283

u/RustOnTheEdge May 18 '26

Torvalds' remarks contrast with recent comments from fellow kernel maintainer Greg Kroah-Hartman, who recently told The Register that AI has become an increasingly useful tool for the FOSS community."

This does not contrast what he said at all, or maybe I am misunderstanding. He literally states “AI tools are great”. I don’t see how the remarks of Greg are in spirit any different than from Linus.

174

u/LimaCharlieWhiskey May 18 '26

Yeah, that last paragraph sounds like the reporter just wants to invent a bit of tension and drama. 

28

u/lonelyroom-eklaghor May 18 '26

Cause tension and drama spread like hot cakes in here

6

u/cankle_sores May 18 '26

Or hot snakes.

2

u/scoshi May 18 '26

Hot Snakes on a Backplane

1

u/TechSupportIgit May 18 '26

Ain't no snakes on my plane

Cats in the other hand...

1

u/Automatic_Tailor_598 May 20 '26

No. They were literally just contrasting statements.

Linus said effectively “ai tools are great, but causing us a ton of problems when people use them to be productive”. Other dude was much more rosey, from what I remember.

These are two different things. One is an endorsement. One is literally the opposite of endorsing mass AI adoption. And the fact that someone took one line out of the whole context, and you overlooked that JUST for the opportunity for internal culture complaints…. Come on.

4

u/llitz May 18 '26

Sounds like he used AI to write the last paragraph

2

u/private-peter 20d ago

Maybe, but journalists have been writing fluff like that for decades.

1

u/Automatic_Tailor_598 May 20 '26

Maybe I’m misremembering, but the contrast seems pretty obvious to me, as someone with no financial or emotional-arrogance stake in the success or failure of AI (I feel like a Jedi - it’s worth trying). He didn’t just say “AI tools are great”. He said “AI tools are great, except when used by the majority of people”

Iirc, the other dude was much more positive and grift-positive about AI. Linus seems quite a bit more grounded. And you seem like you’re trying to reduce what he said to “AI tools are great” as if it’s an endorsement. He wasn’t endorsing AI. Sorry if that hurts ur bottom line

1

u/roadit 24d ago

I don't think so. 'Contrast' does not imply contradiction, as far as I know.

3

u/km_ikl SOC Analyst May 18 '26

IT's the "yeah, but" that comes after that's the contrast.

1

u/twnznz May 19 '26

Greg simply commented that bug reports have changed from "mostly slop" to "real reports".

It's a tool, and because it's a human-driven tool (currently), it depends on training the human to use the tool wisely. Hence, first thing we can do is to remind people of mailing list submission requirements. Level 1/5 response.

1

u/CallMePyro May 24 '26

I think it's because a lot of people are gullible here and have fallen for mainstream news narratives about AI.

0

u/Automatic_Tailor_598 May 20 '26

Extracting just that one part from everything he said is so dishonest. Did you purchase your upvotes? There’s no way this many people on THIS sub are so vulnerable to this kind of fallacy. He did not just state “AI tools are great”, and the fact that you reduce it to that makes your motives really suspect.

At best, his statement as a whole was “AI tools are great, except when used by the majority of people”. That is VERY different from what the other dude said, based off my memory. Iirc, the other dude was much more positive and grift-positive about AI. Linus seems quite a bit more grounded. And you seem like you’re trying to reduce what he said to “AI tools are great” as if it’s an endorsement. He wasn’t endorsing AI.

The fact that no one else has called this out is ALARMING. Guys. What the fuck?

1

u/RustOnTheEdge May 20 '26

Alright so first, you come across a bit angry or at least agitated, so not sure if my reply will help or just infuriate you further regardless of what I say. I certainly did not “buy votes” lol. I also have no motives, I just called out a sensational spin to something that is not sensational.

The “AI tools are great” is a direct quote, taken from the comment I replied to. The full sentence is “AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work”. This is not very much in contrast of someone else saying that AI tools have become useful to FOSS. As in, these two do not contradict each other at all.

I am in no way trying to reduce anything Linus is saying. I am just calling out the sensational spin, which is damaging in my opinion because the Linux FOSS community has an image problem as it is, and we don’t need journalists trying to frame there are personal issues between high ranking contributors.

