The Changelog: Software Development, Open Source
Is Linux collapsing under its own weight? (News)
Mon, 09 Sep 2024
A Rust for Linux developer resigns amidst rising tension in the Linux community, Bret Victor shows off what he's been working on for years, Rachel (by the bay) laments how useless "SRE" has become as a role, Doug Turnbull makes the case for hiring junior devs & Baldur Bjarnason says the LLM honeymoon phase is about to end.
What up, nerds? I'm Jared, and this is Changelog News for the week of Monday, September 9th, 2024. After our conversation with Alia Abbott last week, we decided to try Zulip in earnest for a while. So far, so good. The overall experience isn't quite as polished as Slack, but it's nerd-built, and you can tell they've put a lot of love into it.
If you'd like to kick the tires with us, I'll put the link to join at the top of this week's newsletter. Okay, let's get into the news. Is Linux collapsing under its own weight? A Rust for Linux developer, Wedson Almida Fileho, resigned from the project after an unfortunate interaction with another maintainer. Wedson's parting words, quote, I am retiring from the project.
After almost four years, I find myself lacking the energy and enthusiasm I once had to respond to some of the non-technical nonsense. so it's best to leave it up to those who still have it in them, end quote. After that, Asahi Lina, who is a developer of the Apple GPU drivers for Linux, sounded off with her own frustrations with maintainers and Rust from the DRM perspective.
Her conclusion, quote, And that's really sad, and isn't helping make Linux better. End quote. The post I'm linking to is in response to those two events. The author, who goes by CB, thinks they, quote, signal deeper issues in Linux, both technical and cultural, end quote. Some of the technical and cultural issues are explained in the post.
What does this mean, though, for the Rust for Linux project? CB says, I think Rust for Linux as a project is in danger, not because of technical reasons, but because of social ones. So what does this mean for the future of Linux? The author seems to believe an eventual fork is likely. Brett Victor introduces Dynamic Land.
Brett Victor, a well-known interface designer and computer scientist who's best known for his amazing talks on the future of technology, has been working quietly on a new project, Dynamic Land, for many years. Turns out he's done being quiet about it. Dynamic Land is essentially making the real world computational, then giving people what they need to compute it however they like.
You really should watch the six minute introduction video, which is filled with amazing statements like, you don't have to simulate a virtual world when the real world simulates itself.
And this one, which is just bonkers. So everything I've shown is taking place in our communal computing system called Real Talk, and this is it. Real Talk is not a code base, it's a poster gallery. or a bulletin board, or a binder.
To call this endeavor ambitious would be an understatement. Here's the sum, which, if they pull it off, and maybe they already have, would be a big technical achievement and an enormous cultural achievement.
Dynamic Land is non-profit, and Real Talk is not a product. You don't buy communal computing, you don't download communal computing. Our goal is to invent a form of computation which local communities of non-specialists can make for themselves, from the ground up, for their own needs, which they fully understand and control.
A form of computation which is learned and taught, not downloaded and used, like reading and writing, or mathematics, or the arts. Not a product, but a practice.
SRE doesn't mean anything useful anymore. Rachel, by the bay, laments her realization that Site Reliability Engineer, SRE, has become useless as a way to categorize people with a very particular set of skills, much like every other title has before it. Clearly, somewhere along the line, someone lost the thread, and it has completely destroyed any notion of what an SRE was supposed to be.
Just so we're operating on a level playing ground here, I'll lay down my own personal definition of the term and what I expect from people in that role and what I expected from myself. To me, an SRE is both a sysadmin and a programmer, developer, whatever you want to call it. It's a logical and, not, an XOR.
She goes on to detail what is meant by sysadmin and what is meant by programmer, but what she's been seeing in her attempts to hire are SREs who are just ops people. I agree with Rachel, but not just about SREs. I've found most job titles in the software world to be relatively useless and so much more so as each title ages. Let's do some sponsored news. 3.7 million fake GitHub stars.
How much weight do you put into a project's GitHub star count? No matter how much it is, it's probably too much. Socket researchers have uncovered 3.7 million fake GitHub stars, highlighting a growing threat linked to scams, fraud, and malware with these campaigns rapidly increasing over the last six months.
Based on this research, Socket is launching a new Suspicious Stars on GitHub alert that utilizes the low activity and clustering heuristics to detect packages associated with repos that have fake stars. If you want to get proactive alerts and check your entire organization for Suspicious Star packages...
plus 70 more indicators of supply chain risk, install the free Socket for GitHub app in just two clicks. Whenever a new dependency is added or updated in a pull request, Socket analyzes the package's behavior and security risk, alerting you before any malicious code has the chance to land in your project. Check it out by following the link in the newsletter.
And thank you to Socket for sponsoring ChangeLog News. Your company needs junior devs. Doug Turnball does a good job laying out the case for hiring junior devs, a drum that I've been beating off and on for years. Quote, lately, big tech only wants elite squads of staff devs that can, quote, hit the ground running on the big, often AI initiative.
It's been remarked over and over that AI will completely replace junior developers. Juniors, after all, exist to do code monkey work. easily replaced with an LLM. However, that misses the mark on why we have junior employees. Coaching junior employees becomes its own force multiplier for innovating at scale. It's not about the added labor.
It's about a psychologically safe culture that values teaching and learning and the innovation that this unlocks. End quote. Doug makes a lot of great points in this article. I'll add one. Junior developers are plenteous. That means you can take your time and find the ones that will really gel with your organizational culture.
Also, you don't have to pay them as much while you train them up and make them more valuable so you can pay them more. You may be asking that age-old question, but what if we train them up and they leave? The answer to that is, what if you don't train them up and they stay? The LLM honeymoon phase is about to end.
Balder Bjarnason has been consistently bearish on the current crop of AI tools and products since I've been following him. I don't agree with him in all aspects, but he does a good job of arguing his position, so I appreciate his writing on the subject. In this latest post, Balder explains how weaknesses and how LLMs work are making them great targets for manipulation.
We've also known for a while that prompts are effectively impossible to secure. It should not come as a surprise that some researchers decided to see if prompt security could be bypassed with a malicious token stream that completely bypasses the whole comprehensible language part. End quote. Given the opportunity for businesses to gain an unpaired advantage, we all know what they'll do with it.
Balder thinks this is going to go from bad to much, much worse as these techniques are uncovered. Quote, this is going to get automated, weaponized, and industrialized. Tech companies have placed chatbots at the center of our information ecosystems and butchered their products to push them front and center.
The incentives for bad actors to try to game them are enormous, and they are capable of making incredibly sophisticated tools for their purposes. That is the news for now, but also scan this week's ChangeLog newsletter for even more news worth your attention, like creating a git commit the hard way and grippability as an underrated code metric, plus a whole lot more.
Get in on that newsletter by popping your email address in at changelog.com slash news. We have some great episodes coming up this week. On Wednesday, Erez Zuckerman talking ergonomic keyboards. And on Friday, Natalie Pisanovic from GoTime talking AI coding tools. Have a great week. Leave us a five-star review if you want some free stickers. And I'll talk to you again real soon.