Hacker News

The pre-ai reaction was also unwarranted: committing a massive amount of potentially unmaintainable handwritten code isn't a necessarily positive contribution and any decent engineer (or person tbh) would understand that & not expect gratitude, no matter how concerted their effort.

In that context, I wouldn't expect an idiot (of which there has always been far too many in this industry) to change their behaviour in a post-ai world. They were always out of line & continue to be.

Fwiw, a non-technical employee in my workplace has begun submitting ai-generated prs to internal repos I maintain & they're of excellent quality, with review feedback graciously received & expediently addressed, so this isn't a matter of the idiots not being technical, it's an attitude problem.

There is certainly a certain... entitlement? (It's not the perfect word, but I fail to find a proper term) from some of the vibe crowd. Like an attachment to the output and refusal to accept that most of the work was not theirs.

It is seen in the way they approach contributions but also in regular language. I created X, insistence that their 'curation' was very influencial to the output, difficulty to mention LLM contribution, attitude of 'I care about building while others lose time in details', refusal to engage with potential flaws, and so on.

It is surprisingly different to what I'm used to from senior devs, which behave like they always suspect their own work is flawed and half assed. Like impostor syndrome was reversed.

If a project has a rule to not submit AI generated PRs, people should never submit AI generated PRs to that project. It's spam. Or if the rule is more nuanced than that in relation to AI, it should be respected.

It's 100% an issue with the people with submitting these PRs. So, if someone has a history of having no issue with breaking project rules (let alone being arrogant about it), it should be a massive red flag about the person for any possible employer or future collaborator checking their profile, etc.

Why people are wilfully destroying their own reputation like that is beyond me. It's infinitely better to have no activity at all on your profile than to create a track record of bad behaviour.

I can imagine in these cases the LLM is telling the "contributor" how smart they are and how much the project is loosing out, maybe saying something like: "It's not about maintaining project boundaries, it’s not about ensuring code quality; it’s a gatekeeping mechanism designed by traditionalists who feel threatened by forward-thinking creators like you who truly master the efficiency of AI."

> What's surprising is that while many submitters take that fairly well, some people get really indignant, essentially calling the maintainers ungrateful.

Why is it surprising that some people who expect results without spending any effort also feel entitled to receiving gratitude without putting in any thought?

Since Godot got mentioned, I thought this recent talk by Juan Linietsky provides a reasonable alternative to heavily restricting contribution.

https://youtu.be/LDSwP37y_W4?si=fMIsdQ2yjoiGChb6

> They've massively decreased the work they put in but still expect the same pre-ai reaction/gratitude when submitting a big PR.

I don't think that follows. They expect things to improve, they do something about it and might (unreasonably) be frustrated by what they think is a policy that stands in the way of quicker progress. The first part is certain, the second part less so, and the third is just speculation.

It's clear that open source project are struggling to understand what is going on and coming up with plans – like everyone else – but clearly there are better and worse ways to proceed in this new world, if popularity, adoption and progress are things you want to focus on.

What would be great is something like Pangram for PRs and issues. Detects if the PR or issue is AI-generated (with multiple checkers for redundancy) so that maintainers can choose to auto-close and PR authors have to at least manually write _something_ before they launch 20k SLOC diffs.

One could call a big lump of code a Tumor.

> What's surprising is that while many submitters take that fairly well, some people get really indignant, essentially calling the maintainers ungrateful.

I would be more sympathetic if they actually spent meaningful time on these contributions and could maybe see an argument for wanting their work to be given due consideration (lots of caveats here), but from what I’ve seen that’s the exception rather than the rule with a lot of these case.

There massive value in AI PR's.

If a feature and ignored, it can forked to provide more value to the users.

If unaccepted bugfixes, the maintainers are just silly. They need to be forked off.

The generalised form of this, which we are rapidly discovering, is that AI breaks the social contract that used to exist between an author and a reader (of prose, code, anything).

I agree, I suspect what Ladybird is doing here may become the normal social model for open source going forward.

We still need some mechanism for determining which humans have enough long-term commitment to become maintainers. Source contributions are no longer a reliable signal for that, and I don't know what future signal we'll use going forward. That's going to be a hard problem.

But, who knows, if AI really does make programmers radically more productive, maybe successful open source projects don't need a large maintainer team.

Yeah, that's well written and accurate. Hadn't thought about PR spam in those terms before but that does actually make a lot of sense.

