User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
Admin
Wyvern-shaped software developer and hobby vector artist. Also sometimes a fluffy werewolf alien creature (Areon) or a bird (Corveon).

Creator of the neofoxes, neocats and other emojis. wvrnBox
Website https://volpeon.ink/
Speaking German, English
Age 30s
Pronouns he / him
Backup Account @volpeon@goto.wyvern.rip
Bonus Content @areon@icy.wyvern.rip
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
I finally have some ideas to improve my website's design.
This post has attachments, but this server's configuration prevents them from being displayed here.
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@vel Da weiß man, dass die Lösung aus Deutschland kommt drgn_woozy
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
3pm and it's already getting dark outside neofox_googly_shocked
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
I recently found this YouTube channel: www.youtube.com/@any_austin/videos
Stuff like this is right up my alley
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@nova [ Leggies extended ]
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
Ever since I learned of the "not just X, but Y" pattern LLMs like to use, I notice so many probably AI-generated texts
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@sitcom_nemesis @errant

It doesn't matter what the AI is or isn't. GitHub's presentation of it leads to the AI having the same status as an external contributor, which incentivizes the thinking that it must be held up to the same standards as human contributors. I'd even say that this is the only healthy approach because implicitly trusting humans more means that in case they use AI outside of GitHub and act like it's their own work, your own bias may prevent you from seeing flaws you'd pay closer attention to when reviewing an AI's output.

I'm not sure what the problem with responsibility is. Isn't this a project governance issue, i.e. "you take full responsibility" means you'll get kicked out if you contribute garbage AI code? How is this a security problem?
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@sitcom_nemesis @errant
but surely all the checking and prerequisite expertise would nix most advantages of using it?
Sure, but why would this be a concern for anyone but the user themself? I'm sure I use things which other people may not like, such as VSCode or GNOME. Is it valid for them to tell me what to use and how?
And it looks like for most AI PRs in KeepassXC, the person working with the AI ultimately approves the code... hardly a rock solid review process. Usually, there's two humans in the loop.
The way the AI is integrated in GitHub makes it a separate entity from the reviewer with an interaction workflow akin to iterating a PR with its author until it matches the project's standards. In both cases, the PR author — AI or human — is untrustworthy and the reviewer is trustworthy. There are also non-AI PRs where only one developer conducted the review, so there's no difference between AI and non-AI standards.

If this strikes you as flawed, then your concerns should lie with the review process itself.
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@errant From what I've seen from the developers, they're well aware of the risks and capabilities of AI. You aren't wrong that careless (non-)developers are too confident in AI, but this doesn't imply the inverse: that all users of AI are automatically careless. As long as they consistently demonstrate responsible use of it, I personally see no problem from a security standpoint.
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
I don't like that people use security as an angle when criticizing the use of AI in KeePassXC. If a project accepts public contributions, this means there will be malicious actors trying to smuggle in code which weakens security. The project must therefore have a solid review process in place to ensure this doesn't happen.

If you see AI as this huge security threat, then you don't trust this review process. But then you shouldn't have trusted the software at any time before to begin with.
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@vel Oh scheiße, ich äh... bin mal für ein paar Tage weg neofox_googly_shocked
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@vel Was passiert, wenn man sie aus Versehen mal nicht an einem Sonntag aufbackt? Frage für einen Freund drgn_sip_nervous
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
I hated seeing this stupid emoji, so that's a good change IMO. It always looked out of place. And some made it annoying by adding a waving animation to it woozy_baa
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@melvian @Enalys WAAH wvrnScream
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
It's funny how at some point "👋 Hello" was this trendy thing to put on your portfolio website, and by now everyone who followed this trend seems to have removed it again (I can tell it was there from the usually outdated submission screenshot)
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@livingshredder My devices are configured to use light mode during the day and dark mode otherwise
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
@mametsuko As long as you remember genau, you'll get by
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
Borger day drgn_nom_burger
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
:D
This post has attachments, but this server's configuration prevents them from being displayed here.
User avatar
privTri Volpeon areon3NSmol @volpeon@icy.wyvern.rip
5mo
Not very a8e of them to call it a11y