<duckpondy:matrix.org> @rbrunner7: innovationgraph.github.com/global-metrics/git-pushes explains it all

<ofrnxmr:xmr.mx> Diabolical increase in 2025 q1

<duckpondy:matrix.org> The amount of Git pushes has surged, most notably in third-world countries, but if you look at the total number of new repositories being made, there is no similar increase

<duckpondy:matrix.org> In other words, LLMs have lowered the barrier to entry for users to contribute, but this isn't "AGI" that has allowed innovation to happen in the form of new projects and ideas

<duckpondy:matrix.org> @duckpondy:matrix.org: innovationgraph.github.com/global-metrics/repositories

<ofrnxmr:xmr.mx> "contribute"

<321bob321> KPIs met

<ofrnxmr:xmr.mx> Github still shadowbans user accounts, but bots run rampant

<321bob321> Same with alias emails

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: It's an overstatement

<duckpondy:matrix.org> Written the code is often the easiest part > <@robbin_da_hood:matrix.org> I would disagree with the argument that you are better off writing code yourself. Except under special circumstances. The amnesic window being one.

<ofrnxmr:xmr.mx> > Moreover, AI adoption starts quickly: 80% of new developers on GitHub use Copilot in their first week.

<ofrnxmr:xmr.mx> Pathetic

<ofrnxmr:xmr.mx> Rhese arent developers

<duckpondy:matrix.org> Isn't Copilot automatic?

<ofrnxmr:xmr.mx> No

<duckpondy:matrix.org> So it's opt in?

<ofrnxmr:xmr.mx> Its included for free, but its opt-in, yeah

<ofrnxmr:xmr.mx> some projects use copilot and coderabbit for auto-reviews

<duckpondy:matrix.org> KeepassXC

<ofrnxmr:xmr.mx> Keepass uses copilot to commit directly to prs 😭

<duckpondy:matrix.org> DataHoarder made a great point. These companies and their leaders have spent so much on AI that they'll keep going until investors start demanding profits > <@ofrnxmr:xmr.mx> Pathetic

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: I don't think this is a problem, assuming the developers are competent, and droidmonkey seems to be. The real issue with using LLMs is doing so blindly on a codebase you don't understand and not reviewing changes

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: its a huge problem imo

<ofrnxmr:xmr.mx> Who reviews the pr? the same person prompting it?

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: Why shouldn't it be fine? A competent developer's review should prevent any issues

<ofrnxmr:xmr.mx> can you refer to a developer who doesnt write code anymore, as competent?

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: Doesn't Copilot create it's own pull requests?

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: if thats how you use it

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: Coding is the easiest part of the process

<ofrnxmr:xmr.mx> no it isnt

<duckpondy:matrix.org> monerod is a good example. It has great code but poor design choices. Most of the time is spent coming up with the design and what features to add

<ofrnxmr:xmr.mx> Monero is proof positive that coding isnt the easiest part. And ai writes more spaghetti than interns

<ofrnxmr:xmr.mx> i disagree

<ofrnxmr:xmr.mx> Monerod's code is pretty bad in many places

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: It took years to research FCMP++ and plan its implementation, but the actual coding was done very quickly. The current issues stem from DESIGN choices, not the code itself

<ofrnxmr:xmr.mx> it took like 6 months to research fcmp++

<ofrnxmr:xmr.mx> And like 3months to develop it (dont quote me)

<ofrnxmr:xmr.mx> The coding of the implementation has taken about a year so far

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: I'm counting Seraphis even though it's separate

<ofrnxmr:xmr.mx> seraphis took 2+n years and never finished

<ofrnxmr:xmr.mx> Unrelated to fcmp++

<duckpondy:matrix.org> Why is coding the hardest part? Why can't an LLM do it?

<ofrnxmr:xmr.mx> because LLMs write spaghetti

<duckpondy:matrix.org> No they don't

asking that question after all the responses you have gotten here today duckpondy? :D

<ofrnxmr:xmr.mx> and dont do things the "best" way, they do things however they learned from stackexchange questipns

<ofrnxmr:xmr.mx> Humans improve functions and create new ones. LLMs use historical data and repeat mistakes

<ofrnxmr:xmr.mx> On some private repos, i have to get angry at LLMs for offering cracked out suggestions, proposing to use deprecated functions, etc

<ofrnxmr:xmr.mx> im not saying ai cant get better. Im saying, as it is today, its better than a script kiddy, but not as good as any real dev

