Are you going to audit every single one of those checks?  Are you going
to verify that they are not only correct, but also useful?  Are you
going to ensure that the "AI" did not add a security hole while "fixing"
something?

Useless code churn for the sake of "AI" is a waste of time for the
reviewers.


On 2024 Jun 11 (Tue) at 09:28:29 -0300 (-0300), Alfredo Ortega wrote:
:I added 10000+ checks so far, in about 4 or 5 hs. Final count will
:likely be close to a million.
:It's true that many are useless, perhaps up to 50% of them.  Most
:stack protections put into place by the compiler are also useless.
:But the question is, how many are not useless? and how many checks
:humans missed, but the AI correctly put in place?
:How many vulnerabilities are catched by those new checks? Those are
:the important metrics imho.
:
:El mar, 11 jun 2024 a las 8:59, Stuart Henderson
:(<stu@spacehopper.org>) escribió:
:>
:> On 2024/06/11 07:41, Alfredo Ortega wrote:
:> > But the fact that whole netinet/netinet6 10000+ checks were added with
:> > no human intervention and produced a working, arguably safer kernel,
:> > is surprising to me.
:> > Beware that at the current state, it might not be actually safer as
:> > the checks may actually introduce new bugs.
:>
:> So, 10000+ checks, impossible to properly review, but some of which are
:> obviously at best useless, and even the person showing the changes warns
:> (correctly) that they may introduce bugs. This doesn't really seem a
:> good topic for tech@, perhaps misc if anywhere.
:>
:

-- 
As Zeus said to Narcissus, "Watch yourself."