How many firewall hardware manufacturers have had these kinds of vulnerabilities? Feels like a couple times a year I hear about another one.

Sure, but even with something like online political discourse you can do better than getting obsessed over a bastardized provincial political term (liberal which means something completely different outside of the US)

Sorry, I’m having a hard time following the train of thought - are you referring to my use of ‘liberal-democratic institutions’?

I don’t want to word-vomit on you unnecessarily if you’re pointing to something else or speaking broadly about leftist discourse on lemmy (i’ve seen plenty of debates like the one you’re describing)

and providing cover for promoters of russian and Chinese genocidal imperialism and propaganda

Ok well now i’m even more confused - where is this jab coming from?

Maybe you’re taking issue with my categorizing db0 as a leftist space and are speaking broadly about the perspectives about china and russia from that instance? What are we talking about here?

It’s absolutely wild that the obvious needed to be pointed out at all, and that the reaction to it was ‘you just made my list, buddy’.

The worthiness of a discussion has no bearing on the intent and framing of the person prompting it.

The questions are being raised by the same person who included global reputation scores in his backend piefed code for the purposes of suppressing his personal pet peve behaviors. I find that to be informative context for considering the intent of the discussion being prompted.

edit: Oh look, here he is saying exactly what I was just pointing out was likely the intent

Right - which is why it was quite interesting watching Fox news have a 20 minute power struggle over the sudden popularity of May Day in the US and the rise of ““extreme socialist sentiment””

All online political discourse is performance - feel free to speculate how well it is representative of IRL leftist spaces in the west.

Is this a negative db0 experience for you?

Although maybe Rimu should have been more clear in pointing out that this seems to be not an official instance tool, but rather something some moderators have cobbled together themselves.

This isn’t an issue of clarity. His closing call to action is to ‘develop awareness so that people can choose which instances to join and interact with’. There aren’t any practical administrative solutions to the problem being called out, with the exception of defederation or the threat thereof. Any single user on the entire fediverse can copy-paste user activity into any LLM and use the output to make moderation decisions, or craft personalized agitprop or whatever else, but centering the focus on instances that allow their usage turns the issue into a nail that can be solved with a hammer.

I don’t see a technical or practical way to limit - let alone render impossible - AI moderation tools that is not at odds with decentralized open-protocol social media.

If you can copy-paste user activity into a textbox, this remains trivial.

I don’t doubt it even for a second.

I’m lowkey kind of fascinated this morning with what feels like a moment of real panic among western liberal-democratic institutions (projecting a little from my morning news and coffee). That an anarchist instance is getting this much targeted harassment feels like a microscopic extension of that (if I allow myself to be so bold)

As far as I can tell, dbzer0 isnt even being explicitly called out here, but it has an undeniable bdzer0 flavor to it. If it doesnt come out that this was one of our mods at this point, I’d almost be disappointed.

Aside from the ethical implications of profiling users or of using a corporatly owned server and model to execute this, I see nothing uniquely concerning about this practice that isnt already a risk of federated social media generally.

Every mod on every instance is free to use whatever tools or standards for moderation they want - that’s an intentional byproduct of federation. Similarly, the collection of this data for use with llms is a bygone conclusion at this point - there was never any way of preventing that from happening with a federated network.

I think the only thing here to talk about is the way these questions are being framed as a question of intra-instance policy. We already have communities where moderation abuse can be called out and adjudicated- why pose this as a question of instance administration when there doesnt seem to be any evidence for it?

What’s with all the faux accelerationist shit on here the last few days?

Kinda, but they’re specifically saying the the AI agent cannot itself tag the contribution with the sign-off - like, someone using Claude Code to submit PRs on their behalf. The developer must add the tag themselves, indicating that they at least reviewed and submitted it themselves, and it wasn’t just an agent going off-prompt or some other shit and submitting it without the developer’s knowledge. This is saying ‘the dog ate my homework’ is not a valid excuse.

The developer can use AI, but they must review the code themselves, and the agent can’t “sign-off” on the code for them.

Also - what will holding the submitter responsible even achieve?

What does holding any individual responsible on a development team do? The Linux project is still responsible for anything they put out in the kernel just like any other project, but individual developers can be removed from the contributing team if they break the rules and put it at risk.

The new rule simply makes the expectations clear.

I imagine it has plenty of use cases for blue team as well, just not as many for active threat response.

The risk of that is relatively low for kernel contributions, though. Most of the work being done is porting existing protocols/firmware into the latest Linux kernel, not creating novel features.

The larger risk is instability caused by bad, hallucinated code because it was submitted under the assumption of human authorship. In both cases, further review by the Linux team can be done if they understand where that code is coming from.

Banning AI does nothing, because theres no way of knowing who uses it without proper disclosure, which wouldnt happen if it were banned. To use an example from the article, it would be like banning code written with the use of a specific brand of keyboard.

Better to have it properly disclosed than to make it illicit

That would be true even if they didn’t use AI to reproduce it.

The problem being addressed by the Linux foundation isn’t the use of copyrighted work in developer contribution, it’s the assumption that the code was authored by them at all just because it’s submitted in their name and tagged as verified.

Does that make sense?

Even if this were true, it would only mean that the GNU license is unenforceable, not that the Linux kernel itself is infringing copyright

Yup

People want to pretend as if everything that flows downstream from the creation of LLMs is illegal, but that’s just not the reality.

The Linux Kernel is under a copyleft license - it isnt being copyrighted.

But the policy being discussed isn’t allowing the use of copyrighted code - they’re simply requiring any code submitted by AI be tagged as such so that the human using the agent is ultimately responsible for any infringing code, instead of allowing that code go undisclosed (and even ‘certified’ by the dev submitting it even if they didnt write or review it themselves)

Submissions are still subject to copyright law - the law just doesnt function the way you or OP are suggesting.

Yup.

I would also just point out that this doesnt change the legal exposure to the Linux kernel to infringing submissions from before the advent of LLMs.