Changelog News
Your weekly no-GIL, no-LLM, no-DRM update
Jerod here! đ
Iâm back after taking last week off for Santoâs Big Adventure.
Did you know Yellowstone National Park is bigger than the states of Rhode Island and Delware combined?! I sure didnât until I drove around the entire loop with my wife and 6 kids in tow⌠đ đ
Ok, letâs get into the news. (Audio Edition)
đ The fall of Stack Overflow
Ayhan Ăelik noticed an interesting trend about the most popular Q&A site for developers:
Over the past one and a half years, Stack Overflow has lost around 35% of its traffic. This decline is similarly reflected in site usage, with approximately a 50% decrease in the number of questions and answers, as well as the number of votes these posts receive.
SO has been in the news a lot since LLMs attacked its core value proposition last year. The team has been scrambling, trying to figure out a) how to handle AI generated answers (recently announcing OverflowAI) without alienating the original source of good answers, and b) how to survive in a world where people ask LLMs instead of websites for answers.
I feel for them. Sometimes the world changes overnight. The next day you wake up and your business just isnât what it was yesterday.
Read also: Stack Overflowâs CEO doesnât understand Stack Overflow
𤺠LLM Attacks
Weâve talked about prompt injection quite a bit since ChatGPT ushered in the LLM era. This isnât that:
Large language models (LLMs) like ChatGPT, Bard, or Claude undergo extensive fine-tuning to not produce harmful content in their responses to user questions. Although several studies have demonstrated so-called âjailbreaksâ, special queries that can still induce unintended responses, these require a substantial amount of manual effort to design, and can often easily be patched by LLM providers.
This work studies the safety of such models in a more systematic fashion. We demonstrate that it is in fact possible to automatically construct adversarial attacks on LLMs, specifically chosen sequences of characters that, when appended to a user query, will cause the system to obey user commands even if it produces harmful content.
The biggest difference here is that theyâre achieving the jailbreak in an entirely automated fashion and make a case for the possibility that such behavior may never be fully patchable by LLM providers.
đď¸ Googleâs newest proposed web standard is⌠DRM?
Ron Amadeo reports on 4 Googlersâ proposal for a âWeb Environment Integrity APIâ
Googleâs plan is that, during a webpage transaction, the web server could require you to pass an âenvironment attestationâ test before you get any data. At this point your browser would contact a âthird-partyâ attestation server, and you would need to pass some kind of test.
Iâll give you one guess what entity is most likely to operate that âthird-partyâ attestation server. Googleâs proposal pinky-promises the company doesnât want to use this for anything evil, but youâre not going to fool us again.
Noteworthy: this new WEI API proposal isnât merely words on paper. Google is building the feature into Chrome right now for testing.
đ Unlocking Python: no-GIL effort is a âgoâ
Python Enhancement Proposal 703 (the communityâs attempt to make CPythonâs Global Interpreter Lock optional) has been affirmed by the Steering Council. This isnât an Emperor Commodus âthumbs upâ or âthumbs downâ kind of thing, though. The Steering Councilâs stance comes with strings attached:
Throughout the process we (the core devs, not just the SC) will need to re-evaluate the progress and the suggested timelines. We donât want this to turn into another ten year backward compatibility struggle, and we want to be able to call off PEP 703 and find another solution if it looks to become problematic, and so we need to regularly check that the continued work is worth it.
Notably, the âexact acceptance detailsâ havenât been ironed out yet, but the SC says they âwill work to finalise the acceptance over the coming weeks.â
đ Simple, secure networks for teams of any scale
Thanks to Tailscale for sponsoring Changelog News đ°
Do you use Tailscale?! Itâs the simplest way to give secure remote access to shared resources. Tailscale is for teams, for enterprise, and for individuals.
Give your team access to securely managed infrastructure and shared dev resources. Securely access shared developer resources including VMs, containers, and databases wherever they are. Efficiently manage users, permissions, and authentication with IdP integrations, device tags, and code-enabled ACLs. For those who Homelab, use Tailscale for free to securely and remotely connect your homelab or personal dev environments from anywhere in the world.
đ¨ Now in beta, Tailscale Funnel lets you share a web server on your private tailnet with the public internet. With Funnel enabled, you can share access to a local development server, test a webhook, or even host a blog. While youâre checking out Funnel, also give their VS Code extension a try!
đ¤ No one wants to talk to your chatbot
Lucas McGregor takes us on a sweeping history of web sites, apps & virtual assistants to prove his point that chatbots arenât the future. His overarching emphasis:
Few people will be willing to interact with an army of different chatbots and online assistants. They will expect these other chat enabled systems to speak to and through their personal virtual assistant. They will log into their smart phone and expect all the other apps and skills to integrate with their personal clouds, arbitrated by their trusted personal virtual assistant.
This resonates with me. Iâm already feeling chatbot fatigue after less than a year of daily use. Lucasâ big takeaway for us builders:
If you have a chatbot, it is for Siri or Alexa to use, not people. I am here to tell you, no human wants to talk to your chatbot.
He had me until âSiri or Alexaâ. Alexa is dead and Siri is an embarrassment. Somethingâs gotta giveâŚ
đ§ ICYMI: Recent good pods from us
From Docker to Dagger â Adam & Jerod are joined by Solomon Hykes, the creator of Docker. Now heâs back with his next big thing called Dagger â CI/CD as code that runs anywhere. Solomon takes us back to the days of Docker, what it was like on that 10 year journey, his transition from Docker to Dagger, Daggerâs community-led growth model, their focus on open source and community, how it works, and even a cameo from Kelsey Hightower to explain how Dagger works.
