dumb question, with LLMs being so prolific now, why is this sort of a thing.. a thing? Why not us an agent to maintain code people use, but humans don't have time to keep up with? or at least, are agents being used in FOSS software widely for such ends, at least to reduce the burden and cheapen the cost of delivering quality FOSS experience?

Lol

Yeah, cloud agents come with nice things like being able to filter content, implement guardrails like preventing PII or prompt injection from taking place. even if they sucked, at least liability wise you're set. I don't know how someone could even come close to this capability by doing it on their own. If anyone does, please share what tools, platforms and projects you're using.

How is that the answer when even parents don't have the right tools for this. are parents supposed to surveil their kids 24/7 and monitor their internet traffic?

Why is the internet special, do you also believe physical stores shouldn't check for ID for cigarettes and alcohol, because the solution is better parenting?

I never had to get my ID checked to be able to talk to strangers.

Did you to talk to the strangers in the night club when you were 11? Or were there several completely separate reasons for why you couldn't?

The internet has explicitly R-18 chats. Random IRC channels are not nightclubs. I am moving the goal posts back, if you touch them again we're escorting you off of the field.

Most things that happen at nightclubs are not R-18 either.

That doesn't make adult spaces equivalent to family friendly spaces, off the field now sir.

in real life people can see you and determine your age at a rough estimate and be able to tell if you're an adult or not. Do you support having to turn on your webcam and show your face in real time then, to talk to strangers on the internet? many age verification sites are doing just that.

Did you mean to reply to me? I evidently do not support the age verification regime, so no...

maybe?

I get that you don't, all I'm trying to do (and failing) is have a discussion, apply critical thinking and be able to articulate a position. I'm neither fully opposed to it, nor fully in support of it. I'm always seeking nuance. I've found out lazy reductionism is the cause of much suffering and loss in the world, I can be bothered with the tedious nuance, especially for a topic I know a thing or two about in my own view.

Unfortunately karma systems on sites like this are not conducive to such a discussion. I want to challenge your opposition to the age verification regime, so that I can be better informed, and you will stand on a more firm ground, articulating your views with solid arguments instead of "i don't like it".

Oh, okay. Well in that case then the answer is no, I don't support any of this.

Of course I'm happy to talk about my positions but there is little nuance to my position tbh: I remain entirely unconvinced by the justification for proposed measures and believe that the entire discussion even happening is essentially a framing error. We're all talking about what should be done about this. About what, specifically? And, well, why now?

I grew up on the Internet. I've had essentially unfettered and unmonitored access to it since I was maybe 11 or 12. Me and my cohort of classmates often talked about sites like Rotten or Motherless at the lunch table, and certainly age inappropriate content like on Newgrounds and Lord help us, Ebaum's World.

Now okay, things have changed. (I'm still quite online for better or worse, so please don't get the idea that I don't see that the modern internet has different child safety concerns than the one I grew up on.) But somehow, the rhetoric is exactly the same as always. It's the same damn thing. No matter how the times change, it's the same "protect the children against the evils of sex and pornography!"

Uh huh. I realize not everyone has a universal shared experience, but from my point of view, the problem with kids and inappropriate content isn't just a story of negligent platforms. It is the story of 1. Hormonally unstable kids going through puberty who will often stop at nothing, 2. Platforms that are more or less indifferent and will do whatever gets them money, and 3. People who take on the immense responsibility that parenthood entails then expect the whole of society to take care of them.

I don't know what to tell people, I get that this is a terribly uncomfortable fact, but the number one reason why adolescents get involved with porn and sex is because they explicitly are seeking it out and want to be. It is nothing to do with the porn industries or lack of Internet regulation, it's their goddamn bodies.

It's absolutely true that I had access to content far more disturbing in all metrics than the old playboys under the mattress of yesteryear. I am not claiming this is ideal or that it should be the case. I'm just saying that it happened and the generation that was there is here right now, and we're fine.

But maybe social media is just simply too much. It puts kids at too much risk and they can't handle it. I think we're selling a lot of adolescents very short here without at least giving them a chance to have a bit of freedom, but fine. Let's fix this.

