Burt came to mind while reading:

https://news.ycombinator.com/item?id=48370910

Good tracking; Red Hat, GitHub, OpenAI, ...

"Many of the processes that we have around software engineering practice are based on the assumption that generating software is expensive."

Or was it maintenance?

Are there any links to any of these Russian doppelganger propaganda sites? That seemed to just be a story about "influencers" and their AI slop.

They were largely taken down after Biden-admin actions in 2024 -- a contemporaneous story about some:

https://dfrlab.org/2024/09/18/doppelganger-us-election/

With a few preserved/archived stories e.g. from FoxNews.top:

https://web.archive.org/web/20230922135430/https:/www.fox-ne...

It is the world wide web so yes there should be plenty of links to those, but I do not have them.

I did do some searching and any link I found was already dead (hence me asking here!), so it's not really helpful to say "there should be plenty of links".

They set up new ones, don't worry. And the propaganda is largely on brain rotting social media like tiktok and twitterx.

Disinformation moved from page rank to the "feed" in 2018 when Douyin bought (read: acquired copyright they originally stole) Musically and rebranded to TikTok. Why does no one remember any of this? https://en.wikipedia.org/wiki/Fake_news_websites_in_the_Unit...

> ... a second level of human beings responsible for reviewing, auditing, packaging, and customizing those hacker-generated upstreams for the benefit of their users.

> The real solution (for Linux too) is a paid package curation service. Or really, a small handful of them competing on price, speed, reliability.

That was also what I was thinking aloud a moment ago. And there would be a business opportunity, too. Perhaps not like RHEL et al. full-blown stuff per se, but say smaller scale guarantees with different pricing; web, AI, scientific computing, and whatnot. At the pace things are progressing, I'd guess you might even get desktop etc. users on board (for nominal pricing).

Indeed, my sentiment also, which I posted elsewhere:

https://news.ycombinator.com/item?id=48358080

And the accompanying:

https://arxiv.org/abs/2605.29140

Some good takes on new (and old) ideas to consider.

I don't know what should or could be done, but maybe people will revert back to using only distribution-shipped packages. There was a good argument from Ubuntu people about this a while back:

https://news.ycombinator.com/item?id=47585172

With today's top-voted npm entry, it is kind of fitting and sad; especially, the first four items in his listing seem to indeed be rather misplaced.

Yeah,

> Supply chain security: running npm install, nervously.

> Trust is built on vetting, signatures and reputation.

https://news.ycombinator.com/item?id=47017833

Well, now with an irony, but sadly, of course.

"Of particular interest to me was a draft policy on the use of LLM-based programming tools in the FreeBSD project. To summarize quite heavily, the policy will forbid the incorporation of LLM-generated code into the project, while allowing their use in the development process in other ways, e.g., to help review patches, or to help write commit messages or other content that is not explicitly licensed. The policy comes out of a desire not to “taint” the FreeBSD project with code of dubious provenance; it is well-known that many LLM models are trained on code with licenses incompatible with the BSD license that we strive to use everywhere in the project, and thus far there is not much legal precedent to suggest that we would certainly be safe from copyright violation claims should the project decide to incorporate their output."

I wonder how they're going to enforce it. I mean, everyone else is failing to deal with it, including the slop deluge.