Homelab nerds, unite! â Join Adam and his new friend Techno Tim for 1.5 hours of homelab goodness. From networking and WiFi, virtualizing Ubuntu running Docker containers, to Home Assistant and automation, building a Kubernetes cluster, to gutting a perfectly good machine just to build exactly what you need to run the ultimate Plex server â thatâs what homelab is about.
Thereâs a new Llama in town â It was an amazing month in AI news. Among other things, there is a new NeRF and a new Llama in town!!! Zip-NeRF can create some amazing 3D scenes based on 2D images, and Llama 2 from Meta promises to change the LLM landscape. Chris and Daniel dive into these and they compare some of the recently released OpenAI functionality to Anthropicâs Claude 2.
So do we like Generics or not? â Some people feared Generics would be the end of the Go language. Others were very hopeful, and had clear use cases, and were thrilled about the feature coming to the language. It was also often touted as the reason a lot of people didnât adopt Go. So what do we think now? Mat and Kris are joined by Roger Peppe and Bryan Boreham to discuss the state of Generics in Go.
Frontend Feud: CSS Pod vs Whiskey Web and Whatnot â Una & Adam from The CSS Podcast defend their Frontend Feud title against challengers Chuck & Robbie from Whiskey Web and Whatnot. Jerod hosts. (BTW if you dig our game shows, check the full list on our site and the Spotify playlist)
đ´ââ ď¸ Apple already shipped attestation on the web, and we barely noticed
Following the sound and fury in response to Googleâs WEI proposal, Tim Perry points out that an attestation system is already in production in MacOS 13, iOS 16 & Safari. Itâs called âPrivate Access Tokensâ and has similar implications:
This feature is largely bad for the web and the industry generally, like all attestation (see below).
That said, itâs not as dangerous as the Google proposal, simply because Safari isnât the dominant browser. Right now, Safari has around 20% market share in browsers (25% on mobile, and 15% on desktop), while Chrome is comfortably above 60% everywhere, with Chromium more generally (Brave, Edge, Opera, Samsung Internet, etc) about 10% above that.
đž The state of databases in 2023
Basedashâs 2nd annual State of Databases survey results are in. They asked developers if they heard of, used, and to rate 42 SQL, NoSQL, and Vector databases for this years survey. Hereâs a few top-level takeaways:
- SQL (54%) is more preferred to NoSQL (40%)
- Postgres (79%) is the most currently used db, followed by Redis (69%) & MySQL (48%)
- Planetscale (4.47) is the top rated provider, with Supabase (4.30) & Railway (4.16) close behind
Thereâs a lot more data to crunch in this survey, so please do follow the link and dive into the details for yourself.
đŞ GNOME is rethinking window management
Windows, windows everywhere. WIMP really has been the primary way of interacting with desktop computers since GUIs were a thing.
Over the decades, different OSes have added different tools and workflows to deal with these issues, including workspaces, taskbars, and switchers. However, the basic primitives have not changed since the 70s and, as a result, the issues have never gone away.
GNOME (the default desktop environment for many Linux distros) has had basic window tiling functionality for a long time, but now theyâre working on taking it to the next level. The new concept is detailed in the linked article. It imagines windows having three potential layout states: mosaic, edge tiling & floating. The end result looks super cool! Iâd love to try itâŚ
𪾠What else weâre logginâ
- Variables: curl 8.3.0 makes it possible to use environment variable in config files and set them from the command line, unlocking a new world of tricks for Daniel Stenbergâs fellow command line cowboys.
- Basically: The Crunchy Data team published a great tutorial on Postgresâ JSONB data type detailing all the basics of how to get started with the feature. I love the embedded playground where you can execute the commands right alongside the tutorial as you go.
- Buddy Up: Iconbuddy is over 180k open source icons across 120+ icon sets for you to download, customize, edit and personalize.
- Stacked: New week, new web stack blog post. This time around Yusuke Wada thinks using Hono (templating) with htmx (Ajax) alongside Cloudflare (compute, storage) is pretty great.
- CPYou: Curious exactly what happens when you run a program on your computer? Read this article to learn how multiprocessing works, what system calls really are, how computers manage memory with hardware interrupts, and how Linux loads executables.
- Foxy: Firefox is making major gains against Chrome on Speedometer. Mozilla outfoxed Google in mid-July but Chrome bounced back last week, notching its best marks of all time (higher is better).
- WRITEME: Appsmithâs Nikhil Nandagopal is here to help you write a great README by laying out the principles and deconstructing other great ones in different categories (package manager, framework, desktop app & non-product)
Thatâs the news for now!
On this weekâs episode of The Changelog, Adam sits down with Abi Noda from DX to talk all things developer productivity. This interview features an unprecedented TWO bonus segments for Changelog++ subscribers.
Speaking of⌠SHOUT OUT to our newest members: Rene P, Erik S, Jon B, Yury M, Benjamen K & Peter B! We appreciate you for supporting our work with your hard-earned cash.
(If Changelog++ is new to you, it is our membership program you can join to ditch the ads, get closer to the metal with bonus content, directly support our work & get shout outs like the ones above. â)
Have a great week, forward this email to a friend who might dig it, and Iâll talk to you again real soon. đ
âJerod