewitch/opensource/blob/master/markov%3... to convert n-gate to json and then put the json into a markov chain. Done with copilot.exe

    https://github.com/genewitch/aider2048clone A local 70b LLM model oneshot with Aider (a tool to write codebases with AI); oneshot means i typed a prompt and then published the output, i didn't edit or change anything or re-prompt.

    and the oldest, and my favorite example so far; https://github.com/genewitch/emd A full react app stack - including the node.js 'server.js', done in copilot.exe over the course of ~20 hours. I didn't manually edit the code except for one tiny part where the only math in the code is, and i worked it out on a piece of paper with a pencil, then coded it in myself. i couldn't explain it well enough to copilot for it to produce the code i wanted. Luckily the nuts and bolts of jscript is easy enough, it's all the const and "{}" that i don't "get".

    I've linked all of these on HN before, usually in protest to someone else not linking their code and/or complaining that no one links their code.

    none of these were "thinking" mode.

mgerdts a day ago

Coderabbit’s estimate of review time is interesting:

Estimated code review effort

5 (Critical) | ~90 minutes

  • teaearlgraycold a day ago

    Does anyone else feel like Coderabbit is mostly noise?

cadamsdotcom 2 days ago

Also can we get rid of “Someone” in the headline?

It’s very clickbaity as the identity of the “Someone” is one of the first things you see by clicking the link.

  • Terr_ a day ago

    It's not bait, so it can't be "clickbait."

    Nobody here is clicking out of a burning curiosity to resolve the PR-submitter's identity. We can reliably predict it'll be a random account that we've never seen before and will never recognize again.

    Analogy: It's like someone linked "A kitten doing somersaults." I don't care which kitten is involved, I'll click because I anticipate cuteness and amusing acrobatics. Replacing it with "Miss Mittens (a kitten) doing somersaults" is unnecessary.

  • Larrikin 2 days ago

    There is zero information gained by actually naming the person in the title. They are just a random contributor out of all the contributors on GitHub

  • kevingadd 2 days ago

    Is their name particularly relevant to the headline? If anything it feels like it might be beneficial to emphasize that it's not about the who here, but instead the what.

  • ranger_danger 2 days ago

    What would you prefer? Naming someone that nobody knows?

5pl1n73r a day ago

That begs the question: how big of a codebase can these tools generate that works?

(loop unrolling doesn't count)

  • fourthark a day ago

    Like anyone, it can always keep adding new code that “works”. The problem is that it’s causing other code not to work at the same time, and it doesn’t see that.

  • em3rgent0rdr a day ago

    More important than code that works now is code that can be reviewed and maintained so it will continue to work in the future. AI-slop, even moderately-sized, might pass the test cases and seem to work, but it is doubtful it will continue to work in the future, particularly if a code base continues to accept more slop.

dollylambda 2 days ago

The title on this PR "Try to help but need some help" LMAO

pengaru a day ago

I always looked forward to the day spammers would invade my free software projects with mountains of generated "contributions"

maxbond a day ago

I don't think we should be dunking on someone for saying, "I have no idea what I'm doing and I need help." This isn't hubris. They didn't think that this 100k line change would be accepted. They were just asking for guidance.

I don't think this belongs on HN.

  • soraminazuki a day ago

    This PR has no purpose whatsoever that benefits the project. No open source maintainer should have to put up being spammed with 128k line AI slop made without any concrete purpose. It's mind blowing that AI zealots are now demanding people to be supportive of such spam with an air of moral superiority. Won't somebody please think of the spammers!

    If someone wants that green Github contribution graph, they should at least take the time and effort to learn software engineering. They shouldn't steal open source maintainers' time with AI slop and expect them to clean it up. It's beyond offensive. It's telling the maintainers that is what their projects are worth.

    • maxbond a day ago

      To me they look like someone earnestly asking for help, but in the wrong forum. Closing the PR would make sense to me, but I don't think there's any purpose to making this person a main character. I've spent a lot of time in online programming communities, so people asking for help in awkward ways, perhaps inappropriately or with an element of entitlement, that's just Tuesday from my perspective.

      I'm not an AI zealot, as it happens. I've made a lot of comments on here critical of AI. I just don't think HN is a place to gawk at random people's faux pas of GitHub etiquette.

