The Changelog: Software Development, Open Source - The threat to open source comes from within (News)
Episode Date: April 22, 2024Forrest Brazeal is concerned about the open source threat from within, Vicki Boykis explains why Redis is forked, John O'Nolan and the Ghost team plan to federate over ActivityPub, Llama 3 is now avai...lable for "businesses of all sizes" & nolen writes up questions to ask when you don’t want to work.
Transcript
Discussion (0)
What up, nerds?
I'm Jared, and this is Changelog News for the week of Monday, April 22nd, 2024.
We put a fresh coat of paint on the old Changelog News website.
The goal was to feature our content more prominently and add some social proof to help nudge potential subscribers in the right direction.
Thanks to everyone who lent us your kind words.
How do we do?
Check it out at changelog.com slash news.
Then leave a comment with your feedback and bug reports.
Okay, let's get into the news.
The threat to open source comes from within. Forrest Brazil wrote this piece before Open Tofu published its response to HashiCorp's lawyers,
but the general sentiment still stands.
First, he lays out why he doesn't believe external threats like the XZ backdoor
are existential for the open source community.
Then he turns inward with the horror movie classic twist,
the phone call is originating from inside the house.
Quote, external threats, as the XZ thing demonstrates, seem to have a galvanizing
effect on the broader open source community. OSS just gets stronger under stresses like that.
The thing I'm most worried about now is the opposite, a chilling effect, and it's been
creeping up on OSS like a glacier for over a decade. End quote.
After a quick history lesson, where the current situation is everyone is mad at everyone,
followed by Forrest's viewpoint on the Open Tofu slash HashiCorp legal drama,
he concludes with this somber note.
Quote,
Here is where, if I were a thought leader, I would make some grand-sounding call for companies to do better, or for OSS foundations to revisit their governance
structures, or something. But this is an impasse that can't be solved with platitudes. Cloud
companies fundamentally see open source as something to exploit. OSS software companies
see it as incompatible with a sustainable business model. Contributors who don't work
for either side are getting trampled on. And eventually, as the ecosystem fractures, everybody loses.
The whole situation is just sad.
In the end, the fragile balance of open source,
that unlikely blend of personalities and incentives
that has driven tech's innovation engine throughout the 21st century,
won't be upset by the odd state actor or by malicious spam
or whatever scary new thing the register is
up in arms about tomorrow. It can only be disrupted when the community comes to believe. Maintaining
that balance is more trouble than it's worth. That's the threat we should all be concerned about.
Redis is forked. Vicky Boykiss says, quote, I, as a cynical Eastern European, hate almost everything in software, but I love Redis with a loyalty that I reserve for close friends and family and the first true day of spring because Redis is software made for me, the developer, end quote.
That's high praise for Redis, which makes what she says next land with even more gravitas than it would in isolation. Quote, if you're not a large-scale Redis reseller. Because it's true that the license changes were all legal,
and all parties acted in accordance with both what's acceptable
and what the market dictates to sustain the software.
And yet, at the same time, projects that depend on Redis are withholding updates or migrating.
But the problem is not only that the license changed suddenly, without warning.
It's the messaging behind the change.
And the message is, even though heard Adam and I on ChangeLogin to Friends over the weekend, you already know how I feel about this.
But if you didn't, I'm with Vicky.
Redis is no longer for us, and I'm no longer for Redis.
May a thousand ideas and forks rise out of its ashes.
You know what time it is. Sponsored news.
Fire Hydrant offers modern engineering teams less stress from ring to retro.
Full end-to-end incident management, alerting, on-call, and of course,
streamlining every aspect of your incident
process. From webhook, to alert trigger, to notifications, to incidents opened, to retro
tasks, to meantime to X analytics, everything is inside FireHydrant for modern engineering teams.
What you're about to hear are real reactions from PagerDuty users when seeing signals from
FireHydrant for the first time.
PagerDuty, I don't want to say they're evil, but they're an evil that we've had to maintain.
