Yes, true, but that is assuming:

1. Any potential future improvement solely comes from ingesting more useful data.
2. That the amount of data produced is not ever increasing (even excluding AI slop).
3. No (new) techniques that makes it more efficient in terms of data required to train are published or engineered.
4. No (new) techniques that improve reliability are used, e.g. by specializing it for code auditing specifically.

What the author of the blogpost has shown is that it can find useful issues even now. If you apply this to a codebase, have a human categorize issues by real / fake, and train the thing to make it more likely to generate real issues and less likely to generate false positives, it could still be improved specifically for this application. That does not require nearly as much data as general improvements.

While I agree that improvements are not a given, I wouldn’t assume that it could never happen anymore. Despite these companies effectively exhausting all of the text on the internet, currently improvements are still being made left-right-and-center. If the many billions they are spending improve these models such that we have a fancy new tool for ensuring our software is more safe and secure: great! If it ends up being an endless money pit, and nothing ever comes from it, oh well. I’ll just wait-and-see which of the two will be the case.

Not quite, though. In the blogpost the pentester notes that it found a similar issue (that he overlooked) that occurred elsewhere, in the logoff handler, which the pentester noted and verified when spitting through a number of the reports it generated. Additionally, the pentester noted that the fix it supplied accounted for (and documented) a issue that it accounted for, that his own suggested fix for the issue was (still) susceptible to. This shows that it could be(come) a new tool that allows us to identify issues that are not found with techniques like fuzzing and can even be overlooked by a pentester actively searching for them, never mind a kernel programmer.

Now, these models generate a ton of false positives, which make the signal-to-noise ratio still much higher than what would be preferred. But the fact that a language model can locate and identify these issues at all, even if sporadically, is already orders of magnitude more than what I would have expected initially. I would have expected it to only hallucinate issues, not finding anything that is remotely like an actual security issue. Much like the spam the curl project is experiencing.

Also, the user experience is also bound to be much better when a manufacturer provides a tested and supported operating system, especially for “non-experts” for whom a terminal is an arcane inscription tablet.

Add binary compatibility issues to that list: https://jangafx.com/insights/linux-binary-compatibility The moment you need software that is not packaged by your distro you either need to be lucky that whomever compiled it accounted for your setup, or compile it from scratch yourself (if open source and publicly available). Especially with closed source software (like most games) the latter isn’t even an option.

Especially because the borrow checker is the point, the added value, of rust. With it it can ensure compile time memory safety, without it it is just another programming language.

You’re failing to acknowledge that “these types of people exist” are largely a product of anti-educational resources like this particular LTT video. I’ve daily driven Ubuntu based oses for about 4 years solid now and never saw a warning like he saw. That is an extreme outlier, but his video presented it as common in the minds of probably a couple million people.

His specific instance was an outlier of what can happen yes, but it happened naturally during the creation of a video. While I can completely understand the annoyance - this was not faked for the video, and was something that happened. Calling it anti-educational is a rather conspiratorial take. Cutting it out would hide an issue that occurred! A rare issue may not be an issue for you when encountered, given your experience with Linux (we are on a linuxmemes community after all!), but can be problematic for the average Joe. Rather than being overly defensive and than waiving the issue because idiocy - improvements to avoid this from happening in the future are key in my view.

As for things being plug and play, Windows isn’t either. I’ve used all versions of that OS except 8 and 11 and I’ve had problems as bad or worse than anything on Linux plenty of times. Updates have trashed my ability to boot on a few occasions. Yet to hear folks like you tell it, windows just works but Linux is only usable if you’re willing to fix major problems all the time. That was probably true 15 years ago but it just flat out isn’t anymore. You’re not doing anyone any favors except Microsoft by continuing to spread the misinformation that windows is nearly flawless but Linux is unapproachable.

Thanks for putting words in my mouth: I haven’t even named Windows, let alone called it better! I have had my fair share of problems with Windows, but technical issues have been rather unmemorable. Most recently the text selection cursor would be the wrong color for whatever reason. I’ve had an update fail once - but it did not mess up the machine, and the built-in system restore got it working again automatically. The biggest problem I have with Windows is with Microsoft: ads, telemetry, and the fact that updates are pushed without consent.

For Ubuntu I have seen my colleague stuck on the login screen after updating graphics drivers trying to get hardware acceleration to work (Nvidia, who else…) - took well over a day to resolve after things went wrong (colleague was considering a reinstall!), had an update of packages on my RPi mess up timezones resulting in database issues (took me a week to find the responsible package, luckily a hotfix had been released. but had to recover my database from a backup.). I’ve actually seen this prompt when I was trying to reproduce results from a scientific paper that used an older package (ended up having to do that in a container.). The WiFi dongle was just a more minor issue but one that could occur for the average Joe that would have been a major roadblock for most people.

All these examples occurred within the last 6 or so years. I love Linux on my servers & RPi, and would NOT want to use Windows there. But issues do occur, even when doing otherwise ordinary things, and that has ruined my day a few too many times.

I don’t disagree, but the fact is that these people exist (see Linux TT for proof). When things go wrong in Linux, people often end up being directed towards a terminal, even if they shouldn’t be there for plenty of reasons. If you want to be accessible to a layman, largely plug and play is insufficient: it needs to be plug-and-play. I’ve had a wifi dongle not work, I had to compile a kernel module! Those kinds of experiences will cause people that try a flavour of Linux as a desktop os to go elsewhere. Furthermore, I have seen this warning pop up with colleagues when updating software. While they were smart enough to not continue, this stuff does throw up a massive roadblock when it does, especially if you are a layman. If the instructions tell you to install using apt - and this pops up, what would you do? You still want to install the software. It is just a massive source of frustration when something like this happens, even if rare. Doing something sensible (like installing or updating software) should never result in stuff like this popping up.

The moment you need to enter a terminal to fix something - the OS would be irreparably damaged for the average Joe. I would love an immutable distro that would be usable by these people without the risk of harming themselves.

A layman would think: I am installing steam, I want to install steam. What do you mean potentially harmful? Steam ain’t a virus. I have no clue what pop* is and what it does. -> do as I say.

While the prompt is perfectly adequate for those that are technically experienced enough to recognize it is about to uninstall your desktop environment, that isn’t the case for someone who doesn’t know what their desktop environment is. Especially since there is an expectation that installing software does not break things (but, because shared libraries are shared more often than not in Linux, it could!)