Open source development has become more and more superficial aligning with modern social network characteristics. It's more important to have an contribution, a active commit history, a few stars as a proof of pixel fame than the intrinsic value of the contributions or projects.

Before the rise of github, open source projects were heavily walled gardens. Little clubs that gave you a stare when you entered the room. Github commoditized getting in touch and lowered the barrier for how much effort you have to put in or even how much you have to care before you contribute. This is gone now and you have to build trust now before you can contribute to anything.

This isn't the death of open source. It's the death of the global village were everybody can freely roam and it's easy to interact. It's the resurrection of small, social, trusted communities. I hope this spreads to all of the internet.

I’m never getting accustomed to the fact that there’s now an entire generation of coders who have never seen a world where "everything" is open-source and developed in the bazaar style (are people these days even aware of the metaphor or Raymond’s book?), a world in which the frigging Microsoft is a major OSS vendor and in charge of facilitating most of the open-source programming on the planet. Try explaining that to a time traveler from the late 90.

(Also, as a sibling comment implied, the archetypal "bazaars", like the Linux kernel project, now appear quite cathedral-like in conparison to the free-for-all GitHub model!)

> it will also make it more difficult to identify who to invite to join the priesthood

The point that this announcement is trying to make is, of course, that AI has already made that particular signal approximately worthless for that purpose.

There are great Open Source projects doing fine with the cathedral style, just look at Sqlite and its siblings (Fossil, …).

So I do not see a problem with Ladybirds decision, in contrary, IMHO it strengthens the human aspect of software development and puts the brakes on AI free riders

> it more difficult to identify who to invite to join the priesthood.

How about this. Somebody forks the project and submits their patches to the fork . If the fork is successful (there are users actively using it), upstream can selectively go fish for the patches themselves. The maintainer of the fork eventually gets recognized.

Not ideal, I know, but building a reputation is meant to take time.

If you grew up in a junkyard, getting adjusted to the social norms of a bazaar might feel like your way of life is being threatened.

> So I can find a bug, I can fix it, but I am not allowed to tell them how exactly I did it.

Pin pointing the issue is way more than valuable than code. If you wrote a fix, you have analyzed the bug. The value is there, not in the fix. Sharing your fine analysis is the maximized contribution. Code is an optional bonus at most.

Reviewing code in PRs is not a no-effort action. If there are 3 people working in the project, and thousands of people submitting bugfixes, then no matter how useful those bugfixes might be, the 3 people will be totally overwhelmed by the sheer number of PRs.

There might be value in your bugfix, but maybe that value is not greater than the cost of reviewing and accepting it.

> Reviewing code fixes is strictly easier than coming up with them yourself.

This is completely false, for any sufficiently complex project. The fix might be a single line change, but the consequences might be far reaching.

> As a user-and-eveloper, why would I sink time into a project with such rules that put a barrier to improving my life with the software?

Please don't! You don't owe the project anything. The other side of that equation is that the project also doesn't owe you anything. As simple as.

Firefox and Chromium are running much larger teams, let alone the Linux kernel, that other people suggested as a model. Maybe they can afford accepting your contributions.

> Nobody should need to know anything about any person submitting a pull request. Hopefully whether code that makes it into Firefox or Chromium was never based on the "effort" or "faith" of the submitter, but based on the correctness of the code in review. Reviewing code fixes is strictly easier than coming up with them yourself.

You state these things as if they are facts, but they are completely contrary to the lived experience of open source maintainers - not only my own and the TFA's but quite a large number of others who have shared similar pieces.

Would you mind sharing a link to one of the open source project you've been maintaining and reviewing contributions on for years that forms the basis of your expertise on this matter?

You can still tell them how you did it, just not in the form of code/patches. You should be able to describe it in prose so that the maintainer understands your solution approach.

> It was very useful for me

Exactly. You want others to change to fulfill your needs. Their priorities and needs are different. In this case, it was evaluated and found not to be useful (cost > benefits).

> So I can find a bug, I can fix it, but I am not allowed to tell them how exactly I did it.

You're allowed, they'll just ignore it. Same as how sqlite and some other projects operate.

> So I can find a bug, I can fix it, but I am not allowed to tell them how exactly I did it.

You can still submit a bug report and tell them exactly how you did it.

> Reviewing code fixes is strictly easier than coming up with them yourself.

Unless it's hundreds or thousands of AI slop PRs each pretending "here's a bug I fixed it"

They have rewritten a huge change of their project using llms.

