If the commit was prompted by a core developer, the developer knows what the prompt was. If it was prompted by a stranger, the core developer reviewing it does not know what the prompt was. The review attention required is completely different, because with an untrusted submitter you have to meticulously hunt down intentional security vulnerabilities obfuscated in the PR.
Come on, this attack vector would have been flagged by at least one person and you won’t then have multiple accounts hacked because of it. AI reacts fairly predictably to a single attack vector and don’t learn unless it gets flagged and then taught.
And even if a human didn’t catch it in one case, they will frequently. Giving AI access to the same tools humans use without any oversight mechanism just amplifies the harm and carelessness possible by one person.
It's useful progress. Decent-fidelity local-scale inference means that you can create a product that generates throwaway images frequently without worrying about cost. Thus far every product I've seen that generates images is metered, which severely limits the value. I don't know if this is actually at the "decent fidelity" point yet.
whether or not you think anyone is owed anything for anything is a completely different topic. i'm talking about what is happening right in front of you, and everywhere.
Bugs exist in human code too. The AI derangement crowd pounces on any small bug as evidence that AI is a trebuchet, and thinks that if only we didn't use AI there would never be any bugs (like five years ago when all software was perfect, was not being enshittified, and had 0 bugs).
The bugs were introduced because rsync had security issues(i.e. bugs) in it, presumably written into the code by humans.
It's really baffling to see so many people in this thread maintain the position that somehow software was clean and pristine until AI touched it with its evil.
Please try to at least put some sort of constructive argument forward, for example - I don't like AI because it might introduce more bugs than a careful human reviewer. Then we could discuss why a single maintainer is responsible for rsync and how they should handle the pressure of keeping it up to date - should they just stop making further changes, should they look for tools that might help them?
(By the way, if your position is that rsync was perfect before AI got its hands on it, you have a clear solution to all your problems - simply do not update to any newer versions)
Either way, move away from this absolutist nonsense that has no bearing to reality.
> It's really baffling to see so many people in this thread maintain the position that somehow software was clean and pristine until AI touched it with its evil.
Nobody maintains this position. Again, it's a strawman you made up, because it's easier to dismiss such "absolutist nonsense" than it is to just admit that these specific bugs were introduced as a direct result of careless AI usage.
If the developer is overwhelmed by the maintenance burden (they aren't, judging by how many AI commits they've been making to a large number of repositories), then that's an entirely different problem that deserves a good faith discussion, but delegating the work to AI is not the correct solution.
> By the way, if your position is that rsync was perfect before AI got its hands on it
Again, strawman, nobody said this either. In fact, quite the opposite - we want rsync to continue to be maintained by a human. If the current developer isn't interested in or capable of maintaining the project anymore, they should just say so instead of quietly letting AI take over, because then the likelihood of someone else stepping up to contribute would be much higher.
Why do we need any tools at all? Software worked perfectly fine when people were editing code with `ed`, so I'm going to go open timewasting issues complaining about FOSS devs using an IDE.
Unless you're advocating for mass direct democracy, with public votes on everything under the sun, a certain level of delegation is inescapable at scale.
You say "career bureaucrats" as if they can't be fired or controlled, but that's obviously wrong (since they're being fired and/or controlled right now).
QED, they ARE still under public oversight. (1) Voters vote for (2) elected officials who oversee (3) agency bureaucrats.
I don't see what the core complaint is then. The guy the public voted for can refuse to spend public funding on a particular grant. There's no reason that it's somehow more pure to have the public vote for someone who appoints someone who appoints someone.
> Public funding should be guided by public oversight, not career bureaucrats.
Isn't congress the elected, public oversight body? Or are you proposing that each and every employee of the federal govt be elected to prevent the horror of the 'career bureaucrat'?
My understanding of caching with most models/providers is that a prefix substring of the context has to be reused for a cache hit, but not necessarily the whole entire context window. So if you prune tool calls from the history, you're going to get one cache miss on the newly-pruned history, and then you're going to be getting cache hits on every subsequent turn, with a lower number of input tokens. If you prune subsequent tool calls after that, you would still get a cache hit for the already-pruned portion of the context, just not the full context.
The way you do this (and the way opencode does it) is you do most of your pruning in more recent history. Last I looked at opencode, they start pruning tool call results after 2 full agentic turns. So you probably dont get quite as good hits on cache for the most recent 1-5% of your turns, but after that everything else caches fine and those tool calls that likely aren't relavent to your session anymore are gone.