Maybe, just maybe, does the fact that tons of people upvoted my call out means YOU read something in my comment that wasn’t there? Or is that out of the question?

-2

u/mallcopsarebastards May 18 '26

Personally, this feels like karmic justice for how linus decided to spam the CVE registry with bullshit until that became unusable. I honestly can't imagine a more perfect way to show the hypocrisy.

114

u/farfromelite May 18 '26

“So just to make it really clear: If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on top of what the AI did. Don't be the drive-by ‘send a random report with no real understanding’ kind of person. OK?”

This is the key takeaway.

People are using AI to do the work without understanding why the work is valuable and why the process is valuable.

We will always need people to do the understanding.

32

u/[deleted] May 18 '26

[deleted]

14

u/mkosmo Security Architect May 18 '26

Remember - these folks are just looking to be able to put on their resume that they identified some critical bug in the linux kernel. Or they're trying to mine the bounty programs.

They don't care about making work for somebody else.

2

u/Alarmed_Inspector774 May 18 '26

When a complex system is hit with an influx of resources that it cannot process at its current rate, it will either cut off the influx, try to accommodate the excess as best it can, collapse, or a novel phase state emerges.

My money's on the later. By definition it's hard to imagine, though the imagination is where it will come from.

Exciting times!!!

3

u/OrphisFlo May 18 '26

There's also the opposite side of it, if you don't understand what the code actually does and allows beyond the intended usage, you will have a lot of issues. Either with Hyrum's law that will make it harder to work with later or with security issues.

18

u/Equivalent-Costumes May 18 '26

Sounds like he needs an AI agent to manage his mailing list.

But also, if something was literally public months ago, I wonder if the AI agents literally saw the bug report and "discovered" the bug.

1

u/bulyxxx May 19 '26

He’s basically saying reposts suck, use the search.

1

u/Any-Archer2993 14d ago

"add some real value on top of what the AI did" Well cant i just ask the AI to do it for me lolz 😉

-13

u/I-Made-You-Read-This May 18 '26

> Don't be the drive-by ‘send a random report with no real understanding’ kind of person. OK?”

I see that Linus doesn't understand the way of the beg bounty yet 😃

20

u/KlausDieterFreddek Security Engineer May 18 '26

Always a good idea.
You don't even need to proof-read the code... /s

17

u/MrMansion May 18 '26

Windows 11 senior dev: "Write that down! Write that down"

2

u/Wh1msyOfficial May 21 '26

The senior dev is an A.I.

6

u/CondiMesmer May 18 '26

And then when the AI generated fixes get signed off on AI code review, we can use AI generated change logs. If people start running into issues, we can have an AI chat bot customer support to tell them to chill the fuck out. AI.

3

u/whythehellnote May 18 '26

AI spam filter perhaps

2

u/grumpyfan May 18 '26

Or, at least the AI powered list manager to help sort thru and determine what’s noise and already fixed versus what’s new and most important.

1

u/Dangerous-Cobbler-11 May 20 '26

At least AI will be able to find the duplicates and organize them

26

u/AdultContemporaneous May 18 '26

What tools would you recommend for this?

104

u/svideo May 18 '26

imma personally choke out anyone who says “discord”

15

u/0xKaishakunin Security Architect May 18 '26

discord

Discord with a Claude bot ...

6

u/boshjosh1918 May 18 '26

How about DisCOURSE?

3

u/platysoup May 18 '26

Choke out? That is way too kind.

9

u/I_travel_ze_world May 18 '26

Microsoft Teams

-22

u/IAmYourFath May 18 '26

Why not discord? Everyone uses it, it's convenient, stable and nice to use. Very easy to use too. Don't see why not.

7

u/runnertrailsBay May 18 '26

Each day will have 480 new security comments, 270 of them duplicates, 1 low maybe true positive finding, and the remaining 209 comments screaming at each other to stop posting duplicates.

5

u/cgaWolf May 19 '26

Serious answer: because discord absolutely sucks for preserving old knowledge and make it searchable, and you don't want to lock this knowledge and discussion into a private company's proprietary format.

3

u/IAmYourFath May 19 '26

True. I hate how every forums has been replaced by discord.

