... do tech people really not know who Fabrice Bellard is?

He's kind of a household name in a lot of programming circles

Sure, my point is that in this scenario, the US labs would lose out on all the overseas business, regardless of whoever else is training models for the rest of the world

And as such, you need to already be sandboxing the tool (since it processes untrusted data you received over the internet).

Pipe it to bash? game over

Pipe it to less/more? Better hope your distro keeps those patched

Open the file in a browser or PDF reader? Hey, look at all this shiny new attack surface!

That said, I don't think that is actually the case - there is a small and growing percentage of LLM-written code in pretty much every piece of tech I have insight into the internals of.

Though not in the sense of "implement GT6"

Curl is also something that should be thoroughly sandboxed to begin with, because even if there are no vulnerabilities in curl itself, its a tool for downloading arbitrary data over the internet, and you may well accidentally trigger vulnerabilities in every other part of your environment just by downloading arbitrary data to your shell...

Firing patches upstream is still adding burden to the (likely already over-burdened) maintainers.

In an ideal world, if you want a patch upstreamed, you would be contributing to upstream maintenance (or at least donating to the upstream maintainers)...

This is the "moat by US regulatory capture" I mentioned above, but it only extends to the US, and pretty much cedes the rest of the world to the Chinese labs. It only makes sense if the US is going to become an isolationist power

A million is hardly buying mansions, yachts, and champagne-filled swimming pools in the current economy

The only way for "Big AI" to become a thing is for them to establish a moat, and right now the only path to that appears to be achieving regulatory capture in the US, which is a fickle and unstable state of affairs.

They weren't prepared for data that was obviously noisy. The data has always been inherently inaccurate, and folks just chose to ignore that previously

That is indeed how the VC funding game is played. If you don't raise another round, you are dead anyway, so you spend down your seed round to try and justify that following round...

Winit has had so much churn over time, I hope they settle down at some point.

I can pretty much guarantee that if I try to build a project from 3+ years ago, the old version of winit will not compile on my Mac, and the new version of winit will have a completely different API surface.

Do your coworkers not reliably produce readable, tested code?

That's kind of the minimum bar for a software engineer in my book

Which themselves generate more PRs (or larger PRs)...

From my perspective, there are three sorts of PRs:

- One is very close to the final form of a particular change, and any feedback you get at that late stage is indicative of holes in your process.

- Another is one where someone throws something up and says "hey, this is an experiment, can I get feedback on the approach". This is great, the parameters are clear, not much to say about these.

- The 3rd sort is someone making a trivial 5-line patch to a makefile/cargo.toml/github workflow/etc. These add basically no value to anyone.

Of those only the 2nd type really brings much value, and those are the ones that folks would keep posting even if you didn't require PRs (since they have an actual question, or a cool thing to show off).

I'll also note that this only really negatively impacts small remote teams, because on a sufficiently large, co-located team, you just ask your buddy one desk over to rubber stamp all the trivial commits...