This is not new. AirPods are newish, but this is not new. People have been wearing headphones in public spaces since the Walkman, if not before, in large numbers. You can probably find opinion columns bemoaning this shortly after the introduction of the Walkman.
The difference is really volume, which is the case with a lot of problems related to AI/LLMs.
Humans have always submitted crappy code. LLMs, however, do so at a much faster rate. Even the most active lousy coder is not going to be capable of submitting anything like that volume of code to multiple projects.
Humans have always been capable of social engineering and trying to sneak in malicious code. However, it's possible that as agents get better that they can do so much faster. The missing component will be compromised accounts, I think -- how many aged accounts can attackers get hold of to turn loose with agents?
Long-lived FOSS projects have tons of people who've created accounts many years ago that might be easliy compromised, but have checked out of actively participating. It's not necessarily going to throw up a red flag if a "person" shows up after a hiatus and starts contributing again.
So, there's more to it than overwhelming a single maintainer -- it's the capability to conduct a bunch of these attacks in an automated fashion if attackers can get hold of compromised accounts.
(As an aside, it's concerning that a maintainer would be pestered into accepting a questionable PR like this. I expect, though, that there are quite a few overworked people who have taken on things like Anaconda and are being measured on how quickly they close PRs.)
ISTM this developer did people a favor: He’s shown a real-world vulnerability pattern in a way that didn’t do real harm.
Odds are he’s not the first to think of this, he absolutely won’t be the last. If your agents, CI/CD pipeline, or whatever are vulnerable to this, it’s time to fix that now before something truly nasty comes down the pike.
This is wonderful. I grew up watching WKRP and wanted to be Doctor Johnny Fever when I grew up. Managed to work in radio for a few years part-time, but by then DJing was “here’s a program sheet. Play these songs, exactly” - not the dream of being a DJ doing their own programming. I also realized why Johnny was always broke.
Still, very cool, and a little jealous of the on-air staff that get to work there.
I am so happy that my local town has a non profit radio station where the DJs pick their own music. You never know what you are going to hear when you turn it on.
Lord. I pity the managers that are going to be worrying about their jobs sitting in 1:1s with people who are also looking for answers when there really aren’t any to give.
This doesn’t sound like they’ll be weaning off it, though: it’ll be cold turkey. That’s going to let wealth holders pick up more property at depressed prices and drive down wages.
If they’re hosting network services, sure. I wouldn’t put vibe-coded software outside a home network, ever. But it seems low risk if people are just creating their own desktop software: especially since it’s less likely to be vulnerable to widespread malware.
(Note: I’m not an LLM fan, don’t vibe code myself at all. But I would be unconcerned about security for the kind of things I would create if I did start doing so.)
Quite the opposite, in fact. But there’s a difference between the information being present somewhere, and a reasonable way to get that information in front of people in an actionable form.
We’re drowning in “information,” at present. But the mass media narratives that are most readily available distort things quite a bit for a lot of reasons. (Ratings, owner bias/interference, format.)
reply