This is true, but in part because a lot of 'security' reports are pretty bogus, even if they get CVEs and 'security researchers' call it a vulnerability, others may be inclined to roll their eyes. For example, the curl project had a write up:
https://daniel.haxx.se/blog/20...

So LLM findings I anticipate to be similar, but just a firehose of stuff to dig through to separate the real findings from the innocuous ones.

We likely will never have a grip on that, as it's generally easiest to patch the report and not think about whether it *really* was a security risk. The patch may confirm incorrect behavior being acknowledged, but not whether it was realistically a 'security' risk or not.

Yeah, I hate this in general about EV coverage. Everything fixates on 'time to charge to full' instead of 'miles replenished per time'.

To be useful, miles per minute of charge is a better figure.

The kernel isn't really worth keeping closed source.

They have to weigh the logistical burden of sharing source code they don't really care much about versus the very large and real technical burden of changing their technology stack.

I know, he didn't seem that human, but I'm pretty sure he is.

On the one hand, love seeing Musk lose, on the other hand, I hate seeing Altman win..

The problem is that you have hundreds of folks now running the exact same checks with the exact same tools and all submitting without a care for what any of the others are doing.

Dupes are nothing new, but the scale of dupes becomes gigantic because now everyone thinks "I can be a kernel security researcher now" and all have the same tools at their disposal that tend to find the same things.

As to the 'genuine bugs', don't know about this current crop, but historically "security researchers" have already been bad for "crying wolf" and reporting non-issues that they didn't understand. The highest profile I can think of was when some "security researcher" started telling everyone in the world that nintendo stores passwords in clear text because he thought the 'OK' button only activated when the password entered matched successfully, but it just lit up as soon as *any* password that passed the rules was entered. AI code review is still pretty inclined to report non-issues in a similar way, so I imagine not just dupes, but lots of nothing coming along too. Those would be *harder* to have a system automatically handle, since a human actually has to understand the report and reconciling with reality. An LLM isn't going to be very good at dismissing bogus LLM complaints.

Well, it would be nice if the submitter was on the hook for the token budget to find dupes, but practically speaking the project probably runs it.

I would probably not have an LLM automatically merging duplicate tickets. The flow should be 'pass on to human review as no apparent duplicate was detected' or 'pass back to submitter with indication of probable dupe, to let the submitter decide if they have something to add to the original ticket and/or to subscribe to that ticket. I have seen enough problems when *humans* unilaterally merge tickets that end up being unrelated, and that clutters up and confuses an issue. Don't need LLM that may be pretty good, still would be even worse than the humans at messing up 'dupe or not'.

It's a matter of what the LLM operator is pointing it at.

The LLM operator submitting the bugs aren't paying attention nor feeding their instance of LLM anything about others' submissions. So they are flooding with dupes, and the LLM has no reason to detect duplicate submissions, since it's not fed that data.

An LLM fed the mailing list and new submissions could credibly find dupes. If it fails, oh well, a dupe made it through and was annoying. If it erroneously detects a dupe, oh well, the submitter has to re-assert that it is not a dupe and is somewhat annoyed.

LLM ability to identify roughly duplicate bugs is decent enough. I don't like the hand waving of "AI can write the code, AI can review the code, AI can test the code" to absolute confidence (finding ways to expend more tokens does improve it's success a bit, especially if you can give it a 100% perfect pass/fail test to run and and let it retry), but here it's a pretty straightforward application, just a better fuzzy match at finding duplicate reports.

Yes, though I don't know about nvmeof. I feel like san style block is overall less popular than other sorts of software approaches to distributed storage nowadays.

Storage people keep pushing the way it was done with fiber channel attached controllers abstracting things to generic block devices. Shared sas, fcoe, iscsi/iser... Have seen so many tries at bringing the concept and being ignored in favor of things like clustered filesystems and object store.

Just like hardware raid controllers are nearly non existent in nvme world, and folks are managing multiple disk redundancy in the os, people are looking for more transparent storage solutions and I just don't think nvmeof plays a role instead of direct attached storage to open ended operating systems..

Dual socket epyc can have 160 lanes.

Coincidentally, 40 nvme drives at x4 would use 160 lanes.

However, that would be useless, since you need connectivity beyond the box and misc needs for pcie. So either x2 per drive or pcie switches.

And double it to get through the night.... I was calculating based on kwh per day of expected solar against kwh of consumption for a gigawatt (so... 24gwh).

It wasn't a random ass guess, I did the math.

5 miles by 5 miles is a huge installation. Far from the suggestion that they could just slap some panels down on their facility and even have surplus for the grid..

Note that you need a significant multiplier of gigawatt scale to get gigawatt scale throughout the night.

But either way, the point is that the magnitude wouldn't be just slapping panels on property already planned, they'd have to have a massive solar install bigger than many cities.

Did you read the part where they want this to be a Gigawatt scale facility? That means you would need about 25 *square miles* of land for the solar....

Nadella personally stands to lose out on billions if anything bad happens to OpenAI. Seems like his testimony especially about subjective non-fact based matters should largely be ignored.

"the big businesses will be very ineffective, with them not having the right number of human workers."

so.... Same as always