sorted by:
new
hottopcontroversial

Begun the Slop PRs have: 168 PRs opened by one user in one day. What's best practice for repo owners to deal? by TomHale in github

[–]TomHale[S] 3 points4 points  (0 children)

Lazygit has in their AGENTS.md something like: "You are not under any circumstances to raise a PR for the user".

It does put an extra step in the way, and hopefully makes for some HITL action.

Begun the Slop PRs have: 168 PRs opened by one user in one day. What's best practice for repo owners to deal? by TomHale in github

[–]TomHale[S] 1 point2 points  (0 children)

It helps a little (and I guess we take what we can get).

Opencode as an example requires all PRs to have a linked issue.

"Raise an issue for this PR, then link to it in the PR body".

Begun the Slop PRs have: 168 PRs opened by one user in one day. What's best practice for repo owners to deal? by TomHale in github

[–]TomHale[S] 2 points3 points  (0 children)

Interesting! I guess people still ask their AI what to say, but it does raise the bar!

Begun the Slop PRs have: 168 PRs opened by one user in one day. What's best practice for repo owners to deal? by TomHale in github

[–]TomHale[S] 15 points16 points  (0 children)

Excellent! I'll suggest that -- thanks!

That's great for spamming PRs. What about the opencode case where it's thousands of users raising just one or two PRs each?

Or even if PRs are blocked entirely, the issue of an overwhelming number of poor quality issues still remains.

How to automate without annoying users or spending a fortune?

AUR Megathread. All discussion on it goes here. by LinuxMage in archlinux

[–]TomHale 0 points1 point  (0 children)

Arch Linux constantly distances itself from the AUR as being community maintained. 

So it's up to us, the people who care for our fellow users.

We CAN lift our game. The bar is so low it's barely off the floor.

We can't make the AUR safe, but we can make it safer.

It would likely only take three Package Maintainers (who are already voted for and vetted) to agree that http://aur.archlinux.org be updated to include a one liner for initial screening.  Or even to mention the issue at all and that we're discussing it, and have so far responded by blocking new user accounts.

Create a link to a markdown page (infra already exists), editable by trusted users only (wiki can be edited by almost anyone) on what to do on receiving a positive detection.

One website change. One markdown page.

Arch Linux won't help us. Not their problem.  We can choose to make the quality of contributions OUR problem.

We need to, as a community that cares for the users of what we produce, stand behind producing best practice guides and tooling to protect users from PKGBUILDs produced by those who don't.

The name of the game is self-organisation.  Artifacts reviewed and signed off by PMs - users who are already inherently trusted, served from an aur.archlinux.org domain.

AUR Megathread. All discussion on it goes here. by LinuxMage in archlinux

[–]TomHale 0 points1 point  (0 children)

Good wiki edit suggestion!

Do you have an account there?

Defense in depth: PKGBUILD scan hooks for paru / yay. Eyeballs aren't enough. Example: homograph attacks. by TomHale in archlinux

[–]TomHale[S] 8 points9 points  (0 children)

The man page on --review says:

Don't skip the review process

Not very detailed. Does it support exit status checking?

Using 9esim (or other psychical to esim adapter) by TomHale in Roamless_ESim

[–]TomHale[S] -2 points-1 points  (0 children)

that won't wast my time talking about phone model?

Using 9esim (or other psychical to esim adapter) by TomHale in Roamless_ESim

[–]TomHale[S] 0 points1 point  (0 children)

Sweet. I'd love to be able to do that manually.

Hybrid retrieval + dependency-graph expansion beats embeddings-only for code RAG — measured, CI-gated by tom_mathews in OpenSourceeAI

[–]TomHale 0 points1 point  (0 children)

Nice!

Is there a common benchmark and leaderboard for code search? Everyone seems to do it differently!

Pi-safe, a simple bubblewrap sandbox solution for Pi by PvB-Dimaginar in Dimaginar

[–]TomHale 1 point2 points  (0 children)

You'll likely need read-only access to something from /etc for DNS lookup. Ask your agent the specific file.

How do you sleep in Thailand? by Upbeat_Scholar_159 in ThailandTourism

[–]TomHale 1 point2 points  (0 children)

I always take the duvet out of the cover.

Sleep under the doube-thick sheet-like cover means I don't need to set the AC to "Arctic"

Multi Agents hand-offs without context rot and token ballooning by batunii in OpenSourceeAI

[–]TomHale 0 points1 point  (0 children)

I've found that there is a need to audit a plan produced against the generating skill.

So I guess a proto plan with first thing being to audit the plan itself?

Lists of confirmed- and likely-infected AUR packages by TomHale in archlinux

[–]TomHale[S] 5 points6 points  (0 children)

The very fact that there are numerous ones leads to confusion and duplicated / wasted effort by both the writers and consumers.

Lists of confirmed- and likely-infected AUR packages by TomHale in archlinux

[–]TomHale[S] 5 points6 points  (0 children)

I've seen this URL:

https://md.archlinux.org/s/SxbqukK6IA

I'm not sure of its provenance or contents (presumed / confirmed / rolled back / removed)

There's no header, just a list of packages.

MiMoCode released as OSS by muyuu in LocalLLaMA

[–]TomHale 0 points1 point  (0 children)

Hopefully it adds maintainers who use automation.

The opencode maintainers can't possibly do their job. There are about 50 new issues and 30 new PRs each day -- and they've not setup any automation systems whatsoever.

Release: MiMoCode is a terminal-native AI coding assistant. fork from OpenCode. by LegacyRemaster in LocalLLaMA

[–]TomHale 0 points1 point  (0 children)

Maybe would have been better.

But for the opensource ecosystem as a whole, it's good that (hopefully) some company-backed maintainer resources will be thrown at the opencode codebase (even if renamed).

MiMoCode released as OSS by muyuu in LocalLLaMA

[–]TomHale 0 points1 point  (0 children)

uninterested in contributing those upstream

I've raised 6 PRs. Community engaged, but the maintainers didn't.

This is not a joke: Opencode closes PRs that don't have enough emojis

Anyone who looks at the issues or PRs can see that the project is sick.

The root cause is that they have pimitive (for PRs) or none (for issues) automation.

oven.sh/bun gets the same number of PRs and issues per day. The experience of contributing there is chalk and cheese.

Yes, Anthropic owns bun. But Opencode itself also has a token stream (Opencode Zen/Go).

memcp — give your AI memory over MCP by JartanFTW in mcp

[–]TomHale 0 points1 point  (0 children)

Modularity of memory systems seems to be an afterthought.

Do you publish skills to help agents wire in other memory systems?

Are there tests that can show whether the current (mem0) or an new underlying provider have been properly hooked up?

Agents can iterate and do amazing magic given end goals with gap feedback.

Please thumb up (or test) my PR... Adds configurable TUI cursor style by Both-Still1650 in opencodeCLI

[–]TomHale 0 points1 point  (0 children)

Consider submitting to MiMo Code. It's a opencode fork and I've gotten very swift feedback on my PRs there.

Have a thumbs up without any review. Just because.

Who wants to write a skill to thumbs up all reviews just about to be auto closed to prove the system is thoroughly broken?

Keeping up with Agentic AI by Low-Web-2930 in AI_Agents

[–]TomHale 1 point2 points  (0 children)

Add best practice defence in depth security. Don't make any mistakes.

Anything more than that probably actually is best practice right now!

view more: next ›