The Changelog: Software Development, Open Source - Open source regrets (News)
Episode Date: August 11, 2025Open source maintainers share their regrets, Thomas Dohmke steps down as GitHub CEO, James Kettle breaks down HTTP/2 from a security perspective, PHP is getting the pipe operator this November, and a ...class action copyright suit threatens Anthropic and the rest of the AI industry.
Transcript
Discussion (0)
What up, nerds?
I'm Jared, and this is ChangeLog News for the week of Monday, August 11, 2025.
I'm in an existential mood today, so here's two thoughts that were impressed on me over the weekend, juxtaposed.
The first thought comes from a recent Ben Stancel essay in which he does the math on the gobsmacking amount of money,
floating around Silicon Valley these days and how everyone does the math to see how much
everyone else is worth. Ben concludes, quote, we don't do the math to measure ourselves, we do the math
to compare ourselves, end quote. So true, but that's just the setup. The money quote is a footnote
to that sentence. Quote, the recent grad is troubled by how much the designer who got the job they want
makes. The designer is troubled by how much the engineer makes. The engineer by the researcher. The researcher
by the founder that got acquired, the acquired founder by the founder by the founder by the
billionaire, the billionaire by Jeff Bezos, Jeff Bezos by Elon Musk by the recent grad, end quote.
The second thought I'd like to share comes from a not at all recent man named Job.
After receiving news that he lost everything to Raiders and a mighty wind, Job said, quote,
naked I came from my mother's womb and naked shall I return there, the Lord gave, and the Lord is
taken away. Blessed be the name of the Lord. End quote. Okay, let's get into the news. Open source
regrets. A recent hacker news, Ask HN thread piqued my interest. Maybe it will yours as well.
Here's the question. Open source is usually seen as a win for learning, visibility, and the
community. But have you ever regretted it? Maybe it became a burden to maintain, attracted the
wrong users, or got used in ways you didn't expect? Would love to hear your experience. Good or bad.
Now, I'm about as pro open source as devs come, but only a purist would say it's always an unadulterated win.
This thread is filled with people sharing their open source regrets, which are worth hearing about.
Here's one, for instance.
Quote, when I was about 14, I open sourced a script to auto-configure X-11's XRander.
It was pretty lousy, had several bugs.
I mentioned it on a KDE mailing list, and a KDE core contributor told me it was embarrassing code and to kill myself.
I took it pretty hard and didn't contribute to KDE or E.
X-11 ever again, probably took me about a year to build up the desire to code again, end quote.
That was a singular event for this person, but still, just awful. Here's another one, which is more
longitudinal. Quote, to be honest, I do regret it. After 20 years of working on FOSS projects,
I've invested enormous amounts of time, effort, and money into these, and other free slash open source
initiatives. It was enjoyable initially. There's something addictive about receiving praise from
strangers and unknown communities. You keep going because it feels good and you develop a sense
of moral superiority. But years later, when the people closest to you are no longer around, you
pause and reflect on how much energy you devoted to random strangers instead of those who shared
your life. If I had invested even 1% of the time and effort I put into Foss projects into my
relationships with loved ones, they would have been so much happier. Now I'm left wondering,
what the hell I was doing all those years. GitHub's latest CEO says farewell. Thomas,
Domki is stepping down as GitHub CEO so he can build another startup.
In his announcement post, Thomas says,
quote, over a decade ago, my family and I made the leap to move from Germany to the United States
after the sale of my startup to Microsoft.
In the years since, I've had the privilege of working with many exceptional human beings,
including hubbers, microsofties, customers, partners,
are GitHub stars, open source maintainers and developers around the world
who've helped us shape GitHub.
Still, after all this time, my startup roots have been tugging on me
and I've decided to leave GitHub to become a founder again.
End quote.
Thomas took the reins in 2021 when Nat Freedman stepped down
after taking the reins in 2018 when Chris Wonstra stepped down
after the Microsoft acquisition.
Who will take the reins next?
We don't know yet.
HTT2.
The sequel is always worse.
James Kettle breaks down HTTB2 from a security perspective and finds
it breaks down pretty easily.
