the fact that LLM company employees are hiding that they use LLMs in their open source contributions shouldn't just give us pause, it should be setting off all the alarm bells, big red flashing lights and the loudest sirens that exist in our heads.

imbl@social.treehouse.systems

the fact that LLM company employees are hiding that they use LLMs in their open source contributions shouldn't just give us pause, it should be setting off all the alarm bells, big red flashing lights and the loudest sirens that exist in our heads.

let me lay it out

• LLM contributions have overwhelmed open source maintainers
• maintainers and contributors have been burned out by the harassment received due to pushback against LLMs
• maintainers are quitting open source at a huge rate because of the two previous points
• slop code has tainted the entire free software stack from systemd and the linux kernel to fucking vim
• nobody knows where this code is coming from, and there's too much to properly review (as evidenced by the massive pile of slop that is the leaked claude code source)
• LLM companies have purchased and become owners of type checkers, package mangers, and even a javascript runtime
• and now the people working for the companies making LLMs are purposefully hiding their LLM usage

at best this is an open assault against the commons and free software itself

at worst this is the xz backdoor being worked into every single large open source project

i've worked in infosec and opsec. if something like this happened to our software stack, we would've considered the entire infrastructure compromised. we would've re-bootstrapped our os images and build systems using code from before the slop machines appeared, manually backporting security patches. because this situation is not acceptable. because the alternative would be throwing our hands up and accepting that everything is compromised and every one of our users was fucked and that's just life now.

the takeaway?
you're compromised.
i'm compromised.
your favorite open source project is compromised.
almost every machine on the planet is compromised.

but we're not fucked. we're only fucked if we ignore this and pretend everything is fine. there's always time to rebootstrap and kick the slop machines out. all that's required for evil to prevail is for good people to do nothing. we just have have to do anything. we just have to say that's fucking enough.