> It’s like if I go to Golden Gate Park and pick one flower, I shouldn’t do that, but no one cares. But if I build a machine to automatically cut every flower in the park because I want to sell them, that’s different.
It's not like that, because flowers are a physical object and moving them to one place deprives their original location of the flowers. When an LLM learns something from a webpage, the webpage is still there. Whatever 'theft' you perceive is entirely in your head; you were deprived of nothing by someone else making a copy of your thing.
> Whatever 'theft' you perceive is entirely in your head
Rather, it appears to be in your head, since the person you’re replying to has not mentioned or even hinted at theft. The problem with taking all flowers from a public park for your own profit is multifaceted. Amongst others, you’re depriving everyone else from enjoying them, but also degrading the image of the park and harming all the insects which depend on those flowers and the birds who depend on those insects, which in turn degrades the park further, which stops people from enjoying it and going there and caring for it. It’s not about a single physical object, it’s about the ripple effect the selfish action produces.
It's not like that, because flowers are a physical object and moving them to one place deprives their original location of the flowers. When an LLM learns something from a webpage, the webpage is still there. Whatever 'theft' I perceive is entirely in my head; I was deprived of nothing by someone else making a copy of my thing.
I get that the intention here is to plagiarize and thus cause the parent to feel the harm of it and realize the error in their ways, but I don't think it works. Plagiarism's harm to the plagiaree (?) is that it robs them of credit and payment, but nobody is viewing your reply in isolation of the parent's attribution and parent wasn't expecting to make money off of an HN comment. The harm to the rest of society where you gain false esteem for another's work is also not carried out in this instance. The harm to the plagiarizer where they fail to learn because they copied instead is likewise absent. If someone were to feel harm just from a copy of their words existing, they wouldn't need you to do it- google has hastily indexed this along with every other HN comment and we all know that this whole thread will make its way into LLM training sets eventually.
Google doesn't claim authorship over that which they index.
Plagiarism doesn't need to be harmful for it to be bad, and my intent wasn't to harm anyone anyway. My intent was that I could use the authors exact words to pretend to make a unique take that I claimed to have authored.
I don't understand. In what way is plagiarism bad if it doesn't harm? If it were harmless to pretend you authored a unique take, how is the parent expected to react to you not harming them such that they realize it's bad?
Can you apply your philosophy to the U.S. dollar ? I am sure producing copies is a "theft" that is entirely in your head. You were deprived of nothing by someone else making a copy of your dollar.
But you're still depriving the world of future flowers. Why spend years studying, sacrificing time with others, living frugally if others can take or monetize the result for free? Most people need compensation to justify their effort. Or the option to not have their years of work/sacrifice co-opted into an ai generated ad for toilet bowl cleaner.
No cost copying doesn't remove the need for compensation to sustain ongoing creation. Society has long treated knowledge, art, and thought as high-value outputs, and accepted the copyright tradeoff to support them. That is long settled and no 'get rid of copyright' proponents argue satisfactorily why the 300 year corpus of thought on that is invalid. Long copyright terms may justify reform but not rejection of the establishment that creative work needs economic value to sustain ongoing creation, and that ongoing creation is a net positive/desirable for society.
You are free to release copyright free today. In software that has unlocked immense value. In other areas those choosing copyright have unlocked more value. But software is different, I can get hired to build on the free. No one is hiring an author to expand their book to include fanfiction. And were that the model, it would arguably result in worse results as we are now back to the much worse patronage system where Bob hordes what he's paid for and only shares it with friends for status. For 300 years we've understood because of dynamics paywalled copyright with a throttled side of libraries unlocks the greatest access to knowledge. Eliminating duplication cost has not changed that.
'but I want every flower there is today and I don't care if there are any future flowers' doesn't change that, it's simply a new value judgement that my want/use case today outweighs the cost to society of lost future knowledge creation/return to a patronage based reward system. Again 300 years of thought say that results in a worse outcome for society. How does the typical OSS project that depends on patronage fare? Do we really want to return all knowledge output to that model?
When the LLM presents what it learned as its own thoughts without any attribution, that's the theft.
And you understand that. You're not stupid. This is the thing: AI is convenient for corporations, so you'll make dishonest arguments to justify your unethical behavior. Maybe you even believe what you say, but that's because people will hold on to any flimsy thing that lets them feel like they're good people, not because the reasoning actually makes any sense.
This is why people talking about AI get booed at speeches. There's no conversation to be had: you're not interested in the truth, or what's right, or what's good for anyone but yourself.
reply