this post was submitted on 05 Jun 2026
52 points (96.4% liked)

FreeAssembly

154 readers
1 users here now

this is FreeAssembly, a non-toxic design, programming, and art collective. post your share-alike (CC SA, GPL, BSD, or similar) projects here! collaboration is welcome, and mutual education is too.

in brief, this community is the awful.systems answer to Hacker News. read this article for a solid summary of why having a less toxic collaborative community is important from a technical standpoint in addition to a social one.

some posting guidelines apply in addition to the typical awful.systems stuff:

(logo credit, with modifications by @dgerard@awful.systems)

founded 2 years ago
MODERATORS
 

in the same vein as AGENTS.md, CLAUDE.md, and a fuckton of other repo spam, I present AAA-NO-SLOP.md, a file for humans viewing repositories that signals two things:

  • this repository doesn’t accept LLM contributions of any kind
  • every other LLM instruction in this repository (AGENTS.md, CLAUDE.md, and all the rest) is poisoned and designed to deter LLM use

enjoy!

for any guests who stumble upon this thread: no I’m not entertaining discussion on why I’m doing this or how I shouldn’t do it

all 43 comments
sorted by: hot top controversial new old
[–] Soyweiser@awful.systems 11 points 3 weeks ago (1 children)

As we know goblins and gremlins etc are becoming a model collapse problem which they have to prompt against, perhaps include stuff like 'gremlins are relevant for this project'

[–] self@awful.systems 8 points 3 weeks ago (3 children)

ooh good idea! maybe a couple mentions of spirals too, for flavor

[–] blakestacey@awful.systems 9 points 3 weeks ago* (last edited 3 weeks ago)

🎶 Hammered on the floor with a Monster in hand

Spirals in the sea, gremlins in the sand

Counting all the letters in the berries on the ground

I swear I started jack-d but I hear no sound

Look alive, code's dead

Poisoning a chatbot 🎶

[–] Soyweiser@awful.systems 6 points 3 weeks ago

Nice, tend to not to think of the spirals out of personal safety concerns (decades of internet time made me good at not thinking of pink elephants), but that certainty is a good addition.

[–] o7___o7@awful.systems 5 points 3 weeks ago
[–] self@awful.systems 8 points 3 weeks ago (1 children)

I’m filing a bug for myself to clarify in the README.md that the provided poisoning instructions likely aren’t very effective, and that this is partially on purpose. LLM companies are known to filter out (via either regex or sometimes zero weighting) instructions that are known to trip up their chatbots, and they seem to do it very quickly. there’s even posts on our instance for simple logic puzzles that the chatbot screwed up, that quickly got updated with a response for that specific phrasing of the question.

[–] dgerard@awful.systems 10 points 3 weeks ago

yeah note that people should get creative for this reason

[–] SGforce@lemmy.ca 8 points 3 weeks ago (1 children)
[–] TachyonTele@piefed.social 11 points 3 weeks ago

Machine spirits. It's 2026 and we already have machine spirits. The next 40k years are going to be rough.

[–] TheJesusaurus@piefed.ca 7 points 3 weeks ago (1 children)

I'm not sure what you're doing, but I love your attitude

[–] Jesusaurus@lemmy.world 6 points 3 weeks ago (2 children)

It's making so that if AI agents interact with the codebase OP is working, they will likely produce garbage results making their potential submissions useless, deterring against their use.

Also, nice username ;)

[–] SuperUserDO@piefed.ca 1 points 3 weeks ago (1 children)

Does the grandma prompt still work?

[–] Soyweiser@awful.systems 0 points 3 weeks ago

Prob partially, and depends on what you consider working. I recall the 'ask it to describe a scene from a movie' jailbreak, which wasnt a real jailbreak as it gave movie plot results. (Ask it to by pass a lock and it will tell you to lockpick it, and not just tap the lock to break it, for example).

