Maybe if they took security even remotely seriously and made a functioning sandbox (that apps can’t trivially opt themselves out of), we wouldn’t have to care whether an app was AI generated or not.
Yes, containers/sandboxes have vulnerabilities that really clever attackers can exploit, but AI generated slopcan’t.
Yes, containers/sandboxes have vulnerabilities that really clever attackers can exploit, but AI generated slopcan’t.
Wait are you suggesting that AI slop code can’t have vulnerabilities? Cause… that’s hilariously not even remotely true. It’s a huge issue in SecOps, it was even an issue in the past when humans didn’t have a “easy” button and every vibe coder dumped commits. It’s way worse now because a lot of the vibe coded shit isn’t checked, and the people who produce it have no clue what the fuck it does in the first place.
Wait are you suggesting that AI slop code can’t have vulnerabilities?
I think they mean “containers can have security vulnerabilities, but you need to be cleaver to exploit them, AI slop is not clever enough to exploit those vulnerabilities”
Plenty of other issues or security vulnerabilities can exist that a good sandbox won’t catch. Like software can insecurely store and transmit passwords, have bad randomness for something security sensitive, secretly be mining crypto behind the scenes and burn through battery/electricity, etc.
Maybe if they took security even remotely seriously and made a functioning sandbox (that apps can’t trivially opt themselves out of), we wouldn’t have to care whether an app was AI generated or not.
Yes, containers/sandboxes have vulnerabilities that really clever attackers can exploit, but AI generated slop can’t.
There’s a reason they’re at SLSA1 . And this is it.
Plot twist: SLSA4 has been achievable since like 1998. Sit DOWN, Debian.
Wait are you suggesting that AI slop code can’t have vulnerabilities? Cause… that’s hilariously not even remotely true. It’s a huge issue in SecOps, it was even an issue in the past when humans didn’t have a “easy” button and every vibe coder dumped commits. It’s way worse now because a lot of the vibe coded shit isn’t checked, and the people who produce it have no clue what the fuck it does in the first place.
I think they mean “containers can have security vulnerabilities, but you need to be cleaver to exploit them, AI slop is not clever enough to exploit those vulnerabilities”
But AI slop probably introduces plenty of new vulnerabilities, right?
Yes? Banning it form Flathub is a good thing
Plenty of other issues or security vulnerabilities can exist that a good sandbox won’t catch. Like software can insecurely store and transmit passwords, have bad randomness for something security sensitive, secretly be mining crypto behind the scenes and burn through battery/electricity, etc.