this post was submitted on 18 May 2026

240 points (98.8% liked)

Fuck AI

7134 readers

1023 users here now

"We did it, Patrick! We made a technological breakthrough!"

A place for all those who loathe AI to discuss things, post articles, and ridicule the AI hype. Proud supporter of working people. And proud booer of SXSW 2024.

AI, in this case, refers to LLMs, GPT technology, and anything listed as "AI" meant to increase market valuations.

founded 2 years ago

MODERATORS

VerbFlow@lemmy.world

MrMcGasion@lemmy.world

TootSweet@lemmy.world

BigMikeInAustin@lemmy.world

cynar@lemmy.world

drmeanfeel@lemmy.world

pavnilschanda@lemmy.world

CriticalMedicine@lemmy.world

WonderfulWanderer@lemmy.world

Communist@lemmy.ml

eatCasserole@lemmy.world

SpaceNoodle@lemmy.world

NutWrench@lemmy.world

Soup@lemmy.cafe

iAvicenna@lemmy.world

Tinks@lemmy.world

wizblizz@lemmy.world

corus_kt@lemmy.world

Prandom_returns@lemm.ee

JimSamtanko@lemm.ee

TrickDacy@lemmy.world

TheFriar@lemm.ee

ArmokGoB@lemmy.dbzer0.com

HawlSera@lemm.ee

andrew_bidlaw@sh.itjust.works

MeDuViNoX@sh.itjust.works

33550336@lemmy.world

Nougat@fedia.io

Lost_My_Mind@lemmy.world

Quill7513@slrpnk.net

glowing_hans@sopuli.xyz

e8d79@discuss.tchncs.de

ThefuzzyFurryComrade@pawb.social

240

Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ (www.theregister.com)

submitted 1 week ago by RockBottom@feddit.org to c/fuck_ai@lemmy.world

21 comments fedilink hide all child comments

cross-posted from: https://lemmy.zip/post/64538696

Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’

top 21 comments

sorted by: hot top controversial new old

[–] racketlauncher831@lemmy.ml 1 points 6 days ago (1 children)

Downvoted. AI is not the issue here. It's the person behind it. They are supposed to find bugs and verify themselves. Instead they spammed the mailinglist.

[–] RockBottom@feddit.org 4 points 6 days ago

That's the increased efficiency we hear about.

[–] disorderly@lemmy.world 44 points 1 week ago (2 children)

If this really is the token burn future that the AI bros want, then why does it seem like such a disorganized, leaderless clusterfuck? Why has no one developed the "AI-native vulnerability reporting framework" to not destroy the most critical projects in FOSS?

It all seems terribly shortsighted. If Linux is affected, then a hundred other projects are on the ropes.

[–] WesternInfidels@feddit.online 2 points 6 days ago

Even in the glorious AI powered future no one wants to work on docs

[–] maegul@lemmy.ml 13 points 1 week ago (2 children)

Yea, I fear for the future of open source. There may be some asymmetries built into LLM tech and its uses that simply undercuts the FOSS system as we know it.

[–] very_well_lost@lemmy.world 11 points 6 days ago (1 children)

There may be some asymmetries built into LLM tech

Brandolini's Law

The amount of energy needed to refute bullshit is an order of magnitude bigger than that needed to produce it.

[–] maegul@lemmy.ml 2 points 6 days ago

Basically, yea. As sometimes BS is right enough to find a vulnerability, but rarely good enough to patch it, kinda like finding a small leak compared to metal being welded to cover it.

[–] RobertoOberto@sh.itjust.works 6 points 6 days ago

They don't even have to be intentionally built in. Anything that generates unnecessary work for FOSS volunteers is a win for proprietary software companies.

Even an easy to use and well-built tool that produces good results would result in mailing list and bug report noise simply because people like to contribute. If we set aside those who are just trying to pad their resume with open source contributions and bad actors trying disrupt FOSS projects, we're still left with a lot of well-intentioned, mostly inexperienced devs generating duplicate and/or invalid reports and requests.

Since the current state of AI tools certainly does not produce consistently good results, I don't think organizations that are hostile to FOSS projects actually need to do anything at all for them to be disruptive. Just make their shitty tools accessible and other people will significantly contribute to maintainer burnout without even intending to.

[–] Franconian_Nomad@feddit.org 28 points 1 week ago

“AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work,” he wrote. “Feel free to use them, but use them in a way that is productive and makes for a better experience.”

That’s a pretty nuanced view. I agree, but I’m not sure how many people of this community do.

[–] OwOarchist@pawb.social 25 points 1 week ago (1 children)

Bug reporting is going to have to start being an invite-only thing that you have to pass a video interview for first ... and in that interview, you'll need to demonstrate your ability and willingness to manually evaluate bugs before submitting them.