How? It's simple. When you are a kid, the first computer and phone or whatever kids get these days, is given to you by a parent. What we can do is make decent parental controls. We don't even need strong identity verification. We just need to be able to provide a way for apps and sites to voluntarily block children.

This sounds eerily similar to California AB 1043, and it is. I think that California AB 1043 is also bad for many reasons. Firstly, I know this is going to be expanded in many uncomfortable directions; it doesn't take a genius to make basic extrapolations. Secondly, I feel it is poorly written and confusing; what's an app store? Why does the law require all apps to request and store the age bracket information? What is an app? Does GNU sed now need to, by law, request the age bracket information from systemd and store it somewhere? And no, it isn't acceptable to just try to "do what they mean", it's a badly written bill. We shouldn't accept badly written legislation, but apparently in the past couple years or so the situation that had been ongoing for the past 3 decades or so with the Internet suddenly became extremely urgent to fix Right Now (in a couple of years) so we had to rush out shitty legislation that makes no sense.

So while I would love to just have sensible parental controls, nobody is actually really trying to enshrine this into law. It seems like they're mostly concerned about lobbying to push the responsibility elsewhere.

So we won't even just get sensible parental controls. We'll get weird parental control like legislation, having to send a live stream of our faces to sketchy companies who pinky swear to not leak it by accident, enter our credit card information into sites that definitely won't get breached, and scan our goddamn government IDs to access basic chat functionality that we already use today, in some cases. Because we can't get a handle on how to stop the 20% of people in the first 20% of their lives from accessing inappropriate content on devices and internet connections that WE FUCKING GAVE THEM! Before we've even attempted to quantify how harmful unfettered Internet access is to adolescents, or hell, how Helpful it is. (It sure was helpful for one of my friends who was gay and could access resources on the internet when his conservative parents were unhelpful. I suppose everyone is allowed to raise their kids how they like, but I can see the duality of how it's also not always the case that the parents know best.)

To say that I think this is all beyond farcical is a massive understatement. So I do apologize for maybe seeming a bit dismissive about this issue, but personally I already know it's coming from the wrong place and I don't like engaging with things that I know are coming from the wrong place. I'm not saying you or anyone in particular actually has bad intent by any means, just that I don't believe this entire movement at all.

> We're all talking about what should be done about this. About what, specifically? And, well, why now?

There is a seemingly endless lists of victims to crimes happening online. Not only that studies that are coming out in recent years are showing lots and lots of adverse effects against children that grew up with unfiltered access to the modern internet. The internet you grew up in as you probably know is long gone, the iPhone-era internet, with tiktok, instagram, youtube,etc.. is a whole other ballgame. Not only that, people depend on it a lot more, it is not a whole lot different than any other real-life infrastructure, except it was built without any planning around how it impacts those that it affects. When you open a business you need a permit, when you accept or reject customers in a real world business there are laws, even when you simply have a gathering in a public park, above a certain number of people you need a permit. All these laws originated as a result of people getting harmed.

Why? To be frank there are lots of whys. The big-tech companies like Meta and OpenAI are using this valid concern and narrative, so that they can swoop in, save the day and then do some really nasty evil crap (not just profiteering). and like so much else these days, these ghouls win because people like HNers can't be bothered with critical thinking, they're allowed to get away with what they do because the alternative those who can actually solve this present is preservation of the status-quo (I can rant a lot about how this is also how the downfall of America is being orchestrated, but that's a distraction).

> I grew up on the Internet.

That internet is gone, dead, a thing of history. Your experience is invalid. Take some time to see how r/Teachers in subreddit is observing the change in kids these days. The internet you grew up in was young, it was not widely adapted at a global scale, you didn't rely on ebaum's world to function day to day but you'd be hard-pressed to even get vital medical care these days without a smartphone on hand, logging into random sites and installing random apps. Even with porn, it was one thing over a slow connection with not a whole lot of awareness, you have kids even under 12 watching porn on smartphones.

Take a step back and think about this, someone who is unable to consent to sexual activity is partaking in one, and the people that are particpants on the other side of the sexual experience are adults who can consent. Sex is used because it's a lazy of making an argument, but the point remains, it doesn't matter what your anecdotal experience is, many for example say they were fine having sex with their hot teacher in highschool, but we send such teachers to decades in prison for grooming and sexual abuse of a minor. It is the simple fact that society has decided consent is required for certain activities, and age of consent has been established. The means of the interaction is irrelevant, non-consensual participation of certain activities is illegal, and laws must mean something and must be enforced equally.

