Linux kernel maintainer says AI has suddenly become useful for devs: 'We can't ignore this stuff. It's coming up, and it's getting better'
AI must have been doing push-ups in the dead of night lately, because a lead Linux kernel maintainer says it's pretty recently started to come in very useful. Not necessarily for coding—although I'm sure that landscape is constantly evolving, too—but rather for generating security reports.
Speaking to The Register, Linux Kernel dev Greg Kroah-Hartman explained that while previously "we were getting what we called 'AI slop'... something happened a month ago, and the world switched. Now we have real reports."
"All open source projects have real reports that are made with AI, but they're good, and they're real... All open source security teams are hitting this right now."
The question is why these actually useful AI-generated or AI-aided reports have started streaming in so suddenly, and unfortunately, the answer is unclear:
"We don't know. Nobody seems to know why. Either a lot more tools got a lot better, or people started going, 'Hey, let's start looking at this.' It seems like lots of different groups, different companies... There must have been some inflection point somewhere with the tools. Did the local tools get better? Did people figure out something? I honestly don't know."
Anecdotally, though, Kroah-Hartman can attest to AI's usefulness for developer-related tasks such as code reviews:
"I did a really stupid prompt. I said, 'Give me this,' and it spit out 60: 'Here's 60 problems I found, and here's the fixes for them.' About one-third were wrong, but they still pointed out a relatively real problem, and two-thirds of the patches were right."
"The tools are good. We can't ignore this stuff. It's coming up, and it's getting better."
I'm as much of an AI-sceptic as the next person when it comes to certain use cases or the industry at large, but there's no denying it can be incredibly useful for particular tasks. Apparently, Linux kernel maintainers already have an AI code review system called Sashiko baked into their workflow.
It can all seem a very simple and easy proposition, with little downside, from the perspective of an end-user such as a dev using Sashiko or someone chatting to an LLM. But we should remember that that's glossing over the tons of energy, resources, and market effects that have gone into laying the preconditions for those interactions: namely, server production, energy consumption, and the dreaded RAMpocalypse.
But if all those resources can be used for something, I'll take security reports and code reviews over, say, AI filter-esque DLSS5. Though I suspect I'm preaching to the choir, there.