Have you used an LLM to scan for vulnerabilities in an Open Source codebase?

funbaker@chaos.social

@evan hell no

coldfish@sfba.social

@evan I use Ollama locally to scan my own files and server logs. Does that count?

reiver@mastodon.social

RE: https://mastodon.social/@reiver/116551433907294642

@evan

Yes, my open-source code-bases.

I find this one of the very useful use-cases for these tools. Using as it a code-reviewer to find bugs.

evan@cosocial.ca

@coldfish you tell me!

manchicken@defcon.social

@evan I have used them for work because I was asked to.

mick@cosocial.ca

@evan no time like the present

coldfish@sfba.social

@evan I don't know. I think AI is just gonna be here whether we like it or not. I also think that we're going to be roped into it and suddenly it will magically get much more expensive.

So, I've been on a mission to find the "good" in what's happening here. I think if we get more local AI tools to offset the needs for "big AI" then we may be able to come to some kind of direction that isn't just a horrific dystopian future that I tend to see coming.

My last project: Do document analysis on Gemini, but handle all the vector embedding on Ollama locally. The thing is, so much can be done locally that it hard to believe that the next versions of Chrome or Office won't have an LLM built in, if only to offset the load on the remote AI.

evan@cosocial.ca

@coldfish guess what?

Chrome silently installs a 4 GB local LLM on your computer

You did remember to opt out of AI, didn't you?

theregister (www.theregister.com)

coldfish@sfba.social

@evan yeah, I saw that the other day. Pretty sure it's going to be default, like having spell check.

spraoi@tooting.ch

@evan @coldfish

I've been trying to work out how to run it under Pytorch to see what it can do.