Jon

🔒 Manual approval

@jdp23@neuromatch.social

strategist, software engineer, entrepreneur, activist ... and I run the Nexus of Privacy newsletter (privacy.thenexus.today, @thenexusofprivacy, @thenexusofprivacy.net on Bluesky, and lemmy.blahaj.zone/c/thenexusof

I've been on the fediverse for a long time, so you may know me from accounts like @jdp23 @jdp23, @jdp23, and @jdp23. I'm probably going to use this as my main "public-facing" account, although I'm still not completely sure how I'll balance this and my blahaj.zone account ... blahaj.zone is a great community, so I'm certainly not planning on leaving there, but one of the things I really like about the fediverse is the ability to have more than one account. So, we shall see!

More about me in the pinned post at neuromatch.social/@jdp23/11391

#strategy #equity #justice #technology #policy #disinfo #privacy #algorithmicJustice, #intersectionality #activism #organizing #software #startups ...

And #nobot without permission. Opt-out isn't consent, but it's the only real option we have here.

Pronouns
he/him or they/them

Replying to @jdp23@neuromatch.social

And this goes for program analysis as well! Sure, it's impressive that Mythos-class LLMs can be used to identify oodles of problematic constructs in code that's been shipping for years, including tends of thousands of real bugs some of which are security vulnerabilities. It was also very impressive that PREfix and PREfast (the program analysis tools I worked on in back in the day) and the more-powerful tools that followed like Coverity could do it. Where would the program analysis field be today if billions of dollars had been invested in building on these tools instead of "AI"?

But none of these analysis tools change the underlying causes of the bugs -- software engineering processes that value time-to-market over security, unsafe libraries and languages, leaving security as an afterthought, etc etc etc. Don't get me wrong, finding and fixing bugs has value; one net effect this wave of LLM program analysis is likely to be useful hardening of existing software. But all the resources going to that aren't going to addressing the underlying issues -- and also reinforcing all the ethical, sustainability, and power-concentrating consequences of LLM usage.

An excellent thread here. So much of what I see people pointing to as LLM's benefits for coding relates to long-standing problems in software engineering that the field just hasn't addressed. And LLMs don't solve these problems, at best the just paper them over and make dealing with them less tedious -- while reinforcing the problematic dynamics.

So yes it's great that people with no programming skills can create software to solve their prolems. But if we had collectively spent a chunk of the literally billions of dollars that are going to "AI" building on the early approaches to this from 25+ years ago (Hyperscript, Logo) that don't have the same downsides, we'd be in a much better place today.

beka valentine@beka_valentine@kolektiva.social

personally i'm ok with AI techniques being less well known but there's a deeper thing going on here which is far more important IMO, because it's also partially why LLMs have taken over

== this thread is in response to this tweet: ==

x.com/krismicinski/status/2072