Kissaki

No

https://github.com/LemmyNet/lemmy/issues/1872#issuecomment-958943903

Changing the username will break many aspects of federation. For other instances you will look like a completely new user, so you wont be able to edit or delete any old posts/comments. I really dont think its worth all the trouble when you can simply create a new account.

The developer used AI and it introduced bugs and that was bad for people.

Was it the AI that introduced bugs, or them, while working with AI there or in other parts?
Would the bugs not have occurred if they made the changes without AI?
Would they have made any changes without AI? Would we be better off without changes for security robustness?

You make it sound like a direct correlation. Having read their response, that seems like an assumption without reasonable foundation.

Changes always have a risk of introducing bugs.
I'm no friend of using AI without the necessariy expertise, but from their response, they seem to have taken a very thorough, reasonable approach, and they seem to have the expertise to do so.

I don't know the degree to that, but bugs do happen occasionally either way as long as there are changes. In the article, they explain why the changes are necessary. Prioritizing security over no-change-stability seems reasonable and warranted.

This reasoning assumes any LLM-assisted change is faulty, right?

The linked article doesn't make me concerned. They seem to have the expertise, seem to apply due diligence and good practice around (selectively) using LLM.

Can people not directly involved in and working on the project assess the risks well? Do we not have to depend on author and project leadership expertise just like we had to before with any parts of development, management, and tool and infrastructure use?

I haven't looked up the original communication or drama, but I assume communication could have been much better. Maybe the commits didn't say much about the reasoning and due diligence that they describe in this article? Other than that, how can you make a better judgment about the changes than them without taking a thorough look and assessment?

Have you read the linked article? They explain how they used AI. It's not like AI produced the code and that's it.

They also explain about this version and the next minor version.

In your eyes, is all AI-produced text and code slop? Or did you check on the Python tests they designed and implemented with the help of AI, and after analysis of that, you came to the conclusion that it's slop (as in nonsensical, incoherent, faulty, or similar)?

Is that your assumption given that they're using AI? Because it's not at all what I have taken away from their article.

Is "not properly maintained anymore" your interpretation of them using AI? Or what do you base that on?

I didn't get that feeling at all. They didn't make any such claims or used such wordings which I often see elsewhere.

Also, nobody actually knows if human intelligence is just finer grained stochastic prediction as well.

An interesting but valid argument. It doesn't make AI better than it is, but any human contribution and change can and often is also faulty. People have gaps of knowledge, sometimes unwarranted confidence, other times lack of care, or just miss things. It's not like we're comparing the perfect human vs faulty AI.

If you don’t mind the security risk then you can of course use an older release.

I haven't read the original rage/drama but I can imagine if from other drama instances.

This post is certainly a good, founded response.

There's some valid concerns in AI usage, but unwarranted or inappropriate harsh criticism when it's an established trusted developer and engineer - if we assumed good practice before then we could assume continued good practice. Maybe LLM is one point of increasing skepticism, but criticism should be open, respectful, and fair.

They invested a lot of time and effort into a public good project. In that context, they deserve at least respectful and non-worst-assumptuous criticism.

the original 2FA gets thoroughly bypassed in the process

arstechnica reports that 2FA protects you, also KrebsOnSecurity

On May 31, the pseudonymous open source intelligence researcher ZachXBT posted on X about how “the Meta AI support is garbage and has lots of access perms which allowed you to reset passwords to any user without 2FA and did not verify who you are.”

ambiguous formualtion, can be read both ways; but much more explicit:

The hackers reported their exploit failing against any accounts that had enabled multifactor authentication (MFA), including the “least robust form of MFA that Instagram offers” in the form of one-time codes sent through SMS, according to KrebsOnSecurity.

Securing your various online accounts means taking full advantage of the most secure form of multi-factor authentication (MFA) offered (such as a passkey or security key). In this case, even using the least robust form of MFA that Instagram offers — a one-time code sent via SMS — likely would have blocked the exploit: The hackers who released the video on Telegram said their exploit failed to work against any accounts that had MFA enabled.

Inspected, looks like even hidden-behind elements receive matrix transformation updates.

Presumably, skipping those could increase performance? But maybe it's not possible with this approach. I haven't checked deeply. I guess it's infeasible.

The browser's compositor handles the 3D layering.

But someone should!