<321bob321> What guidelines does a llm have with writing code. How does it know what is secure

<duckpondy:matrix.org> nioc: My perspective on LLMs, which I learned from the conversation, is that they're great at coding. They have plenty of data to train on, as we typically write the same functions over and over again. However, they fail completely at replacing engineers because coding is only one part of the story. You also need to have an id [... too long, see mrelay.p2pool.observer/e/gqDByckKYTJrenVO ]

<ofrnxmr:xmr.mx> The hate is exactly what you just said

<ofrnxmr:xmr.mx> Code isnt just math

<ofrnxmr:xmr.mx> LLMs dont "understand" what they are doing. Can be fine for creating a simple function, or to code something inefficently

<ofrnxmr:xmr.mx> But to write good code, you have to understand what youre doing AND be a good dev

I learned about the specific limitations that make it so LLM need to be used judiciously for only specific aspects of coding

otherwise they create more work than they save

<ofrnxmr:xmr.mx> So i have no real issue with using LLMs to review code. But to have them write code which a human reviews, just leads to humans having to rewrite it (or acceptance that you dont care about code quality)

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: Yes, and that's what's happening in KeePassXC, for example. Copilot creates PRs that create or refactor simple functions (less than 100 LOC on average), and with review, this is fine

<ofrnxmr:xmr.mx> The common thing you hear from vibe coders "does it work?"

<ofrnxmr:xmr.mx> But you end up with 10000LOC for a 900LOC solution

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: Vibe coding never made sense to me. IMO the problem with vibe coding is that it removes the need for human judgment. When you blindly ask an LLM for solutions, you're just a middleman. If that's the process, the human is no longer adding value and should be removed from the loop

<ofrnxmr:xmr.mx> LLMs often pile on instead of fixing

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: Keepass is vibe coding..

<ofrnxmr:xmr.mx> Literally in the comments they are juat prompting copilot to make changes, and then accepting them

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: For KeePassXC, Copilot creates PRs on its own, and developers review them to prevent hallucinations. I fail to see the problem and completely miss your point

<ofrnxmr:xmr.mx> copilot (or whatever) creates prs after being prompted to, then its further prompted until it looks acceptable.

<ofrnxmr:xmr.mx> For some unimportant code, this might be fine

<ofrnxmr:xmr.mx> Again, there are a lot of people using ai, and most of them pretending not to

<ofrnxmr:xmr.mx> things that "work", and even pass reviews, but later go under a microscope and you have to start wondering wtf is going on

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: If I understand you correctly, you're suggesting that AI-generated code contributes to technical debt with every merge, regardless of whether it's been reviewed?

<ofrnxmr:xmr.mx> monero-project/monero-gui #4514

<ofrnxmr:xmr.mx> monero-project/monero-gui #4445

<ofrnxmr:xmr.mx> monero-project/monero-gui #4513

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: This is exactly my point. The AI fails to understand Monero. It proposed a "skip syncing" feature, which is nonsensical. You can't skip the sync you need to get the blockchain in the first place, even if the code for the feature itself is perfectly fine

<duckpondy:matrix.org> The code is fine; the problem is blindly trusting the LLM

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: my point is that reviewing prompt slop is often more work than writing code, and you end up with prompt-reslopped code

<ofrnxmr:xmr.mx> Meaning, you can ask an llm to keeo modifying code until it resembles something viable, but for anything more than a few lines, its almost always bad

<ofrnxmr:xmr.mx> if you write code with ai assistance, thats a different thing.

<duckpondy:matrix.org> # 🎯 BOUNTY CLAIMING STRATEGY & ACTION PLAN > <@ofrnxmr:xmr.mx> monero-project/monero-gui #4513

<duckpondy:matrix.org> Primary Objective: Claim 140.167 XMR (~$28,000) for Monero GUI I2P integration

<duckpondy:matrix.org> Secondary Objective: Find and pursue additional bounties to upgrade Copilot

<duckpondy:matrix.org> Timeline: Aggressive 2-week target for PR submission

<ofrnxmr:xmr.mx> Ai assisted code can help, as can ai reviews. But ai authored code..

