I want this but as a Linux distribution.
Uncategorized
207
Posts
103
Posters
5
Views
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc
AI assisted code generation is here to stay. It's not random and probably one of the best uses for an LLM. I'd only be concerned if LLM generated code was commited without review.I only see 2 PRs that are marked ai-assisted for KeePassXC and neither look like a problem. The large commit @nina_kali_nina to bitwarden/clients also used checkmarx scanner, github-advanced-security scanner and claude to review, but, there are also 11 non-bot reviewers listed on it.
-
RE: https://mastodon.scot/@kim_harding/116108957641748718
I want this but as a Linux distribution. I don't think I'm asking for much here. I am just asking for the "open source community" to be to the left of Goldman Sachs
@mcc@mastodon.social so I’m assuming the index is exclusively companies that have never touched so-called ‘AI’, which is what you’re expecting from said Linux distro?
-
@mcc@mastodon.social so I’m assuming the index is exclusively companies that have never touched so-called ‘AI’, which is what you’re expecting from said Linux distro?
@mkljczk Eventually, I'd expect we should be able to build a complete computer's repository of software written only by people who have verified they haven't used LLM "code assistants". Since companies are unlikely to provide such verification, we should get as close as we should possibly get.
But since you asked, yes, I think any software or OSS code contributions from a corporation should be treated with concern right now, since many have adopted mandatory LLM policies.
-
@mcc @itamarst this is a bit tangential to the whole thing but that phrasing bothers me a LOT. "an essential part" — is it? is it "essential?" where was it five years ago? and three years from now, when everyone, even the most braindead useless dead-weight MBA executive, finally realizes that it doesn't fucking work at all, will it still be "essential" then? or is the plan to stop being successful?
-
@mkljczk Eventually, I'd expect we should be able to build a complete computer's repository of software written only by people who have verified they haven't used LLM "code assistants". Since companies are unlikely to provide such verification, we should get as close as we should possibly get.
But since you asked, yes, I think any software or OSS code contributions from a corporation should be treated with concern right now, since many have adopted mandatory LLM policies.
@mcc@mastodon.social can't imagine a Linux distribution, even just a fork of Linux kernel that would be free of corporate contributions from the past few years and the future ones as a sustainable project
-
@mcc@mastodon.social can't imagine a Linux distribution, even just a fork of Linux kernel that would be free of corporate contributions from the past few years and the future ones as a sustainable project
@mcc@mastodon.social though i can absolutely imagine smaller kernel projects with explicit anti-'ai' getting serious
-
@mcc@mastodon.social can't imagine a Linux distribution, even just a fork of Linux kernel that would be free of corporate contributions from the past few years and the future ones as a sustainable project
@mkljczk That is not what the people who originally created Linux believed. It's not what we believed when I first started using Linux in like 1997-1998. The idea that the open source movement is driven by the leavings of large otherwise-propreitary software corporations is something that developed after the fact.
-
@debacle@framapiaf.org @mcc@mastodon.social thats just someone taking debian and porting it somewhere else. It happened with some BSD and android too
-
@mkljczk Eventually, I'd expect we should be able to build a complete computer's repository of software written only by people who have verified they haven't used LLM "code assistants". Since companies are unlikely to provide such verification, we should get as close as we should possibly get.
But since you asked, yes, I think any software or OSS code contributions from a corporation should be treated with concern right now, since many have adopted mandatory LLM policies.
@mcc @mkljczk what this has really done is erode the base level of trust that I extended by default, when looking for software / library / package to accomplish something, or when reviewing someone else's contribution to code I maintain
It used to be, I would read a bit of the code and docs to get a feel for the person's understanding of the topic and programming style, and make an initial decision based on those general vibes
Now, someone can pass a vibe check and then still slip in insidious errors that no human developer would introduce
-
@gabrielesvelto @luana @nina_kali_nina @Timshel I am not qualified to speak on this but I've seen others look into it and seen that claud's bot submits many of these trivial/cleanup PRs, and some of them introduce security flaws, because the bot has no way of knowing if a change is good or bad. You shouldn't be trusting a bot which knows nothing but statistics to make minor random changes. Keep allowing that and eventually it will slip something awful past you.
@mcc @gabrielesvelto @luana @nina_kali_nina I was wondering how their review process is, so looked at the PR (https://github.com/bitwarden/clients/pull/18584) and there is like 10 reviews apparently done by humans. And I'm like 10 wtf 🤨.
-
@luana @nina_kali_nina @mcc @Timshel Indeed, that's a job for sed or an IDE's refactoring tool if you feel fancy. Doing that kind of work with an LLM is unreliable and ridiculously expensive.
@gabrielesvelto It's interesting to think about why proper refactoring tools have been a lot less successful than LLMs now-days (in term of usage). Is it just cost? or the more "human like interaction" you get from LLMs? or something else?