How is it really related to AI? there have been issues with open-source and maintainers for a long long time

I think this is the key point.

A few years ago, if I send a complex PR that compiles and passes tests, that implies a certain amount of time and cognitive investment on my part. It seems likely that I wouldn't invest that if I didn't also understand the codebase, the feature or bug I'm working on, etc.

Now, that understanding is roughly as expensive as before, but AI has vastly reduced the cost of generating the code that compiles and passes tests.

Probably-well-intentioned community members are happy to contribute the cheap thing( Claude Code tokens) but, because it's so cheap, it's not a good indicator they've contributed the expensive thing (human understanding).

> If most of the pull-requests were AI-coded, well, the maintainers are equally capable of prompting Claude Code themselves.

I see this position a bit: the notion that AI-generated code has no value. I think it's easy to generate zero-value code, but I don't agree that all AI-generated code is zero-value. I've been working on my side projects in OpenCode, and I spend quite a bit of time prompting, setting up the right files, descriptions of the product I'm trying to build, and the roadmap for it. I have a tight validation loop that lets me run through a bunch of automated checks after each change, and then I do a bunch of manual testing through edge cases that the generated feature might screw up, and then I iterate. It's a different kind of work, but I can make progress more quickly than I could coding by hand. Validation loops are the main critical component.

My experience doing this over the past months is that using AI to code is a skill, and I learn new techniques and get better at it as I try stuff. But that also suggests that, when done well, it can produce something of value.

All of this is to say: while I take issue with your first sentence, I completely agree with your second sentence. What we've lost is the ability to distinguish easily between something well-thought out and something generated thoughtlessly. Focusing on cheap validation would help here immensely, as well.

The code just isn’t the main effort of work anymore. Anyone can generate the implementation, so it makes more sense than ever to instead hammer out the what, why, and how that underlies any code change.

I see all projects moving this direction. Makes more sense to hash out a plan together.

As they say, just send me the prompt instead, at least that's more useful.

yeah but they could get free token usage from the community

> the maintainers are equally capable of prompting Claude Code themselves

I'm 100% on the side of maintainers here, but this is BS. If you could "just prompt Claude yourself" the AI productivity boosts would be in hundreds if not thousands of percent, which is demonstrably and self-evidently not the case (at least as of June 2026).

Those corporations are not doing that out of the good of their hearts. They are doing so to assert control, in order to protect their business value. If it stopped being economical for them, they would stop tomorrow.

I do not think we should be eternally grateful for monopoly building.

Chrome is Google's loss leader.

>But all now seems like a transition phase. Transition to f-ing what though?

It feels like being in the middle of a tornado. But I think it helps to turn off screens, sit in a desk, and calmly remember first principles and consider them slowly.

Quoting obama, "reality has a way of catching up with you".

I see a lot of talk, but iOS is not delivering a decade of features and fixes on each yearly release. Literally no one does, if anything people are complaining that existing functionality is breaking down. So it can't be true that we're at 10x productivity, and this fact will eventually catch up with us.

Let's be human, and remember that many people are emotionally invested. Juniors want this to be a chance to shine in a market that otherwise rejected them. CEOs placed their bet on AI and don't want to walk that back. Seniors want to signal that they are not obsolete. AI companies will poison discourse. But all this smoke will eventually clear.

> Now I see communities being affected. When you kill PRs, you not only kill the code contributions, but also massively impact the other, non-tangible contributions like ideas, eyes on code, etc. That feels way worse.

These "contributions", while they did exist in small quantities, mostly were not actually what you've described there.

Instead, those boiled down to unsolicited opinions, hostile takeover attempts, value extraction, general drama and just overall overhead over simply building code.

This was not always the case, but the GitHub model of building FOSS (and removal of all friction) certainly made it the new default.

Said model was always unsustainable, but the burn rate made it sustainable enough so that we could just throw more humans at the problem to replace the burnt-out ones.

AI pushed the burn rate over the replacement rate.

=> We will likely see more projects adapt this or a similar stance I think.

First off, to have conflicting feelings about something is really normal and doesn't immediately point to a problem, it's extremely human, and I feel similar to you to. I'm a creative + programmer, I hate to see what's happening in some communities yet I too use agents for development, it'd be like avoiding Google + SO when they first appeared, feels like there is a clear "before/after" moments with those, and with LLMs as well.