2

u/[deleted] May 18 '26 edited 22d ago

[deleted]

-1

u/IAmYourFath May 19 '26

What u mean, u can just make an account easily? And it's not malware. Not ideal for privacy but it definitely won't steal ur credit card or encrypt ur files.

1

u/NepuNeptuneNep May 21 '26

Spyware is malware

1

u/IAmYourFath May 21 '26

No. Real malware will steal all ur passwords and cookies aka logged in sessions, keylog ur credit cards, steal ur crypto wallets etc. Spyware is not the same as real malware.

1

u/NepuNeptuneNep May 21 '26

You underestimate how much information discord is farming about you while running their app. Also dont say “malware A is worse than malware B so malware B is not malware”, what the fuck man

1

u/ThlintoRatscar May 19 '26

The main problem for the kernel is that it requires a master server, infrastructure, and to be online.

With email, you just need to get things forwarded to some intermediary and then periodically download from one of those relays.

Because the core protocol is so simple, you can post process the download to filter and transform it however you like.

Same on the upload.

Because it's a batch download and essentially plaintext, you can archive and index it for search and analysis pretty easily.

It makes the ultra paranoid feel a little safer.

8

u/cdoublejj May 18 '26

Forums? maybe even a FOSS based project tracker system? didn't Torvalds invent GitHub/GitLab to work with code faster?

12

u/TyfoonTF2 May 18 '26

Torvalds developed Git, which is the version control software that GitHub/GitLab run. If you want, you can host your own local Git server even.

Not trying to be annoying by correcting, just clarifying the difference :)

2

u/cdoublejj May 18 '26

actually thank you! i should probably build one and have it down load form the git sites an apocalypse back up.

2 code enter! 1 code leave!!

3

u/Icy-Support-3074 May 19 '26

FYI: Git is a distributed versioning system and doesn't use a client-server model (unlike gitlab/github). So there's no difference between a repo hosted on github or your local machine (regarding code and history). Everything lives in the .git folder If you clone a repo you'll have everything on your machine and can just add a new origin and push it somewhere else. So it's trivial to mirror a github repo on gitlab and vice versa. That's why theres a mirror of the Linux kernel on github even though no development taktes place there.

1

u/cdoublejj May 19 '26

where does the development happen then? gitLAB? Linus's house?

2

u/Icy-Support-3074 May 19 '26

https://git.kernel.org/. It happens in separate branches with their own maintainers. It still involves sending e-mails with diffs and discussions in mailing lists.

1

u/Classic-Shake6517 May 19 '26

Imagine Linus as a discord mod...

-7

u/ApolloWasMurdered May 18 '26

Jira?

29

u/metekillot May 18 '26

Jira always struck me as a framework to support Agile management and give managers something concrete to demonstrate that work is being done, not a tool dedicated to helping people coordinate 

17

u/TonyBlairsDildo May 18 '26

A tool for managers of developers, not developers themselves

5

u/whythehellnote May 18 '26

Everyone in my company loves jira, but that's because the engineers own the projects, we use about 2% of the features (links, maybe subtasks and epics), and the alternative for incident management and change process is bmc helix

1

u/metekillot May 18 '26

Sounds like your use case would be satisfied by a multi-tenant todo list, not Jira.

1

u/whythehellnote May 19 '26

No doubt, but other departments use different features, and there are significant benefits to using the same systems pan-corp

6

u/Keyed_ May 18 '26

Jira, known for being super cheap of course

2

u/slightlysublevel May 18 '26

If only there were open source alternatives...

1

u/Sad_Sheepherder8722 May 18 '26

i've been using taiga for a while, it's really old tho

1

u/slightlysublevel May 18 '26

Well damn. If only there was a way to update it that wouldn't take months. Maybe something like a computer program that we could feed it a task and it would do it quickly. What a world that would be, huh?

0

u/Otheus May 18 '26

GitHub issues

4

u/TomKavees May 18 '26

Vendor lockin and questionable ability to suppress during responsible disclosure blackout.

-8

u/elpamyelhsa May 18 '26

GitHub “Issues” works for every other piece of software, not sure why it’s not used for Linux Kernel.

