The Changelog: Software Development, Open Source - Is Linux collapsing under its own weight? (News)
Episode Date: September 9, 2024A Rust for Linux developer resigns amidst rising tension in the Linux community, Bret Victor shows off what he's been working on for years, Rachel (by the bay) laments how useless "SRE" has become as ...a role, Doug Turnbull makes the case for hiring junior devs & Baldur Bjarnason says the LLM honeymoon phase is about to end.
Transcript
Discussion (0)
What up nerds, I'm Jared and this is Changelog News for the week of Monday, September 9th,
2024.
After our conversation with Alia Abbott last week, we decided to try Zulip in earnest for
a while.
So far, so good. The overall experience isn't quite as polished
as Slack, but it's nerd built, and you can tell they've put a lot of love into it. If you'd like
to kick the tires with us, I'll put the link to join at the top of this week's newsletter.
Okay, let's get into the news. Is Linux collapsing under its own weight? A Rust for Linux developer, Wedson Almeda Fileho, resigned from the project after an unfortunate interaction with another maintainer.
Wedson's parting words, quote,
I am retiring from the project. After almost four years, I find myself lacking the energy and enthusiasm I once had to respond to some of the non-technical nonsense.
So it's best to leave it up to those who still have it in them.
End quote.
After that, Asahi Lina, who is a developer of the Apple GPU drivers for Linux,
sounded off with her own frustrations with maintainers and Rust from the DRM perspective. Her conclusion,
quote, but I get that feeling that some Linux kernel maintainers just don't care about future
code quality or about stability or security anymore. They just want to keep their C code
and wish us Rust folks would go away. And that's really sad and isn't helping make Linux better. End quote. The post
I'm linking to is in response to those two events. The author, who goes by CB, thinks they, quote,
signal deeper issues in Linux, both technical and cultural. End quote. Some of the technical
and cultural issues are explained in the post. What does this mean, though, for the Rust for Linux project? CB says,
I think Rust for Linux as a project is in danger,
not because of technical reasons,
but because of social ones.
It's trivial for a maintainer who doesn't want Rust
to sandbag integration efforts for their subsystem
for whatever reason,
not liking it, not wanting the workload, et cetera,
just refusing to help, end quote.
So what does this
mean for the future of Linux? The author seems to believe an eventual fork is likely.
Brett Victor introduces DynamicLand. Brett Victor, a well-known interface designer and
computer scientist who's best known for his amazing talks on the future of technology,
has been working quietly on a new project,
Dynamic Land, for many years. Turns out he's done being quiet about it. Dynamic Land is essentially making the real world computational, then giving people what they need to compute it however they
like. You really should watch the six minute introduction video, which is filled with amazing
statements like, you don't have to simulate a virtual world when the real world simulates itself and this one
which is just bonkers so everything I've shown is taking place in our communal
computing system called real talk and this is it real talk is not a codebase
it's a poster gallery or a bulletin board or a binder to call this endeavor
ambitious would be an understatement. Here's the sum,
which, if they pull it off, and maybe they already have, would be a big technical achievement and an
enormous cultural achievement. Dynamic land is non-profit, and Real Talk is not a product.
You don't buy communal computing. You don't download communal computing. Our goal is to
invent a form of computation which local communities of non-specialists can make for themselves,
from the ground up, for their own needs, which they fully understand and control.
A form of computation which is learned and taught, not downloaded and used,
like reading and writing, or mathematics, or the arts.
Not a product, but a practice.
SRE doesn't mean anything useful anymore.
Rachel, by the way, laments her realization that site reliability engineer, SRE,
has become useless as a way to categorize people with a very particular set of skills,
much like every other title has before it.
Quote,
Clearly, somewhere along the line, someone lost the thread,
and it has completely destroyed
any notion of what an SRE was supposed to be. Just so we're operating on a level playing ground here,
I'll lay down my own personal definition of the term and what I expect from people in that role
and what I expected from myself. To me, an SRE is both a sysadmin and a programmer, developer, whatever you want to call it.