> Hormonally unstable kids going through puberty who will often stop at nothing

That is irrelevant. If we can stop one kid from interacting with a pedophile or having life-long psychological issues, it's a win. and honestly results are irrelevant here, the means is not a way to justify the ends. the means here exist because it's the law, society has decided it's wrong. If you think kids should watch porn, that's a different story and it would be same as agreeing they should be sleeping with adult prostitutes or get into strip clubs. The internet doesn't change what's happening. Watching a naked stripper in person and watching that same woman do the same thing on a screen are not different types of non-consensual sexual activities.

Your argument about "they'll just want it more" is not correct either. The same argument has been tried with alcohol and cigarettes. Right now the alcohol industry is suffering because Gen-Z don't want to drink, same with smoking. All the efforts to curb those are paying off. Gen-Z are much more prudish and seek out social conservatism because they're seeing the penalty of this reckless disregard to the harms being done to a person's mind.

It used to be boomers and older generations would say "look at me, i grew up being beaten near-death and I turned out ok" too, anecdotal experience doesn't make things right.

> California AB 1043

I don't know much about it, but restricting social media and internet access to kids is happening globally, and for a good reason too.

Just consider one thing in this discussion: it isn't about being a prude, but about actual harm, actual suffering, actual abuse that's happening.

> So while I would love to just have sensible parental controls, nobody is actually really trying to enshrine this into law. It seems like they're mostly concerned about lobbying to push the responsibility elsewhere.

Parents have a responsibility, but so does every member of society. You have a responsiblity to not hand over a child a gun, poison, alcohol, keys to your vehicle,etc.. when you interact with others you are responsible for your part of that interaction. You don't get to flash your private parts at children, and you don't get to do that same thing through a screen either. Being over the internet, again, does not change what's happening. Things being terrible since the dawn of the internet because laws not catching up to tech, doesn't make those terrible things acceptable.

> So I do apologize for maybe seeming a bit dismissive about this issue, but personally I already know it's coming from the wrong place

I don't disagree that this is coming from the wrong place, at least in the US. But the only reason we're talking about it is because the problem it is solving is very real and extremely pressing. It has widespread societal support. As I keep mentioning on HN, there are privacy preserving ways that don't involve 3rd parties or the government tracking what sites you visit. But we're not having that discussion, we're letting Meta and Elon musk solve the problem and destroy what little is left of the good side of the internet. Law makers are not being presented with alternatives. I demand my lawmakers solve this problem one way or the other! it is not ok, if I can stop one vicitm of sex trafficking, one victim of pedos, one person from forming an unhealthy sexual mindset and runing their lives (see all the "looksmaxing" people now for example), it's worth it. I wish I won't have go give up my privacy and what little I cherish about the internet, but I am fine doing only work on a computer and going back to the pre-internet way of doing things if that is the price. But there is no need for that, there is a way everyone arguing in good-faith wins. We can pay anonymously with crypto, and authenticate with fido2/yubikey just fine, homomorphic encryption exists, EMV payment cards already implement a challenge-response authentication, the tech is there to solve this and a whole lot of other things but we're letting Meta solve it with a 3rd party id verification system that involves passports and id cards, and facial recognition, and surveillance instead.

> Because we can't get a handle on how to stop the 20% of people in the first 20% of their lives from accessing inappropriate content on devices and internet connections that WE FUCKING GAVE THEM! Before we've even attempted to quantify how harmful unfettered Internet access is to adolescents, or hell, how Helpful it is.

Harmful content, not merely inappropriate. You can't reasonably prevent access to an internet connected device. To say that parents should do something but not anyone else silly, both parties have a responsibility. if someone interacts with you, you are responsible for how you respond. And it isn't only children, same applies with those that are mentally incapacitated (we just use "but the kids" because it's easier to make the same point). The problem is there, your response being "we shouldn't solve it" is only letting those with bad intentions solve it in a way that benefits their evil intent.

