239
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 18 May 2026
239 points (100.0% liked)
Fuck AI
7119 readers
1582 users here now
"We did it, Patrick! We made a technological breakthrough!"
A place for all those who loathe AI to discuss things, post articles, and ridicule the AI hype. Proud supporter of working people. And proud booer of SXSW 2024.
AI, in this case, refers to LLMs, GPT technology, and anything listed as "AI" meant to increase market valuations.
founded 2 years ago
MODERATORS
Bug reporting is going to have to start being an invite-only thing that you have to pass a video interview for first ... and in that interview, you'll need to demonstrate your ability and willingness to manually evaluate bugs before submitting them.
I would agree but… well the genie is out now. If security researchers don’t use it, hackers are still gonna use it. By creating more rules for submitting security bugs, we will just delay in implementing patches.
The "security researchers" aren't the problem here. It's every random amateur dev or AI enthusiast with an OpenClaw account who wants to be a security researcher, or have an excuse to put "Linux kernel contributor" on their resume.
The problem here is that bad actors are gonna use it as a tool to find exploits anyways. It's like you have the confirmed reports that the enemy country is going to throw nukes on the entire planet tonight and yet you would refuse to use yours just because ethics.
The question we should be asking is that how can we manage those reports more effectively and efficiently so that it doesn't become "unmanageable" rather than blocking people from reporting in the first place.
What you're forgetting is that many -- if not most -- of these vulnerabilities/exploits are bullshit in the first place. Either very niche situations that are extremely unlikely to happen in real life or outright hallucinations.
A few of them are legitimate security concerns, sure, but the vast majority are either low priority or a complete waste of time. And the same goes for the hackers trying to find ways in -- the vast majority of the exploits they discover this way won't actually work, or will only affect a tiny minority of Linux systems that are using obscure and/or obsolete protocols. So it's not quite the 'nukes' from your hyperbole.
Okay let’s say what you said is 100% right. How are you going to filter them or restrict them? OC said using a video interview. Who’s gonna conduct the interview? Who will pay the interviewer? How can we verify the answers that the interviewee gives are not AI generated? Wouldn’t reviewing the reports and the contributions instead would be faster even if most of them are wrong?
You want a real solution?
It costs $10 for an un-vetted reporter to submit a bug report. If the developers review the bug report and find it to be valid and helpful, you get your $10 refunded and you're added to the list of vetted reporters who can submit bug reports for free. If not, the foundation keeps the $10 and uses it to help pay the salaries of people who have to review these bug reports.
Sounds viable tbh.
Not ethics, practicality. There are only so many people contributing so many hours to open source projects. It's impossible to handle the entire incoming stream of reports without some filtering.
And your analogy isn't really capturing the problem. If you want to stick with the (slightly hyperbolic) nuke analogy, it's more like getting 9 reports that nukes are going to be launched but 6 of them name different source countries, 4 of them say it'll actually be tomorrow night, 2 of them say the nukes will be unarmed for some reason, and one says it's actually bottle rockets being launched. I hope you can find them in time because they're buried among 362 other intelligence reports about god knows what, many of which are duplicates of things you already knew about. Also, you don't know any of the sources or what their motives and competency levels are.
@OwOarchist@pawb.social didn't say anything about banning AI usage at all, just that we need a better system to restrict contributions to people who can demonstrate that they can filter the noise out of their own contributions instead of just spamming mailing lists with everything their chosen tool spits out. No one is going to dump a valid bug report just because a contributor used AI to find it. They want to dump the endless stream of duplicate and invalid reports being submitted by people that don't bother confirming that the reports they're submitting are new and valid.
Okay let’s say what you said is 100% right. How are you going to filter them or restrict them? OC said using a video interview. Who’s gonna conduct the interview? Who will pay the interviewer? How can we verify the answers that the interviewee gives are not AI generated? Wouldn’t reviewing the reports and the contributions instead would be faster even if most of them are wrong?
No. That's what this whole post is about. The current state is unsustainable and a better system is needed.
I don't think anybody has the answers to your other questions yet - that's the whole point of the discussion. Open source projects are facing a new challenge and the community as a whole needs to do some brainstorming and experimentation to figure out how to solve it. Video interviews may not be the right solution at all, it's just one idea among others.