cross-posted from: https://piefed.world/c/tech/p/1131733/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost
The continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools. People spend all their time just forwarding things to the right people or saying “that was already fixed a week/month ago” and pointing to the public discussion.
Which is all entirely pointless churn, and we’re making it clear that AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved - and only makes that duplication worse because the reporters can’t even see each other’s reports.
AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work. Feel free to use them, but use them in a way that is productive and makes for a better experience.
The documentation may be a bit less blunt than I am, but that’s the core gist of it. So just to make it really clear: if you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on top of what the AI did. Don’t be the drive-by “send a random report with no real understanding” kind of person. Ok?
I know you were just being glib, but I feel compelled to point out that given its context, it was only used as one might say “AI is all well and good, but…”, like just using it to get to the real point, which is that in-and-of itself, without a person acting upon the AI’s results, it is actually not great at all. Like any tool, it has to be used to help you accomplish something and not just set about to do your entire job for you. So he was actually saying the opposite.
I hope he’s doing it with a purpose, like avoiding piss off AI users so they pollute even more the development process just to troll. I really hope that it’s the case. So maybe it’s a good thing. Maybe…
AI is useful; it just doesn’t replace people.
Sir, this is social media nuance has no place here.
A thing is either all bad and anybody who says anything about it is probably a nazi or it is good and nothing you say in support of it can ever be wrong no matter how irrational or toxic those beliefs.
AI is bad and so it can’t be useful because only one thing can be true at once. No you can’t change my mind, yes I did my own research.
Flamebait style: people are getting in the way of AI fixing the bugs.
Use LLMs to triage the flood of reports, and implement the fixes.
Learn to stop worrying and love the Skynet. https://en.wikipedia.org/wiki/Dr._Strangelove
An actual interesting experiment: fork the system and work toward fully automated maintenance on the fork. Sure, if you want to make it fail you can, but try to succeed and see how it competes with / compares to old-school real-life Linux.
This is an extremely naive view of what the word “fail” means and of what such a “competition” would look like. Are you suggesting we just deploy increasingly critical systems onto this hypothetical fork until it predictably fails in an unpredictable way? Sorta like Calvin’s dad would rate bridges?
Man, we all kind of had this in mind, but what an incredible reference.
I said it was flamebait… only trust it with trust it has earned.