Lastly, don't believe in any movement, the whole idea that you have to be for or against a thing wholesale is severe epidemic. Things get worse and worse because of it. Democracy is dying because of this as well. Find the courage and endurance to keep asking critical questions, keep debating, keep convincing your peers of not just this but so many other topics. Either we are governed by those who appeal to our emotions, or by those who appeal to our reason.

I think minors shouldn't be in any store period unless accompanied by their parent or guardian.

you feel the same way about websites then?

Yes.

But parents should be penalized/inconvenienced if they can't control their children, not the store/website.

In some states, bounty hunters can find violators of various laws and bring them to the state in exchange for money. Allowing bountry hunters to be on the lookout for underagers trying to enter stores and report them could be a profitable endeavor for both the bounty hunters and the state, providing a market-based incentive to protecting children.

Stores/websites should only be penalized if they are specifically targeting and inviting children to enter.

Certainly there are some types of stores that are very safe for children to enter. So, the exception should be structured like this: "Stores that only sell these items mean that parents will not be fined if children enter it unaccompanied." Additional conditions could be attached, e.g. "a safe store shall verify the ID of anyone purchasing alcohol." And maybe other benefits can be attached to being a "safe" store, like tax incentives, etc. If the store violates that condition, then it should pay a fine or lose any other benefits of being considered a "safe" store. But a business should have a right not to be a "safe store" and the duty to prevent children from entering those should 100% fall on the parents.

But in real life, if you sell cigarettes to a 5 year old, you'll probably go to prison.

Isn't a reasonable approach to the internet, to have a protocol by which individuals can prove they have a state issued identity that proves they are above a certain age, and nothing more than that to the website? That way the website doesn't need to check anything other than presence of a cryptographic identifier and validate it. And parents as you noted are responsible, but only to make sure their state issued cryptographic secrets can't be used by their children. it could be as simple as having an NFC capable state issued IDs that can do a challenge-response with the browser/os. We already sort of do this with EMV payment cards. Websites have to validate a payment card is authentic by asking for the CVV code for example.

Oh I understand the tech is there to provide zero knowledge proofs, etc. But honestly don't really agree it's a reasonable approach to the Internet. I shouldn't need something issued by the state merely to visit a website.

you mean you don't want to? why not? are you just too used to status quo that's benefiting you right now? It's not like I'm excited about it either, I'm just not finding any reasons other than simply not liking it. We didn't need a proof of identity to access the internet before because 1) No one was interested enough to demand it because it's lack of widespread dependency like today 2) The tech to prove that didn't exist in a way that could be deployed universally until roughly a decade ago 3) Even gen-z didn't really grow up on the internet, not like gen-alpha who are the true beta-testers of growing up on the modern internet, and study after study is damning against the unfettered access of it.

To me you and others' prevailing argument is similar to "well I don't want to go out of my way to setup HTTPS, I shouldn't need to pay a damn CA to host a blog", letsencrypt solved that and people were still saying they shouldn't have to do that, except the risks here are much more dire, impacting an entire generation of humans in severe ways.

In a way, the internet is a victim of its own success. Finally, it can be used to do just about anything you did in person, including work and learn remotely. But also a whole lot of other things. I was commenting in a sibling comment thread earlier how watching a striper at a strip-club, and watching that same stripper on a free live-cam porn site on a screen are the same bi-lateral sexual activity that society has decided should be between consenting adults. You don't have to prove your ID when you visit a random store, just like with a random site, but a porn site requiring your ID is the same as a strip club requiring your ID. I don't like it same as you, but at the same time, logically I can't argue against the same laws and norms of a country being enforced consistently. We live in a world with terrible people, and so long as ID requirements for IRL are the same as online, it makes sense. it makes a whole lot more sense than expecting social media companies to actually reliably police all content in real time, and if I can have a simple, secure and privacy preserving way of doing it, I'd prefer that over showing my face, my ID,etc.. to random third parties.

i think in most cases sites like HN for example would be exempt due to not having enough users.

The internet used to a technology people used to do interesting things, and with that came all its expectations. Now in addition to that, it is how modern live is negotiated. What used an optional thing is now a critical infrastructure upon which a person's life revolves, in most cases without any choice of their own.

