cross-posted from: https://piefed.world/c/tech/p/1131733/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost
The continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools. People spend all their time just forwarding things to the right people or saying “that was already fixed a week/month ago” and pointing to the public discussion.
Which is all entirely pointless churn, and we’re making it clear that AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved - and only makes that duplication worse because the reporters can’t even see each other’s reports.
AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work. Feel free to use them, but use them in a way that is productive and makes for a better experience.
The documentation may be a bit less blunt than I am, but that’s the core gist of it. So just to make it really clear: if you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on top of what the AI did. Don’t be the drive-by “send a random report with no real understanding” kind of person. Ok?
Flamebait style: people are getting in the way of AI fixing the bugs.
Use LLMs to triage the flood of reports, and implement the fixes.
Learn to stop worrying and love the Skynet. https://en.wikipedia.org/wiki/Dr._Strangelove
An actual interesting experiment: fork the system and work toward fully automated maintenance on the fork. Sure, if you want to make it fail you can, but try to succeed and see how it competes with / compares to old-school real-life Linux.
This is an extremely naive view of what the word “fail” means and of what such a “competition” would look like. Are you suggesting we just deploy increasingly critical systems onto this hypothetical fork until it predictably fails in an unpredictable way? Sorta like Calvin’s dad would rate bridges?
Man, we all kind of had this in mind, but what an incredible reference.
I said it was flamebait… only trust it with trust it has earned.