For decades, code contributions have been how open source projects learned who to trust. People would show up, do the work, take responsibility for their changes, and stick around. Over time, trust emerged from the work itself. AI tools have changed the economics of this very quickly. We use them ourselves every day, but a pull request no longer tells us as much as it used to about the person submitting it. A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds. For a browser, this matters. A browser runs untrusted input from the entire internet on the user’s machine, and one well-disguised vulnerability is all an attacker needs. We have already seen patient, well-resourced campaigns in open source to earn maintainer trust and abuse it. What has changed is how much faster and cheaper it has become to produce work that looks like a serious contribution.
7 Matching Annotations
- Last 7 days
-
ladybird.org ladybird.org
-
- Mar 2026
-
callyzer.co callyzer.co
-
Once you start noticing these signals early, you stop wasting time chasing leads that were never serious buyers in the first place.
Tired of chasing dead leads? Learn how to quickly identify unqualified leads with visual cues and a proven checklist that actually works.
-
- Apr 2021
-
store.steampowered.com store.steampowered.com
-
Unstoppable CrapsterThis is crap shovelwareRe-skinned exact same other 10 games this sad excuse for a developer been farting out.No sound, no gameplay, no nothing.Can't press two buttons at the same time like jump and move.Plays like sonic the hedgehog just had sex with painbrushWhile having a stroke, heart attack and anal prolapse at the same time.Don't support this developer.Steam get your sh!t together, start filtering out this crap.
-
- Mar 2021
-
store.steampowered.com store.steampowered.com
-
This is yet another one of the sad, sad list of excellent games that Asmodee contracted someone to digitize for the least amount of money possible, and it shows. It's a pity, because they're excellent games, but if you don't have the patience for them, it's infuriating to go through all those hoops. Any user doing a QA session for 10 minutes would have told them most of these.
-
- Nov 2020
-
psyarxiv.com psyarxiv.com
-
Bauer, B., Larsen, K. L., Caulfield, N., Elder, D., Jordan, S., & Capron, D. (2020). Review of Best Practice Recommendations for Ensuring High Quality Data with Amazon’s Mechanical Turk. PsyArXiv. https://doi.org/10.31234/osf.io/m78sf
-
- Sep 2020
-
medium.com medium.com
-
This happens because npm makes it ridiculously easy for people to release their half-baked experiments into the wild. The only barrier to entry is the difficulty of finding an unused package name. I’m all in favour of enabling creators, but npm lowers the barriers right to the floor, with predictable results.
-
I offer an additional explanation: that we in the JavaScript world have a higher tolerance for nonsense and dreck.
-