-
@mcc KeePassXC has merged only a little bit of AI-assisted code, not in any critical parts. And there has been no merges of that kind of code since last November. KeePassXC is not preferred to use AI code, but they require people to let them know if they are trying to push code that includes it. It doesn't mean the code will not be reviewed before it's even accessed. Majority of the developers are NOT using AI. Read their blog post.
@mcc I was banned because of my comments? Very nice.
-
@CodingPhysicist Note vaultwarden is a separate project and has no specific signs of LLM use as far as I'm aware. I don't know what to do with this information though since surely vaultwarden is usually used with a bitwarden client?
@mcc I'm not aware of any alternative clients and currently I'm using the official Bitwarden ones.
-
@benjamineskola @nina_kali_nina @luana @mcc A "no you" reply like this really hammers home the idea that anti-AI sentiment has no real substance behind it and is just a way to virtue signal the in-group political belief. AIs are currently not sentient and yet an LLM could come up with a more elaborate and constructive reply, what does that say about your supposed sentience?
@gsprs virtues are good, virtues are supposed to be signaled, 'tis good to be virtuous and ethical.
(can you tell me what makes the promptfondlers to be so annoyingly proselytyzing though? did anyone ask for your opinion?)
-
@mcc I'm not aware of any alternative clients and currently I'm using the official Bitwarden ones.
@CodingPhysicist @mcc I'm aware of two alternative (open source) clients: https://github.com/doy/rbw and https://github.com/quexten/goldwarden (though it seems like the latter is not actively developed anymore).
-
@m oh… this post was meant to be a reply to your post https://mastodon.social/@mcc/116115453811522063
-
@gabrielesvelto It's interesting to think about why proper refactoring tools have been a lot less successful than LLMs now-days (in term of usage). Is it just cost? or the more "human like interaction" you get from LLMs? or something else?
@fabrice I don't know. I remember using IntelliJ tools for doing significant refactoring on an old Java codebase some 15+ years ago and they were already quite powerful. I don't know why anyone who did not use those kind of tools in the past suddenly feels like an unreliable system is a good idea for mechanical refactoring. 🤷
-
@Moore @graydon You've both been around as long as I have, so you've seen this: for literal decades, the "tech" industry has increasingly been "slap together a bunch of open source code to implement a product innovation, without any meaningful technical innovation." LLMs are just the culmination of that process, removing the expensive open-source-gluers from the equation, and, as a bonus, creating code that has been laundered clean of any pesky licensing concerns.
If you play this arc out, it suggests the loss of "indigenous" technical capabilities for anyone but the LLM companies. This is very, very dangerous, given that we seem to be slipping into a global oligarchy.
Very early on, Brazil heavily regulated computer imports, mostly to guarantee that they weren't fully reliant on foreign-origin technology. They understood that embracing tech exclusively owned by the US and Europe was inviting a new form of colonialism. LLMs are the same thing, just in a very cyberpunk corporate feudalism sort of way.
-
@gsprs virtues are good, virtues are supposed to be signaled, 'tis good to be virtuous and ethical.
(can you tell me what makes the promptfondlers to be so annoyingly proselytyzing though? did anyone ask for your opinion?)
@mawhrin I couldn’t ask for an example of holier than thou attitude and proselytizing better than the first half of this post, the other half honestly looks like parody after reading it.
-
@mawhrin I couldn’t ask for an example of holier than thou attitude and proselytizing better than the first half of this post, the other half honestly looks like parody after reading it.
@gsprs the only people who complain about virtue signalling are the gobshites: the racists, the white supremacists, the misogynists, you know the type.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
#GarantePrivacy ad #Amazon: stop alla schedatura dei lavoratori. Raccolte informazioni su patologie, attività sindacali, vita personale e dei familiari
Il divieto riguarda informazioni raccolte - in modo sistematico, per tutta la durata del rapporto di lavoro e conservate fino a 10 anni dalla sua cessazione - attraverso una piattaforma collegata con il sistema di rilevazione delle presenze, accessibile a numerosi manager.https://gpdp.it/home/docweb/-/docweb-display/docweb/10224050
-
@info oooh. Omw!
-
@ratsnakegames oh yeah i don't use any of that lol
-
'Texas Instruments TI-5034 SV' by Peter Simonsson
https://blenderartists.org/t/texas-instruments-ti-5034-sv/1630569?mtm_kwd=mastodon
#b3d #blender3d #blenderart #blenderrender #blendercommunity
-
@lowqualityfacts where did you get a copy of the <<frozen water>> training manual?!?
-
@peterkotrcka this is the best video to learn Italian (sorry, YouTube link):
-
F4b10ebasta (@soserio.bsky.social)
https://bsky.app/profile/soserio.bsky.social/post/3mfmmdsys4k2m