It's a logical and, not an XOR.
End quote.
She goes on to detail what is meant by sysadmin and what is meant by programmer,
but what she's been seeing in her attempts to hire are SREs who are just ops people.
I agree with Rachel, but not just about SREs.
I've found most job titles in the software world to be relatively
useless and so much more so as each title ages. Let's do some sponsored news. 3.7 million fake
GitHub stars. How much weight do you put into a project's GitHub star count? No matter how much
it is, it's probably too much. Socket researchers have uncovered 3.7 million fake
GitHub stars, highlighting a growing threat linked to scams, fraud, and malware with these campaigns
rapidly increasing over the last six months. Based on this research, Socket is launching a new
Suspicious Stars on GitHub alert that utilizes the low activity and clustering heuristics to detect
packages associated with repos that have fake stars. If you want to get proactive alerts and
check your entire organization for suspicious star packages, plus 70 more indicators of supply
chain risk, install the free Socket for GitHub app in just two clicks. Whenever a new dependency is added or updated
in a pull request, Socket analyzes the package's behavior and security risk, alerting you before
any malicious code has the chance to land in your project. Check it out by following the link in the
newsletter. And thank you to Socket for sponsoring ChangeLog News. Your company needs junior devs.
Doug Turnball does a good job laying out the case for hiring junior devs,
a drum that I've been beating off and on for years.
Quote, lately, big tech only wants elite squads of staff devs
that can, quote, hit the ground running on the big, often AI initiative.
It's been remarked over and over that AI will completely replace junior developers.
Juniors, after all, exist to do code monkey work,
easily replaced with an LLM.
However, that misses the mark
on why we have junior employees.
Coaching junior employees becomes its own force multiplier
for innovating at scale.
It's not about the added labor.
It's about a psychologically safe culture
that values teaching and learning
and the innovation that this unlocks, end quote.
Doug makes a lot of great points in this article.
I'll add one.
Junior developers are plenteous.
That means you can take your time
and find the ones that will really gel
with your organizational culture.
Also, you don't have to pay them as much while you train them up and make them more valuable so you can pay them more.
You may be asking that age-old question, but what if we train them up and they leave?
The answer to that is, what if you don't train them up and they stay?
The LLM honeymoon phase is about to end.
Balder Bjarnason has been consistently bearish on the current crop of AI tools and products
since I've been following him.
I don't agree with him in all aspects, but he does a good job of arguing his position.
So I appreciate his writing on the subject.
In this latest post, Balder explains how weaknesses and how LLMs work are making them great targets for manipulation.
Quote, bypassed with a malicious token stream that completely bypasses the whole comprehensible
language part. The process for discovering these malicious token streams is quite similar to what
Profound, the company mentioned earlier, seems to be doing. You automate a process of shoving
customized prompts into one end of the LLM black box, and you map the output to discover token
streams that have an unusually big impact on the output.
End quote.
Given the opportunity for businesses to gain an unpaired advantage, we all know what they'll do with it.
Balder thinks this is going to go from bad to much, much worse as these techniques are uncovered.
Quote, this is going to get automated, weaponized, and industrialized.
Tech companies have placed chatbots at the center of our information ecosystems and butchered their products to push them front and center.
The incentives for bad actors to try to game them are enormous,
and they are capable of making incredibly sophisticated tools for their purposes.
That is the news for now, but also scan this week's ChangeLog newsletter for even more
news worth your attention, like creating a git commit the hard way, and grippability
as an underrated code metric, plus a whole lot more.
Get in on that newsletter by popping your email address in at changelog.com slash news. We have some great episodes coming up this week.
On Wednesday, Erez Zuckerman talking ergonomic keyboards. And on Friday,
Natalie Pisanovic from GoTime talking AI coding tools. Have a great week. Leave us a five-star
review if you want some free stickers. And I'll talk to you again real soon.