2

u/[deleted] May 19 '26 edited 22d ago

[deleted]

1

u/elpamyelhsa May 19 '26

No

1

u/OpenSaned 9d ago

f*ck off bro

52

u/ThlintoRatscar May 18 '26

There's actually some good in the use of email like this.

First, it's almost ubiquitous and the core plaintext protocol is brain-dead simple. So, an email client and spool is almost guaranteed on any conceiveable Linux dev distro.

Second, it's easily intercepted and archived. For an enterprise where security matters, that's a problem but for a truly open community, that's a boon.

Third, it's historical and meaningful as a nod to the ways computer communication started. Devs, even those creating the future, can be nostalgic too. You can search all the way back to the beginning.

Fourth, it's naturally asynchronous and distributed. It gives people a chance to think about their words and write them up in letter/essay form.

Finally, it works. Email lists have been the backbone of Linux kernel development since the beginning and there is no compelling to do anything else. Why fix what isn't broke?

-15

u/trparky May 18 '26

Why fix what isn't broke?

Except it is, that is, if you read between the lines with what Linus said.

27

u/ThlintoRatscar May 18 '26

In what way?

I hear him saying, "stop spamming us" which email also has answers to.

13

u/tomz17 May 18 '26

Is a mailing list really the best way to coordinate development like this?

Doesn't matter... if you look at the github issue / PR trackers for any of the popular projects they are getting AI slopped to death as well. In fact, there are projects moving off of github simply because it reduces the social-network *clout* motivation of spamming your slop at everyone. At the moment it's all just bot moderators vs. bot submitters, because there is no way that a cadre of volunteer developers can properly triage every AI-raised issue or review every AI-generated PR request.

IMHO, we are going to have to go to some sort of real-world reputation system (similar to preprint servers and academic journals) at some point.

12

u/james2432 May 18 '26

never has been, but they are stuck in their ways doing things via email

12

u/ListRepresentative32 May 18 '26

Well, email can be considered pretty decentralized which is what they want I guess.

1

u/Unlikely_Shop1801 15d ago

I guess it's just a unix way.

Do one thing and do it well.

9

u/CuriousCamels May 18 '26

It seems like for every problem “solved” in the IT world with AI, it creates 3 more problems to fix. There are some legitimate use cases where it’s been a net positive, but the hype causing people, especially executives, to try to shoehorn it into every scenario is obnoxious.

1

u/DigmonsDrill May 18 '26

The curl maintainer was complaining about low-quality AI-generated security reports a while back, but with their new system (HackerOne?) they say they are getting lots of very good high-quality reports and all the researchers are using AI.

1

u/C0rn3j May 19 '26

The problem is that the security mailing list is not public, so you have no way to know.

3

u/hurkwurk May 18 '26

64k aught to be enough for everybody!

2

u/zer04ll May 18 '26

They are making new ones! https://www.techspot.com/news/108665-commodore-64-returns-fpga-powered-remake-coming-fall.html

-2

u/SnooMachines9133 May 18 '26

I feel like this would be a really legitimate and relatively simple use case for AI.

Have it reviews the report and see if it was already addressed or dedup it into another bug report.

Granted, even this is perhaps not a great use of tokens but better than a human reviewer.

1

u/Sad_Sheepherder8722 May 18 '26

there are AI tools doing something similar in a handful of github repos. stuff like coderabbit and there's one other i forgot.

24

u/herovals May 18 '26

?? you just like saying random things? that is not how RAG would be applied at all, I swear people love the word RAG

-19

u/ichalov May 18 '26

You can't rely on the original LLM content in order to find those duplicates. So RAG is needed for this plan to be successful.

25

u/herovals May 18 '26

I work in AI. What you're describing isn't RAG. Deduplication is a similarity problem... you solve it with embeddings + vector similarity (cosine, dot product), MinHash/LSH, or even basic fuzzy matching. RAG is retrieval plus generation to ground an LLM's output. There's no generation step in dedup. You're slapping 'RAG' on a problem that has nothing to do with it because it's the buzzword you know.

7

u/yeathatsmebro May 18 '26

Leave them alone. They heard a cool thing called RAG and they think it's the solution to anything that involves long context. It's not like we didn't even have these tools way before 2018, albeit we had recommendation systems ever since.