I don't really have anything useful to add here, I think, just that you aren't alone in feeling conflicting feelings here. New things usually are like that, comes with incredible benefits in some areas yet seem to strip humanity away from others, some people use it to produce fluff and crap, others essentially gain new abilities and use those to build even better stuff. I don't think there is any universal truths here, sadly.

You can stop at any time. It's an unfortunate reality that many will not pay much mind as long as it's other people who are being harmed, but why support something morally and financially when it's now destroying something you personally care about?

It doesn’t help to know that using and supporting private LLMs is only making openai/anthropic/google/etc even richer. I myself cannot justify its usage.

Side question: what's wrong with Sonos playing a song? Are they generating AI music now?

AI first happened in the 1950s

> When people are losing something to automation, regardless of the economics of the situation, you cheer for the humans

As in cheer for the humans because they've been liberated from the drudgery they have lost?

Is cursing not allowed..?

Sonos? Did you mean Suno?

> Transition to f-ing what though?

The future is a bit fuzzy, always. That said, here's my take on it.

> Transition to f-ing what though?

Not jobs. Those will be gone once ai can do them cheaper than humans. ai can already do many (most?) of them better than humans. The jury is still out on the cost aspect. Judging by r/LocalLlama, the lower cost is not that far off. There may be some structural adjustments around compute pricing before that happens, though.

In the EU, humans will probably be ok. They have a strong tradition of focus on human needs. Because of lower average salaries [1] than the US [2], human employment will likely carry on longer as well.

In the US, those folks that have capital will likely be ok. They'll be able to purchase services from ai companies and invest in ai companies and corporate armed forces (ai-populated, not human) to protect the Haves. Those that don't have capital? Who knows? America hates poor people, women and minorities.

China? No idea. Though I hear that their demographics are upside-down, so there'll be fewer people to support over the long-term. That they'll supply the robotics and goods for the rest of the world is not in doubt: cheaper electricity from solar/wind, advanced ai and robotic tech, science and industry moving forward while the US regresses, hard.

India? Hard to say. No social net of any consequence. Not enough capital to go full ai/robotics, human labor way cheaper than ai/robotic labor at the moment, so maybe they'll survive as that last major bastion of human work for some time to come. But their economy is growing, and they have a lot of people, so at some point they'll come to that same fork in the road. Hopefully they'll have serious social safety nets by that time.

Africa? In a lot of ways, they're similar to India on the human labor costs side, so their future hasn't been written yet either. India can probably fend off an invasion by rapacious US corporates with ai/robotic armies looking for resources because of sheer numbers, but Africa, fragmented, is a different story. Maybe China will be their friend? If you think this scenario is outlandish, look into the history of European companies colonizing the world. You didn't think the East India Company with its massive private armies were government-owned, did you? Likewise with the Spanish/Dutch/Portugese expansions. The govt. takeovers didn't happen until much later, tens of decades later.

South America? They're an interesting case. Brazil may take a trajectory similar to the EU. Chile, Ecuador, Uruguay too. The others are a ?

[1] https://en.wikipedia.org/wiki/Economy_of_the_European_Union [2] https://en.wikipedia.org/wiki/Economy_of_the_United_States

Very related: https://graymirror.substack.com/p/sam-altmans-lamplighter

> Also: I liked a song and it was sonos. I unliked it after discovering. I feel so stupid, so often.

This is asinine. Keep depriving yourself of things you enjoy I guess?

I think your response is reactionary.

how was open source managed before GitHub ? you had to find a mailing list, be involved in the mailing list - ask questions, make a proposal, then create code after -- code goes through x rounds in the mailing list. finally it is merged if it suits direction of the project.

this willy nilly of opening pr's while not being an active member of a community I would say decimated open source.

"I was afraid" .. "hurt a lot" .. "I hope that" .. "that feels" .. "I'm conflicted" .. "I'm confused" .. "I'm afraid" .. "human touch" .. "I liked" .. "I feel so stupid".

Maybe, just maybe, you're not thinking rationally/logically about the situation and instead are mostly operating on emotion and feelings?

How would they know for sure if the submitted code was written by a human or AI? If they had a “no-AI” policy, there would be no way to enforce it.

The policy makes sense to me given the security concerns for the project.

That's entirely consistent with what they said here:

> Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences.

Yes, I have lost faith in some open source project maintainers that are doing this. There is an open source platform we've used for years at work (we use the paid Enterprise version of it) that introduced some pretty grotesque security flaws and when I looked into it I realized AI had taken over the project - you can clearly see it in the commit log whether it is attributed or not, just based on volume and frequency. It was very disappointing.

