惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Privacy & Cybersecurity Law Blog
SecWiki News
SecWiki News
T
Troy Hunt's Blog
Y
Y Combinator Blog
V
V2EX
美团技术团队
Last Week in AI
Last Week in AI
S
Security @ Cisco Blogs
IT之家
IT之家
博客园_首页
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
阮一峰的网络日志
阮一峰的网络日志
AI
AI
罗磊的独立博客
人人都是产品经理
人人都是产品经理
H
Hacker News: Front Page
N
News and Events Feed by Topic
P
Privacy International News Feed
V2EX - 技术
V2EX - 技术
Recent Commits to openclaw:main
Recent Commits to openclaw:main
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
GbyAI
GbyAI
L
LINUX DO - 热门话题
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Azure Blog
Microsoft Azure Blog
Martin Fowler
Martin Fowler
月光博客
月光博客
WordPress大学
WordPress大学
Latest news
Latest news
Google DeepMind News
Google DeepMind News
S
Schneier on Security
N
Netflix TechBlog - Medium
腾讯CDC
T
Tailwind CSS Blog
TaoSecurity Blog
TaoSecurity Blog
S
Secure Thoughts
L
LINUX DO - 最新话题
Project Zero
Project Zero
Cyberwarzone
Cyberwarzone
D
DataBreaches.Net
Webroot Blog
Webroot Blog
B
Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
H
Help Net Security
L
LangChain Blog
A
Arctic Wolf
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻

LWN.net comments

tcmalloc's weird hack [LWN.net] Fixed? [LWN.net] mpd [LWN.net] Userspace AX.25 [LWN.net] RIP [LWN.net] My two cents... [LWN.net] pipx [LWN.net] Tragedy [LWN.net] A young man destined for glory [LWN.net] And 'less' won't let you search [LWN.net] A great loss [LWN.net] Sad and shocking news [LWN.net] Easy migration from Clementine [LWN.net] Sad coincidence [LWN.net] GNOME is actually usable thanks to Seth et al [LWN.net] Sad news :( [LWN.net] armhf supports preempt_rt [LWN.net] MusicBrainz accurracy [LWN.net] On open source maintainership [LWN.net] Let's stop here [LWN.net] Not a new thing [LWN.net] uv is indeed great pgmoneta Some comments on this on a Postgres blog feed [LWN.net] uv [LWN.net] going to Debian [LWN.net] Upgrading 64-bit-capable systems to 64-bit kernels? [LWN.net] Free Software foundations Maintainers can wait for code review but not for publish review? A reasonably extreme point of view [LWN.net] Maintaining old code Varieties of filesystems and schedulers, so why not for IPC mechanisms too? [LWN.net] AI and documentation [LWN.net] Delegating the work to a subsidiary [LWN.net] Maybe they should provide their reviews to the world [LWN.net] Something can be a bug but not a vulnerability [LWN.net] History is a little backwards ... [LWN.net] A reasonably extreme point of view [LWN.net] Let’s stop here [LWN.net] authd [LWN.net] Suggestion for bug report [LWN.net] Software pain points for long-term equipment [LWN.net] Wrong direction [LWN.net] mjg59 has lost the plot there [LWN.net] Role of German law in this? [LWN.net] Without beer? [LWN.net] Feels soul destroying [LWN.net] No zswap in Debian cloud kernel [LWN.net] No Beer?!? [LWN.net] The other fam [LWN.net] Thank you Andrew [LWN.net] Brave! [LWN.net] I second the cost factor [LWN.net] cassandra [LWN.net] Proprietary tools [LWN.net] familiar [LWN.net] ... is also staging. [LWN.net] Python package managers [LWN.net] Pour one out for AX.25... [LWN.net] tun/tap? [LWN.net] Another article at gnulinux.ch [LWN.net] Transitive checks [LWN.net] Just execute from stdin [LWN.net] Cross-compile Vacation [LWN.net] Concrete steps toward RFC 3550 (new Range types) You can rip with Windows apps too! Have the tempfile issues raised in the release notes been fixed? onlyoffice tried to add stuff in the fine print, and failed Work w/o publication is not science Removing art like offensive fortunes is a mistake. [LWN.net] De-googling (was Wtf) [LWN.net] I liked pdfmark [LWN.net] Juice then tag [LWN.net] why did PREEMPT_LAZY caused more preemptions than PREEMPT_NONE with THP disabled? [LWN.net] x86-64 was first introduced in 2003 [LWN.net] no memory safety? [LWN.net] False positive identification rate [LWN.net] "Defensive" AI use [LWN.net] LTS release? [LWN.net] ironic (ugly, good) [LWN.net] Moving away from LLVM [LWN.net] ironic (ugly, good) [LWN.net] Abandoning vim(1) ASAP [LWN.net] "Picard" naming [LWN.net] circular reasoning is a potential source of unsoundness [LWN.net] Nice to see an update [LWN.net] Writable THPs [LWN.net] Whole network messages [LWN.net] I'll fix my code ... [LWN.net] Can also recommend beets [LWN.net] Jack the CD ripper [LWN.net] How about the bad CDs? [LWN.net] systemd-boot [LWN.net] Significant raise of reports [LWN.net] IMO, it's appropriate [LWN.net] How about the bad CDs? [LWN.net] Update to include Part 4? [LWN.net] Pandoc also is invauable for a cheap-and-dirty retrieval augmented generation. [LWN.net] Whole network messages [LWN.net]
Detecting AI obfuscated porting [LWN.net]
skissane · 2026-06-02 · via LWN.net comments