When you drive your car on the road, do you complain about not having "a free road like back in the day" for being require to have a driver's license, and a registered car? not too long ago, you didn't need any of that to ride a horse or horse and carriage.

A free internet, as in the internet is like a public square, that isn't what society wants. Ultimately that is the issue, and you can't fault the public either. The public expects change, things to improve, and policy makers need tools with which they can enforce their policies. Telling both parties "um..no, i like my freedoms" won't stop the this train.

Let's take the example of mullvad here, and being able to purchase a VPN with bitcoin/cash (been there, am a customer) and access any site. It is entirely reasonable for governments to not want that. but the real enemy is the acceptance of this false dicthotomy of extremes. one of the things the internet has allowed us to have is to be able to prove entitlements without disclosing our identity. It is possible to prove that meet whatever legal requirements by having a government notarize a certificate of identity which you can present to sites and software as proof, while removing the government's own knowledge of what sites or software you're using, and removing your identity from the sites that are verifying your entitlements.

You're allowed to be in public without having to prove your identity (well.. that used to be the case in the US at least, now if you look like an immigrant, no longer the case). But to sell things, or buy restricted items, you have to show your identity, even in public. Certain businesses are required to verify your identity before engaging in commerce. Even worse, once you're in public everyone can record everything you do an identify you. Facial recognition, license place tracking, etc.. are all very real parts of the physical world today.

Lots of reform is needed, but we're getting the worst end of it because people gravitate to extremes out of laziness. if accessing social media, sensitive sites and commerce could be done in a privacy preserving way, there is no need for (or you can make a strong argument against) silly things like installing ubuntu requiring your ID, or needing to verify visitors IDs to your personal blog.

this sounds like a reddit comment too much. why would trillions of dollars improve your quality of life. a bunch of companies get investments from a bunch of VCs who took out loans... and that means your quality of life should improve?

And what's more crap exactly? it feels like your grasping at straws to take one set of things and associate them with others. yeah, lots of terrible products out there, lots of enshittification, lots of topics of discussion there. But AI and GPUs are being used in such a diverse way it is impossible to have one opinion on it all like how you're trying to.

I'm not even disagreeing (or agreeing with you), I'm just saying that's a lazy comment to make. if these companies making profits without paying taxes, that's a voter problem (not even politics, just people being shitty voters, self not excluded).

For everyone else who might think they have a better formed opinion on this topic, I only ask that you apply the same level of passion to how the US national debt is now 120% of the GDP. The government is fighting wars and printing money, devaluing your wealth, and indebting your country to previously unseen levels. At least the banks and VCs are using their money (unless they get a bail out again), not your actual tax money, and the tax money and wealth of generations of Americans. You have a president literally stealing billions of dollars in broad day light from literally you.

i think a lot of that is for government and enterprise use. even for personal computers themselves (i.e.: laptops) they're usually loss leaders, they don't turn profit. You can run a server (and many do) on laptops, but that didn't replace cloud services or server hosting. You can't store enormous amounts of data on your laptop/phone for the llm to use, or access tools the app dev wouldn't want exposed on untrusted devices.

The whole replacing people angle is just the short term use case the more ghoulish executives are thinking about. In practice, lots of lots of new use cases have been made possible by LLMs. A lot of which can be done locally. But whatever capacity you have locally, they can have more of and for cheaper, and they manage the model instead of you doing it yourself. I think you put it nicely though, their moat will be thinned, and I doubt they'll be as profitable as their funding suggests, but at the same time the demand for them won't go away either. I don't know if OpenAI and Anthropic will be viable, but I'm nearly certain Deepseek is.

The tipping point will be power usage, if a local llm can run the same workload for less power that would be a game changer. Nvidia might get decimated, but even Google and others have moved on from GPUs already, they have faster and more power efficient TPUs. Add to that network bandwidth and availability issues, their moat remains. Also consider that even for graphics capabilities, user devices just don't have a consistent spec to make things like widespread 3d graphics and webgl usage viable. Someone's cheap android phone will never run a local llm reliably,same as it won't a 3d game. even if they have a high-end iphone, network providers aren't always performant as they are in western countries, and then there are people that won't want to install your app or local software, and then browser based exposure of the capability to sites which will have similar hardware spec issues, OS instabilities, competing tabs,etc...

i clicked thinking he was mocking this! I hate it so much. no, dude, not everyone can be a leader. no we're not all "leaders"?!?!?

come on. this is such a dilution. it screams refusal to take responsibility for anything. diversifying responsibility so that no one is held accountable. Or a massive lack of understanding why and how naturally humans organize using a hierarchical structure.

