• Phoenixz
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    11 hours ago

    One wonders who would have the time, interest and money to setup and control AI to do all this… One wonders 🤔 and the one remembers -just as a random example- Microsoft funding SCO with tens of millions of dollars right after which it attacked Linux with fake copyright claims for years, after which Microsoft extorted large corporations into switching to Microsoft platforms. Also, why controls GitHub now? Anyway, I digress.

    OS will deal with this, I imagine it won’t be too hard to setup tools that will deal with this shit, but I’m so sick and tired of continuously having to deal with this shit. Can we just formonce have something nice?

    • JordanZ@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 hours ago

      Just do a search for ‘exploiting GitHub open source’ and you’ll find numerous resources of past and current exploits. Best way to exploit someone’s machine is to infect an open source package used by millions.

      This is a particularly relevant article.

      Over the next year, they would largely take control of the project from its original maintainer, Lasse Collin, a change driven in part by nagging emails sent to Collin by a handful users complaining about slow updates.

      So unleash the AI to overburden the maintainers. Which means they could hand over the project entirely like this instance or just not provide the amount of scrutiny they previously did over the things getting merged into the project. Either way it’s bad for all of us.

    • Draghetta@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      10 hours ago

      More than some nefarious corpo, I think this is more an evolution of the same problem that existed before AI was popular.

      Some people realised that their credibility as a job candidate was tied on a very surface level to their GitHub profile, so they sought to optimise it. They started going to cool projects and proposing absolutely stupid merge requests, like “replace single quotes with double quotes in README.md” or “improved spacing in this sentence” in the hopes that the developers would go “well why not”, so they could show that they contributed to tensorflow or redis or what have you. Already years ago, a lot of FLOSS projects were plagued by spam PRs.

      Now coming up with absolutely stupid reasons to issue a PR is a tedious job and you have a very fierce competition of people doing the same thing as you, so… why not gain the edge with AI?

      • superkret@feddit.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        8 hours ago

        No, this is definitely big corporations. It has Microsoft written all over it.
        Microsoft has now gone “all in on Open Source” (except for their own code, of course).
        They rely on OSS for most of their revenue (Azure). And they force their employees to use Copilot for everything.
        It would only make sense for them to flood the devs of OSS they use with Copilot-generated bug reports and feature requests.

          • superkret@feddit.org
            link
            fedilink
            English
            arrow-up
            3
            ·
            7 hours ago

            To avoid company-internal pressure.
            Microsoft is pretty cult-like nowadays. Employees need to write weekly self-assessments using Copilot, which are used to judge their “growth mindset” and decide if they get a raise, or fired.

            https://www.wheresyoured.at/the-cult-of-microsoft/

            Demonstrating your “commitment to advancing open source”, while using Copilot, benefits employees internally.

            • Draghetta@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              7 hours ago

              Not saying it can’t be, but I’ll be more convinced by an article that is a bit less emotionally loaded. It’s clear that the author has a bone to pick with Microsoft, and it reads as it’s written by a high schooler who wants to LARP as a journalist.

              Just to be clear I have been in big tech corpos with cult-ish undertones and I have also seen the mindset poppycock shoved to my face multiple times, it’s not that I find their contents hard to believe. I just find that article hard to trust.