He casually reverse engineered Microsoft’s SMB protocol, creating Samba, back when windows file sharing was a key part of Microsoft’s lock in. He also isn’t just the maintainer of rsync, he invented the algorithms it uses. People who worked with him consider him a genius and a guru.
How much you want to bet he’s just bombarded by the “ai security reports arms race” I saw on here a couple days ago, where people use LLMs to find security holes in open source projects (likely a form of ‘fuck the dev’ training)? I mean, for hundreds of reports to come in, some of which I’m sure are legitimate, is overwhelming to a team… and he’s just one dude.
Edit. Looks like I may have been right. User Chairman Meow posted an excerpt from Discord that basically says that. Even legends get lonely, it seems.
Yep. A solo dev working on a project. Legitimate security flaws found by people who don’t know much of anything about coding, but can prompt an LLM. They don’t even understand the bugs they’re submitting, so if he has questions they can’t help.
His choice is either to spend all of his free time trying to patch these bugs, or to look for help. It’s very hard to find help as a solo dev on an unsexy but essential tool. So, he turned to LLMs to help. And, who knows, maybe he’s able to use them slightly more responsibly than other devs. But, LLMs almost inevitably lead to their own bugs because LLMs are always confident, and are designed to produce something that looks as much as possible like real working code, but without any actual thought or analysis behind them.
If you read the discord chat logs, it makes sense. He’s being bombarded by security vulnerabilities discovered via LLMs, from people who barely know how to code and can’t even explain the flaw that their LLM discovered. He’s a solo maintainer, and his choice is either to leave these security vulnerabilities open, or to turn to LLMs to try to keep up with the need for patches.
I don’t think he made the right choice, but I think he’s probably a much better programmer than me.
I don’t think he made the right choice, but I think he’s probably a much better programmer than me.
I’m a senior dev that works with LLMs these days and been running dozen people teams before and reading slop code is a skill that needs to be built through months/years of work no matter how good of a programmer you are - it’s a different skill set.
This is about to be a big thing. LLMs are very good at finding exploits and creating scripts to exploit them. Now a script kiddy is much more powerful. Companies are trying to figure out how to respond. Red Hat’s Project Lightwell is one such project.
For those who don’t know, “tridge” is legendary.
He casually reverse engineered Microsoft’s SMB protocol, creating Samba, back when windows file sharing was a key part of Microsoft’s lock in. He also isn’t just the maintainer of rsync, he invented the algorithms it uses. People who worked with him consider him a genius and a guru.
How much you want to bet he’s just bombarded by the “ai security reports arms race” I saw on here a couple days ago, where people use LLMs to find security holes in open source projects (likely a form of ‘fuck the dev’ training)? I mean, for hundreds of reports to come in, some of which I’m sure are legitimate, is overwhelming to a team… and he’s just one dude.
Edit. Looks like I may have been right. User Chairman Meow posted an excerpt from Discord that basically says that. Even legends get lonely, it seems.
Yep. A solo dev working on a project. Legitimate security flaws found by people who don’t know much of anything about coding, but can prompt an LLM. They don’t even understand the bugs they’re submitting, so if he has questions they can’t help.
His choice is either to spend all of his free time trying to patch these bugs, or to look for help. It’s very hard to find help as a solo dev on an unsexy but essential tool. So, he turned to LLMs to help. And, who knows, maybe he’s able to use them slightly more responsibly than other devs. But, LLMs almost inevitably lead to their own bugs because LLMs are always confident, and are designed to produce something that looks as much as possible like real working code, but without any actual thought or analysis behind them.
Which makes it all the more disturbing that he has turned to slopmachines.
If you read the discord chat logs, it makes sense. He’s being bombarded by security vulnerabilities discovered via LLMs, from people who barely know how to code and can’t even explain the flaw that their LLM discovered. He’s a solo maintainer, and his choice is either to leave these security vulnerabilities open, or to turn to LLMs to try to keep up with the need for patches.
I don’t think he made the right choice, but I think he’s probably a much better programmer than me.
I’m a senior dev that works with LLMs these days and been running dozen people teams before and reading slop code is a skill that needs to be built through months/years of work no matter how good of a programmer you are - it’s a different skill set.
This is about to be a big thing. LLMs are very good at finding exploits and creating scripts to exploit them. Now a script kiddy is much more powerful. Companies are trying to figure out how to respond. Red Hat’s Project Lightwell is one such project.
https://www.redhat.com/en/lightwell
Another is
It’s going to be a bloodbath.