This is a cowardly way of managing people, a leader blaming those under him/her for not also being "leaders" when they fail, that's what it seems like to me, and how I've seen this mindset abused.

I don't care if you're a two person team, one follows and the other leads. the problem is actually the opposite of what this guy describes usually. A refusal to accept hierarchy, and an immaturity resulting from not being able to understand, that leadership comes with responsibility, not just rights, as does following.

There is this massive ideological disease in corporate america that I won't rant about here, but what is needed is managers with balls (regardless of their sex) and gumption, who can say "they buck stops with me, I'm responsible for the outcome". Not everyone else because "we're all leaders" not hired consultants you hired to c.y.a., not the "lack of talent",etc..

If you're in a team where someone says "all reviews and prs go through me" and they have they seniority and experience to back that up, count yourself fortunate!

It's not secret for example that most successful open source projects are run by a BDFL (not the least of which is the Linux Kernel).

Everyone in the car can't be responsible for driving it, same as they can't for navigation. With the approach in this post, my guess is instead of driving the car, proponents will be back-seat drivers.

Two more things: everyone in a team must trust each other to do their part, that includes the leader when they lead, and team members when they fulfill their tasks. In order to lead, you have to know where and how to lead others, the problem is people are put into leadership positions in corporate america using the system of "promotion until incompetency", where if a person is competent at all they are promoted, and they end up in positions where they have the least amount of competency, earn the most, and thus are at the highest risk of elimination, and this breeds: the modern middle manager that strives to spread responsibility that comes with their position so that they can take credit for success of their team, but have plenty of blame they can throw around for failures. Even when they want to do the opposite of that in earnest, it becomes impractical.

For everyone to be a leader, the way human psychology works needs to change. what you end up with is informal hierarchy immune from accountability, transparency and scrutiny by outsiders. Good people getting frustrated and leaving your team, and those who can manipulate the informal power structure well and help with the blame spreading, succeeding and staying

Failing upwards as some call it. And then enshittification. I haven't solved the part where things are actually working in a repeating cycle and will all be good some day.

I think this is largely off the mark for most engineering teams built around roughly-aligned peers.

Sure, if your team is extremely lopsided or unfocused, and e.x. has one person from every discipline, you don't want to cross train everyone into everything else. This is a sign to reorg. Youre not asking your department heads to cross-train to other departments, your PMs/devs to cross train/...

But when you have a 1-to-2-pizza engineering team of e.g. C++ engineers and a tech lead, the lead should absolutely be encouraging this "everyone is a leader" mentality. Anything else means that your tech lead is irreplaceable and if they e.g. get hit by a bus or resign tomorrow you are SCREWED. You essentially are promoting learned helplessness as soon as the subject matter leaves your narrow areas of expertise and the "leaders" are not available to offload decisions to. The best thing a tech lead can do is encourage his workers to make him redundant -- no regular process/decision/... should ideally be blocked by their absence.

As an IC, your manager dreams of you approaching him not like "I have a problem, solve it for me", but instead "I have a problem, here is my recommended fix, how does that sound?". This would be AMAZING. You can then sync on goals/reasoning/approach/... and catch out fundamental misunderstandings on both ends. If one truly is at a fork and someone NEEDS to make a decision (really only if there is conflict as to the preferred approach) then the buck stops at the designated leader. However in most situations your engineers should be empowered to make decisions when they are confident, with review/reflection helping improve/align these decision making skills with their leads/peers over time.

Defaulting to "youre the lead, I cannot-or-willnot walk down the path unless you proceed me" is shit. Sure, when starting off it's great to have an example to follow, but eventually you gotta learn to walk the path yourself (or get off my team).

I want to be promoted one day, and the only way that's going to happen is if I can ensure I have a team of reports who prove they can survive without me (and one of whom hopefully is able to step up and fill the hole).