      • soraminazuki a day ago
        2 more

        My bad for assuming that you were an AI zealot. But I do want to stress that this issue isn't just about a single person. It's much bigger than that.

        As I mentioned in my other comments, there were an influx of spammers directed at open source projects when Digital Ocean offered free T-shirts for open source contributions. With LLMs being able to mass-produce plausible looking garbage PRs, spammers looking for job prospects will flood the open source community, burning out maintainers in the process.

        This issue needs to be discussed for the survival of open source.

        • maxbond a day ago

          > My bad for assuming that you were an AI zealot.

          Thank you for the acknowledgement, that's rarer than it should be and I appreciate it.

          I'm sure there's an issue with low quality PRs to open source projects, and that LLMs are making it worse, but I think the Twitter style of discourse where we identify some random person who said something ill advised and lay into them is just scapegoating. I don't think it's going to help open source maintainers deal with bad PRs or help prospective contributors understand how to make a PR (or when not to make one).

  • rgoulter a day ago

    The PR author seems clueless.

    But, it's at least a little remarkable that the cluelessness was able to then pester someone in an unusual way.

bwfan123 a day ago

wow, BS at scale. Love the LGTMs and the ship its. A few of these merged PRs and the project gets into the shitter.

meta/amazon manager be like - productivity through the roof.

andrewmcwatters 2 days ago

This is egregious, but I’ve straight up had coworkers pull this sort of clown work in actual workplaces.

  • relaxing a day ago

    Your coworkers did not push 128 klocs in one PR.

    • rurban a day ago

      My coworker did push a 1M kloc ai-generated PR once. Over 1K files. It was a fine C++ refactoring. The reviewers had fun, and it was presented in the sprint review as proper usage of the new AI tools.

      When we added pre-commit we also had those huge automatic whitespace and style refactorings once in a while over hundreds of repos. No problem at all

      • rester324 a day ago
        2 more

        Proof needed, otherwise it didn't happen. And I secretly hope that this is some kind of low quality satire

        • rurban 6 hours ago

          Mandatory reading skills required.

stephenlf 2 days ago

Initial reaction—haven’t read through the code yet, but I expect to see 100% AI slop. Also, I love the comments saying LGTM

———

Quickly glancing through the code. 20 commits with the message, “Update documentation and project organization.”

cocodill 2 days ago

kill it with fire before it lays eggs

  • andrekandre a day ago

    more like nuke it from orbit (its the only way to be sure)

shadowgovt a day ago

I mean... At the end of the day, this is easy to handle.

Reject: please break into digestible features, probably no more than 1500 lines each. Our team is responsible for hand-verifying all changes and this cannot be hand-verified practically.

... And if they disagree they can fork.

  • soraminazuki a day ago

    If it's an isolated case and not anything more sophisticated, maybe. When people inevitably start mass-spamming open source projects to make their Github contribution graphs greener, this will be a serious problem that will accelerate maintainer burnouts.

    This became a problem when free T-shirts were involved [1]. Now imagine what will happen when job prospects come into the picture.

    [1]: https://news.ycombinator.com/item?id=24643894

    • shadowgovt a day ago

      > When people inevitably start mass-spamming open source projects to make their Github contribution graphs greener

      How does GitHub handle that right now? What's to stop an individual account from just dropping line-noise PRs onto projects (i.e. random-bytestring files that couldn't possibly be correct)?

      Seems like whatever the social network (and, to be clear, GitHub is a social network) uses to police trolls right now could be applied to AI-spam. This is a problem every social network has to solve eventually; surely GitHub hasn't gone this long with no solution at all?

      • soraminazuki a day ago
        2 more

        Yes, now other online platforms have to deal with LLM spam as well. That doesn't really mean we have a solution for that.

        Social media hasn't been able to keep up with spam even before LLMs became this big. With LLMs, mass-generating legitimate sounding spam became cheap and effortless.

        • shadowgovt a day ago

          I suspect the solution will look something like "If you make too many PRs that don't get accepted, it flags your account for manual review... Or just preemptively cuts the account's authority to propose PRs to other people's projects pending appeal." As far as I'm aware, nobody's really drowning at Meta or Reddit regarding LLMs; they've been dealing with low-quality human-generated content at volume for decades. Perhaps this is just a new challenge for GitHub specifically?