We experienced this exact error this week. Only affected outlook.com users, and not 365 users. Had to supply MS support with proof of ownership of the IP. The whole process took about a week to resolve.
There are lots of tools that aren’t worthwhile to learn to use, and in particularly learning to use poor quality output of subpar tools is not something I’m interested in learning.
The skill of cleaning up LLM-written slop to bring it to the human-like quality that any sane FLOSS maintainer would demand to begin with? It's just not worth it.
They explain why in their AI policy. It's an ethical stance. Of course they wouldn't notice if there aren't clear signs of LLM-ness, but that's not the main reason why they forbid it.
Thanks for the clarification. Not that I agree with their stance (the exact same could have been said at the start of the industrial revolution) but I respect it nonetheless.
> the exact same could have been said at the start of the industrial revolution
The pollution caused by said revolution is currently putting humanity at a serious risk of world war and maybe even extinction so... maybe they had a point? I'm not taking a strong stance either way here, but worth thinking about the downsides from the industrial revolution, too.
The AI policy linked from the OP explains why. It's half not wanting to deal with slop, and half ethical concerns which still apply when it's used judiciously.
So maybe one day we'll see coding agents like Claude Code create and update an ATTRIBUTION.md, citing all the open source projects and their licenses used to generate code in your project?
You got it exactly right :) And you can update the attribution.md to have it NOT rely on opensource projects that have been compromised. Imagine asking claude code to write a package/function in the style of a codebase that you care about or force it to ALWAYS rely on some internal packages that you care about. The possibilities are endless when you insert such knobs into models.
Doesn’t the nature of most open source licenses allow for AI training though?
Example — MIT:
> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions
I remember seeing some new licenses like Human license or something iirc but they all had the valid criticism that it would be unenforcable or hard to catch decision.
I haven't looked at the project that much but this could seem exciting to me if maybe these two things can get merged.
I don't think that license is necessarily the problem in here. Licenses can change and people can adopt new licenses.
Only if there's a commercial incentive to do so methinks. Just one of the things where I expect a legal catch-up is needed to get companies to do the right thing.
This is actually being built right now. ATTRIBUTION.md (https://attribution.md) is a protocol that does exactly this. You drop a file in your repo root with a few lines of YAML, and it asks AI coding agents to prompt users to star the repos they built on.
The key design choice is that it does not automate anything. The agent surfaces a prompt, the user decides yes or no. No bulk starring, no forced actions. The spec also deliberately stays out of licensing territory. It is purely a social recognition layer.
Not as long as all developers add an ATTRIBUTION.md citing all open source projects they read the source for, all companies they worked for and trained them and all Stack Overflow answers they have used for write the code.
> Not as long as all developers add an ATTRIBUTION.md citing all open source projects they read the source for, all companies they worked for and trained them and all Stack Overflow answers they have used for write the code.
Oh? You are under the impression that software gets the same rights and privileges of humans?
Or maybe you are under the impression that you are so special that you face no danger from having no income because the models already ingested all your work and can launder it effectively?
I don't consider it a logical fallacy so much as a philosophical debate on art vs theft that exists in both human and AI worlds.
IMO Nothing and nobody starts out original. We need copying to learn, to build a foundation of knowledge and understanding. Everything is a copy of something else (or put another way, art is more like a sum of your influences). The only difference is how much is actually copied, and how obvious it is.
And in the US at least, from a legal perspective, this "how obvious is it" subjective test is often one way that copyright disputes are settled.
For example there have been many cases of similar sounding songs that either did in fact draw an influence from an existing track (whether consciously or not), or were more likely just coincidental... but courts have ruled both ways in such cases, even if they sound extremely similar.
It's a neat idea but it's not exactly plausible real world conditions to have an agent that pretty much exclusively spends its time wading through an email inbox that's 99% repeated prompt injection attempts. As the creator acknowledges in the original thread, its context/working memory is going to be unusually cognizant of prompt injection risk at any given time vs. a more typical helpful agent "mindset" while fulfilling normal day-to-day requests. Where a malicious prompt might be slipped in via any one of dozens of different infiltration points without the convenience of a static "prompt injection inbox".
Mostly because no one cares about trying to hack "hackmyclaw", there is zero value for any serious attacker to try. Why would they waste their time on a zero value target?
The only people who tried to hack "hackmyclaw" are casual attempts from HN readers when it was first posted.
Meanwhile, tons of actual OpenClaw users have been owned by malware which was downloaded as Skills.
Also, there have been plenty of actual examples of prompt injection working, including attacks on major companies. E.g. Superhuman was hacked recently via prompt injection.
I've thought about implementing the same at our company. Something that iterates through all our tickets, one shots them and creates PRs.
But humans are still left to review the code in the end, and as a developer, code reviewing is one of my least favourite things..
I'm not sure I could spend the rest of my career just reviewing code, and never writing it. And I'm not sure my team would either. They would go insane.
As developers, by nature, we are creative. We like to solve problems. Thats why we do what we do each day. We get a thrill when we solve the problem, test it and it actually works. When we see it in production and users enjoying it. When we see the CPU usage go from 99% to 5%.