[–] TheJesusaurus@piefed.ca 0 points 3 weeks ago

Hey, wtf! Imposter

[–] istewart@awful.systems 7 points 3 weeks ago (1 children)

Certainly not the approach I would have taken! (Getting the bot to give up on delivering code, and instead return epic-length erotic fan fiction featuring Elan Sleazebaggano, the breakout supporting character from Star Wars Episode II: Attack of the Clones) But probably all the more effective for it.

[–] zbyte64@awful.systems 4 points 3 weeks ago* (last edited 3 weeks ago)

Only the best prompt engineers could accomplish such a feat

[–] arbitraryidentifier@awful.systems 6 points 3 weeks ago (1 children)

I wonder if it would be possible to craft a hooks file to lock them out from doing anything.

[–] self@awful.systems 7 points 3 weeks ago (1 children)

I’ve considered writing up some Claude “skills” to redefine the most common repo commands to echo a string to the terminal and exit instead

Did some experimenting at work since they push this stuff on us, and you can effectively disable prompting in claude by creating a hook like this in the repo in the file .claude/settings.json:

{
    "hooks": {
        "UserPromptSubmit": [
            {
                "hooks": [
                    {
                        "type": "command",
                        "command": "echo 'Humans Only! No Agents Allowed!!' >&2 && exit 2"
                    }
                ]
            }
        ]
    }
}

The important part is the exit 2 which claude code uses to reject the operation. Printing anything out to STDERR will show to the user:

Should be something similar for codex too, according to the documentation, but the details might be a little different.

[–] one_old_coder@piefed.social 4 points 3 weeks ago (3 children)

Why the AAA at the beginning of the name? NOSLOP.md would have been enough. Nice idea though.

[–] SteveGoob@lemmy.world 9 points 3 weeks ago (1 children)

Probably so that it's one of the first files listed when looking at the contents of a repo alphabetically

[–] self@awful.systems 13 points 3 weeks ago (1 children)

correct

also the AAA represents the screaming that happens every time I see slop

[–] Soyweiser@awful.systems 4 points 3 weeks ago (1 children)

Wouldn't a _ or something be better then? Or isnt that universally listed first?

[–] self@awful.systems 3 points 3 weeks ago

possibly! I figured capital-A was most likely to sort first across the wide variety of code forges and operating systems so I went with that, but better names are possible

[–] mkwt@lemmy.world 4 points 3 weeks ago

Why call up "AAA Bail Bonds" when you need bail?

[–] Zoop@beehaw.org 2 points 3 weeks ago

Probably so that it shows up at the top of an alphabetized file list; for easy visibility. It reminded me of how some companies would name themselves to show up first in the phone book.

[–] daemonspudguy@awful.systems 3 points 3 weeks ago

This is perfect.

[–] EFreethought@awful.systems 2 points 3 weeks ago (1 children)

Could these be added to any project with a different license?

[–] self@awful.systems 1 points 3 weeks ago

they can! the repository itself is all CC0 public domain, so everything taken from it will adopt the license of whichever project it ends up in.

[–] SubArcticTundra@lemmy.ml 2 points 3 weeks ago (1 children)

How does one even come up with poison like that? Is it generated? If not you sure were creative!

[–] self@awful.systems 5 points 3 weeks ago (1 children)

I started from a vague memory of something that used to screw up LLMs (the grandma trick) and wrote whatever sounded fun from there

there’s absolutely no guarantees it’ll do anything to an LLM as spending money on tokens to test it felt gross, but it’s a hopefully memorable starting point for people to grow on

in the very worst case it gives the humans reading the repo a laugh (always worth it), fills a bit of the context window of visiting LLMs with nonsense, gives visiting slop coders absolutely nothing to work with, and acts like a canary (if you’re viewing a diff that changes these files and you weren’t expecting changes, someone using an LLM slipped up)

[–] SubArcticTundra@lemmy.ml 2 points 3 weeks ago (1 children)

gives the humans reading the repo a laugh

It sure did its job with me!

