LLM time
33 points by alethkit
33 points by alethkit
I miss the past too. I don't see a way to go back to it, but I'd like it too if there were one.
I don't understand how people look at incredibly smart, talented, interested people falling into despair because of this technology and shrug because, well, isn't it just so cool?
Fix your hearts... you know the rest.
People on the Internets have problem with literally everything. As in - there are always some people who have problem with something.
You change a keybinding, or UX element in popular software and you'll get a small crusade of people who absolutely hate the change. You say anything on social media, you'll get a crowd arguing with it.
Negative emotions motivate people to speak out. Being satisfied much less so.
You just learn to shrug.
For all the whining, I know tens of developers who are absolutely thrilled and adapting at fast pace. And they typically are busy getting stuff done not posting stuff online.
Obviously LLMs are a severe and fast paced change, but it is what it is, and the world with adapt. And there's tons of nuance in it, not just all good or all bad. Even if it was all for the worse (which it isn't), I would rather adapt and do my best than weep.
I am scared about how AI affects my economic prospects. I also know a doctor who never coded before, who used ChatGPT to make a customized shift trading platform at his hospital, which apparently significantly improved the lives of all the nurses.
Do our needs trump theirs? Is it better for software engineering to remain a high-salary, high prestige job, or for more nonengineers to be able to make situated software? I don't think it's a clear-cut answer, and I don't think that uncertainty speaks to a problem in my heart.
This is a really good piece.
This bit in particular hit pretty hard:
This is the fastest and most violent change to working conditions and assumptions I've witnessed in my career, including the arrival of the internet and open source and distributed version control and cloud computing and all of that. Nothing else is in the same ballpark.
In a matter of months a lot of people I know personally switched from […] "help help my team is under attack by hundreds of new security vulnerabilities and can barely keep up"
I don't know what circles Graydon is around these days, but… this has not really reached me either?
Maybe there are a lot of basic vulnerabilities in whatever enterprise apps that were human-written slop before they became generated slop, and there's definitely a flood of slop reports, but I'm not really hearing much about big and real vulns having been found in any of the core FOSS projects or anything like that.
For all this hyperbolic language, where are all the huge headline-making exploits for Linux, Xen, Docker, Podman, runc, Kubernetes, Traefik, Nginx, Postfix, BIND, BIRD, Quagga, Postgres, Firefox, PipeWire, Avahi, CUPS, ………?
I think this qualifies for Firefox.
https://blog.mozilla.org/en/firefox/hardening-firefox-anthropic-red-team/
All of https://github.com/openssl/openssl/releases/tag/openssl-3.6.1 and https://github.com/search?q=repo%3Acurl%2Fcurl+stanislav+fort&type=pullrequests are from https://aisle.com/. There are at a least a couple of other companies with similar llm-based analyzers. I would be surprised if various bad actors weren't building the same.
That's not a lot? That's just "something"? On that OpenSSL list, there's one high serverity, a couple moderate, and a bunch of low. That's similar to what happened when other tools came out / got good. I think when fuzzers became big they made a larger splash there.. and they weren't talked about in such a hyperbolic way at all!