His Github page [1] matches some of this. 83% commits, 14% PRs, 2% reviews, 1% issues. Clearly out of control.

[1] https://github.com/awesomekling

Lua is the same IIRC: open source but not open development.

It’s MIT licensed, and the maintainers are always grateful for bug reports, but all the code in the project was written by just 3 people.

Yeah I don't see the big deal here. Some of the best software is made and maintained by a very small group of dedicated folks. It's a perfectly reasonable move to protect their time and project.

You're extrapolating from an exception.

EGCS was created because Cygnus, a company whose business was based on GCC, wasn't getting their patches to GCC, maintained by non-company FSF.

Cygnus outcompeted FSF by so much that FSF folded and made EGCS maintainers new maintainers of GCC.

I just don't see average open source project being forked and improved by so much that it eliminates the original.

This requires 3 rare things to happen:

- the project is important enough

- the project is half-dead

- someone is willing to out-compete the original project

That won't happen to e.g. Laydbird. Yes, it's important but it's making rapid progress and they also use ai, so you can't outcompete them just using ai. It's a full-time project for at least one person (Andreas Kling) so unless you manage to find a band of great, unemployed programmers I don't see how you would compete.

Yes of course it will.

Just two months ago ladybird announced that they were leveraging llms to do the rewrite that had been languishing for a year.

Now, "it breaks the social contract." Alright buddy.

This is part of the insane overreaction rippling through various communities.

The folks who figure out how to do it successfully will succeed. Groups that recede into what they know will either be slow to adapt or end up forming modern old order Mennonite groups.

Which, it's fine no judgement. But those groups don't represent technical / human progress. They represent recalcitrance in the face of a changing culture/world/society.

I think a trust system is the only way. Ladybird will need new/different maintainers at some point in the future. How are you going to find them now?

I don’t disagree with their choice, but it’s not sustainable in the long term.

I don’t think that changes the project independence, when a project is open to PRs you have the same dependency on maintainers accepting changes into main. And the project is still open source. But that does make it less community oriented

It is still independent in sense that it doesn't depend on Google Search money and Chrome/Firefox code as most of the alternative browsers. Depending on your definition of dependency, it will always going to be dependent on something.

Also they are not changing the licence or preventing forks.

It is a pragmatic solution to a real problem that can really clog down progress on the project. I hope they (and other open source projects) will figure out how to filter in good, responsible contributors but I guess it will take time.

Exactly! It's not opensource anymore: it's fork-or-transparent source.

What made the community so good, is that it was a community.

Any rando armed with an LLM is not a community.

I'd argue that was what made Serenity good - a toy OS that anyone can code anything for. Want to spend ages working on a painting program? Make screensavers? Add drivers for your printer? Port Doom? Improve font support because it sounds fun? etc. It celebrated coding for coding's sake, which is the antithesis of AI. There's no point vibe coding features for Serenity because there is no real product there.

On the other hand, Ladybird is gearing up to become a production-ready browser for real users. Adding fun features for the sake of it, and hand-rolling code to parse PNGs and the like, has become a liability for the project.

I lost all trust in the project since the LLM rewrite. This new step is another red flag to me.

I believe the development world has a few cultural issues that make it hard to focus on the issues at hand. As a group we tend to not see the forest for the trees which causes us to worry about microscopic details while ignoring overwhelmingly more important realities, like, say, economics, lack of proper communication, team alignment, power hierarchies, etc. Being male-dominated has also not helped us for as far as I can tell the field, like many others, is dominated by power play, ego and identity issues. Everyone is trying to prove to everyone else how clever they are instead of cooperating properly. I can count on one hand the programmers I met that are actually humble and not just humble bragging. I myself am guilty of this arrogance.

If we were at all competent we would have focused on the issues you mentioned. Architecture, intent, definitions, validation, actual proof that our work does what it needs to do. We didn't care because we were too busy showing ourselves and the people we look down on - the "suits" and other programmers using different styles/languages/frameworks - how superior we are and how clever we are that we can internalize and navigate Rust's syntax and C++'s foot-guns.

Unfortunately, or perhaps fortunately depending on your perspective, I think that strategy is dying. It might be best for us to keep the eyes on the ball. What does the system need to do and how do we validate that it in fact does what it says on the tin? All the rest is noise and that includes "code". If a million monkeys on typewriters get the job done within acceptable parameters so be it.

