Just wondering on which code base this AI was trained. Inheriting the bias of the training set is likely bad 

 -Otto

Martijn van Duren <openbsd+tech@list.imperialat.at> schreef op 11 juni 2024 14:44:05 CEST:
>Noone said all added checks are useless. But adding these to OpenBSD
>without human verification is extremely unlikely. I'd say continue
>with your projects, go over the changes yourself, reason if they are
>sane and if you've convinced yourself chop up the good bits into
>reasonably sized patches and send them to the list. Maybe start of
>with a single change and slowly ramp up the amount in a single diff
>once you get some traction.
>
>martijn@
>
>On Tue, 2024-06-11 at 09:28 -0300, Alfredo Ortega wrote:
>> I added 10000+ checks so far, in about 4 or 5 hs. Final count will
>> likely be close to a million.
>> It's true that many are useless, perhaps up to 50% of them.  Most
>> stack protections put into place by the compiler are also useless.
>> But the question is, how many are not useless? and how many checks
>> humans missed, but the AI correctly put in place?
>> How many vulnerabilities are catched by those new checks? Those are
>> the important metrics imho.
>> 
>> El mar, 11 jun 2024 a las 8:59, Stuart Henderson
>> (<stu@spacehopper.org>) escribió:
>> > 
>> > On 2024/06/11 07:41, Alfredo Ortega wrote:
>> > > But the fact that whole netinet/netinet6 10000+ checks were added with
>> > > no human intervention and produced a working, arguably safer kernel,
>> > > is surprising to me.
>> > > Beware that at the current state, it might not be actually safer as
>> > > the checks may actually introduce new bugs.
>> > 
>> > So, 10000+ checks, impossible to properly review, but some of which are
>> > obviously at best useless, and even the person showing the changes warns
>> > (correctly) that they may introduce bugs. This doesn't really seem a
>> > good topic for tech@, perhaps misc if anywhere.
>> > 
>> 
>

-- 
Verstuurd vanaf mijn Android apparaat met K-9 Mail. Excuseer mijn beknoptheid.