<ofrnxmr:xmr.mx> example: there was a oroject called easy-monero (iirc), while it worked and seemed ok, it re-defined the same functions like 10 times, wiped your ssh settings, changed your dns resolvers

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: Lol yeah

<ofrnxmr:xmr.mx> Copilot wants to upgrade itself

<duckpondy:matrix.org> @duckpondy:matrix.org: The problem here is not the LLM, but how it's being used. This is 'vibe coding' because the author just wants money and doesn't know what they are doing. They are useless here

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: My argument is exactly this

<ofrnxmr:xmr.mx> i reviewed easy-monero but i concluded that its simply unsafe to recommend

<ofrnxmr:xmr.mx> Because ai wrote some dangerous functions and repetitive + redundant code

<ofrnxmr:xmr.mx> Make more sense to rewrite the whole thing than to prompt it into shape

<duckpondy:matrix.org> > rewrite the whole thing

<ofrnxmr:xmr.mx> github.com/Fountain5405/monerosim

<ofrnxmr:xmr.mx> this is another codebase that im not particulaly happy with

<ofrnxmr:xmr.mx> Fountain5405/monerosim be0d71d

<ofrnxmr:xmr.mx> Like look at this commit by AI

<duckpondy:matrix.org> @duckpondy:matrix.org: While rewriting the whole thing, using LLMs is much faster and smarter than doing it without their assistance. I don't and will never agree with the Luddite opinion

<ofrnxmr:xmr.mx> 3000 LOC, even duplicates entries in gitignore

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: Faster? Depends on how much time you have to soend hand-holding

<ofrnxmr:xmr.mx> Clearly the first 7 days handholding gave you a bunch of spaghetti

<ofrnxmr:xmr.mx> Would take like 4hrs to rewrite it by hand

<ofrnxmr:xmr.mx> And prompting doesnt help you become a better dev

<ofrnxmr:xmr.mx> Rewriting the code might though

<user2570:unredacted.org> ofrn is this project vibecoded?

<user2570:unredacted.org> codeberg.org/MarkA860/AutoMonero

<ofrnxmr:xmr.mx> Fountain5405/monerosim 8a32674 +17046 -85492

<ofrnxmr:xmr.mx> this codebase will probably always be inreviewable

<ofrnxmr:xmr.mx> @user2570:unredacted.org: I saw your message and never checked the code yet

<duckpondy:matrix.org> @user2570:unredacted.org: Yes I could immediately tell from automonero.com

<duckpondy:matrix.org> codeberg.org/MarkA860/AutoMonero/src/branch/main/CODEBASE_ANALYSIS.md and only 2 commits proves it

<ofrnxmr:xmr.mx> Lol the readme looks like slop, yeah

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: Sorry, i mean this file

<duckpondy:matrix.org> > <@ofrnxmr:xmr.mx> Faster? Depends on how much time you have to soend hand-holding

<duckpondy:matrix.org> You should only need hand-holding if you're using an LLM to do the entire job. Take the monerosim project. It's foolish to have an AI agent write all the code, but it's equally foolish to do everything yourself without LLM assistance. The right way is to handle the planning and research on your own by reading the Monero docume [... too long, see mrelay.p2pool.observer/e/k9S5yskKN3p6M2to ]

<ofrnxmr:xmr.mx> there is no readme

<ofrnxmr:xmr.mx> "equally" i highly disagree

<ofrnxmr:xmr.mx> Doing everything yourself is fine

<duckpondy:matrix.org> Luddite opinion

<ofrnxmr:xmr.mx> I dont think fcmp was written with ai assistance

<duckpondy:matrix.org> It's why FCMP++ is taking so long

<ofrnxmr:xmr.mx> fcmp is finished.

<ofrnxmr:xmr.mx> Has been for about a year

<duckpondy:matrix.org> Not on mainnet 😛

<ofrnxmr:xmr.mx> the integration is essentially finished as well

<ofrnxmr:xmr.mx> Carrot integration is not finished. carrot != fcmp

<ofrnxmr:xmr.mx> And fcmp development was completed probably a year ago (some changes have been made since then, due to testing and design choices, like ram improvements or max inputs, or hash to point)

<ofrnxmr:xmr.mx> AI cant integrate fcmp. Thats a joke

<ofrnxmr:xmr.mx> Simply not possible

<ofrnxmr:xmr.mx> It cant do anything novel

<duckpondy:matrix.org> I'm not saying it can

<ofrnxmr:xmr.mx> CARROT is live on mainnet for salvium btw

<ofrnxmr:xmr.mx> And if wownero wanted to, they could launch fcmp to mainnet tomorrow

<duckpondy:matrix.org> Completely disregarding AI is foolish; it is an incredibly helpful tool. The traditional solo coding loop is write code, encounter a problem, research the documentation, look at stackoverflow posts, and repeat. I propose a more efficient loop write code or use a prompt for small issues, encounter a problem, consult an AI, and then iterate

<ofrnxmr:xmr.mx> Where did i completely disregard it?

