I really don’t blame them, security and privacy minded folk are more likely to use niche configs. Feels like for Linux stuff companies may be better served making APIs and letting the community handle it. Rclone for example implements a bunch, and last I knew had an unstable Proton plugin.

Key detail in the actual memo is that they’re not using just an LLM. “Wallach anticipates proposals that include novel combinations of software analysis, such as static and dynamic analysis, and large language models.”

They also are clearly aware of scope limitations. They explicitly call out some software, like entire kernels or pointer arithmetic heavy code, as being out of scope. They also seem to not anticipate 100% automation.

So with context, they seem open to any solutions to “how can we convert legacy C to Rust.” Obviously LLMs and machine learning are attractive avenues of investigation, current models are demonstrably able to write some valid Rust and transliterate some code. I use them, they work more often than not for simpler tasks.

TL;DR: they want to accelerate converting C to Rust. LLMs and machine learning are some techniques they’re investigating as components.

What do you mean by “this stuff?” Machine learning models are a fundamental part of spam prevention, have been for years. The concept is just flipping it around for use by the individual, not the platform.

If by reliably you mean 99% certainty of one particular review, yeah I wouldn’t believe it either. 95% confidence interval of what proportion of a given page’s reviews are bots, now that’s plausible. If a human can tell if a review was botted you can certainly train a model to do so as well.

Cool it with the universal AI hate. There are many kinds of AI, detecting fake reviews is a totally reasonable and useful case.

A major caveat I’ve noticed some people misunderstand: it’s corporate CLAs that are problematic. The Apache Foundation also requires contributors sign a CLA, but it’s to provide a legal fail safe and a way to update to say Apache 3.0 if need be one day. Apache’s non profit, open source mission aligns with respecting the rights of contributors and the community. Corporations, on the other hand, not so much.

Codeberg is run off of donations, they have no service contract revenue. Nobody, much less a volunteer, wants to commit to a 5 or 10 year service plan like that, it’s not sustainable for a small project from a non profit.

CLAs can be abusive, but not necessarily. Apache Foundation contributors need to sign CLAs, which essentially codify in contract form the terms of the Apache 2.0 license. It’s a precaution, in case some jurisdiction doesn’t uphold the passive licensing scheme used otherwise. There’s also a relicensing clause, but that’s restricted to keeping in spirit, they can’t close the source.

I was in a similar position and moved to Proton. Their native Linux support is rudimentary, but nobody else provides a better, privacy respecting option. Their web apps work well though, and the email client uses local storage APIs for offline use and search.

I do use Mega for cloud storage though, they’re e2ee and have solid Linux (both GUI and really nice CLI) and mobile support.

Arch for stuff I have physical access to. Nothing’s ever gone wrong, so it’s worth it for the immediate updates and consistency with my other systems. For VPS I use Debian though, occasionally the unstable/Sid branch if I really need the latest updates. There are almost always Debian images available on a VPS.

Forgejo is my go to, I ran it in a GCP micro instance, which has 768 MB ram and a piddling processor. One of my friends works for a company that had all their devs run a local instance in addition to the main repo, it was that light.

Gitea is the former go to, but gitea was hijacked and stolen from the community by a for profit company. Forgejo is currently a drop in replacement fork, but with added privacy features, future federation options, and a reputable parent organization.

I use netdata, it’s very good at digesting thousands of metrics to sharing actionable. The cloud portion is proprietary, but you can toggle off the data collection. I did turn on the cloud portion though, I get email notifications when something breaks. Might sound counter to the self hosted mantra, but a self hosted monitoring system isn’t very helpful when your own systems go down.