[+] sonofearth@lemmy.world -8 points 1 week ago (1 children)

I would agree but… well the genie is out now. If security researchers don’t use it, hackers are still gonna use it. By creating more rules for submitting security bugs, we will just delay in implementing patches.

[–] very_well_lost@lemmy.world 12 points 6 days ago (1 children)

The "security researchers" aren't the problem here. It's every random amateur dev or AI enthusiast with an OpenClaw account who wants to be a security researcher, or have an excuse to put "Linux kernel contributor" on their resume.

[–] sonofearth@lemmy.world -1 points 6 days ago (2 children)

The problem here is that bad actors are gonna use it as a tool to find exploits anyways. It's like you have the confirmed reports that the enemy country is going to throw nukes on the entire planet tonight and yet you would refuse to use yours just because ethics.

The question we should be asking is that how can we manage those reports more effectively and efficiently so that it doesn't become "unmanageable" rather than blocking people from reporting in the first place.

[–] OwOarchist@pawb.social 6 points 6 days ago (1 children)

What you're forgetting is that many -- if not most -- of these vulnerabilities/exploits are bullshit in the first place. Either very niche situations that are extremely unlikely to happen in real life or outright hallucinations.

A few of them are legitimate security concerns, sure, but the vast majority are either low priority or a complete waste of time. And the same goes for the hackers trying to find ways in -- the vast majority of the exploits they discover this way won't actually work, or will only affect a tiny minority of Linux systems that are using obscure and/or obsolete protocols. So it's not quite the 'nukes' from your hyperbole.

[–] sonofearth@lemmy.world 1 points 6 days ago (1 children)

Okay let’s say what you said is 100% right. How are you going to filter them or restrict them? OC said using a video interview. Who’s gonna conduct the interview? Who will pay the interviewer? How can we verify the answers that the interviewee gives are not AI generated? Wouldn’t reviewing the reports and the contributions instead would be faster even if most of them are wrong?

[–] OwOarchist@pawb.social 2 points 6 days ago* (last edited 6 days ago) (1 children)

You want a real solution?

It costs $10 for an un-vetted reporter to submit a bug report. If the developers review the bug report and find it to be valid and helpful, you get your $10 refunded and you're added to the list of vetted reporters who can submit bug reports for free. If not, the foundation keeps the $10 and uses it to help pay the salaries of people who have to review these bug reports.

[–] sonofearth@lemmy.world 2 points 6 days ago

Sounds viable tbh.

[–] RobertoOberto@sh.itjust.works 4 points 6 days ago* (last edited 6 days ago) (1 children)

...just because ethics.

Not ethics, practicality. There are only so many people contributing so many hours to open source projects. It's impossible to handle the entire incoming stream of reports without some filtering.

And your analogy isn't really capturing the problem. If you want to stick with the (slightly hyperbolic) nuke analogy, it's more like getting 9 reports that nukes are going to be launched but 6 of them name different source countries, 4 of them say it'll actually be tomorrow night, 2 of them say the nukes will be unarmed for some reason, and one says it's actually bottle rockets being launched. I hope you can find them in time because they're buried among 362 other intelligence reports about god knows what, many of which are duplicates of things you already knew about. Also, you don't know any of the sources or what their motives and competency levels are.

@OwOarchist@pawb.social didn't say anything about banning AI usage at all, just that we need a better system to restrict contributions to people who can demonstrate that they can filter the noise out of their own contributions instead of just spamming mailing lists with everything their chosen tool spits out. No one is going to dump a valid bug report just because a contributor used AI to find it. They want to dump the endless stream of duplicate and invalid reports being submitted by people that don't bother confirming that the reports they're submitting are new and valid.

[–] sonofearth@lemmy.world 0 points 6 days ago (1 children)

Okay let’s say what you said is 100% right. How are you going to filter them or restrict them? OC said using a video interview. Who’s gonna conduct the interview? Who will pay the interviewer? How can we verify the answers that the interviewee gives are not AI generated? Wouldn’t reviewing the reports and the contributions instead would be faster even if most of them are wrong?

[–] RobertoOberto@sh.itjust.works 2 points 5 days ago

Wouldn’t reviewing the reports and the contributions instead would be faster even if most of them are wrong?

No. That's what this whole post is about. The current state is unsustainable and a better system is needed.

I don't think anybody has the answers to your other questions yet - that's the whole point of the discussion. Open source projects are facing a new challenge and the community as a whole needs to do some brainstorming and experimentation to figure out how to solve it. Video interviews may not be the right solution at all, it's just one idea among others.

[–] the_wizard_of_0Z@lemmy.ca 4 points 1 week ago

fuck gipity