BSD???s Cannot Ignore LLMs
Edward Capriolo
edlinuxguru at gmail.com
Wed Apr 8 17:43:37 EDT 2026
On Wed, Apr 8, 2026 at 4:16 PM Martin Cracauer <cracauer at cons.org> wrote:
> Ra??l Cuza wrote on Wed, Apr 08, 2026 at 03:18:04PM -0400:
> >
> > The number of people who can patch vulnerabilities will also grow, if
> projects can accept their patches.
>
> If you can review them with enough throughput.
>
> I think there is an obvious imbalance between the number of
> independents coming up with holes, exploits and patches and people who
> are trusted by the project to judge whether those patches are correct,
> don't break anything unrelated and are not secretly malicious.
>
> Martin
> --
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> Martin Cracauer <cracauer at cons.org> http://www.cons.org/cracauer/
I am guessing this is a reaction to the proclamation by the company that
leaked all their source code through typescript that they now have a tool
that finds all the bugs.
The world already had insurmountable tech debt:
https://arxiv.org/pdf/1908.00827
The AI is making it so fast they have to shift the conversation. So the
last market blitz (we can write cobol) has now moved to (we can find all
the bugs in ffmpeg).
https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/
Great all! three volunteer FFMPEG committers are tired of the bug reports,
It is amazing how companies with say 13-200 billion dollars can tell you
how their GPUs find all the bugs.
The problem is they sell all their services at a loss. On Redit folks are
on fire every day about how the ai providers are capping them :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20260408/1f598727/attachment.htm>
More information about the talk
mailing list