This is bad.
-
This is bad. This is very, very bad.
I'm not trying to pick on Python here, I pick it because Python is something I'm actively using, and so I have a vested interest in the project *not* being AI-vulnerable.
But it's not good, chat. It's very far from good, in fact.
I'm gonna be real with folks here. I fucked up, and bad, with my participation in the open-slopware list. As a result, I'm not the right person to do it, but there has to be some kind of accounting for what damage AI is doing to open source.
For all the whinging about "supply chains" over the past few years, it *is* a problem when your code suddenly depends on AI, even if only indirectly.
-
This is bad. This is very, very bad.
I'm not trying to pick on Python here, I pick it because Python is something I'm actively using, and so I have a vested interest in the project *not* being AI-vulnerable.
But it's not good, chat. It's very far from good, in fact.
-
I'm gonna be real with folks here. I fucked up, and bad, with my participation in the open-slopware list. As a result, I'm not the right person to do it, but there has to be some kind of accounting for what damage AI is doing to open source.
For all the whinging about "supply chains" over the past few years, it *is* a problem when your code suddenly depends on AI, even if only indirectly.
@xgranade i made a little app, https://slopspotter.8bit.rodeo, for this purpose but I don't think anyone uses it but me
-
I'm gonna be real with folks here. I fucked up, and bad, with my participation in the open-slopware list. As a result, I'm not the right person to do it, but there has to be some kind of accounting for what damage AI is doing to open source.
For all the whinging about "supply chains" over the past few years, it *is* a problem when your code suddenly depends on AI, even if only indirectly.
Part of the problem with doing so is.... well, now what? It's not like a Python project can just... stop being a Python project?
But I think it's important to at least understand the scope of the problem.
-
@xgranade These are very much not fergalicious vibes.
Now I'm curious what they used Claude for. *runs some diffs*@theorangetheme @xgranade *each time I see a diff that _doesn't_ have AI contributions*
โFergalicious diffโ
-
@theorangetheme @xgranade *each time I see a diff that _doesn't_ have AI contributions*
โFergalicious diffโ
@reillypascal @xgranade Thank you for the laugh today hehe.
-
@xgranade These are very much not fergalicious vibes.
Now I'm curious what they used Claude for. *runs some diffs*@theorangetheme @xgranade here are the commits on `main` where it's explicitly a co-author:
```
$ git log --oneline -i --grep "Co-authored-by: Claude.*anthropic\.com"
59f247e43bc gh-115952: Fix a potential virtual memory allocation denial of service in pickle (GH-119204)
5b1862bdd80 gh-87512: Fix `subprocess` using `timeout=` on Windows blocking with a large `input=` (GH-142058)
cc6bc4c97f7 GH-134453: Fix subprocess memoryview input handling on POSIX (GH-134949)
532c37695d0 gh-137134: Update SQLite to 3.50.4 for binary releases (GH-137135)
``` -
@xgranade These are very much not fergalicious vibes.
Now I'm curious what they used Claude for. *runs some diffs* -
Part of the problem with doing so is.... well, now what? It's not like a Python project can just... stop being a Python project?
But I think it's important to at least understand the scope of the problem.
@xgranade it's extremely worrying, yeah. it's probably too big to fork
-
@theorangetheme @xgranade here are the commits on `main` where it's explicitly a co-author:
```
$ git log --oneline -i --grep "Co-authored-by: Claude.*anthropic\.com"
59f247e43bc gh-115952: Fix a potential virtual memory allocation denial of service in pickle (GH-119204)
5b1862bdd80 gh-87512: Fix `subprocess` using `timeout=` on Windows blocking with a large `input=` (GH-142058)
cc6bc4c97f7 GH-134453: Fix subprocess memoryview input handling on POSIX (GH-134949)
532c37695d0 gh-137134: Update SQLite to 3.50.4 for binary releases (GH-137135)
```@SnoopJ @theorangetheme There's a few more that list it in the PR thread but that don't list it as a co-author. Still, I agree, it's a fairly limited problem so far. My worry is that I don't see any mechanism for keeping that scope limited going forward.
-
@SnoopJ @theorangetheme There's a few more that list it in the PR thread but that don't list it as a co-author. Still, I agree, it's a fairly limited problem so far. My worry is that I don't see any mechanism for keeping that scope limited going forward.
@xgranade @theorangetheme yea I didn't mean to minimize the impact, just wanted to share the cantrip I've been using to check this when I run into the same thing
-
@xgranade it's extremely worrying, yeah. it's probably too big to fork
@ireneista Especially because you need to also fork the whole governance model around it.
-
@SnoopJ @theorangetheme There's a few more that list it in the PR thread but that don't list it as a co-author. Still, I agree, it's a fairly limited problem so far. My worry is that I don't see any mechanism for keeping that scope limited going forward.
-
@xgranade @theorangetheme yea I didn't mean to minimize the impact, just wanted to share the cantrip I've been using to check this when I run into the same thing
@SnoopJ @theorangetheme No, absolutely. I see this as the leading indicator rather than the damage itself, if that makes sense?
I keep using the term "AI-vulnerable" to try and point to that there isn't necessarily an actual direct impact, so much as a dramatically increased vulnerability surface area.
-
@ireneista Especially because you need to also fork the whole governance model around it.
@xgranade yeah. we think it's highly likely there are too many specific people with specific knowledge for that to work...
this isn't a particularly helpful observation, but we should probably never have put so many eggs in one basket to begin with
-
@xgranade yeah. we think it's highly likely there are too many specific people with specific knowledge for that to work...
this isn't a particularly helpful observation, but we should probably never have put so many eggs in one basket to begin with
@xgranade though, of course, it's hard to see what else we could have done
-
@ireneista Especially because you need to also fork the whole governance model around it.
@xgranade @ireneista "do you have five million dollars of disposable income to fund an alternative to the PSF" is a good place to start, if you want to frame it as a "hostile fork" situation. the only solution is to get involved in the messy process of politics and governance and try to figure out a way to negotiate a durable peace
-
@xgranade @ireneista "do you have five million dollars of disposable income to fund an alternative to the PSF" is a good place to start, if you want to frame it as a "hostile fork" situation. the only solution is to get involved in the messy process of politics and governance and try to figure out a way to negotiate a durable peace
@xgranade @ireneista unless you do have $5MM++ in which case, uh, cool, very happy for you
-
@xgranade @ireneista "do you have five million dollars of disposable income to fund an alternative to the PSF" is a good place to start, if you want to frame it as a "hostile fork" situation. the only solution is to get involved in the messy process of politics and governance and try to figure out a way to negotiate a durable peace
-
@xgranade @ireneista "do you have five million dollars of disposable income to fund an alternative to the PSF" is a good place to start, if you want to frame it as a "hostile fork" situation. the only solution is to get involved in the messy process of politics and governance and try to figure out a way to negotiate a durable peace
@glyph @ireneista One of those domino memes that starts with Calibre cutting a new release and topples into "Cassandra Granade runs for PSF Board."
I just seriously do not want to. But I agree, getting into the messy politics is the only way forward with Python in particular.
