Post by Ivan Zlatanov
Cybersecurity Professional | Specializing in Penetration Testing & Security Assessments | Web, LLM, and IoT Security Researcher
Someone decided to slop code 8000+ lines of volatile code into a widely used project and wasn’t happy when it got denied. Obviously, it got rejected by the maintainer, as any sane person would do upon seeing this PR. Then the "developer", a species also known as Sloppmaxxer or Claudemaxxer, went fully medieval on the thread on how unfair life is when you don't know how to code (I am being sarcastic here). They even kept stating empty legal threats (and opening legal liability to themselves due to openly admitting to plans to break the original project's licensing in their fork). If we put the jokes aside, I believe that situations like this illustrate the ugly parts of LLMs being used in coding. Don't get me wrong, I am all in for using them when appropriate and utilising them to their fullest potential. However, we see that they are being used en masse to create unstable and/or untested code by people who have no idea what they are doing... and then wasting the maintainers' time, breaking projects' licenses and wreaking unnecessary havoc on already taxing projects. The same thing has been happening with BugBounty programs and disclosure programs, leading to some of them completely shutting down. Maybe we can classify it all as a new LLM-based attack vector - Denial-of-Human-Attention or Slop Flood Attack, where maintainers cannot pay attention to the important PRs due to being flooded with unusable reports or PRs (I am joking, of course... to an extent). So, don't be like @wowitsjack. Maybe he will learn in the future and go back, armed with the appropriate PR size, tested code and patience to deal with contributing to open-source projects. And good for Frédéric Lachapelle for dealing with the issue. Btw, you can find the whole cringe fest of a Github pull request here: https://lnkd.in/dyHrbSye