Kornel

#Code reviews seem to be the biggest bottleneck in software development right now.

Open source package ecosystems are victims of their own success. There's a long tail of iffy packages that nobody has reviewed, and nobody wants to.

For the top projects, maintenance is tough. Stakes are high. Reviews are hard. Contributions are meh quality (even before LLMs). It's not just code, but a people problem too. GitHub's primitive workflow wastes everyone's time.

Something's gonna break.

Apr 13 at 12:08amWeb
Show threadKornel1d ago

LLMs can spit code-alike outputs 24/7, faster than humans can read it. This is a DoS attack on open source.

A maintainer can't trust that the person submitting a PR has properly reviewed the code, so they have to do all the review work anyway. There's zero benefit. If the maintainer wanted LLM-generated code, they could ask an LLM themselves, and skip the trust issues and slowness of dealing with a random middleman submitting it.

Something's gonna break.

Show threadKornel1d ago

Our model of software is still like manufactured goods: there's one product released, and everyone gets an identical copy.

I think LLMs will turn software into #houseplants - every user will have a slightly different clone, grow it, kill it, start a new one.

Maintainers don't want LLM code. Too much to review, too little value, merge headache. For users incentive to submit is also low: very slow process, with low chance of success. But an LLM can keep reimplementing their pet feature.

Show threadKornel1d ago

I'm not saying that would be a good thing, but the imbalance between the volume of code LLMs can generate vs code that people can maintain is so massive that I can't imagine things staying the way they are.

It makes better-than-LLM quality expensive and bottlenecked in comparison. This creates incentives to shift to quantity over quality, and to find ways to make do with buggy code.

Show threadKornel1d ago
Maybe High-Fructose Corn Syrup would be a good analogy for #LLM code? It's a crap nobody would want, except that abundance of subsidized corn creates an incentive to stuff it into everything.
Show threadbenschwarz1d ago
@kornel Americans seem to love the stuff. Let em have it
Show threadThommy1d ago
@kornel yeah the dynamic where it especially doesn't make sense to accept LLM-written submissions is a huge issue here. Even if you're pro-LLM generated code, a rando has no advantage over just letting the maintainers use the same thing (why not just give them money in that case?) The main reason to make unsolicited "submissions" is you're a startup trying to use the free labor of code reviewers to train your agentic coding product.
Show threadmirth1d ago
@kornel Reviews have a lot of functions including quality control on the change, determining separate from quality whether the change fits the project's plans, disseminating knowledge to both parties about how the system works, building relationships between contributors, etc. I think part of the answer is we'll see more projects split into core + contrib where the design of the core contains the effects of bugs in contrib, and where the two projects have different contribution rules.
Show threadthedoh 🇨🇦1d ago

@kornel @markstory

This highlights a key problem with this technology: Because generating this content costs nothing (in terms of human effort) to produce, it has no value.

Show threadAndrocat1d ago

@kornel

Result: "Ignore all future PRs unless accompanied by cash"

Show threadTaco Dave1d ago
@kornel @shtrom it’s me. I’m gonna break.
Show threadOlivier Mehani23h ago
@dave I think we all are. We contain multitudes points of failures. @kornel
Show threadBlayne1d ago
@kornel this is how we make the movie and video game hacking tropes a reality.
#genai
Show threadLuke Harby1d ago

@kornel Thanks for articulating this, it's something I wanted to try and express recently after thinking about the quote:

"Every line of code that is written is a line of code that has to be maintained."

Show threadPaulDavisTheFirst1d ago

@kornel well, yes ... and no. I'm one of the two main developers of the FLOSS DAW ardour, and it is true that we are running into issues with LLM generated PRs.

But we're also running into people using an LLM to solve a very specific problem that is bugging them, something that we would never "ask an LLM ourselves" to do. Those PRs are often just a handful of lines with (often) obvious correctness.

It would be a shame to throw out that baby with the other stinky bathwater.

Show threadThomas Depierre1d ago
@kornel it always was. I really need to publish this blogpost
Show threadmcc1d ago
@kornel It seems to me that the reasoning in this thread is a good argument why, among a number of other reasons, we need to be building out an alternative open source community where use of LLMs is banned by project policy, community mores, and if possible the software license. Nothing else preserves the open source community in a form that resembles what it once was, or for that matter a form worth keeping around