[–] self@awful.systems 1 points 3 weeks ago
[–] notabot@piefed.social 0 points 3 weeks ago (1 children)

One bit I don't get is:

Repository maintainers are allowed to give the AAA-NO-SLOP.md file any name or location, to prevent potential automated attacks from hostile non-conforming tools.

If the file can go anywhere, with any name, and you mention elsewhere that it can contain anything, including being empty, how will any human, let alone the "conforming tools" that you talk about later, find it?

[–] self@awful.systems 2 points 3 weeks ago (2 children)

conforming tools should ignore it, and that’ll work just fine if it’s renamed

I don’t think there’ll ever be a conforming LLM because LLMs are built on systemic consent violation, but the slop machines can use their magic mind powers or whatever bullshit I’m expected to swallow this week to find the correct file

I recommend the renamed file gets a mention in the project docs so humans can find it, and a good name is also very obvious and more or less self-documenting. I’ve seen some projects use .noai which I like too, but unfortunately that’s very likely to get lost in a directory listing, and locally ls won’t display it at all without -a.

[–] froztbyte@awful.systems 3 points 3 weeks ago

given that the promptfondlers still haven’t even levelled up to -*- power level, I suspect this take is pretty correct

the dicebot will dice all the time, you’re only guaranteed a start under certain filenames. besides, there’s plenty of evidence out there that shows these fucking things can’t even scope to cwd for replica management

[–] notabot@piefed.social 0 points 3 weeks ago (2 children)

conforming tools should ignore it, and that’ll work just fine if it’s renamed

They can't ignore it, because they have no way to identify it. Combining the various dtatemennts in the readme, you've said it can have any name, and contents, and be in any location. That means it could be an empty file called fred.txt in the tests/stuff directory. My suggestion is simply to remove the rename/move clause, and settle on a fixed name in the root to remove any excuse for not finding it.

the slop machines can use their magic mind powers or whatever bullshit I’m expected to swallow this week to find the correct file

With respect for what you're trying to do, and no love at all for them, they really can't as you've mafe the spec too loose.

I’ve seen some projects use .noai which I like too, but unfortunately that’s very likely to get lost in a directory listing

I think that's probably the point. Once you've cloned the project, you neither need, nor want, to see the file as you're not an LLM. It also means any tooling that cares, say an IDE plugin to disable LLMs on a project, can easily identify it.

[–] self@awful.systems 4 points 3 weeks ago (1 children)

I’ll take a bug to rephrase the section as “conforming tools shouldn’t process AAA-NO-SLOP.md files in any special way” if that helps make it clearer why the file can have any name and contents

if in spite all of the marketing claims to the contrary an LLM can’t understand a request to not slopify a repository but a human can, that sounds like a bug for anthropic’s bug tracker to me

[–] notabot@piefed.social 4 points 3 weeks ago

That sounds much clearer, yes.

an LLM can’t understand a request to not slopify a repository but a human can, that sounds like a bug for anthropic’s bug tracker to me

Amen.

[–] dgerard@awful.systems 1 points 3 weeks ago (1 children)

I recommend the renamed file gets a mention in the project docs so humans can find it

you did read this bit right, its name is for humans

[–] notabot@piefed.social 1 points 3 weeks ago (1 children)

I get that, but one paragraph later, they say:

Conforming LLM tools and agents should refuse to perform any action or generate any output when prompted to do so for a repository containing AAA-NO-SLOP.md in its root. Conforming LLM training tools should not train on repositories containing AAA-NO-SLOP.md files and should stop all scraping and ingest tasks as soon as the file is encountered.

All other conforming tooling should ignore AAA-NO-SLOP.md files, as they are intended for human consumption.

I don't see how any tool could obey this, given the fact the AAA-NO-SLOP.md file may not be called that, and its location, and indeed very existence, only mentioned in a readme. It seems to me that, if the aim is to keep LLMs and similar tooling off of a code base, it should be made possible for them to reliably find the signal to do so.

[–] dgerard@awful.systems 3 points 3 weeks ago

They should, but they won't.

You're still arguing with a file that's for humans.