Seems like he’s been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports.
You must log in or register to comment.
- 30 minutes
I can’t wait for companies to finally price out most of developers out of AI use, especially the FOSS ones.
I just hope most of them won’t get too addicted to the tech crack they are getting free/cheap samples of currently, and will be able able to find back their motivation and skill to work without a feel-good dopamine machines.
Also, lol at all the coments being like “if you’re 100% against the tech crack, you’re delusional. The cat is already out of the bag, it makes you way better at coding, if you use it responsibly!”
The problem isn’t that it’s not somewhat good, the issue is that soon you won’t be able to afford it, while also being addicted and dependant on it. But I’m sure y’all are able to use crack responsibly and will be fiiine.
- ooterness@lemmy.worldEnglish2 hours
The whole rsync repo is 65k lines total. Recent AI-centric changes account for +16k/-6k, including massive changes to the unit tests. Somehow that’s not even considered a “minor” update (v3.4.1 to v3.4.3).
That’s not responsible use of AI, that’s malpractice.
3 hoursI’ve said this before and I’ll say it again. If an established dev uses AI and you don’t want that? Then get involved.
- VitoRobles@lemmy.todayEnglish2 hours
Yep. All the bitching is exhausting.
Talk is cheap. Send contributions or fuck off.
I’ve had conversations with people when you say that, like they don’t want to get involved, don’t want to code, and they want the dev done their way. Like ok. WTF? Entitled much?
And this is for established devs and their codebases, not some vibe kiddy
Well rsync is a pretty integral utility for a whole array of software at this point, and I guarantee you that not all of its userbase has the expertise required for direct contributions. I don’t think it’s fair to write off the complaints of people like that as irrelevant, especially if they have a stake in rsync working well for them without having to worry about AI hallucinations screwing them over.
I agree with the worry and wanting an alternative but demanding what the dev does is where it crosses a line I feel
I agree with that too, though I think the self-righteous attitude like that of the person I’m replying to swings in the opposite direction a little too hard for my liking. There’s a happy balance, y’know?
People shouldn’t complain in a dev’s ear like they owe them something they never promised, and people trying to call that out shouldn’t counter it with a demeaningly confrontational demeanour. Obviously that’s a lot to ask for on the internet, but it’s a good thing to try for at least.
It’s provided as is, no warranty, no guarantee. If you built your life around it, that’s on you, not the dev. If you want something else, do it yourself or pay somebody to do it for you.
Fair, but a little empathy for rsync users who only mean well would go a long way. The everyone-for-themselves mentality doesn’t tend to be very helpful most of the time, if ever.
- 2 hours
Yea, I find all these knee jerk reactions directly asking for rsync alternatives once AI has been mentioned a bit annoying. Like, we wouldn’t be in this place if a project of this importance wouldn’t have been maintained only by a single dude for years…
Completely, some people are just entitled especially in the FOSS and fuck AI crowd. Like I get it but FOSS is literally where it’s gonna be a net good.
- 2 hours
On the one hand, using a language learning model to interpret and modify a programs code language seems like a no brainer. On the other hand, we have mountains of evidence that suggest the technology hasn’t been perfected.
Maybe, just maybe, a disclaimer is appropriate.
Anti-LLM warriors are just like social justice warriors, extreme right-wingers, Mormon missionaries, and pro-lifers: on the ends of spectrums with little to no nuance.
I had an anti-AI signature a while back, but things have changed. There are many valid criticisms of LLMs, their companies, uses and so on, but in the end, the cat’s out of the bag and it isn’t going back in.
Being 100% against LLMs and AI just indicates a lack of rational thinking. Not because you’re against it, but because you’re 100% against it.
- 49 minutes
Pro-LLM warriors are just like social justice warriors, extreme right-wingers, Mormon missionaries, and pro-lifers: a complete lack of critical thinking and hand-waving away major issues.
I was pro AI early on, but things have changed. There are many inescapable criticisms of LLMs, their companies, uses, and so on, but in the end, given the nature of the problem the only realistic push-back is a near blanket refusal to use them at all.
Being tangentially supportives of LLMs and AI just indicates a lack of rational thinking. Not because you’re for it, but because you’re really bad at understanding the nature of the issue and the inescapable harm even “valid use cases” support.
- MehBlah@lemmy.worldEnglish2 hours
If you read this Andrew, most of us support your reasoned use of AI. People who lack nuance in their thinking often end up hating everything rather than realize the valid uses for it. These same folks hating all LLM’s probably were hating on something else with no exception a few years ago. I use rsync and have for years. Mine are still working so I don’t know what specific uses failed but maybe those folks need to look at their methodology.
- 8 hours
I think there would be a lot less drama around this if authors were just up-front about how they use AI. Put it in your readme, just like you do with licenses.
- 8 hours
I hate when AI people say “things are so different in just the past few weeks, what you know from last year is meaningless” without specifying what’s so groundbreaking that us regular folks wouldn’t be able to comprehend. It just seems like a way to shut people up and feel superior.
Yeah, but have you tried Slaupe Octopus 6.9? It’s vastly superior to anything else on the market.
