by StableAlkyne
3 subcomments
- Clicking through to https://git-annex.branchable.com/no_llm_code/
It looks like git after 2.22 was dropped because it took an LLM commit. Same with ghc.
If I have to choose between this or git and the latest ghc, I think I'm going to just wait for someone to fork annex.
I don't even feel strongly one way or the other on AI stuff; pragmatically, I'm just not going to stop using the most widely used version controller, or Haskell, just for some guy's (forkable, AGPL licensed) hobby project.
- What confuses me about this stance is that LLMs are basically indistinguishable from any mid-to-low-tier dev.
And those we've let into our codebases with no concerns. Hell, some even threw parties inviting in more of them.
At least LLMs don't call HR on you when you rightfully tell them that they're full of shit.
Though.. well. Claude probably might.
- It's nicely symmetrical, because conversely I prefer my LLM-generated code to have no dependencies.
by bwestergard
1 subcomments
- Git annex is a remarkable piece of software and I've been inspired by lead developer joeyh's approach to both FOSS and life. For example:
https://joeyh.name/offgrid/
by neutrinobro
4 subcomments
- Was this done by manually reviewing commit messages? I think it would be interesting/useful to have a tool that could use some basic heuristics about LLM generated code to detect code-blobs even if they are not explicitly called out in a commit message.
by InTheArena
2 subcomments
- This is completely infeasible in the age of mythos. The reality is that the velocity is just not going to feasible from a security PoV without leveraging these tools.
by bitbasher
1 subcomments
- I agree we need to address the elephant in the room, but our community is about as polarized as politics in America.
- Maybe an LLM could be used to check for this :)
- How come all the open source projects are fretting over the copyright status of LLM code but big companies are just vibe coding slop all day for their internal closed source projects without a care in the world?
- These arguments are increasingly smelling strawman-ish to me. The authors seem to pick the absolute worst possible examples of LLM usage in software development, ignoring the fact that it is ultimately just a tool, and that all the blame for a shitty product continues to lie at the feet of the one wielding it like a giant doofus.
by waterTanuki
0 subcomment
- I sincerely hope people taking the side of the LLMs get everything they ever asked for.
When $llm_company begins asking you to open your wallet to fix every vulnerability, bug, or other breaking issue, instead of the guy in Nebraska doing it for free because someone mentored him, will the economics change? Probably not.
- We are all figuring this new technology out and people will make mistakes. Would seem overreactionary to swear things off completely because of a single commit and reversion. Look for patterns in dependencies and your own work.
- [flagged]
by botfriendsarent
2 subcomments
- I think this is a fair and normal reaction to AI slop. Alot of work though. I think OSS projects are at serious risk of implosion due to the vigilance required which honestly may end up being a fool's errand anyway.
But maybe we are thinking about it backward. Have you ever wondered why there is so much "free software"? Beware of strangers bearing gifts.
I have always wondered and been suspicious of people who are so eager for you to use their software. Which isnt to say OSS isnt high quality. Im just saying that maybe when people are pushing free software on you they are kind of in it for themselves.
As for whats next, me personally, last year I pulled all my personal repos about 80 of them off of bitbucket and self host that all now. I think OSS projects should setup a paywall and charge money to create PRs.
Like 10-100 bucks per PR to cover the cost of the extra vigilance. Also I could see migrations away from github, to AI free dependency hosting or something like that. Its an interesting challenge. But its not insurmountable.
Either paywall OSS projects or take them off the interwebs.
Also one option the OP didnt explore I dont think is forking and freezing the dependencies. Huge maintenance burden, but its better than source corruption.
Also use fewer dependencies. Maybe set a limit of 5.
- [flagged]
by bioninf_n_door
0 subcomment
- [flagged]
by kstenerud
6 subcomments
- [flagged]
by gravatron
3 subcomments
- funny enough if you spent just a few minutes with a LLM working on the design of your website it wouldn't look like complete shit.