I know all of our engineering teams, as well as myself, are interested in getting this moving
the correct direction, as right now, just managing and maintaining our user seats has become
problematic. That's really good, actually. This is a consistent problem for
us and teams is that covering these sorts of ad hoc timeframes is very difficult. You know,
putting in like overrides and specific days and different new shifts is quite onerous.
Oh, and you did the most important piece, which is didn't tie them together,
because that's half the problem with pager duty right is i get
all these alerts and then i get an incident per alert and generally speaking when you go sideways
you get lots of alerts because lots of things are broken but you only have one incident yeah i'm
super impressed with that because being able to assign to different teams is an issue for us
because um like the one the one alert fires for one team and then it seems like to assign to different teams is an issue for us. Because the one alert fires for one team, and then it seems like they have to bounce around, and it never does.
Which then means that we have tons of communication issues, because people aren't updated.
No, I mean, to be open and honest, when can we switch?
The next step is to go to firehydrant.com slash signals. Fire Hydrant delivers end-to-end incident management and on-call alerting for the modern software team.
Get started for free at firehydrant.com slash signals.
Ghost is federating over ActivityPub.
John O'Nolan and the Ghost team say, quote,
In 2024, Ghost is adopting ActivityPub and connecting with other federated platforms
across the web. That means that soon, Ghost publishers will be able to follow, like, and
interact with one another in the same way that you would normally on a social network, but on your
own website. The difference, of course, is that you'll also be able to follow, like, and interact
with users on Mastodon, Threads, Flipboard, Button Down, Write Freely, Tumblr,
WordPress, PeerTube, PixelFed, or any other platform that has adopted ActivityPub2.
You don't need to limit yourself to following people who happen to use the same platform as you.
End quote.
Instead of building this all behind closed doors,
the Ghost team is inviting everyone to be a part of their process.
With each publishing platform that rolls out activity pub support,
the promise of the Fediverse becomes less of an idea and more of a reality.
Who's next?
Llama 3, now available for businesses of all sizes.
On April 18th, Meta released the latest version of their open-ish large language model
with state-of-the-art performance.
The Verge rounds it up like this.
Quote, Meta claims both sizes of Lama 3 beat similarly sized models like Google's Gemma and Gemini,
Mistral 7b, and Anthropix Claude 3 in certain benchmarking tests.
In the MMLU benchmark, which typically measures general knowledge,
Lama 3 8B performed significantly better than both Gemma 7B and Mistral 7B,
while Lama 3 70B slightly edged Gemini Pro 1.5.
End quote.
What followed was your typical ex-bros posting N mind-blowing demos of what Lama 3 can accomplish, where N equals the number that
a rival XBro just posted, plus one. Not very interesting, but two things that did stand out
as interesting to me about this announcement. First, they didn't compare Lama 3 to GPT-4 at all,
so we can only assume it still comes up short when compared to OpenAI's best. Second, they continue to call Lama
open source, even though the license retains the commercial requirement of your business not being
too big, which is 700 million monthly active users. So I guess Lama 3 is open for businesses
of all sizes, depending on how you define all and sizes. Questions to ask when I don't want to work. Sometimes it's easy, but other times,
especially if you work for yourself, it's necessary to put yourself to work. This post by Nolan might
help you get that done on days when you'd otherwise struggle. Here's some bullet points to start from,
but the details matter too. Quote, to summarize, when I don't want to work, I don't call myself lazy.
I trust that I haven't changed and look for what needs to.
I get excited about the end result
and share what I'm doing with others.
I consider whether my tools are getting in my way
and I give myself the same grace I'd give someone else
and consider taking a proper break.
Last week, I was struggling to work.
I wasn't excited about my
current project. I took two days off and played a bunch of games and piano. I realized that I was
excited to write this essay, and so I sat in a chair, not on the couch, and wrote it. That's the
news for now, but we have some awesome episodes coming up this week. Louis Pilfold, the creator
of Gleam on Wednesday, and Adam Jacob from System Initiative on Friday.
Have a great week, send our shiny new website to a friend who might dig it,
and I'll talk to you again real soon.