<321bob321> bitcoinmagazine.com/news/demonstrat…cks-on-bitcoins-signet-test-network

<monero.arbo:matrix.org> well they claim they've achieved a reproducibility rate of 83%

<monero.arbo:matrix.org> re: going through false positives

<monero.arbo:matrix.org> also it seems like they're offering a half year for free to open source projects, so doesn't seem like much harm. needs a primary maintainer or core team member to apply though

<syntheticbird> mrelay.p2pool.observer/m/monero.social/tiNNEXoFpFQRPlhrVIPTYskz.png (image.png)

<syntheticbird> nice looking tui

<kayabanerve:matrix.org> @monero.arbo:matrix.org: I've heard of drug dealers offering the first one for free. It doesn't seem like much harm, it's a limited free trial and we can go from there. If we like the uppers, we can get more. Wcgw

<kayabanerve:matrix.org> monero-oxide is in the slopfest of LLM bs. To that end, one could argue oxide should pay for an LLM and do the review ourselves. The issue is, all of the issues reported could've been caught by an oxide dev just sitting down and going through the code.

<kayabanerve:matrix.org> I don't see how an LLM spamming things to review changes how a reviewer needs to sit down and spend the time, nor do I believe it'd offer greater efficiency.

<kayabanerve:matrix.org> At the same time, I already deal with the flood and picking out the ones which can be discussed, so eh.

<kayabanerve:matrix.org> Tbf, I'd have to do that even if I went through it. The flood comes regardless.

<monero.arbo:matrix.org> On the one hand I get it, I'm not generally pro-AI myself, but at the same time I'd hate to get caught lacking as (or if) models improve, and this is claimed to be a big improvement from what we've all seen so far

<kayabanerve:matrix.org> Do you use the plagiarism machine for your defense when others use it indiscriminately? 🤔

<syntheticbird> Trust me bro benchmarks are always spectacular and adapt to the new benchmaxxing LLM in town

<kayabanerve:matrix.org> I don't hate, if we ignore the ethical issues, the idea of an LLM as a security linter. Explicitly not qualified as a review or audit but something like clang format, clippy.

<kayabanerve:matrix.org> The other thing is, so far, this has been closed access and Anthropic has made all these advertisements. I don't trust any claims they make about how good they are lol

<kayabanerve:matrix.org> This may legitimately be useful as a security linter, ignoring the ethical issues, as some current models likely pass the bar for. The main question will be what's the efficiency and ethics of it

<kayabanerve:matrix.org> Also, every time I hear it found a 20+-year-old bug, all that's saying is code no one has cares about in 20 years had a bug

<kayabanerve:matrix.org> The fact old code is now having _any_ attention paid to it may be interesting, but there's definitely going to be a discussion on the exact practicalities/impact of any CVEs attributed to Anthopic's work

<syntheticbird> @kayabanerve:matrix.org: don't rewrite what is already working is a disgrace and people that prone this should be... warmed up like a marshmallow

<kayabanerve:matrix.org> I do expect there will be some and I believe there has been some. That just doesn't change we should it take case by case, not get swept away by hype.

<kayabanerve:matrix.org> Also, one of the biggest issues I have is how LLM generated code seems unmaintainable except by LLMs, which is probably the point? Inject into your life, then become irreplaceable?

<jpk68:matrix.org> Just say "make no mistakes" and it will work perfectly

<kayabanerve:matrix.org> ^ > <@kayabanerve:matrix.org> I've heard of drug dealers offering the first one for free. It doesn't seem like much harm, it's a limited free trial and we can go from there. If we like the uppers, we can get more. Wcgw

<kayabanerve:matrix.org> (For IRC, sorry if that reply doesn't render properly, I'm pointing to my earlier comparison re: free drugs)

<kayabanerve:matrix.org> @syntheticbird:monero.social: I mean, the code should be tested, fuzzed, updated with documentation and with the latest formatting style, moved around as file layout changes

<kayabanerve:matrix.org> Even if code works and isn't replaced, it'll still be touched

<kayabanerve:matrix.org> I do understand our current software sucks. People have said that for decades. Tannenbaum is famous for it with their work on MINIX, where in one talk, they said their idea of a reliable OS is one which crashes maybe every fifty years or so

<kayabanerve:matrix.org> (they may say that commonly, it just stuck with me from the one talk I've watched)

<kayabanerve:matrix.org> Then there's LSMs, and due to the sandbox escapes in them, people personally deploy Xen on a per-app basis (Qubes)

<kayabanerve:matrix.org> I also remember the Qubes on the Cloud blog post, and I've personally sketched designs for a local cluster such that one can be free of hardware side channels due to using literal independent CPUs for each app, and even that would require sandboxing

<kayabanerve:matrix.org> There's the rewrite it in rust people who were completely right and you're only annoyed by them because they're calling you out in your shit, you were the one who didn't write it in rust in the first place amirite

<kayabanerve:matrix.org> And projects like Redox, CHERI, ARM MTE

<kayabanerve:matrix.org> TL;DR Life is complicated, everything sucks, things are kinda getting better, ignoring ethical issues, LLMs may be decent as security linters, LLMs are probably good to fuck things up because most things suck, don't fall into the hype, and don't do drugs

<kayabanerve:matrix.org> Also, obviously, the recent post by a NetBSD developer against Rust in the NetBSD kernel was controlled opposition /s /s /s

<0xdosto:matrix.org> sel4.systems