Also, nobody actually knows if human intelligence is just finer grained stochastic prediction as well.
An interesting but valid argument. It doesn’t make AI better than it is, but any human contribution and change can and often is also faulty. People have gaps of knowledge, sometimes unwarranted confidence, other times lack of care, or just miss things. It’s not like we’re comparing the perfect human vs faulty AI.
If you don’t mind the security risk then you can of course use an older release.
I haven’t read the original rage/drama but I can imagine if from other drama instances.
This post is certainly a good, founded response.
There’s some valid concerns in AI usage, but unwarranted or inappropriate harsh criticism when it’s an established trusted developer and engineer - if we assumed good practice before then we could assume continued good practice. Maybe LLM is one point of increasing skepticism, but criticism should be open, respectful, and fair.
They invested a lot of time and effort into a public good project. In that context, they deserve at least respectful and non-worst-assumptuous criticism.
Yeah, the current backlash over LLMs in any capacity is a meme. It has turned into tribal politics. There is no longer thought behind the criticisms.
Also, it’s not the stochastic prediction part that makes LLMs “not intelligence” to me. It’s that it’s only predicting the next token in a string of text. I don’t believe this can approach what we do. To me it could well be that some other sort of token prediction is what we do even when we introspect and think of a model of the world.
- 3 hours
Yeah, the current backlash over LLMs in any capacity is a meme.
No, you just don’t want to face the fact that a growing number of people are less gullible than you.
- cecilkorik@piefed.caEnglish3 hours
I agree, I’ve been recommending people to try to develop some level of nuance on the topic. I understand the fear, hatred, and loathing of AI; especially the way it’s currently being implemented and used. I really do, and I share 99% of the concerns. But there is room for nuance in the understanding of how it’s being used and what it’s being used for and who is using it, and when nuance leaves the room, we’re blind. And blind hatred is never a good thing and it does not lead to good places.
- 5 hours
Most LLM implementations to have come out in the past year have had introspection - a section of text where they’re prompted to think1 about the problem at a meta level which isn’t shown to the users. LLM engineers are actively working on expanding this into a more persistent, consistent, and functional world model - a bunch of text statements that other parts of the implementation are trained to treat1 as probably factually true, which it is regularly prompted to curate1 based on its interpretation1 of user input and other data.
For example, an LLM might have a world model statement that says “As an LLM I may be running at different times. Before stating the current time with confidence, check the current time with an external source such as the UTC API.” so an introspection scratchpad it generates might be “To answer that question accurately I need to know the time. I will refer to the UTC API. Ah, it returned 12:17 on June 3rd 2026. Since Britain is currently at UTC+1 I can confidently say the sun is up in Britain”, and then the text the user sees is “Thank you for asking, the sun is currently up in Britain”.
As for the lack of thought behind LLM backlash, that’s a factor of human psychology. In order to free up limited mental capacity, the human brain automatically simplifies rules it has learned consciously, imperfectly archiving the conscious method of learning it to long-term memory. People made up their minds about LLMs, and now the reasons are archived and no longer necessary for people’s response to LLMs. So now when people see LLMs, they don’t use the thought, they can just do the behavior they decided on and move on with their life.
Re-litigating LLMs feels like going to an old archive and digging through dusty tomes. It can absolutely be worth it, but it’s an effort you’re not going to put in just because you see someone using it or praising it.
Personally, my opposition to non-local LLMs is enshittification. Every habit you let become dependent on LLMs will be used to exploit you. Your habits before LLMs will be archived and too much effort to relearn, so you’ll pay out your ass for a worse service than what you used to be able to do yourself. My opposition to all LLMs is veganism, but that’s a story for a different comment.
1: LLM instruction text anthropomorphises LLMs. LLMs don’t do these cognitive tasks the same way a human would.
He makes some fair points. However I do think the large amount of regressions in 3.4.3 should have resulted in a new release rolling back those changes.
I still like the response of the libxml2 maintainer, where any vulnerability will be disclosed openly and fixed when it’s ready. Maybe more open source projects currently drowning in CVE should take that stance instead of their maintainers burning themselves out over it.
Also, nobody actually knows if human intelligence is just finer grained stochastic prediction as well.
I think some people are stochastic parrots and some are not. I think most of our true understanding of things comes from escaping our limitations. Why so many people want to become a stochastic parrot is beyond me though.
Now to the future, because we’re not done yet by a long shot. The security reports keep rolling in. I’m working on a bunch of CVEs right now. Luckily I’ve been joined by some other very good developers with great systems development skills and security knowledge. Some of these people came to my attention partly because of all the rage happening at the moment, so I get some rage storm clouds have silver linings. Watch out for some credits for some great new rsync developers in the next release.
The project is being taken over by vibe coders, yay.
The project is being taken over by vibe coders, yay.
Evidence?
You can look at the tone of the whole post to understand where the author is mentally. You can also make an educated guess about who will want to work on a project that’s being coded with LLMs. If I’m wrong remind me and I’ll own it. But I don’t think I am.