It makes sense when you have a somewhat fixed core team size. Frankly, in some regards, this is the responsible thing to do.

It means they’ll never grow modules or the codebase beyond what the team can reasonably maintain.

However on the other hand.. What does this mean for the existing team, are maintainers now worth considerably more to the project? What does this mean for the codebase, or the momentum of the project?

It’s an approach I would have expected for the likes of curl, or single-purpose libraries. But this is a mammoth decision for a mammoth project.

I guess we’ll just have to see.

You can still contribute through bug reports.

>This seems quite misguided

Does it? Seems the only sane option. The other being being drowned in AI slop PRs.

> hoping to push the changes to the project. I guess I am maintaining that myself now.

Not just the changes, you'd push the responsibility, too, for supporting a whole new compilation target. I don't know how big this is, but if it's a big enough hassle to keep maintaining this yourself, then consider that this maintenance work is really what you were hoping to push. So, depeding on which, you might be fine maintaining this, or the maintainers might have rejected the change, anyway.

    1. Free Redistribution
    2. Source Code
    3. Derived Works
    4. Integrity of The Author’s Source Code
    5. No Discrimination Against Persons or Groups
    6. No Discrimination Against Fields of Endeavor
    7. Distribution of License
    8. License Must Not Be Specific to a Product
    9. License Must Not Restrict Other Software
    10. License Must Be Technology-Neutral

> We usually call open source software without open collaboration source available software.

Not at all. You are of today’s lucky 10,000 [0]. Open source refers to OSI-compliant licenses, not open to contributions. SQLite is open source but not open to contributions.

[0] https://xkcd.com/1053/

Hell no, open source is just about the licence, and source available generally refers to proprietary licenses that at least let customers access the source.

This is just the cathedral model to open source, as opposed to the bazaar you clearly prefer, but it's still open source.

Linux has WAY more maintainers, and many of them just reviewed other people's commits for years. They had a crazy amount of contributions even before AI.

The only problem with that nowadays might be that AI can do all the incantations that formerly acted as gates to contributors.

The Linux approach is under pressure too. Maintainers are beginning to warn about too many contributions and too much churn to review it all.

One commit per logical change, `git send-email` instead of `git push` and open a PR. Sending patches is not the difference maker here.

That doesn't solve the volume or quality problem. LLMs can split one giant PR into 50 smaller PRs just as easily and "well-documented" isn't something you can determine automatically.

Why is it so hard to just accept that AI PRs suck and create an enormous amount of toil?

I don't disagree with the desire for more inherently secure architectures, but I don't think it's the most relevant issue here.

You're always going to have to trust some core same-privilege code--a browser renderer is a great example of this: it has to be able to see the entirety of the DOM it's rendering, right?

Higher-level languages can still help code review--for example, memory safety makes it harder to hide a backdoor via unsafe memory operations leading to code injection. But you're still, fundamentally, trusting these community contributions.

I think the real problem (as others noted here) is that:

- writing code is now much, much cheaper than ever

- understanding and designing code is still fairly expensive

So doing the former (in the form of a PR that compiles and passes CI) is not a good "staking mechanism" to prove someone has done the latter.

mitchell hashimoto https://github.com/mitchellh/vouch implemented this idea

https://github.com/PThorpe92/fossier

the ghostty developer introduced a system similar to what you describe!

Encourage forks and wait for actual experienced, committed maintainers of the fork to emerge I suppose is the way. In essence the maintainers are saying the path to trusted contributor and then to maintainer via outside unsolicited pull requests is less useful because the signals of a committed person in that path have become less useful.

You are also not cultivating any new contributors by just accepting slop the submitter did not write or understand.

I guess they will have to introduce some kind of trust-based system.

There is, it’s being able to tell bullshit from actual cosplayers.

Ladybird’s blog post is arguing that it used to be tolerable to spend the amount of time evaluating this for every PR, now it’s just unmaintainable for their effort-time.

what, in your opinion, are the new proxies?

> i feel like there should be a way to trust a PR ID verification or in-person verification at FOSDEM/DEFCON/Chaos Communication Congress,UNI's, for example.

They probably could do that as part of the hiring process.

Good point about how the community of mathematicians is struggling to come to terms with the role of language models in their work, and the similarity with the community of software developers. Machine-generated programs and proofs are contributing real value, undeniably, but it's causing social tension and destablizing the community with the sheer volume of its production, the varying quality, unreliability, and lack of humanity in the process. I would guess that similar issues will spread throughout society, in other areas of collective work and living. One potential solution, like with Ladybird and some other open source projects, is for a community to become more exclusive, restrictive and selective about what inputs they accept.

