Kevin BeaumontJun 30

AI slop classic, somebody files a bug report for a vuln, doesn’t disclose they’ve used AI when asked, argues in the comments - and includes his AI prompt in the paste.

https://hackerone.com/reports/3230082

Show threadPaul MartinJun 30
@GossiTheDog@cyberplace.social Did it not notice the obvious error in the cast which should have been (char *) not (char)? Any compiler would have caught that.
Show threadAlun Jones
@nowster @GossiTheDog It's not Watcom, it's Eliza.
Jul 1 at 2:51amWeb
Show threadPaul MartinJul 1
@ftp_alun@infosec.exchange @GossiTheDog@cyberplace.social Tell me how you feel about compilers.
×
Kevin BeaumontJun 30

AI slop classic, somebody files a bug report for a vuln, doesn’t disclose they’ve used AI when asked, argues in the comments - and includes his AI prompt in the paste.

https://hackerone.com/reports/3230082

Show threadKevin BeaumontJun 30

I think the open source movement is in serious trouble due to generative AI, as maintainers are going to get flooded with torrents of bad code and analysis the longer the AI hype train continues.

It’s exhausting and unsustainable if an entire generation are introduced to not knowing or caring about what they are doing.

Show threadGraham Sutherland / PolynomialJun 30

@GossiTheDog that's what prompted me to write a Human Content Policy.

https://github.com/gsuberland/altium_js/blob/main/HUMAN.md

altium_js/HUMAN.md at main · gsuberland/altium_js

altium.js - Altium SchDoc parser and renderer, in the browser. - gsuberland/altium_js

GitHub
Show threadSteveJun 30
@gsuberland @GossiTheDog I know this isn’t the point but this is the first time I’ve seen your project and it’s something that could be quite useful
Show threadprom™️Jun 30
@GossiTheDog We can entrench to some degree, but it will make development more brittle, and it runs against cultural pressures towards figuring out more open social contracts. Pretty tricky, indeed.
Show threadKarlJun 30
@GossiTheDog I foresee projects will end up just banning vuln reports from accounts who have not been vetted.
Show threadChristian GudrianJun 30
@GossiTheDog Makes me wonder what motivates them. The unlikely prospect of five minutes of internet fame?
Show threadDr KnowJun 30
@GossiTheDog we must evolve
Show threadnyanbinary (goblin arc)Jun 30
@GossiTheDog time to automatically reject every report that doesn't include at least two typos 😌
Show threadSystem AdminihaterJun 30
@GossiTheDog Open source is dead but its because of AWS, GCE, and Azure as well as private equity.
Show threadgadgetoidJun 30

@GossiTheDog I’ve seen well meaning contributors *champion* AI for the FOSS projects they work with… and for what? Most FOSS doesn’t *need* productivity. And it certainly doesn’t need huge black spots of code with no real owners because one person shovelled in more features than they could ever reasonably understand or support. 🫠

(I have written spades on this but I just don’t have the spoons for this battle)

Show threadCryptoMooseJun 30
@GossiTheDog yes💀
Show threadThe Penguin of EvilJun 30
@GossiTheDog If you put a few "woke" words in your project description or files then most of the AI crap runs away.
Show threadAlessandro Corazza 🇨🇦Jun 30

@etchedpixels

Add a commented-out "fuck" on every other line

@GossiTheDog

Show threadPontificator.OMFJul 1
@etchedpixels @GossiTheDog please elaborate :) I am most interested :)
Show threadeddyJun 30
@GossiTheDog we're about to understand how the dark ages happened
Show threadtruhJul 1
@GossiTheDog sure but it's not limited to foss
Show threadLaukidhJun 30
@GossiTheDog Apparently an AI has the top spot over there now. https://www.techrepublic.com/article/news-ai-xbow-tops-hackerone-us-leaderboad/
Show threadChrispyWJun 30
@Laukidh the one thing the article doesn’t state is the success rate of the AI at the point of human validation. If you have a team of skilled analysts dropping 90% of the AI’s output as junk then how successful is it really?
Show threadSraarsJun 30
@GossiTheDog @athos We are going to get unintentional Skynet.
Show threadRichard LevitteJun 30
That slop squared, no?
Show threadRichard LevitteJun 30
@GossiTheDog
I'd call that slop squared...
Show threadKaitoJun 30
@GossiTheDog unbelievable...
Show thread✨メッツォ✨  Jun 30
@GossiTheDog 
Show threadPaul MartinJun 30
@GossiTheDog@cyberplace.social Did it not notice the obvious error in the cast which should have been (char *) not (char)? Any compiler would have caught that.
Show threadAlun JonesJul 1
@nowster @GossiTheDog It's not Watcom, it's Eliza.
Show threadPaul MartinJul 1
@ftp_alun@infosec.exchange @GossiTheDog@cyberplace.social Tell me how you feel about compilers.
Show threadfeldJul 1
@GossiTheDog don't argue with them, just demand a PoC. If they can't provide a PoC they're full of shit
Show threadalp1n3 🌲Jul 1
I think a video PoC could be a requirement at this point. Certain vulns could have specific minimum reporting standards to be included in the videos. Bonus points for using debuggers and showing repo hash verification for projects that have source code available.
Show threadJas4UJul 4
@GossiTheDog This is hilariously not funny🤦🏽‍♀️🤦🏽‍♀️. If that makes sense.