I fear we are soon becoming nothing more than the last validation step between AI and reality. And once AI becomes reality, which is very soon, the days of development as we knew it will be over.
One thing I don’t see developers talking about much is that if your job is to only read code instead of writing it, how do you expect to stay good at reviewing code if you never write it?
I only speak for me but when I review code I need to dig into my own experience writing and and remember what works and what doesn’t that I’ve internalized over years of writing and manually debugging code. Take that out of the equation and I wouldn’t be good at reviewing code for long.
I used to write a lot of C++ back in the day, and I can still read it and understand it for the most part but I would never be able to effectively review anything non-trivial. I just don’t have enough recent experience writing it myself to have internalized all of the obscure pitfalls and gotchas. And just vommitting out some C++ from a bot and just having it redo things until it has the appearance of working correctly isn’t gonna help me with that.
“My job now is just reviewing code” is such an extremey short-sighted view I’m terrified for the future where nobody understands anything anymore. I’m sure OpenAI and Anthropic would love this though.
And yeah, reviewing code is one of the more tedious and unfun parts of the job why would I want this?
One of the most annoying parts of my job is my supervisor who used to be a dev but became a manager years ago. He doesn’t really understand the codebase enough anymore and I spend so much explaining basic things to him now it actually hinders our productivity when he wants to “contribute”. And let me just say that getting a Claude sub for the whole team hasn’t helped this at all.
And one last thing - every single engineer I know that needs to maintain a Stripe integration hates them with the power of a million suns.
Totally agree with this. When I review code I don't build a strong mental model of the system, and I think you can only really do that by solving the problems that arise during the creation of the system yourself. I'm optimistic the pendulum will swing away from the "hand off a spec to an agent(s)" and back towards engineers being engaged and directing LLMs to implement/optimize smaller, more specific pieces of code, with most of the direction being determined by the user
Fwiw, reviews are usually boring because most code you review solves boring problems.
Otherwise wouldn't you first figure out how you'd solve the issue, then contrast it to what the PR creator actually did - and then judge which approach is better, long term?
At least that's how I do it whenever there is an actual fun problem, but they're admittedly rare... It's mostly just boring adjustments and these are as interesting to explore as ... Lacing my shoes.
The real issue with "just reviewing code" is that code review skill degrades when you stop writing. I've watched it happen. The people who are best at catching subtle bugs are the ones writing code daily. Pull them into pure review mode for 6 months and they start missing things, not because they got dumber, but because the pattern recognition atrophies without the feedback loop of writing, running, and debugging yourself.
I reckon the developers most excited about AI & agents never got the same thrill or satisfaction that you do. Those developers are plainly motivated by different things, and that’s okay.
I wouldn’t say never. I spent the first 10 years of my career loving crafting code. Then I moved up in seniority and naturally my focus and prioritization had to shift. Even before AI I didn’t code that much, focusing more on design, planning, reviewing, firefighting, and team leadership (still an IC).
One exciting thing about AI is when I have an idea of something to do and can visualize it, instead of writing a ticket that sits in the backlog, I can use AI to vibe it up, with just a couple hours of my attention I can spare. Sometimes it works sometimes it doesn’t. But it’s fun and satisfying to get more shit done, and be able to scratch the same builder and solver itches in my 10% time.
Which unless you have solar, you are paying for. Even if you have solar, you are paying off the panels, batteries and inverter/chargers over a period of time.
Am I the only one who thinks these people are monkey patching embarrassments as they go? I remember the r in strawberry thing they suddenly were able to solve, while then failing on raspberry.
Nah. It's just non-deterministic. I'm here 4 hours later and here's the Opus 4.6 (extended thinking) response I just got:
"At 50 meters, just walk. By the time you start the car, back out, and park again, you'd already be there on foot. Plus you'll need to leave the car with them anyway."
Sure there are many very very naive people that are also so ignorant of the IT industry they don't know about decades of vendors caught monkeypatching and rigging benchmarks and tests for their systems, but even so, the parent is hardly the only one.
Thats my thought too. The chatbot bros probably feel the need to be responsive and there's probably an express lane to update a trivia file or something lol
No doubt about it, and there's no reason to suspect this can only ever apply to embarassing minor queries, either.
Even beyond model alignment, it's not difficult to envision such capabilities being used for censorship, information operations, etc.
Every major inference provider more or less explicitly states in their consumer ToS that they comply with government orders and even share information with intelligence agencies.
Claude, Gemini, ChatGPT, etc are all one national security letter and gag order away from telling you that no, the president is not in the Epstein files.
Remember, the NSA already engaged in an unconstitutional criminal conspiracy (as ruled by a federal judge) to illegally conduct mass surveillance on the entire country, lie about it to the American people, and lie about it to congress. The same organization that used your tax money to bribe RSA Security to standardize usage of a backdoored CSPRNG in what at the time was a widely used cryptographic library. What's the harm in a little bit of minor political censorship compared to the unconstitutional treason these predators are usually up to?
That's who these inference providers contractually disclose their absolute fealty to.
reply