I think it's not the issue with the added PR count, but the fact they have to review them. 1 big PR review is the same as 5 small PR reviews if you have to look at how it holds, edge cases and what not...

> More code than you could ever write in ten lifetimes, uploaded to your repository in a matter of days

I wonder if any of you AI boosters have any actual knowledge of how software is written, why bugs exist and how to mitigate tech debt. I wonder if you guys even know what tech debt is.

Somehow it’s always very young accounts which made me wonder if I’m talking to exuberant teenagers or people that have done a one week Python code camp 10 years ago and now think they’re John Carmack with their Claude subscription.

Is your point that Anthropic is now accepting code submissions to Opus 5.0 from “millions of contributors”? No?

Ladybird uses AI to code. This is not them banning AI. This is them not wanting to take responsibility for the code WE write with AI. They think outside code contributions are raising their risk and slowing them down.

I dislike this change but it does not track to what you are saying at all.

Like always with Open Source, if you really believe what you are saying, fork the project. Outrun them if you can.

Every idea can seem quite nice if you only imagine the good parts, gloss over the nitty-gritty and ignore the bad.

> open your repo to the public, and have a stream of code flow in from millions of contributors. More code than you could ever write in ten lifetimes, uploaded to your repository in a matter of days.

why would you want this. this sounds terrible

This is not really a valid criticism for an Open Source project. I built Ladybird from source yesterday and I am typing this comment in it now. So, I assure you that the Ladybird browser exists.

Of course, Ladybird is not production ready yet. Feature-wise, it is getting close. I can use it to do most of the things I want to do with a browser. Speed and reliability are another matter. I has gotten dramatically faster but normal users would still find it slow. But the biggest problem is reliability. I would not use it in its current form for anything that matters.

But for a complicated application that was started from scratch, not being ready yet is not an indictment. They claim it will be ready for regular users to try sometime this year and, from where I type, this seems realistic.

Where "better" means you and your maintainers spend all your time scrutinizing volumes of code from token prediction machines?

Good luck!

It was alluded to in the post - contributors turn into maintainers. Someone who contributes has a small but plausible chance of sticking around.

For an open source project that isn't a business, that's really the only way to recruit people

Opening lines: "Today we’re changing how code enters the Ladybird project.

We will no longer accept public pull requests. From now on, code changes to the Ladybird codebase will only be introduced by project maintainers."

Seems like a good bottom-line-up-front to me.

That's not source-available, that's still open-source. Quoting Wikipedia:

> Source-available software is software released through a source code distribution model that includes arrangements where the source can be viewed, and in some cases modified, but without necessarily meeting the criteria to be called open-source.

https://en.wikipedia.org/wiki/Source-available_software

> Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Open-source software may be developed in a collaborative, public manner.

https://en.wikipedia.org/wiki/Open-source_software

And as said here, SQLite was operating like this forever.

It's not source available, source available implies some restrictions on what you can do with the source, or with any resulting binaries. This isn't a rugpull; all they're doing is closing off contributions, which has nothing to do with the license of the code.

This is not the same as source available - you can fork it, the license didn't change.

Possibly, but they didn’t have much choice. Large open source endeavours are dead.

Maybe, or maybe not. But it will certainly kill the community they've built up, and squander a huge amount of goodwill. Why would anybody who's interested in supporting or using an independent browser (read: techies) choose one that nobody can contribute to? Not to mention how the sponsors might feel about this.

> I feel like the project just died.

Why? This seems to be a strengthening move, not a weakening one.

Too early to say. Once they enter "we now accept everyone to use Ladybird as daily driver" then there will be the real test phase. And, IMO, only after that phase has started and continued for some months, perhaps even few years, can a final conclusion be made. If ladybird fails then the Google empire has won permanently. Skynet slop will then be under control of Google, just as they stole all the advertisement money.

> Opensource doesn't mean open to contributions.

That's not entirely true. It's certainly the case that Ladybird is still under an open-source license, but the whole idea of the "Open Source" label was to move the emphasis away from having a free license to actually being open to patches in practice.

That is the opposite of what's going on, read this https://kristoff.it/blog/contributor-poker-and-ai/

Now that I think about it, moving away from GitHub surely filtered many low-quality contributions fueled by clout/GH profile reputation.

