debate the merits of slop code in a password manager elsewhere
I’m just commenting, I didn’t make the post?! I mean I like 80% of what they say. I think it’s great to have transparency and a review process in my password manager… Just not AI…
you like 80% of the claptrap keepassxc posts? no wonder you came into this kfc asking for a double down. we haven’t even served those since, like, the mid-2010s
the project’s sudden commitment to code review excellence is the exact same shit every other project pulls when there’s justified backlash in response to a policy that allows, and therefore encourages, slop code. that keepassxc keeps officially posting through it, defending code-oriented LLMs as “generally accurate”, and fucking up and showing that they don’t understand their own threat model, is the double down. I don’t particularly give a fuck that they’ve remained remarkably consistent in their policy of accepting garbage into their codebase, or that their blog’s response to the backlash has been, golly gosh, so measured! if this is how their team conceptualizes risks to a piece of software whose breach would constitute a catastrophic event.
Thanks. Bizarre conversation. But from all sides really, also wild to just claim they don’t know what a zero day is and that’s just made up. I think it’s super unhealthy no one looks at the actual code and what they’re doing but it’s completely hypothetical and about what people say, not do. Like what code quality they actually have. That’d be a good indicator for their users to judge. And also to judge how clever these people are. But seems that’s exempt from the discussion. Idk. Thanks for pointing me at this, I wasn’t aware. I’ll scroll through it some more.
And I’d really like to know what those developers see in AI that I don’t see and why they use it in the first place. From what I can tell by scrolling through their PRs, Copilot hasn’t been of much help to them. And there’s a reason why other people use or avoid it. I still think it’s not as bad as portrayed. The review process will deal with AI slop the same way it does with malicious PRs from the NSA or Russian hackers… It needs to handle all of it 100% so slop doesn’t really stand out here. But it’s really weird to do experiments in a password manager and not some side-project.
Edit: And now that I see that, I kinda hate how mobs show up in their Github repo to spam them. I don’t think this is the solution either.
no wonder you came in here to scream for a disgusting chicken sandwich incorrect one of my posters about their use of a common English phrase and post yet more LLM apologia barely disguised as critique
yeah nah we don’t need this centrist AI booster crap here but thanks anyway
But from all sides really, also wild to just claim they don’t know what a zero day is and that’s just made up.
some motherfuckers really see a security vendor claim a zero day can’t be exploited at scale for a local application, ignoring gigantic classes of vulnerability enabled by misconfiguration, combined exploits, or malware, and go “woof, maybe it’s true! they do make my favorite password manager after all, who are you to say they’re wrong” as a bunch of Russians walk off with their bank info
I’m just commenting, I didn’t make the post?! I mean I like 80% of what they say. I think it’s great to have transparency and a review process in my password manager… Just not AI…
you like 80% of the claptrap keepassxc posts? no wonder you came into this kfc asking for a double down. we haven’t even served those since, like, the mid-2010s
the project’s sudden commitment to code review excellence is the exact same shit every other project pulls when there’s justified backlash in response to a policy that allows, and therefore encourages, slop code. that keepassxc keeps officially posting through it, defending code-oriented LLMs as “generally accurate”, and fucking up and showing that they don’t understand their own threat model, is the double down. I don’t particularly give a fuck that they’ve remained remarkably consistent in their policy of accepting garbage into their codebase, or that their blog’s response to the backlash has been, golly gosh, so measured! if this is how their team conceptualizes risks to a piece of software whose breach would constitute a catastrophic event.
Thanks. Bizarre conversation. But from all sides really, also wild to just claim they don’t know what a zero day is and that’s just made up. I think it’s super unhealthy no one looks at the actual code and what they’re doing but it’s completely hypothetical and about what people say, not do. Like what code quality they actually have. That’d be a good indicator for their users to judge. And also to judge how clever these people are. But seems that’s exempt from the discussion. Idk. Thanks for pointing me at this, I wasn’t aware. I’ll scroll through it some more.
And I’d really like to know what those developers see in AI that I don’t see and why they use it in the first place. From what I can tell by scrolling through their PRs, Copilot hasn’t been of much help to them. And there’s a reason why other people use or avoid it. I still think it’s not as bad as portrayed. The review process will deal with AI slop the same way it does with malicious PRs from the NSA or Russian hackers… It needs to handle all of it 100% so slop doesn’t really stand out here. But it’s really weird to do experiments in a password manager and not some side-project.
Edit: And now that I see that, I kinda hate how mobs show up in their Github repo to spam them. I don’t think this is the solution either.
oh wow you’re just like this all the time huh
no wonder you came in here to
scream for a disgusting chicken sandwichincorrect one of my posters about their use of a common English phrase and post yet more LLM apologia barely disguised as critiqueyeah nah we don’t need this centrist AI booster crap here but thanks anyway
some motherfuckers really see a security vendor claim a zero day can’t be exploited at scale for a local application, ignoring gigantic classes of vulnerability enabled by misconfiguration, combined exploits, or malware, and go “woof, maybe it’s true! they do make my favorite password manager after all, who are you to say they’re wrong” as a bunch of Russians walk off with their bank info