Detecting AI obfuscated porting

Posted Jun 1, 2026 21:55 UTC (Mon) by skissane (subscriber, #38675)
Parent article: Ombredanne: An AI agent ported our codebase from Python to Rust
to post comments

Detecting AI obfuscated porting

Posted Jun 1, 2026 22:00 UTC (Mon) by pizza (subscriber, #46) [Link] (1 responses)

Detecting AI obfuscated porting

Posted Jun 1, 2026 22:08 UTC (Mon) by dirkhh (subscriber, #50216) [Link]

With the price changes everyone is pushing right now, that point could come pretty soon ..

Detecting AI obfuscated porting

Posted Jun 1, 2026 22:05 UTC (Mon) by dskoll (subscriber, #1630) [Link] (11 responses)

If it can be proven that someone did that, then there's a good case to be made they're operating in bad faith and deliberately trying to steal. (I mean... I think GenAI is theft anyway, but this is far more blatant.)

Detecting AI obfuscated porting

Posted Jun 1, 2026 22:18 UTC (Mon) by skissane (subscriber, #38675) [Link] (10 responses)

Detecting AI obfuscated porting

Posted Jun 2, 2026 9:16 UTC (Tue) by khim (subscriber, #9252) [Link] (9 responses)

> You could do the same thing with coding agents - agent 1 summarises the architecture and algorithms of the existing tool into a document; agent 2 takes that document and generates a new document proposing intentionally distinct architecture and algorithms; agent 3 then generates an implementation which passes the original test suite but using different architecture/algorithms – that is unlikely to be detected by tools trying to detect cross-language translations of existing code.

If you do that then you are infringing right there, at the step #1. Remember the story with Java? APIs were not lifted from the realm of copyright. “The architecture and algorithms of the existing tool” is protected as much as the source of original. What court have decided is that small amount of it (0.4% by the findings there, but we don't know where an actual border lies) may be “fairly used” to implement new work.

Now, step #2… that's where “fair use” should arise, isn't it? Well… it could, but then step #3 would have to be done by a human or an entirely different agent from year 2050. Or maybe year 2035 if we are lucky.

LLMs today are just a pretty decent translators. They may translate from English to Ruby, or from Python to Rust… but that's pretty much it: design is way beyond their capabilities and we have no idea if they would ever be able to do that. They probably would, eventually, but not as fast as their proponents like to preach.

