175 comments

[ 3.1 ms ] story [ 113 ms ] thread
(comment deleted)
It saddens me to see the communities surrounding free software projects going dark because of the threat posed by AI tools, but I don't know what other solutions there are that would mitigate the threat, particularly when browsers are such a compelling target. Perhaps some kind of trust system a la arxiv.org, where existing users have to vouch for new submissions before a user is themselves trusted? Definitely still vulnerable to abuse, but perhaps less so.
I feel like the project just died.
Possibly, but they didn’t have much choice. Large open source endeavours are dead.
"Gain trust through plausible contributions" is a new angle on AI-produced PRs I haven't seen yet.

Though in retrospect we should have seen it. It's been an angle of attack since forever, it only took a lot of effort.

We need stricter verifications / credentials behind GitHub accounts and PRs.

And this we should have had already before AI.

Stuff like this makes me wish AI had never happened.

An open-source projects losing the ability to find and mentor new maintainers is so disappointing.

Patches were coming less and less often for years prior to AI; it turns out that decreasing inflation-adjusted wages Y-o-Y plus ending desktop computer education in schools is the unnoticed death knell that AI highlighted. When no one can afford to hack on programs in their free time using skills they can’t afford to train (both due to monetary and time-versus-jobs costs) then of course open source will fade.
For every person wanting to do good in the world there are ten windup merchants of which at least one has darker motives
"A browser runs untrusted input from the entire internet on the user’s machine, and one well-disguised vulnerability is all an attacker needs. We have already seen patient, well-resourced campaigns in open source to earn maintainer trust and abuse it."

Then the linux kernel is doomed. /s

Cool - how about fewer perma-bans on github for participating in discussions?

Also, as I have pointed out before, they seem to develop too slowly for a solid beta this year. You only have to look at the issue tracker and check for URLs not working or even crashing the browser. Ladybird may have gotten better in the last months, but imagine if 50.000 people are using it, you will see more bugs. How do they then handle bug reports?

[flagged]
This rather feels like it's completely stepping away from the thing that made the community around Serenity and Ladybird so good.
What made the community so good, is that it was a community.

Any rando armed with an LLM is not a community.

This seems quite misguided and is sad to see. They have every right to do this, but I was looking forward to continuing testing Ladybird as it improves and contributing in the future. I hope servo stays open to contributions, as it seems like it's all we have left.
>This seems quite misguided

Does it? Seems the only sane option. The other being being drowned in AI slop PRs.

You can still contribute through bug reports.
This is one way to rephrase "we don't want your AI slop, thanks.".
LLMs might be part of why Ladybird is making this decision, but they aren’t the only possible one: SQLite, for example, has been developed this way pretty much forever. To each their own, I guess.
Wasn't the entire goal of Ladybird to have an open and independent browser engine? Making it effectively closed to contributions makes it.. Not independent anymore. It's now dependent, on few people who work on it, just like any other closed-source or corporate-controlled browser.
I think we are going to see a lot opensource project switching to Humans Need Not Apply Mode.
LLMs are killing open source just like they're killing online discussion forums.

It's heartbreaking, my two favorite things about the internet are dying off because human interaction can't outscale AI slop.

And most social media, and blogs.

Newspapers are adopting it too, so soon we may see slop dominate even high brow publications.

Feels like a huge shift in human intellectual capabilities. Honestly quite worrying, I don’t think it’s a Luddite position to say that removing writing is removing thinking.

I can understand where they come from. If most of the pull-requests were AI-coded, well, the maintainers are equally capable of prompting Claude Code themselves.

I think the whole game of software engineering, open source or not, has completely changed. A lump of code doesn't mean or imply the same thing as it did 2 years ago.

Yeah but it comes with a cost. Claude isn't free.

Initially I thought AI would be great for FOSS because suddenly open source projects could get up to speed with paid options. UIs could get better (albeit boring/soulless) with Claude Design, etc.

But then I guess someone has to pay for all of those tokens. It's "easier" to devote your time but much harder to justify spending $300/mo on contributions to open source.

So maybe some people see this almost as a donation? Hey, I paid for tokens and generated a PR - be grateful for my donation!

And then they completely disregard the fact that reviewing the generated slop becomes way too much for the contributors. They would probably have appreciated a monetary donation more.

> If most of the pull-requests were AI-coded, well, the maintainers are equally capable of prompting Claude Code themselves.

I see this position a bit: the notion that AI-generated code has no value. I think it's easy to generate zero-value code, but I don't agree that all AI-generated code is zero-value. I've been working on my side projects in OpenCode, and I spend quite a bit of time prompting, setting up the right files, descriptions of the product I'm trying to build, and the roadmap for it. I have a tight validation loop that lets me run through a bunch of automated checks after each change, and then I do a bunch of manual testing through edge cases that the generated feature might screw up, and then I iterate. It's a different kind of work, but I can make progress more quickly than I could coding by hand. Validation loops are the main critical component.

My experience doing this over the past months is that using AI to code is a skill, and I learn new techniques and get better at it as I try stuff. But that also suggests that, when done well, it can produce something of value.

All of this is to say: while I take issue with your first sentence, I completely agree with your second sentence. What we've lost is the ability to distinguish easily between something well-thought out and something generated thoughtlessly. Focusing on cheap validation would help here immensely, as well.

> the maintainers are equally capable of prompting Claude Code themselves

I'm 100% on the side of maintainers here, but this is BS. If you could "just prompt Claude yourself" the AI productivity boosts would be in hundreds if not thousands of percent, which is demonstrably and self-evidently not the case (at least as of June 2026).

Surely you can just autoclose any PRs from 1. People you don't know and 2. That are over 100 or even 50 lines?

That way new contributors are forced to start small.

They could make two kinds of pull requests and add much more strict criteria for public contributions. For example, they could say that the PR has to be smaller in size and well-documented for human review, otherwise it's closed by an automation.

And then if someone wants to do a larger contribution, they could have a process like making an issue, discussing the approach and then collaborating with a maintainer to get it in.

Blocking public contributions means that they want to have complete control of the project and AI is likely a good excuse to do that.

This project gets a lot of publicity for the product it has to show (which, as far as I know, is effectively still inexistent).