- TheOctonaut@piefed.zipEnglish6 hours
There is a significant majority of people on Lemmy who think installing Linux made them a software engineer and think that code completion is “vibe-coding” and not a basic feature of fucking Eclipse
- 10 hours
In my perception¹, ML differs from a brain by operating on words in form of tokens, while the human brain works by associating a concrete piece of information or thing with another, with the path in between being formed at some points, but crucially, being editable more or less easily and flexibly by retraining. And that’s the points, humans learn on a fundamental level. Dropping the prod DB means that my brain will form a hard association between the action of writing ‘drop database’ and fear, which in turn triggers deeper thoughts about wth I’m doing. LLMs see “conflict at line 1, 12”, and for some reason one possible path of tokens to generate can be a drop command. And as the underlying model data does not change, they don’t learn.
On how living being’s speech centres work, idk.
¹The perception of an acidhead. So don’t trust me.
- TehPers@beehaw.orgEnglish9 hours
The differences between a human brain and any kind of model we can currently train are too great to be listed. They are incomparable. It turns out that no matter how many perceptrons you put together, you don’t get a brain.
Heck, we don’t even know how brains work, and you got people talking about how they’re making AI clones of themselves with LLMs lol.
- 7 hours
It’s a fair point.
I’ve had diverse success using llm for coding.
For simple things and basic questions it has worked. For anything complex. It has been a complete failure.
But I’ve never used a paid tool, most of the time I just use self hosted LLMs. But, to be honest, I don’t think the paid tools are that much better.
But if someone knows how to use it better. And assumes responsibility for checking the code, I’m ok with it.
It’s just a tool like many others, it can be usedfor good or for bad.
- 6 hours
I use paid tools as well, not too much if possible, but I try to stay in the loop. Anyway, they fail miserably at anything slightly complex. And confidently too 😂
- 3 hours
My experience is you have to close as many degrees of freedom as possible. Its tedious as hell for generating quality code.
Its great at debugging if you require it to manage its context window by delegating tasks to scoped subagents, generate evidence with references, and verify that evidence with a minimal reproducible example. Expensive… I’ve seen them run for a solid 30 minutes before responding back (not including the “thinking” log), but it usually finds the issue.
A similar technique can be used for code generation but again it burns tokens and takes awhile. Have it generate and verify isolated reference implementations for anything nontrivial. Much easier to review with the rest of your domain and layered on complexity stripped out. The “thinking” log is interesting to watch as it bangs it head against bad assumptions or documentation and needs to start digging into dependency source code to work it out.
Only then apply the implementation to your project from the reference implementation. Takes breaking down the tasks though to small enough units and closing those degrees of freedom.
Anecdote on degrees of freedom: This one didn’t require a reference implementation in particular. I was reviewing a PR (LLM assisted, I wasn’t the authoring dev) to add signature validation to OAuth tokens. It duplicated the entire header/token parsing logic. It needed that path closed with a pointer to where the existing logic was and explicit requirements to enhance it. Refactor was great upon reviewing and the PR size was reduced by more than half.
- 10 hours
I think “stochastic parrot” is a terrible way to describe LLMs. (Not to mention most people don’t use the term “stochastic” a lot.)
“Slot machine autocomplete” might be a better choice.
If you feel the need to dumb it down, ‘statistical parrot’ works OK. I’m happy with the original.
- 4 hours
Parrots also don’t just mindlessly repeat shit like an LLM does, parrots are intelligent AI is not.
- Shin@piefed.socialEnglish11 hours
That was a fair response. But I get the feeling that a lot of “intelligence” is given in this tool. Feels like they are seeing something that I’m not.
I didn’t get that feeling at all. They didn’t make any such claims or used such wordings which I often see elsewhere.
- Shin@piefed.socialEnglish10 hours
Well I can always point to English isn’t my native tongue, so I can always infer stuff that isn’t there :D
Still, the way it explain give the idea of something that I can’t see it. And this is what is concerning me for the last week at least.
- 9 hours
Trust. For me that fits your description, the thing I don’t “see” but some out there do. I try to keep an open mind, but the way this stuff is being sold hard bothers me.
- hendrik@palaver.p3x.deEnglish11 hours
Interesting. I’ve been waiting for some context to this. Btw Brodie Robertson made a Youtube video yesterday, scrolling through the issue tracker and untangling some of the drama. Here’s the link for people who like to consume their Linux news in video form: https://youtube.com/watch?v=FLCfRs6nKW8
- 10 hours
There’s a bit of opinionated context here, in Danish. Get your LLM to translate it for you.
- hendrik@palaver.p3x.deEnglish10 hours
Thanks. Yeah, I’ve never looked into code quality of many tools I use on a regular basis. So far, rsync has served me well. I’ve been using it at work, at home, for larger amounts of data… Without major hiccups. And we kinda need something like this. It’s a bit of a shame how many essential software projects at the foundation of many things struggle being maintained. My distro has openrsync in the repository. Seems just that that software project is also a one-man-show.
(Btw, Firefox Translate for the win, I don’t really need a big LLM to translate stuff.)