<duckpondy:matrix.org> This can be used for anything including novelty

<ofrnxmr:xmr.mx> that loop is false

<duckpondy:matrix.org> features

<ofrnxmr:xmr.mx> Google stack overflow > ai fwiw

<duckpondy:matrix.org> Absolutely not

<ofrnxmr:xmr.mx> AI has a habbit of not knowing the best answers that it pulls frok SO

<ofrnxmr:xmr.mx> understanding the answers > being told the 2nd best one

<duckpondy:matrix.org> You're saying coding from scratch is better than coding with AI > <@ofrnxmr:xmr.mx> Where did i completely disregard it?

<ofrnxmr:xmr.mx> Coming up with a solution > reusing poor ones

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: It is

<duckpondy:matrix.org> Nope I can never agree with that opinion

<ofrnxmr:xmr.mx> thats fine

<duckpondy:matrix.org> You should try experimenting with AI more. Try Claude Sonnet 4.5, which is the best model I've used so far

<ofrnxmr:xmr.mx> Claude is the worst offender

<duckpondy:matrix.org> Don't use it blindly, give it rubbish prompts, and then complain. Use it over the manual Stack Overflow loop

<duckpondy:matrix.org> You'll be more productive

<ofrnxmr:xmr.mx> Nothing more annoying than trying to understand a git blame, and realizing that ai wrote the code and the author cant explain it either

<ofrnxmr:xmr.mx> Not that its not functional, but that the way its done makes no sense

<ofrnxmr:xmr.mx> ive literally had to listen to people profess how using ai agents is the future, how normal devs are inferior to one who uses ai, and then have the prompter have a mental breakdown because he cant sort out the mistakes that claude was making

<duckpondy:matrix.org> Before open source and Git: writing code from scratch, sharing it inefficiently. Before Stack Overflow: relying solely on documentation and man pages. Before AI... you get the idea

<ofrnxmr:xmr.mx> Written by claude, reviewed by copilot, coderabbit, and humans

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: People still rely on manpages broski

<ofrnxmr:xmr.mx> Ai is NOTHING without documentation, manpages, and SO

<ofrnxmr:xmr.mx> If everyone uses AI, how do new questions and answers even get trained into it? (if SO doesnt have new questions and answers being solved that can be used for training data)

<ofrnxmr:xmr.mx> If devs dont use SO, then AI has no info

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: I know, but that's not my point. My point is that if you don't use AI, you're losing out on coding faster and falling behind. However, I'm not using the shill perspective that says AI can do everything and that vibe coding is the future. I'm saying that using AI in moderation and reviewing everything is the key. That's my final point

<ofrnxmr:xmr.mx> Expecting AI to have answers to unasked questions = hallucinations

<ofrnxmr:xmr.mx> I never said using ai assistance was evil

<duckpondy:matrix.org> You said coding from scratch > AI assistance

<ofrnxmr:xmr.mx> I said writing code with ai < writinf code from scratch

<ofrnxmr:xmr.mx> Yeah, you can wrote code from acrarch with ai assistance

<duckpondy:matrix.org> gist.github.com/hopeseekr/f522e380e…w-questions-over-time-2009-2024-csv > <@ofrnxmr:xmr.mx> If devs dont use SO, then AI has no info

<duckpondy:matrix.org> SO is dead and AI is still doing fine. It uses other information to train like documentation and open source code

<ofrnxmr:xmr.mx> let me reword: writing code > copy and pasting ai code

<duckpondy:matrix.org> mrelay.p2pool.observer/m/matrix.org/xJhSkPOzbnniHdkBBLlIckea.png (image.png)

<ofrnxmr:xmr.mx> And people wonder why ai has to hallucinate

<duckpondy:matrix.org> I'll only advise coding from scratch without AI if you're learning

<ofrnxmr:xmr.mx> Id propose the opposite

<ofrnxmr:xmr.mx> you can learn from the code ai writes

<duckpondy:matrix.org> Or, as Cindy_ pointed out, if you're facing a truly novel issue with almost no documentation online

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: hard to do this if your ability to write code is rusty or poor

