After a long hiatus of security fixes only the development of Etherpad has recently taken up speed again. But it seems to be nearly fully vibe coded with the help of Anthropic Claude and the amount of new features added makes it very unlikely that there is sufficient human code review.
I bring this up because as you probably know we host an instance of it over at https://pads.slrpnk.net/
Aside from the general issues with AI assisted code development and corporate capture through closed AI models like Claude, I consider it also a security risk as the NodeJS ecosystem (Etherpad is using that) is especially vulnerable to supply-chain attacks and AI halluciations make this issue significantly worse.
So basically this means we will probably have to shut down this service soon (stopping to update it is not a good option due to the many security issues found in NodeJS packages all the time), and look for an alternative.
If you have any important collaborative documents on our Etherpad instance, it would be good to export them in the near future. Best would be probably to export it as Markdown, as most alternatives seem to use that syntax.
As for alternatives, suggestions are welcome, but I did look into other options before (Hedgedoc, Cryptpad etc.) and was not so convinced by them either.
It’s only “false positives” if you take the list as gospel truth. Since they cite their sources, people can and should judge for themselves whether the sources meet their personal standards.
Because of this, it’s far better that they cast their net wide and let people greenlight elements from the list if they want than that they try to impose their own personal definition of AI slop by excluding anything from the list that they personally think is okay.
But yeah, it would be nice if they included evidence of good behavior too, both for the alternatives they suggest (so they aren’t incentivizing devs to keep quiet) and for the problematic ones to clarify their stance.