I'm unpersuaded by the assertion that closing the source is an effective security bulwark.
From that page:
> Today, AI can be pointed at an open source codebase and systematically scan it for vulnerabilities.
Yeah, and AI can also be pointed at closed source as soon as that source leaks. The threat has increased for both open and closed source in roughly the same amount.
In fact, open source benefits from white hat scanning for vulnerabilities, while closed source does not. So when there's a vuln in open source, there will likely be a shorter window between when it is known by attackers and when authors are alerted.
The HN discussion on the announcement is just 90% posts of the theme "if a student can brute force your FOSS for $100, they can do you proprietary code for $200" and "if it's that cheap to find exploits, why don't you just do it yourself before pushing the code to prod?"
I believe that the reason the chose to close the source is just security theater to demonstrate to investors and clients. "Look at all these FOSS projects getting pwned, that's why you can trust us, because we're not FOSS". There is, of course, probably a negative correlation between closing source and security. I'd argue that the most secure operating systems, used in fintech, health, government, etc, got to be so secure specifically by allowing tens or hundreds of thousands of people to poke at their code and then allowing thousands or tens of thousands of people to fix said vulns pro bono.
I'd be interested to see an estimation of the financial value of the volunteer work on say the linux or various bsd kernels. Imagine the cost of PAYING to produce the modern linux kernel. Millions and possibly billions of dollars just assuming average SWE compensation rates, I'd wager.
Too bad cal.com is too short sighted to appreciate volunteers.
I think it's more prosaic, OSS is great for building a userbase but not great at generating revenue. So just wave the OSS flag while you build a userbase, then pull out whichever flimsy excuse seems workable at the time when you want to start step two of your enshittification plan.
Not only are they good at reading and writing machine code now, they are actively being used to turn video game cartridge dumps back into open source code the community can then compile for modern platforms.
If you believe they really did it for security, I have a very nice bridge to sell you for an extremely low price ...
Look, tech companies lie all the time to make their bad decisions sound less bad. Simple example: almost every "AI made us more efficient" announcement is really just a company making (unpopular) layoffs, but trying to brand them as being part of an "efficiency effort".
I'd bet $100 this company just wants to go closed source for business reasons, and (just like with the layoffs masquerading as "AI efficiency") AI is being used as the scapegoat.
Seems like a nice way to raise a bit of money for the foundation, and the problem of children needing email addresses is a real one. I just don't understand how reserving an email address years before they need it actually improves their privacy.
Is this really just a case of reserving an address if your child has a common first name and last name, without having to keep the address active?
Could you elaborate on the issues with their S3 compatible storage? I've been considering it and haven't seen too many issues in my testing, beyond the lack of identity control.
I cannot say much about the quality, but I am also testing around with it at the moment. As for the identity control, you may be able to achieve this with a few extra steps, if you set up bucket policies for the credentials. For this, it would be a bit cleaner to move the storage box to a project of its own.
Absolutely not, that would prevent profits to big political donors. Instead we should ban bash oneliners, or ID gate them. No loops or pipes (etc) unless you've handed over government issued ID.
Google pay Mozilla hundreds of millions of dollars each year to place Google as the default browser. It's by far their biggest income stream. In 2023 it was reported as 75% of their revenue.
There's no world in which 75% of your revenue coming from Google doesn't influence what you do. Even if it's not the main driver of all decisions, pissing off Google is a huge risk for them.
If the plaintiff pays 500 million to the judge and the defendant goes to jail, there's no proof that the judge wouldn't have made the same decision without the 500 million. If you're a fool, you'll sneer and ask "Where's the proof?"
Well if you bring up law how about: innocent until proven guilty?
Google is not bribing Mozilla...they probably keep them alive to avoid all kinds of monopoly lawsuits. With their market share however, you would need more prove to justify further conspiracies...
Great for shareholders, terrible for consumers. This is what we get when we allow rampant consolidation and throw out the idea of regulated competition.
It's not like there's really any competition anyway. Prices are going up, I can't switch from Netflix to HBO, because the content is available across platforms.
If Netflix just moves the HBO content to Netflix then that's one subscription less for a lot of people, so even if Netflix subscription goes up, many will still save money.
There is more competition than ever. That is why these legacy companies are being bought and sold.
Amazon/Apple/Comcast/Disney/Netflix/Oracle are all in the business of selling video, plus they are competing for attention with Youtube/Tiktok/Reddit/HN/etc.
There is also Sony and Lionsgate and A24 not selling direct to customers.
At university in the UK it's almost always maximums rather than minimums. It's damn hard as well, you never get the word count you actually need to fully cover the subject and always end up desperately counting those last few as you trim it down. My university would cap your grade if you went over the count by a certain % as well.
I do think it made me better at writing though, and it certainly made me aware of how much people are actually willing to read.
I've been on a similar journey this past month, although it sounds like mine went a little more successfully. I've managed to get a repo setup which contains a nix flake with nix-darwin configuration, and it also calls into some home-manager modules which I also use on a linux device as well. I do agree, the nix language isn't particularly to my taste either.
I know you're hoping to go from first principals but I'm happy to share the repo if you want (email in my profile).
Aside from that, what issues did you run into? I'm keen to know if I've just not gone deep enough and will soon hit something.
This is what I'd like to see as well. These collaboration tools are really good, but I barely use them because they always assume that you and your team are using the same editor. Most of the time that's just not the case, so I've used them a handful of times but beyond that there's little opportunity.
It's probably not an issue the Zed team will experience as they're all naturally using their own editor. Hopefully it's on their radar though.
> because they always assume that you and your team are using the same editor.
Network effects are probably a strength for a company, not a drawback (which it is for the user of course). Even VSCode has some notion of network effects, such as their proprietary extension store.
I live in a city in the UK and use the train to commute daily. Return travel on a peak train costs me £8.40 (arriving at work before 9am), and £6.50 if I go in after peak (arriving at work after 9am).
Every year without fail this goes up by a noticable amount, but the service is still unreliable. Looking back at my travel history, the train has either been late to arrive or late to get to my destination around 30% of the time. That delays can vary a lot as well between about 10mins (this morning for example) to 30 minutes on average.
But that's the average picture, the winters get so much worse for my route. There's a tunnel just before our station which frequently has water pouring through when it rains heavily which means no trains can run until it stops. Several times I've left my house with all the trains listed as running on-time and arrived at the station to be told by the (very nice) guard that he doesn't expect there to be any trains through until mid day.
They also get very crowded, at least on my route. They're meant to send a 3 carriage train but will frequently end up with only 2 carriages because they had a problem with one of them. This usually delays people boarding which means the resulting journey is around £8.40 for no seat and a 10-15 minute delay.
The UK rail sure isn't the worst in the world by any stretch. When a journey goes well it's seemless and I'm a big fan. But a lot of the time it feels like you're being bent over, especially when after several weeks of reduced services due to strikes you're suddenly met with a price hike of 5% with no improvement in the services reliability. All of that is just when you're talking about commuting as well. Any time I'm forced to head to London it's a miserable emptying of my wallet.
All of this is just my daily experience, but I'm so sick of this failed experiment. Each year it costs more, the service is just as unreliable, and the profits all leave the UK.
Maybe my expectations aren't reasonable, but it's something I'm effectively forced to use daily because of house prices.
> Looking back at my travel history, the train has either been late to arrive or late to get to my destination around 30% of the time. That delays can vary a lot as well between about 10mins (this morning for example) to 30 minutes on average.
That £8.40 will be £6.30 after claiming the delay repay for 30 minute delay. Only happening 30% of the time so that would work out to £7.77
Still it would be better if they were always on time.
reply