There's a subtlety that's missing here: if your threat model doesn't include the actors who can access those backdoors, then computer security isn't so bad these days.
That subtlety is important because it explains how the backdoors have snuck in — most people feel safe because they are not targeted, so there's no hue and cry.
The backdoors snuck in because literally everyone is being targeted.
Few people ever see the impact of that themselves or understand the chain of events that brought those impacts about.
And yet, many people perceive a difference between “getting hacked” and “not getting hacked” and believe that certain precautions materially affect whether or not they end up having to deal with a hacking event.
Are they wrong? Do gradations of vulnerability exist? Is there only one threat model, “you’re already screwed and nothing matters”?
It's not open source, but up until a few years ago I used whereby.com for videochats.
Unlike the alternatives at the time from Google, Apple, etc., it didn't require an account for participants — I could just give them the meeting room URL. So although it wasn't open source, it at least didn't lock you into a network.
Cutting back the power of creators dramatically increases the power of distributors. Do we really want the vast majority of economic benefit for human creativity to flow to middlemen?
And strengthening copyright causes the distributors to assign themselves the new copyrights in take-it-or-leave-it contracts. Making author's rights non-transferable (as in, e.g., Germany) goes some way to preventing this.
Look how much power lies in the hands of people who lie between petroleum in the ground and its combustion. It's a whole waterfall and the majority of the "wealth" in society seems to consist of people who're spinning their wheels from siphoning from it. And now they're terrified it'll go away.
The AI "gold rush" really has this feeling. "How can I get my finger in the pie somewhere here?"
I would say that copyright empowers distributors more than creators, especially in the age of the internet where distribution is otherwise cheap and commoditized. The creator has the ability to make more but a finite capability to create, the distributor only has the copyright that they own, but an almost unbounded ability to accumulate more.
Right now, distributors have to compete with each other in terms of the content they provide — if your competitor offers Taylor Swift or AP News stories or Marvel movies but you don't, your consumers care and may flee.
Take away copyright and distributors no longer compete with each other on the basis of their catalogs — all of them have access to all works, and they're left to compete on network effects, verticals, and locking consumers in to specific distribution channels. Creators have no role in that economy because they have nothing they can leverage.
The ASF, chartered as a 501(c)(3) nonprofit charity which serves the public good, has a budget a fraction the size of those of orgs chartered as 501(c)(6) nonprofits which serve the common business interests of members.
A quick check implies Apache is on the order of half the size, though. When I wrote the other comment it was just the only other name that came to mind.
> After use, the material can simply be ground into powder and pressed into a new shape while heated, causing the bonds to rearrange themselves. This is known as thermomechanical recycling.
> it can also be chemically dissolved
I wonder whether either of these opens up any practical durability issues for this variety of epoxy.
I saw that passage, which addresses that durability doesn't degrade through recycling cycles. But what I was curious about was whether this epoxy is more susceptible to weakening when exposed to heat in working environments, perhaps at lower threshold temperatures than common epoxy. Similarly, I wondered whether there were any chemicals which are commonly encountered in working environments which could serve as dissolving agents and damage this epoxy.
OT: It's difficult for me with my imperfect vision to read this web page because of inadequate contrast between body-text and background. Firefox dev tools measures a 3.52 contrast ratio — WCAG guidelines recommend 7:1 (AAA rating) or 4.5:1 (AA rating). However, viewing the page in reader mode seems to work as a solution.
Can semi-technical people replace developers if those semi-technical people accept that the price of avoiding developers is a commitment to minimizing total system complexity?
Of course semi-technical people can troubleshoot, it's part of nearly every job. (Some are better at it than others.)
But how many semi-technical people can design a system that facilitates troubleshooting? Even among my engineering acquaintances, there are plenty who cannot.
My guess is no. I’ve seen people talk about understanding the output of their vibe coding sessions as “nerdy,” implying they’re above that. Refusing the vet AI output is the kiss of death to velocity.
> Refusing the vet AI output is the kiss of death to velocity.
The usual rejoinder I've seen is that AI can just rewrite your whole system when complexity explodes. But I see at least two problems with that.
AI is impressively good at extracting intent from a ball of mud with tons of accidental complexity, and I think we can expect it to continue improving. But when a system has a lot of inherent complexity, and it's poorly specified, the task is harder.
The second is that small, incremental, reversible changes are the most reliable way to evolve a system, and AI doesn't repeal that principle. The more churn, the more bugs — minor and major.
> The usual rejoinder I've seen is that AI can just rewrite your whole system when complexity explodes.
Live and even offline data transformation and data migration without issues are still difficult problems to solve even for humans. It requires meticulous planning and execution.
A rewrite has to either discard the previous data or transform or keep the data layer intact across versions which means more and more tangled spaghetti accumulated over rewrites.
Don’t think it’ll replace the load bearing parts of IT infrastructure any time soon.
For specialized things that a specific user wants - already happening. Someone in a finance role showed me a demo this week that was reasonably sophisticated. SQL, multi user auth, integration with corporate finance software, parsing enormous excel files, dashboards, custom analytics, custom finance logic etc
In the past we’d have paid consulting devs millions for that now it’s a copilot license and a finance guy (that is reasonably tech savvy). Also cuts out the endless project planning meeting, stand ups, circling back, and scope discussions that you get when actual devs consult.
Databases and search engines have different engineering priorities, and data integrity is not a top tier priority for search engine developers because a search engine is assumed not to be the primary data store. Search engines are designed to build an index which augments a data store and which can be regenerated when needed.
Anyone in engineering who recommends using a search engine as a primary data store is taking on risk of data loss for their organization that most non-engineering people do not understand.
In one org I worked for, we put the search engine in front of the database for retrieval, but we also made sure that the data was going to Postgres.
> Anyone in engineering who recommends using a search engine as a primary data store is taking on risk of data loss for their organization.
It is true that Elasticsearch was not designed for it, but there is no reason why another "search engine" designed for that purpose couldn't fit that role.
I had one manager who got extremely excited about whatever you were working on. It was infectious and motivated most of the team including myself. He’s an innately curious person, but also whip smart and surely developed this skill deliberately.
I had another boss, a founder, who had a difficult relationship with engineering but was extremely gifted and had a great vision. I found myself highly motivated at this company as well, but for wholly different reasons. There are many paths to success.
Both startups had successful exits, and I felt as though I contributed meaningfully to both.
That subtlety is important because it explains how the backdoors have snuck in — most people feel safe because they are not targeted, so there's no hue and cry.
reply