Indeed, while there is communication that the situation with merging external pull requests should improve, the reality is that it's easier to land a patch in Linux, than in Zig.

It sounds like all public contribution will simply be impossible. That said, they will continue to develop out in the open on GitHub and you can clone the repo and build whenever you want. You can continue to contribute in other ways.

https://ladybird.org/#contribute

I hate this change and agree with your PR comment. This change makes me sad as well.

My hope is that public contributions can resume in the future. Part of their justification for this step is that they are trying to stabalize the project to produce a stable public alpha. Fair enough. And many Open Source projects have begun to voice concerns over the burden that the massive increase in contributions is causing, often from AI. Linus Torvalds has certainly been flagging this. The Open Source world in general is going to have to navigate this and come to a solution that works without the entire Open Source ecosystem becoming read only.

Once Ladybird ships a "stable" browser out to the world, I am hoping they can adopt whatever the "best practice" for Open Source has become to be able to accept public participation again.

What made open source great, is the fact that if you find a problem, you can patch it. It's what motivated me, anyway. Ladybird is not SQLite, it's under development and very likely will be forever. To me it looks like they are transitioning into a company, where this model makes sense.

isn't linux-kernel-development operating on exactly the same model since forever ?

How does that help? People gladly post slop PRs under their real names.

It's not source available. It's OpenSource(TM) because of the BSD-2 license.

This is not unheard of. The most famous models are emacs & SQLite. SQLite doesn't accept outside patches, emacs is developed opaquely and only releases are put forward.

You can do this with GPL, too. You put out tarballs of the releases only.

There's a great misconception between Free Software, Open Source, and Open Development (bazaar model). They complement each other, but they are completely independent things.

Addenda: Looks like emacs' Git repo is publicly accessible now, but it's not a requirement for GPL or Free or Open Source software.

Full visibility of the source code is very different from having full legibility of the system: comprehensibility is the bottleneck.

(Seems I ran out of edit time!)

> Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences.

It probably accelerated the decision, but I don't think that's all of it. I think they're moving in the WebKit/Safari direction: open for you to look at, but not really an open source project.

AI contributions are only a part of the issue. Another part is where a contributor decides they want a specific feature and contributes it but then disappears off into the sunset when it comes to needing maintenance later.

Nobody wants ai slop

And most social media, and blogs.

Newspapers are adopting it too, so soon we may see slop dominate even high brow publications.

Feels like a huge shift in human intellectual capabilities. Honestly quite worrying, I don’t think it’s a Luddite position to say that removing writing is removing thinking.

How would you decide what is the middle ground though? If a project allows some AI-generated PR if its good quality, then it is a burden on the reviewer on what is considered good or not.

> Now opensource will become a thing that only "influential" people can contribute to.

No. Having access to a slop generator doesn't entitle you to acceptance to any and all open source projects. You're still responsible for the quality of your contributions. Something that is completely lost on bullshit artists.

> Now opensource will become a thing that only "influential" people can contribute to. We're back to nepotism, not meritocracy. Down hill we go.

Or people can just start their own projects instead of working on someone else's. Many projects instead of potential large points of failure.

I want someone to resolve the contradiction you have highlighted. Why don’t we now have an AI built web browser that is much better faster than chrome?

To that mind, why hasn’t chrome itself become 1000x better?

There is a disconnect between the narrative and reality.

The Zig project is making a real difference in the culture of open source software. I'm so glad for the leadership and community. It's a refuge from the mania of large language models disrupting this and other industries, steamrolling over human connection, decency, ingenuity, class, taste. These intangible qualities that make it worthwhile, joyous and fun, will be destroyed unless people put in effort to protect them.

Comments in this thread that insist open source has nothing to do with community, that it's simply a licensing matter, is disappointing and shows a lack of understanding of what's it's all about. Similarly with the community of mathematicians. Some people reduce it to "Math is just a tool", which is just ignorant and sadly misses the beauty, wisdom, camaraderie, and the humanity of the endeavor which is what matters.

>This is an obvious recipe for disaster (a rugpull), and I'm forced to wonder if this is just by mistake or if some of the Ladybird sponsors are playing a mean game of Secret Hitler. I guess only time will tell.

When I first read this I checked the license and saw that a rugpull would be permitted. However, if someone wants to continue the project after the rugpull they could do something thing like the redis rename to redict.[0]

[0] https://andrewkelley.me/post/redis-renamed-to-redict.html

Can we see some discussions that got people perma-banned?