The Changelog: Software Development, Open Source - The Swiss government goes open source (News)
Episode Date: July 29, 2024The Switzerland federal government requires releasing its software as open source, Google decides not to deprecate third-party cookies, Mark Zuckerberg says "open source" AI is the path forward, GitHu...b allows anyone access to deleted / private repository data & Tailscale wants to build a New Internet.
Transcript
Discussion (0)
What up, nerds?
I'm Jared, and this is Changelog News for the week of Monday, July 29th, 2024.
Let's get right into the news.
The Swiss government goes open source.
In a move that began way back in 2011, Switzerland recently passed the Federal Act on
the Use of Electronic Means for the Performance of Official Duties, or MBAG for short. Quote,
this new law requires all public bodies to disclose the source code of software developed
by or for them unless third-party rights or security concerns prevent it. This public money, public code approach aims to enhance government operations transparency,
security, and efficiency.
End quote.
This is something that every tax-funded government on earth should do, in my humble opinion.
And public money, public code is such a simple and powerful way of stating that aim.
Google reverses course on third-party cookies.
Here's Anthony Chavez, VP of Privacy Sandbox at Google.
Quote,
Instead of deprecating third-party cookies, we would introduce a new experience in Chrome
that lets people make an informed choice that applies across their web browsing,
and they'd be able to adjust that choice at any time. Let me also introduce a new experience that lets people make an informed choice that applies across their web browsing.
Stop using Google Chrome.
Open Source AI is the path forward.
Quick note on this story.
Every time I say open source,
insert those little scare quotes around it
because Zuck uses the term open source,
sans API approval.
Okay, Mark Zuckerberg announcing the release
of multiple Lama 3.1 models.
Quote, today, several tech companies
are developing leading closed models,
but open source is quickly closing the gap.
Last year, Lama 2 was only comparable to an older generation of models behind the frontier.
This year, Lama 3 is competitive with the most advanced models and leading in some areas.
Starting next year, we expect future Lama models to become the most advanced in the industry.
End quote.
In the linked post, he outlines why he believes open source is the best development stack,
why open sourcing Lama is good for meta, and why open source AI is good for the world.
We discuss this in great detail on Wednesday's episode of The Change Log, so stay tuned for that.
Anyone can access deleted and private repository data on GitHub.
This sounds not ideal.
Quote, you can access data from deleted forks, deleted repositories, and even private repositories on GitHub.
And it is available forever.
This is known by GitHub and intentionally designed that way.
End quote.
They're calling it cross fork object reference,
and it occurs when one repository fork can access sensitive data from another fork,
even if said fork is private or has been deleted. The how is detailed in the linked post,
but the most interesting slash concerning thing is that it's not a bug, it's a feature.
After notifying GitHub, they replied, quote, Thanks for the submission.
This is an intentional design decision and is working as expected,
as noted in our documentation.
We may make this functionality more strict in the future,
but don't have anything to announce right now.
End quote.
Perhaps a good takeaway of this is,
don't use private forks, just in case.
It's now time for sponsored news.
Go ahead, commit your.env file.
1Password makes it easy and secure
to share configs and secrets across your team.
You can replace secrets in your.env file
with secret references and use the 1Password CLI
to inject them when you start your app.
That's how we do it.
Now, when new members join your team,
they can download the.env to get up and running with your development secrets in minutes. We use
1Password and we think you and your team should too. Just for our listeners, they are doubling
their free trial to 28 days versus the regular 14 days. Head to 1password.com slash changelogpod
to get that deal or head to developer.1password.com to learn all about their developer tooling.
Thanks again to 1Password for sponsoring Changelog News.
The new internet.
Tailscale co-founder and CEO Avery Penneron explains how they didn't set out to be a networking company.
They set out to fix the problem of developers scaling what they don't
need to scale. Then they remembered the beauty of their 90s era LANs. Quote, we looked at a lot of
options and talked to a lot of people and there was an underlying cause for all of the problems.
The internet. Things used to be simple. Remember the LAN? But then we connected our LANs to the
internet and there's been more and more firewalls and attackers everywhere,
and things have slowly been degrading ever since, end quote.
The solution they're presenting is to remove everything that's not essential complexity
and boldly fix the internet.
Quote, if we fix the internet, a whole chain of dominoes can come falling down,
and we reach the next stage of technology evolution.
We've built a giant centralized computer system
with a few mega providers in the middle
and a bunch of dumb terminals on our desks and in our pockets.
The dumb terminals, even our smartwatches,
are all supercomputers by the standards of 20 years ago,
if we use them that way.
But they're not much better than a VT100.
Turn off AWS, and they're all bricks.
It's easy to fool ourselves into thinking the overall system is distributed. Yes, we build fancy distributed consensus systems, I have to stop quoting now, or I'll run up our AWS bill.
Also, this might come off as a tailscale ad, which it is not.
They do sponsor us sometimes, but this is not sponsored at all.
It's simply a well-written explanation of a well-conceived vision that's worth a read. That is the news for now,
but this is episode number 105, so that means it's time once again for some ChangeLog++ shoutouts.
Shoutout to our newest members, Nicholas C, Chris T, Benjamin S, CRNJ, Matthew M, and Jared G. We appreciate you for
supporting our work with your hard-earned cash. If ChangeLog++ is new to you, that's our membership
program. You can join to ditch the ads, get closer to the metal with bonus content, receive a free
sticker pack in the mail, directly support our work, and get shoutouts like the ones you just heard.
Also, custom feeds coming now-ish.
Change Log Plus Plus. It's better.
Have a great week. Leave us a five-star review if you dig our work.
And I'll talk to you again real soon.