Quote, HTP2 is easily mistaken for a transport layer protocol that can be swapped in with zero
security implications for the website behind it. In this paper, I'll introduce multiple new classes
of HTP2 exclusive threats caused by both implementation flaws and RFC imperfections.
End quote. James shows how these flaws enable H2 exclusive desync attacks with case studies
targeting some pretty high-profile websites. It's now time for sponsored news.
Augment code has GPT-5.
Augment code has GPT-5, y'all.
Until now, Augment ran only on Claude Sonnet 4.
They've added GPT-5 and a model picker so you can select the right engine per task.
Sonnet stays the default.
GPT-5 is there when you want extra caution and cross-file brainpower.
They tested both on the same coding chores.
They tested single-file edits, multi-file refactors, bug fixes, and they found a clear trade-off.
Sonnet equals speed and decisiveness, GPT5 equals completeness and stronger cross-file reasoning.
This enables better task alignment.
Quick tweak, sonnet your go-to.
Big refactor or careful logic rewrite, GPT5 brings that extra context and TLC.
The picker also delivers resiliency and continuity, smarter routing, and cost latency control.
If one model slows down or drifts in quality, you can instantly switch without breaking your flow.
Over time, Augment can learn your preferences and even auto route.
Sonnet for quick diffs and GPD5 for the heavy lifts.
Learn more and start testing GPD5 for yourself at AugmentCode.com
and follow that link to read the rest of their announcement post in the newsletter.
PHP 8.5 adds pipe operator.
The pipe operator is the coolest.
And PHP is going to have it this November when version 8.5 ships.
Here's some history.
The pipe operator appears in many languages,
mostly in the functional world. F-sharp has essentially the exact same operator, as does O'Camel,
Elyxer has a slightly fancier version, which we considered but ultimately decided against for now,
and numerous Ph.P. Libraries exist in the wild that offer similar capability with many extra
expensive steps. The story for PHP pipes, though, begins with Hack slash HHVM Facebook's
PHP4 knee-competitive implementation. Hack included many features beyond what PHP 5 of the day offered.
many of them eventually ended up in later PHP versions.
One of his features was a unique spin on a pipe operator, end quote.
Sarah Goldman started the effort to bring hacks, pipes, to Ph.P. directly in 2016.
Fast forward to 2025 and Larry Garfield finally got it done.
Meanwhile, JavaScript's pipe operator is still a stage two draft.
Copyright suit could financially ruin AI industry.
Many of our conversations around the future of tech, after the AI upheaval, have included a sometimes
explicit, sometimes implicit, big, but, you know, like, but, something could happen that radically
changes the AI course we're currently on. Turns out, the largest copyright class action suit of
all times might prove to be that Calipigian, but we've been alluding to. Quote, AI industry groups
are urging an appeals court to block what they say is the largest copyright class action ever
certified. They've warned that a single lawsuit raised by three authors over Anthropics, AI training
now threatens to financially ruin the entire AI industry if up to seven million claimants
end up joining the litigation and forcing a settlement. End quote. If the appeals court denies
Anthropics petition, they could face a $150,000 fine for each of those seven million
claimants whose works span a century of publishing history. Quote, confronted with such extreme
potential damages, Anthropic may lose its right to raise valid defenses of its AI training,
deciding it would be more prudent to settle, the company argued.
And that could set an alarming precedent considering all the other lawsuits generative AI companies face over training on copyrighted materials, end quote.
Yikes, all eyes will be fixed on this butt until further notice.
That's the news for now, but go and subscribe to the changelog newsletter for the full scoop of links worth clicking on, such as
sit on your ass development.
You might not need T-MUX.
And oh, yamble.wtf.
Get in on the newsletter at changelog.news.
Last week on the pod, we shipped our shows from Denver, Nora Jones, on Wednesday,
and Kaizen with Garra Hard-Lazoo on Friday.
Scroll up in your feed and listen to those if you haven't yet,
and stay tuned for some awesome pods this week.
On Wednesday, Dr. Evalina Kudis joins us to talk bioc computing.
And on Friday, Brian Cantrill from Oxide Computer is on ChangeLog and friends discussing their $100 million rate.
Have yourself a great week, like, subscribe, and five-star review us if you like the show, and I'll talk to you again real soon.