Detecting AI obfuscated porting

Posted Jun 2, 2026 9:47 UTC (Tue) by jorgegv (subscriber, #60484) [Link] (3 responses)

Detecting AI obfuscated porting

Posted Jun 2, 2026 11:08 UTC (Tue) by khim (subscriber, #9252) [Link] (2 responses)

> I have to disagree here. LLMs are definitely already designing architectures. Perhaps not complicated ones, not humongous projects, but they are definitely there.

They are very nice at stealing existing code and translating it to work in new place.

But the limitation is still the same: 200-300 lines code should give you something working and testable. That's not “designing an architecture”, that's “finding a place where someone's else architecture may fit”.

And yes, it's really impressive, they like to graft massive amount of code to repeat the same architecture that they found somewhere again and again.

But that's an attempt to build a skyscraper by piling twigs into a large pile. You may build a hut that way or maybe evem, evetually something similar to the ant's nest… but that's not an architecture, that's still pile of pieces not connected in any sensible order.

> I'm using them currently for work and personal projects, and Claude was able to design from scratch (and is currently implementing) a retro computing emulator. My emulator is fully working at this point, and I'm fixing bugs.

So Claude have duplicated something that was done thousands of times and was able to amalgamate that into something kinda-sorta-working… what's the big deal? It's very easy to see when it does that: try to ask it to add something that needs a component that is not there yet, and it would start with calling it, then trying to compile — and only then finding out it needs to be writtem. But try to do something differently from how other projects do thing, on average — and you'll discover that it would ignore your requests and would return “design” back to the average between other projects of similar nature.

Detecting AI obfuscated porting

Posted Jun 2, 2026 22:29 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

Detecting AI obfuscated porting

Posted Jun 7, 2026 4:47 UTC (Sun) by fwyzard (subscriber, #90840) [Link]

Curious, what model?

Detecting AI obfuscated porting

Posted Jun 2, 2026 10:55 UTC (Tue) by pbonzini (subscriber, #60935) [Link] (4 responses)

Detecting AI obfuscated porting

Posted Jun 2, 2026 11:11 UTC (Tue) by khim (subscriber, #9252) [Link]

> NEC v. Intel was not even completely clean room and yet was accepted as valid just because the result was different enough.

But that's precisely and exactly what LLMs couldn't do! If you don't drive it tightly it would return to the “average amalgamation of blog posts” if topic is popular enough or, if not, would simply copy one example that it may find.

Detecting AI obfuscated porting

Posted Jun 2, 2026 19:02 UTC (Tue) by NYKevin (subscriber, #129325) [Link] (2 responses)

Detecting AI obfuscated porting

Posted Jun 3, 2026 4:29 UTC (Wed) by pbonzini (subscriber, #60935) [Link]

Detecting AI obfuscated porting

Posted Jun 3, 2026 13:38 UTC (Wed) by khim (subscriber, #9252) [Link]

> Oracle also *lost* that case.

It lost in on the fair use grounds. Which is pretty much an admission that organization and shape of APIs is something copyrightable (and thus requires a permission from the copyright holder) except when restrictions on it would do more harm than good. Straight from the discussed case:

Given programmers’ investment in learning the Sun Java API, to allow enforcement of Oracle’s copyright here would risk harm to the public. Given the costs and difficulties of producing alternative APIs with similar appeal to programmers, allowing enforcement here would make of the Sun Java API’s declaring code a lock limiting the future creativity of new programs. Oracle alone would hold the key. The result could well prove highly profitable to Oracle (or other firms holding a copyright in computer interfaces). But those profits could well flow from creative improvements, new applications, and new uses developed by users who have learned to work with that interface. To that extent, the lock would interfere with, not further, copyright’s basic creativity objectives.

Do you see an admission that API is uncopyrightable, here? On the contrary, it's an admission that API is copyrightable, but when someone else depends on your API you couldn't use it as a lock, because the lock would interfere with, not further, copyright’s basic creativity objectives.

This works for public APIs, but when LLM copies internal APIs that were never exposed to public it flies right out of the window: it's not public, it couldn't be used a lock, it's use is not “fair use” in any shape or form.

