And that is against a device whose BSP is actually open source and available for research!
Now imagine the dark horrors hiding in the BSPs of other Android devices... or embedded devices in general.
Frankly, it should be a requirement of Google's certification process that everything regarding drivers gets upstreamed into the Linux kernel. Yes, even if this adds quite a time delay to the usual hardware development process.
We’re talking about a Google employee that makes 5x or more of what a European counterpart would. Lack of termination notice and other at will employment is easy to plan for when you make so much money.
Until someone starts providing examples of software companies where the employees are unioned and clear $400k+ annum, the bar is still “no unions”.
The thing is, pretty much everyone relevant assumes it is a bubble and that eventually large players will end up facing mob justice. That's why the hundreds of billions of $ IOUs are getting passed around like hot potatoes, and that's (in addition to ASML, the key part of anything EUV lithography, being booked out for years) why no one is planning to construct dozens of billions of dollars worth of fabs.
In addition, the know-how is concentrated in Taiwan. You literally can't train enough people in enough time to move everything out of there.
Old and busted: Hey, whoever amongst you wants to try out AI in the business? Check your idea with legal to make sure we don't get busted for violating HIPAA/GDPR/PCI-DSS and you get 1 k$ worth of tokens at your favorite AI service to play around, if it's any good you get a week extra PTO.
New hotness: USE AI NO MATTER WHAT AND WE WILL MONITOR EVERYTHING, THOSE WHO REFUSE TO USE AI WILL GET FIRED.
And that's how you slop yourself into (at least) two major downtimes and burn millions upon millions of dollars for zero ROI - but the stonk markets don't care about lost ROI as long as you go along with the AI hype train.
> Well, those developers are about to have the worst day ever when every single person on the planet can generate code and will be "experts" in everything as well.
And society is beginning to suffer from it. AWS alone managed to slop itself into outages twice in a matter of a year [1] (and I bet that's just the stuff that escalates into mass-visible outages, not the "oh, can't start a new EC2 instance of a specific type for a few hours" kind), and a lot of companies were affected.
It's always the same game: by the time the consequences of the beancounters' actions come home to roost, they have long since departed with nice bonus packages, leaving the rest to dig out the mess.
> Ah, well, it can’t yet do the one thing senior developers still do. Take responsibility.
If only higher-ups would recognize that. Instead we see left and right mass layoffs, restructurings and clueless higher-ups who clearly drank not just a bottle of koolaid but a barrel.
> The ‘Speed’ version allows the rest of the business to continue learning from the market, as the senior developers build a trailing version of the system that’s well-reviewed and understandable.
Yeah... that doesn't fly. The beancounters don't care. The "speed" version works, so why even invest a single cent into the "scale" version? That's all potential profit that can be distributed to shareholders. And when it (inevitably) all crashes down, the higher ups all have long since cashed out, leaving the remaining shareholders as bagholders, the employees without employment and society to pick up the tab. Yet again.
Many an ISP these days blocks domains that have been registered less than a month ago because most scam campaigns have to cycle through domains way faster than that time.
Check if you have enabled some sort of "malware protection" at your ISP, because that usually is based on DNS filtering.
> Here and on reddit, AI debugging is viewed as some weird shallow pattern-matching that obviously fails to spot real stuff and overload the maintainers.
That's because that is what a lot of people did in the last years [1] to pad their resumes or to force developers to backport patches to older (but supported) kernel versions that wouldn't have gone in if they didn't have a CVE attached [2]. Maintainers have been legitimately swamped with low-quality spam for a very long time. Only recently, in the last few months, AI actually got "good enough", the problem is that maintainers still have to differentiate between AI slop by wannabes and by AI-assisted reports reviewed and refined by actual human professionals.
At the end of the day attackers don't give a fuck. "Waaa waaa, AI was bad 6 months ago so I'm going to throw a little fit" doesn't work when it's currently actively exploiting your shit. No one gives a damn if there are 4000 bullshit security PRs lined up. The one real RCE in there mean that everything you hold dear has already been carted off by nation states, and probably rediscovered by 3 or 4 other exploitation groups by this point.
It's time for all the little snowflake software writers to pull up their pantaloons and realize that Linus' vision has become real. With enough AIs all security bugs become shallow. And that software affects the real word, real money, and real people in it. That they are also under attack by well financed groups with rather evil motivations. If I'm attacking some group using your software (such as another nation) I'm going to flood the fuck out of your PR system till you give up hope and die. I'm going to make you attack your contributors. I'm going to sow confusion so I have the maximum amount of time to lay waste to my enemies and profit to the max.
The internet is hostile. Software is hostile. There are sharks looking to eat you.
Now imagine the dark horrors hiding in the BSPs of other Android devices... or embedded devices in general.
Frankly, it should be a requirement of Google's certification process that everything regarding drivers gets upstreamed into the Linux kernel. Yes, even if this adds quite a time delay to the usual hardware development process.
reply