I want this but as a Linux distribution.
Uncategorized
207
Posts
103
Posters
5
Views
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc For the Bitwarden CLI, I was already not using it because it requires running code from NPM outside of a browser, but https://github.com/doy/rbw is a great alternative.
-
@lhengstmengel @lunarloony @nina_kali_nina is to possible sync the pass store with an Android phone?
@aiono @lunarloony @nina_kali_nina yes, there is an android app available that works quite good: https://f-droid.org/packages/app.passwordstore.agrahn
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc "In the recently published blog post titled “About KeePassXC’s Code Quality Control“, the team stresses that AI assists developers during the review and drafting process, but no AI-generated code is merged into the KeePassXC codebase. The application itself remains fully human-written and continues to follow the rigorous security standards that its users expect."
https://linuxiac.com/keepassxc-clarifies-ai-policy-used-only-in-development-never-in-the-app/
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc Has Rust crossed the line yet? Rust has been such a valuable tool that I'm going to be really upset if we have to either give it up or fragment the community.
-
@nina_kali_nina > These PRs are generally very difficult to review for humans.
Is it difficult for humans using AI? I’ve heard it’s easier that way 😁
The anti-AI crowd is more than welcome to put in the work and fork the projects they criticize for using LLMs and maintain their own repo with 100% organic homegrown code, I wouldn’t hold my breath waiting for that though, being outraged over other people’s generous contributions is far more attractive.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Both KeePassXC and Bitwarden support exporting their databases to other password managers, how is that not a way to “quickly back out” from them? It’s not like there’s a vendor lock-in, moving from them to another password manager takes minutes at most.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc yes. They do. With this, they no longer are properly licenced FOSS, either…
-
@debacle@framapiaf.org @mcc@mastodon.social ...so linux or bsd or hurd? Linux distro uses linux kernel, bsd distro uses bsd, and no one uses hurd
-
@nina_kali_nina @luana @mcc The file being “hidden” is an issue with Github’s UI, the source code is not actually “hidden” from people who want to read it. Also, who cares if master breaks? Do you pull Bitwarden from master and compile it or do you download pre-built releases? A lot of anti-AI sentiment today seems to have zero thought put behind it.
@gsprs @nina_kali_nina @luana @mcc it’s funny because pro-AI sentiment has even less thought behind it
-
@gsprs @nina_kali_nina @luana @mcc it’s funny because pro-AI sentiment has even less thought behind it
@benjamineskola @nina_kali_nina @luana @mcc A "no you" reply like this really hammers home the idea that anti-AI sentiment has no real substance behind it and is just a way to virtue signal the in-group political belief. AIs are currently not sentient and yet an LLM could come up with a more elaborate and constructive reply, what does that say about your supposed sentience?
-
@benjamineskola @nina_kali_nina @luana @mcc A "no you" reply like this really hammers home the idea that anti-AI sentiment has no real substance behind it and is just a way to virtue signal the in-group political belief. AIs are currently not sentient and yet an LLM could come up with a more elaborate and constructive reply, what does that say about your supposed sentience?
@gsprs Whe your starting point is “lol anti-AI people are stupid” there’s no point in putting real thought into a response. In fact there’s nothing of substance to respond to.
-
@nina_kali_nina @luana @mcc Bloody hell. Maybe at least those are some cosmetic changes, like, you know, fixing indentation or something equally benign?
#bitWarden@blotosmetek @nina_kali_nina @luana @mcc but you don't need an LLM in order to fix indentation and in fact they can't do so reliably anyway; so even using one for something 'harmless' like that shows questionable judgment.
-
-
@mcc Both KeePassXC and Bitwarden support exporting their databases to other password managers, how is that not a way to “quickly back out” from them? It’s not like there’s a vendor lock-in, moving from them to another password manager takes minutes at most.
-
@tris @mcc we are trying to be.
We recently introduced a policy of no LLM contributions with exceptions if people need to use LLM for accessibility purposes.
It's probably impossible to declaratively state all submissions are 100% human created but we have our stance and hope people will respect that and we will also reject submissions if we doubt authenticity.
Are you saying you have a software repository free of software containing LLM contributions?
It's very easy to say your distribution's unique software follows some principle or other because most Linux distributions write little software, instead mostly packaging other people's software.
-
@mcc Oh come on for fucks sake. I just migrated from KeepasXC to Vaultwarden/Bitwarden be außer of this shit. Passwordstore is great but the client and browser integration sucks. So now what?
@CodingPhysicist Note vaultwarden is a separate project and has no specific signs of LLM use as far as I'm aware. I don't know what to do with this information though since surely vaultwarden is usually used with a bitwarden client?
-
@luana @nina_kali_nina @mcc @Timshel Indeed, that's a job for sed or an IDE's refactoring tool if you feel fancy. Doing that kind of work with an LLM is unreliable and ridiculously expensive.
@gabrielesvelto @luana @nina_kali_nina @Timshel I am not qualified to speak on this but I've seen others look into it and seen that claud's bot submits many of these trivial/cleanup PRs, and some of them introduce security flaws, because the bot has no way of knowing if a change is good or bad. You shouldn't be trusting a bot which knows nothing but statistics to make minor random changes. Keep allowing that and eventually it will slip something awful past you.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc
AI assisted code generation is here to stay. It's not random and probably one of the best uses for an LLM. I'd only be concerned if LLM generated code was commited without review.I only see 2 PRs that are marked ai-assisted for KeePassXC and neither look like a problem. The large commit @nina_kali_nina to bitwarden/clients also used checkmarx scanner, github-advanced-security scanner and claude to review, but, there are also 11 non-bot reviewers listed on it.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc@mastodon.social so I’m assuming the index is exclusively companies that have never touched so-called ‘AI’, which is what you’re expecting from said Linux distro?
-
@mcc@mastodon.social so I’m assuming the index is exclusively companies that have never touched so-called ‘AI’, which is what you’re expecting from said Linux distro?
@mkljczk Eventually, I'd expect we should be able to build a complete computer's repository of software written only by people who have verified they haven't used LLM "code assistants". Since companies are unlikely to provide such verification, we should get as close as we should possibly get.
But since you asked, yes, I think any software or OSS code contributions from a corporation should be treated with concern right now, since many have adopted mandatory LLM policies.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@ratsnakegames it's like making a little web page but it's for your data instead of for your neopet
-
@aeva i respect your lifestyle choices but I'd rather write and read JSON or YAML.
-
@marsroverdriver Natural language is supposedly the most intuitive user interface.
-
@ratsnakegames i like xml ;_;
-
Now there's a 21st-century excuse: "The AI ate my inbox."
-
-
AI Added 'Basically Zero' to US Economic Growth Last Year, Goldman Sachs Says
> Imported chips and hardware mean the AI investments are translating into US GDP growth.
-
“Che hai fatto in questi giorni?” io le chiesi.
“T’ho aspettato. E tu?”
“Nulla. Ho desiderato di tornare” ... https://cctm.website/gabriele-dannunzio-linnocente/Gabriele D’Annunzio
da L’innocente, Grazini, 1892
#GabrieleDannunzio #amore #cctmwebsite #anoipiaceleggere #leggere