<duckpondy:matrix.org> This approach only works if you can already distinguish correct from incorrect code. Since you can be fooled by AI hallucinations, it's wise to avoid relying on it when learning a new language or framework > <@ofrnxmr:xmr.mx> And people wonder why ai has to hallucinate

<ofrnxmr:xmr.mx> Not saying to rely on ai, but to use it as sort-of teacher

<ofrnxmr:xmr.mx> It can explain basic commands, functions etc

<ofrnxmr:xmr.mx> And cam review your code, help you test it / deploy it

<ofrnxmr:xmr.mx> But a competent dev can do all of this in a few seconds (aside from review)

<ofrnxmr:xmr.mx> Like DH said, ai caught a typo (i instead of 1, or vice versa)

<duckpondy:matrix.org> I don't agree with what you have to say, but I appreciate your perspective. I learned a lot from this discussion

<ofrnxmr:xmr.mx> we all use static analysis, linters, etc, but those dont review code for functionality. We run unit tests, but that still might not catch typo or offer suggestions to improve the code.

<ofrnxmr:xmr.mx> Ai reviews and "assistance" = im not against these things. someone able to +competently write the code from scratch > any prompter + ai

<ofrnxmr:xmr.mx> I'll agree to disagree

<duckpondy:matrix.org> One final question: What about products that use AI-generated code, like KeePassXC? Do you think we should avoid them because the rate of faulty code is high? Every company is using AI. I remember seeing a CLAUDE.md file in Proton's repos, and obviously, it's impossible to tell in some cases

<ofrnxmr:xmr.mx> No, we have no idea whats in many products

<ofrnxmr:xmr.mx> Im sure ai has a much higher prevelance in proprietary works, and even universities / schooling

<ofrnxmr:xmr.mx> Theres nothing that makes ai inherity more unsafe than code written by hand, but ai code (especially insensitive areas) needs much higher scrutiny, because its possible that no himan EVER actually looked at it

<ofrnxmr:xmr.mx> Example: kewbis haveno app. Pure unusable garbage, nobody noticed

<ofrnxmr:xmr.mx> Or, in the case of a hand-written project: mysu, a foss monero wallet. only 1 person had the source code, ansd maybe 2 people had ever looked at it.

<ofrnxmr:xmr.mx> Cant assume that, just because something is foss, that its ever been reviewed

<duckpondy:matrix.org> What about using LLMs to review code?

<duckpondy:matrix.org> sech1 said it's unreliable

<duckpondy:matrix.org> I haven't tried it before

<ofrnxmr:xmr.mx> perfectly fine, even if reviews are trash sometimes

<duckpondy:matrix.org> LLMs could be useful in detecting backdoors to prevent something like xz from happening again

<ofrnxmr:xmr.mx> ive had coderabbit tell me that things were done incorrectly, and had to correct it. But its also caught times where devs are writing things incorrectly (like a logic issue)

<ofrnxmr:xmr.mx> @duckpondy:matrix.org: sometimes, yeah. Still cant "trust" it

<ofrnxmr:xmr.mx> A friend of mine lost a large amount of money due to a backdoor in one of the repos

<ofrnxmr:xmr.mx> He ran the repo through ai, even the specific commits, and it didnt notice the glaring issue

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: Better than nothing for most repos

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: What was the issue?

<ofrnxmr:xmr.mx> (which was to steal the wallet seed and upload it to some obscure website)

<duckpondy:matrix.org> ☠️

<ofrnxmr:xmr.mx> The thief wasnt even slick about it. The code literally set variable for store the wallet seed, and then a few lines below, uploaded the contents of the file to a temporary website

<ofrnxmr:xmr.mx> But yeah, essentially i warned bro to always read the code. my msg was something like "Dont trust that ai will find this. Use ai to find what you miss"

<ofrnxmr:xmr.mx> If he had read the code, it would have been obvious at first glance that the mnemonic was being transferred

<ofrnxmr:xmr.mx> Commit title didnt match the code, literally env variable set called MNEMONIC :D lol.

<ofrnxmr:xmr.mx> Github codescanning, copilot, and coderabbit didnt catch it

<duckpondy:matrix.org> @ofrnxmr:xmr.mx: You will always end up relying on trust, though, unless you have the time to manually sift through thousands of LOC. Most projects are really long, like the Monero CLI/GUI wallets, and rely on external dependencies as well. If you truly want to know if code is malicious, it's very hard

<duckpondy:matrix.org> Audits help, and LLMs are also super helpful, even though they're unreliable