an entire presentation at DEFCON appears to just be straight up AI slop: https://www.openwall.com/lists/oss-security/2025/09/25/1'nwhen will it end?
Uncategorized
15
Posts
5
Posters
2
Views
-
an entire presentation at DEFCON appears to just be straight up AI slop: https://www.openwall.com/lists/oss-security/2025/09/25/1
when will it end?
-
undefined oblomov@sociale.network shared this topic on
-
an entire presentation at DEFCON appears to just be straight up AI slop: https://www.openwall.com/lists/oss-security/2025/09/25/1
when will it end?
what I will say is: you want to use an AI tool to help you prepare an MR or an issue report or whatever? that’s YOUR decision. i’m not the boss of you: you do you.
BUT: it is on YOU to make sure that AI tool is producing good output. if YOU waste my time by making me chase down convincing but ultimately bullshit output from your tool, then YOU will be banned from my projects.
it is as simple as that.
-
what I will say is: you want to use an AI tool to help you prepare an MR or an issue report or whatever? that’s YOUR decision. i’m not the boss of you: you do you.
BUT: it is on YOU to make sure that AI tool is producing good output. if YOU waste my time by making me chase down convincing but ultimately bullshit output from your tool, then YOU will be banned from my projects.
it is as simple as that.
@ariadne
Easier to just ban all AI enthusiasts, surely?LLMs will never track truth. That isn't what they were built do do, and it is not something they can ever learn.
They are bullshit engines.
-
@ariadne
Easier to just ban all AI enthusiasts, surely?LLMs will never track truth. That isn't what they were built do do, and it is not something they can ever learn.
They are bullshit engines.
@androcat please explain how one might preemptively ban all AI enthusiasts
-
@androcat please explain how one might preemptively ban all AI enthusiasts
@androcat you are going to reply with something about CoCs, no doubt.
so i am going to preemptively cut it off: i can put whatever i want in CoC for example, sure. but the reality is:
- most people don’t actually read it, and
- bad actors will ignore it anywaywhich brings us back to the beginning where i am manually banning bad actors for doing bad work.
and at that point it doesn’t change anything from what i’ve already said.
but it feels good, right?
-
@androcat you are going to reply with something about CoCs, no doubt.
so i am going to preemptively cut it off: i can put whatever i want in CoC for example, sure. but the reality is:
- most people don’t actually read it, and
- bad actors will ignore it anywaywhich brings us back to the beginning where i am manually banning bad actors for doing bad work.
and at that point it doesn’t change anything from what i’ve already said.
but it feels good, right?
@androcat at the end of the day, what matters *to me* is whether work submitted to me for review is accurate or not. it is my job as maintainer to judge the accuracy.
how the work was created is not the part that is interesting to me, but instead its accuracy. if someone uses an LLM to workshop something, and they test it, they verify it is correct, and they are prepared to effectively defend it in review, then it does not really matter to me, because it still checks the boxes.
the problem isn’t the LLM, it’s the lack of care in generating the work. this is why we call it “workslop”. LLM abuse is just the latest generation of workslop production, automated code scanning is another type of workslop. fuzzing without appropriate context is another type of workslop. these don’t involve LLMs at all.
-
@androcat at the end of the day, what matters *to me* is whether work submitted to me for review is accurate or not. it is my job as maintainer to judge the accuracy.
how the work was created is not the part that is interesting to me, but instead its accuracy. if someone uses an LLM to workshop something, and they test it, they verify it is correct, and they are prepared to effectively defend it in review, then it does not really matter to me, because it still checks the boxes.
the problem isn’t the LLM, it’s the lack of care in generating the work. this is why we call it “workslop”. LLM abuse is just the latest generation of workslop production, automated code scanning is another type of workslop. fuzzing without appropriate context is another type of workslop. these don’t involve LLMs at all.
-
-
I can sense the exasperation behind your words. You have my admiration for your patience.
But yeah, I didn't really think it through, that people who would stoop so low as to submit slop would somehow respect a request to direct their "efforts" elsewhere.
-
@androcat @adriano we literally live in a time where people submit automated code scanning results, that they have signed off on and assigned CVEs to, that are just total bullshit. in fact a large minority of CVEs, if not majority at this point, are sadly this.
we live in a time where people have their *unsupervised* LLM agents are submitting bugs to public mailing lists offering a 30 day embargo on their non-bug.
the problem isn’t the LLM, it’s the person who lets it go do its thing without supervision, without quality assurance. this is why i focus on the person, not the specific method with which they are annoying.
-
-
@lamanche Not that this is false, but it's generalizing a specific problem without actually doing much. People have been bullshitting their way through life for ages, encouraged etc.
This particular thing of submitting security vuln reports or bug reports without even checking them is new and specific.
-
@lamanche Not that this is false, but it's generalizing a specific problem without actually doing much. People have been bullshitting their way through life for ages, encouraged etc.
This particular thing of submitting security vuln reports or bug reports without even checking them is new and specific.
@adriano @lamanche @androcat yes, i would say the social problem dates way before capitalism. in fact, history proves this.
and, blaming all problems on “late stage capitalism” is just another flavor of the same social problem, honestly.
things have actual causes which cause the actual effects we complain about. to short-circuit the analysis with a talking point is not intellectually stimulating…
-
@androcat at the end of the day, what matters *to me* is whether work submitted to me for review is accurate or not. it is my job as maintainer to judge the accuracy.
how the work was created is not the part that is interesting to me, but instead its accuracy. if someone uses an LLM to workshop something, and they test it, they verify it is correct, and they are prepared to effectively defend it in review, then it does not really matter to me, because it still checks the boxes.
the problem isn’t the LLM, it’s the lack of care in generating the work. this is why we call it “workslop”. LLM abuse is just the latest generation of workslop production, automated code scanning is another type of workslop. fuzzing without appropriate context is another type of workslop. these don’t involve LLMs at all.
-
@kevingranade @androcat it isn’t. there are plenty of cases where machine transformations are perfectly fine. i have been using transformers to rewrite code for 20+ years. Coccinelle, for example is a type of transformer.
this is a problem of “garbage in, garbage out” paired with the time immemorial problem that some choose to bullshit their way through life and make it everyone else’s problem. those people don’t play by “the rules”.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@derek YES! And old Kindles with buttons are THE BEST IMHO! I have a case with built in light to make up for the lack of backlight...
I had purchased a newer Kindle in 2022 that died on me within a year (rough treatment by my then toddler). But I had never taken a liking to it because of the lack of buttons and the need to swipe the edge of the screen to turn the page.
Now I'm just glad to have these 13+ year old Kindles with buttons to play with. The battery life on both is still great :)
-
@quephird the picture above? or something else?
-
@lowqualityfacts I don't know about smart, but they used to be a symbol of wisdom
-
@notiziole è una cosa talmente stupida. Restare con l' ora solare tutto l'anno avrebbe molto più senso.
-
Giovani ma che fate tutto er giorno? Nun studiate, nun lavorate e nun fate manco fiji?
Dopo er porno ve devo levà pure i preservativi! 😠
https://www.open.online/2025/11/17/giovani-italia-scomparsa-figli-lavoro-stipendi/
-
some of these bytes will be used to generate an X-Rapunzel-Signature, because I refuse to negotiate with terrorists the IETF
-
Er PD dicie che fà un condono edilizzio in Campagnia nun ce porterà voti
Canpaniani fateje vedé come volete che funziona la vostra reggione! 🏗️🏘️
Scejete chi ve capisce mejo tra noi e quell'artri contrari all'abbusismo 😉😉😉
-
mmm, bytes
