tridge has written a post about the recent #rsync issues:
rsync and outrage
https://medium.com/@tridge60/rsync-and-outrage-d9849599e5a0
pls at least read his post before commenting on this toot
like most non-trivial things in life, tech, & especially security, my thoughts on this are… “it’s complicated”
I’m only tenuously connected to tridge via the #LinuxConfAU / #EverythingOpen community, but his reputation is the stuff of F/LOSS nerd legend – I was in the room for his #LCA2015 talk in Auckland, Flying with Linux, where he did a live demo of #ArduPilot controlling an RC aircraft in Canberra (AU) with real-time telemetry from the aircraft that was also compiling the Linux kernel while in-flight… 🤯
YouTube: https://youtu.be/2Twl2mQAh6g
LA mirror: https://mirror.linux.org.au/pub/linux.conf.au/2015/OGGB_FP/Friday/Flying_with_Linux.webm
in the post, tridge argues that he is able to bring his (undisputed) expertise in software design & development to find ways use LLMs (relatively) safely to assist with specific coding tasks. I think that’s probably true, even given the regression bugs introduced in the most recent version of rsync – and it may even be the pragmatic least-worst way for open source maintainers to try to deal with the current deluge of LLM-assisted (or entirely LLM-generated) security reports currently overwhelming many open source projects
but most software devs are not on tridge’s level, and are already using #LLMs as coding assistants in unsafe and unpredictable ways (or just wholesale vibe-coding things without regard for building guardrails at all)
tridge also points out that he is technically retired and would rather be out sailing than working on maintaining rsync. a very possible outcome from all this might be that he decides to just… walk away and let others pick up the slack (he did note that the silver lining is that a couple of other experienced devs are – at least for now – working on the project)
but even if everyone using LLMs to generate code was supervising it closely with very-experienced-software-design-and-development-level skills (they’re definitely not), I still don’t think that would justify or offset the enormous ethical, environmental, & social issues with the creation & use of LLMs
like I said, #ItsComplicated 💁♀️
rsync and outrage
https://medium.com/@tridge60/rsync-and-outrage-d9849599e5a0
pls at least read his post before commenting on this toot
like most non-trivial things in life, tech, & especially security, my thoughts on this are… “it’s complicated”
I’m only tenuously connected to tridge via the #LinuxConfAU / #EverythingOpen community, but his reputation is the stuff of F/LOSS nerd legend – I was in the room for his #LCA2015 talk in Auckland, Flying with Linux, where he did a live demo of #ArduPilot controlling an RC aircraft in Canberra (AU) with real-time telemetry from the aircraft that was also compiling the Linux kernel while in-flight… 🤯
YouTube: https://youtu.be/2Twl2mQAh6g
LA mirror: https://mirror.linux.org.au/pub/linux.conf.au/2015/OGGB_FP/Friday/Flying_with_Linux.webm
in the post, tridge argues that he is able to bring his (undisputed) expertise in software design & development to find ways use LLMs (relatively) safely to assist with specific coding tasks. I think that’s probably true, even given the regression bugs introduced in the most recent version of rsync – and it may even be the pragmatic least-worst way for open source maintainers to try to deal with the current deluge of LLM-assisted (or entirely LLM-generated) security reports currently overwhelming many open source projects
but most software devs are not on tridge’s level, and are already using #LLMs as coding assistants in unsafe and unpredictable ways (or just wholesale vibe-coding things without regard for building guardrails at all)
tridge also points out that he is technically retired and would rather be out sailing than working on maintaining rsync. a very possible outcome from all this might be that he decides to just… walk away and let others pick up the slack (he did note that the silver lining is that a couple of other experienced devs are – at least for now – working on the project)
but even if everyone using LLMs to generate code was supervising it closely with very-experienced-software-design-and-development-level skills (they’re definitely not), I still don’t think that would justify or offset the enormous ethical, environmental, & social issues with the creation & use of LLMs
like I said, #ItsComplicated 💁♀️
1
