Comment on Flathub moves to ban nearly all apps and submissions made with generative AI

minfapper@piefed.social ⁨5⁩ ⁨days⁩ ago

• corsicanguppy@lemmy.ca ⁨5⁩ ⁨days⁩ ago

  took security even remotely seriously

  There’s a reason they’re at SLSA1 . And this is it.

  Plot twist: SLSA4 has been achievable since like 1998. Sit DOWN, Debian.

  source
• SupraMario@lemmy.world ⁨5⁩ ⁨days⁩ ago

  Yes, containers/sandboxes have vulnerabilities that really clever attackers can exploit, but AI generated slop can’t.

  Wait are you suggesting that AI slop code can’t have vulnerabilities? Cause… that’s hilariously not even remotely true. It’s a huge issue in SecOps, it was even an issue in the past when humans didn’t have a “easy” button and every vibe coder dumped commits. It’s way worse now because a lot of the vibe coded shit isn’t checked, and the people who produce it have no clue what the fuck it does in the first place.

  source

  • lelgenio@lemmy.ml ⁨5⁩ ⁨days⁩ ago

    Wait are you suggesting that AI slop code can’t have vulnerabilities?

    I think they mean “containers can have security vulnerabilities, but you need to be cleaver to exploit them, AI slop is not clever enough to exploit those vulnerabilities”

    source

    • corsicanguppy@lemmy.ca ⁨5⁩ ⁨days⁩ ago

      cleaver

      Image

      source

      • lelgenio@lemmy.ml ⁨5⁩ ⁨days⁩ ago

        Image

        source
    • kurcatovium@piefed.social ⁨5⁩ ⁨days⁩ ago

      But AI slop probably introduces plenty of new vulnerabilities, right?

      source

      • lelgenio@lemmy.ml ⁨5⁩ ⁨days⁩ ago

        Yes? Banning it form Flathub is a good thing

        source
• usernamesAreTricky@lemmy.ml ⁨5⁩ ⁨days⁩ ago

  Speaking broadly: Plenty of other issues or security vulnerabilities can exist that a good sandbox won’t catch. Like software can insecurely store and transmit passwords, have bad randomness for something security sensitive, secretly be mining crypto behind the scenes and burn through battery/electricity, etc.

  source