> It reads as if it slipped through a wormhole from a parallel universe where the law is entirely different.

No, from parallel universe where people actually read documents and not just titles.

Detecting AI obfuscated porting

Posted Jun 1, 2026 23:08 UTC (Mon) by khim (subscriber, #9252) [Link] (2 responses)

> I haven't tried that approach personally, but I can't see why it couldn't work.

It wouldn't work because existing so-called “AI” is a pattern-matching machine.

It couldn't understand 1000 lines of code, the most it could do is around 100-200 lines. After that errors grow exponentially and getting useful output becoming prohibitively expensive.

Just like nerodetector catches even the most sophisticated AI models with good probability (rarely scoring less than 20-30% of “AI” and “mostly AI” while humans rarely, if ever, get measly few percents if “maybe AI”) so automatic copyright-infringement tools catch AI with ease.

Detecting AI obfuscated porting

Posted Jun 2, 2026 3:53 UTC (Tue) by josh (subscriber, #17465) [Link] (1 responses)

Unfortunately, I think your evaluation of AI capabilities is out of date here. It can do a lot more than that. It still makes mistakes, of course, but current AIs *can* sometimes manage that kind of thing if you're willing to burn enough tokens on them.

Detecting AI obfuscated porting

Posted Jun 2, 2026 9:38 UTC (Tue) by khim (subscriber, #9252) [Link]

> Unfortunately, I think your evaluation of AI capabilities is out of date here.

Sadly they are not. If you believe in that “tasks doubling every seven months hype” then it's achieved by expanding LLMs capabilities in doing simple, small, tasks into larger spans using external tools. E.g. instead of refactoring 5000 .h to move definitions of functions from .h to .cc file agent may write a python script and run it. And if that script would grow beyond certain size it may write a series of patches to, gradually, improve it. But you may only improve process so much till it starts walking in circles.

> It still makes mistakes, of course, but current AIs *can* sometimes manage that kind of thing if you're willing to burn enough tokens on them.

Only with things in their training corpus that have enough blog posts to steal from. We have a template metaprogramming library at my $DAYJOB. When asked to implement function that should have used that library (and would have been 20 lines of code) agent simply lifted examples from the StackOverflow and did everything in 300 lines of code using fold expressions. Because 2000 lines library is too much for it to grok. It may even alter and change said library, when asked, what it couldn't do is to use it. For that it would need to have a pile of blog posts to steal patterns from.

I don't think agents would ever go to be able to design 1000 lines of code. What they have achieved is an impressive use of their ability to look on 200-300 lines of code collected in small pieces from different parts of the codebase and then produce another 100 lines of code.

That's still a pretty impressive capability, absolutely. But it's not even remotely close to what one needs to rewrite things in a way that would avoid copyright infringement. Plus it falls apart if these 100 lines of code added couldn't be tested by something. Asking agent to do these ten such 100 lines steps and then only check the result in the end is a good way to burn tokens, but it doesn't lead anywhere near working code.

That's why we have so much hype about translations (wow, system designed for two decades to translate from German to English can also translate from Python to Rust… good achievement, actually — just not anything unexpected give where and why it was designed, originally), but not much about something designed by AI. That one would arrive decade or two later.

Detecting AI obfuscated porting

Posted Jun 1, 2026 23:30 UTC (Mon) by sethkush (subscriber, #107552) [Link] (1 responses)

I hope anyone interested in this form of detection is well aware of the results of "AI detection" in higher ed. It's led to far too many witch-hunts and is fraught with false-positives.

Detecting AI obfuscated porting

Posted Jun 2, 2026 9:43 UTC (Tue) by khim (subscriber, #9252) [Link]

That's why I like neurodetector. Try to feed it any of your own works and find something that it would mark as AI!

It's more-or-less impossible to do with any text of substantial size! Yes, it's matter of tuning, but it's heavily tuned to bias into “this is probably human” direction. I have never seen an actual human scoring more than few percents of “maybe AI” there (but yes, advanced models can get up to 50% of “human” marks as a result).