Somehow, this seems like a serious negative consequence of LLMs to me. We should consider how security patches move through the ecosystem. Changes like this are understandable but only because PRs from LLMs are so bad and prolific. When a new exploit is discovered, the number of sites that require a change goes up exponentially due to LLMs not using libraries. At the same time, the library contributors will likely not know to change their code in view of the new exploit. This doesn't seem like healing, more like being dissolved and atomized to the point of uselessness.

▲

marcus_holmes 2 hours ago | parent | next [-]

> When a new exploit is discovered, the number of sites that require a change goes up exponentially due to LLMs not using libraries

Conversely, if there's a supply chain attack in a library it's not being immediately spread to thousands of production servers.

▲

comboy 4 hours ago | parent | prev [-]

Code changes are cheaper to make now and kind of more expensive to verify.

So you can still contribute, you just not need to provide the code, just the issue.

Which isn't as bad as it sounds, it kind of feels bad to rewrite somebody's code right away when it is theoretically correct, but opinionated codebases seem to work very well if the maintainer opinions are sane.

	▲	hunterpayne 3 hours ago \| parent [-]
		And if the maintainer doesn't understand something about how the exploit works? Also, code changes aren't cheaper, its just that you can watch YouTube instead of putting in effort now. But time still passes and that costs the same. Reviewing the code is far more expensive now though since the LLM won't use libraries. PS The economics of software haven't really changed, its just that people (executives) wish they have changed. They misunderstood the economics of software before LLMs and they misunderstand the economics of software now. PPS The only people that LLMs benefit are the segment of devs who are lazy.