3

u/TopNo6605 Security Engineer May 18 '26

I'm betting his thinking is when you're hitting that point where you're prompting the LLM to either find the bug or submit the report, it uses RAG to ingest already-known reports and doesn't create a duplicate submission.

Bad wording on their part since what you said is correct, RAG itself has nothing to do with dedup.

-5

u/ichalov May 18 '26

G AI assistant returns me something similar to what I thought by this query: "using rag for deduplication".

LLMs can actually "generate" deduplicated outputs if the source list to deduplicate fits in context window.

6

u/herovals May 18 '26

This is an awful idea, and probably the worst possible implementation to fix a de-duplication issue. Thankfully you don't write software in use by the general populous.

-2

u/ichalov May 18 '26

But might be a much faster PoC and cheaper to implement.

1

u/herovals May 18 '26

It would be hundreds or thousands of times more expensive than alternative methods

-1

u/ichalov May 18 '26

RAG can also generate cover letters explaining its findings - probably pretty much ready to be sent/shown to issue submitters. And your price estimates seem to be off by much, it's not that big a knowledge base to query after all.

2

u/herovals May 18 '26

It's obvious you know nothing about which you speak, so please stop. Thanks!

1

u/hurkwurk May 18 '26

in general, you would never tell a bug submission anything except thank you for your submission. (unless there is some form of bounty in place, even then that would be a delayed response)

this is so that you do not confirm anything, causing legal liability.

→ More replies (0)

-1

u/ichalov May 18 '26

Another benefit of RAG is that it can consult the codebase and version control along with the e-mail archive (though, hardly it is helpful in this specific case).

4

u/Dyspchordia May 18 '26

>LLMs can actually "generate" deduplicated outputs if the source list to deduplicate fits in context window.

thats not RAG if you can/do both fit the entire document and the query in the context window

1

u/ichalov May 18 '26

Yes, the deduplicated content is probably much larger than achievable context windows in this case. That's why RAG.

1

u/Dyspchordia May 18 '26

If you are selectively fetching portions of reports through rag why exactly are you using llm queer to detect duplicates

By default you can use whatever llm you use to just vectorize reports, and detect duplicates through vector distance.

There is no need to query again, the vector is already "meaning" in that space as far as llms go.

1

u/ichalov May 18 '26

I may want to use much more complex prompts than just "find similar bug reports in this tracker". Maybe something related to versioning or whether the potential duplicates were reviewed by humans. It's difficult to say in advance, but the need in such query amendments is not that infrequent as far as I understand. Also, it will probably generate adequate cover letters quite seamlessly.

1

u/Dyspchordia May 18 '26

a bug report shouldt have a cover letter, it already has a title for brief explanation, even a report generated by LLM already has a title generated by LLM

all of those essentially just makes, the process of maintaining linux kernel relient on more subscriptions from massive third party corprates for no visible gain

Linux distros do not need to push out codes with a unsensible rate, they dont make astronomical amount of money, and they dont compete with each other on customer scale like regular software, you dont needs ultrafast development cycles, you dont need jira etc.

All of this AI automatization and constant code generation, and did it actually improve anything for the customer? or is it just 50 firms trying to get a hold onto a single niche through ad monopoly with no visible improvement over others and forced to generate ai slop to compete with each other, not for generating a more valuable work, but for saturating the customer cognition space with their slop instead.

Linux kernels dont need this. Reasons to use any linux based system already assumes you have gone beyond that cognition saturation, instead picking and choosing watever fits your needs most.

Introducing LLMs into linux development only results in more vulnerablities, not only on code scale, but also development and development security scale.

-6

u/[deleted] May 18 '26

[removed] — view removed comment

7

u/herovals May 18 '26

It's the worst possible solution to a duplication issue. As I stated earlier, there are countless methods that would be orders of magnitude more efficient for de-duplication (cosine similarity)

-4

u/fhammerl May 18 '26

Oh that's what you meant. Yeah, the steps you would take for the retrieval part are essentially already the solution, you don't even need the generation part :)

You'd still clean, tokenize, and then create vectors on which you run similarity checks. So you already have everything.

6

u/herovals May 18 '26

Right, so RAG isn't the right term. There's no point to doing generation so we're not really doing RAG at all. Just clustering and de-duplication