Hey, thanks for sharing. As someone who uses QEMU via rudimentary shell scripts, this looks interesting.
Unfortunately, I'm reluctant to trust a 26KLOC vibe-coded app[1] for something like this, so I'll pass.
But if a polished React/Next.js app, with a CLI, HTTP/WebSocket API, authentication, and libvirt integration, truly took you a couple of hours to produce, and it solves your problem, that's a commendable achievement. I'm not sure if I should be praising you or the LLM, but it's notable nonetheless.
[1]: https://github.com/ccheshirecat/flint/commit/eb90847db9da56c...
It seems to me that in use cases like this, reliability and stability is so much more important than a nice lightweight UI.
This project advertises a small single binary but that’s really a feature of Go, and the small size is a feature of the fact that this is a rushed vibecoded app.
A typical HomeLab user (mentioned in this project as one of the primary audiences) is probably using something like Proxmox because it’s exactly it’s been around for years and years, it’s developed by a professional team, it’s relatively easy to use, and it’s feature-rich.
And oh, by the way, Proxmox is free as in beer.
I do think that there's appeal in a single-binary tool that implements the core features of something like Proxmox. Proxmox is a complex project that requires dedicating an entire machine to it.
I'm not familiar with Kimchi or Cockpit, but OP's claims sound reasonable. There are/were other even simpler tools like the similarly named flintlock, Incus, Lima, plain virsh, and many others. But most of them don't have a web UI, which matters to some users.
However, besides this being vibecoded, what is fishy to me is that this project is coming from an account that 2.5 months ago was promoting their own cloud hosting project[1], with some fantastic claims, and suspiciously LLM-like replies. And yet today the web site of the project fails to load because of a TLS error.
If you look even deeper into it, a second new account "supitsj" shows up in the comments, seemingly representing the same service, which seems to be the same account that created a tutorial[2] for them. The "jlucus" GitHub account claims to be a "Jesse D. Lucus" from Oakland, CA, whose links and website are full of crypto/web3/betting scams, and AI-generated slop. The account is also part of a non-existent "hypr-technologies" org, which seems to be a company registered in Singapore[3], which does have its own AS[4]. On its website it says that Infuze is "retired", and now they're focused on a new project called "Raiin".
I'm not sure if these people are legit, scammers, or AI bots, but this whole thing stinks to high heaven. They're now flooding HN as well, as this isn't the first time I've seen Show HN posts with similar projects.
AI-blocking AI tools are becoming increasingly necessary. What a time to be alive.
[1]: https://news.ycombinator.com/item?id=44382949
[2]: https://github.com/jlucus/infuze-tutorial
[3]: https://www.scam.sg/companies/53503711B/hypr-technologies
[4]: https://ipinfo.io/AS211747
Besides your spamming concern (which isn’t really that big of a deal) are you concerned this could be malicious? That’s my concern. How would they inject their malicious code besides the obvious of in the installer (main/install.sh) script?
I can't really say what their intentions are. It could be an elaborate scam to get people to sign up for cloud hosting, and then disappear, as their original project did.
They're also distributing binaries that can't be guaranteed to have come from these sources. So even if the AI slop has no malicious code, they could still be injecting it from somewhere else.
I don't know, and frankly, don't care. I would just caution people to not trust projects showcased by random accounts, since assholes have much more powerful tools at their disposal now.
Maybe this was a homegrown tool for managing VMs in their infuze platform and they decided to open source it? Speculation of course, as is your guesswork here too. Would be nice to hear a response from the OP.
> Maybe this was a homegrown tool for managing VMs in their infuze platform and they decided to open source it?
That would be the charitable interpretation, but there's no doubt that this was vibecoded[1]. Their claim was that they came up with this in a "couple of hours" when they needed it, not that they released something that was previously proprietary.
As for my second comment: none of it was speculative. The accounts and links are there, you can see for yourself. I obviously can't prove that this in particular is a scam, but it certainly doesn't put the project in good light when its authors are part of scam circles.
[1]: https://github.com/ccheshirecat/flint/blob/b49a90bc984f12857...
This. Guy nailed it without any extra whatever extra imirich said.
I am laughing at this because of the shit storm it actually started but funny since well hmmm.
None of this "scamming" or whatever you say about my industry could be further from the truth. Perhaps you are just not educated well enough to also pick up the phone and verify since my info is not even hard to find.
Still laughing tho.
*edit* Actually this was a well orchestrated post by my past partner named Teguh Probowo - who lied and ran off with $100,000 of mine. Nice try.
I'm running Proxmox in my homelab. Although it's based on Debian, it doesn't lend itself to running tasks other than Proxmox itself. I, for one, would appreciate a KVM manager with web UI (Portainer for KVM, if you may) - but I'm reluctant to run something so vibe-coded.
Check out Incus: https://linuxcontainers.org/incus/
I'm kinda confused here because Proxmox is a KVM manager with a web UI (and LXC containers).
[dead]
I'd be less worried about Vibe coded if there were also comprehensive unit and component tests, but it looks like there is none
It's pretty rare for tests to check for existence of backdoors: https://github.com/ccheshirecat/flint/blob/2ca29c50ed690b841...