The problem is you have a very different understanding of what a leader is, than what i think is a more correct definition. a person hoarding information is not a leader. making decisions in a way no one else can reproduce how you made decisions, lacking transparency, making it about your ego is not leadership. matter of fact, that sort of mentality where you have an irreplacable tech lead usually results from poor leadership skills on their part, as were as their people manager's. i.e.: leaders are often actually highly replaceable. For tech lead roles, even in a 2 person team, it would be the one that has more experience, but ultimately they are responsible for their technical leadership, they own outcomes so long as their followers trust them to lead and actually follow their direction. They have to be able to for example reject PRs, but do it in a way that doesn't lost the teams' trust of their competence. If they resign tomorrow, the next guy in the line that is most experienced can take over and lead, perhaps with a different style, but they should spend much time making decisions and leading, and less time hoarding knowledge and doing actual work, making them more replaceable.

> "I have a problem, here is my recommended fix, how does that sound?"

Couldn't agree more, I've lived by this principle myself. leaders are not problem solvers though, a leader gets to reject the really good idea of someone that does come up with a seemingly great idea without letting them down harshly, and also encourage that atmosphere of continuing to suggest solutions. They also set the direction (tactically for technical leaders, and strategically for people leaders) of the team, so that the problems an IC does focus on is aligned with the leaders' priority.

If your engineers are making their own decisions, there is the problem of conflicting changes (even in Git the concept of conflict resolution exists, someone has to decide to merge the changes into main/master after resolving conflicts). There is also the problem of ultimately them spending a lot of time on something, only for that being low priority, or rejected outright because it doesn't make sense strategically, that demoralizes people and creates a terrible atmosphere. A very clear chain of command is important at work as it is on the battlefield. And just as in a battlefield, due to the clarity of that chain of command, a general being killed by the enemy does not decapitate a battalion, the person next in the chain of command takes over. Not only should leaders be replaceable by design, they're often rotated from team to team to ensure such an informal dependency on them never forms.

I think what you're describing to the most part is also the problem I outlined in my first post: The spreading of blame by supposed leaders creating an over dependency on them and credits for work they didn't contribute to much, and creation of actual leaders that end up being irreplaceable because their role wasn't formally designated or acknowledged, but assumed, they're not part of the planned structure of the chain of command.

Read the book. Then if you want go check the sources. See if this nuclear submarine captain is lying or telling the truth.

I am interested but don't have time to read a book. However, I don't think any text can change a person's opinion that is derived from experience.

I think what they're trying to describe is the concept of a person being assigned responsibilities as a follower, and owning that responsibility to the fullest, which is a something I agree with strongly. But that isn't them "leading". Ultimately you can have only one #1 priority, if everyone is leading whose #1 priority do you follow? that's where the informal power structure forms. it has the opposite effect of no one really leading, and everyone just saying they are.

"Turn the Ship Around" is fantastic. It's a short audio book (about 6.5 hours), if that's more up your alley. Definitely worth a read/listen.

The audio book is read by the author. Well worth your time imo.

Thanks, i'll have to check it out.

you just update them and that's it?

Usually, there are CI/CD pipelines, but also change and testing regimes of some sort. Dev/QA too before prod.

Here is my suggestion though:

- Don't use package repos on the internet, host local caches - Update your package caches twice a week, not more frequently - Unpin and update packages in dev as it makes sense, as soon as the package repos update - QA whenever your team can actually do testing - Prod, with your next release, no more frequently than 90 days

There is a reason public CVE disclosure is ballpark 90 days per ethical security research and testing norms. That's how long proper testing and release is expected to take.

If you have no specific reason to update a package, and it passes integration tests with more up to date packages, then don't update. Supply chain compromises aside, bugs have a way of creeping. Things get missed with tests. Either you take this careful approach, or you take the other extreme approach where you design everything so well and with so much costly infrastructure and people to manage it, that impact is priced into the availability and threat modeling, which almost no one can pull off except on paper (well.. I said almost...).

consider cloud spending vs on-prem before the great cloud migrations. people are spending a lot more for cloud services now.

I hear conflicting things about finances, some have a different opinion, that it won't be written down so long as more funding comes in and revenue keeps increasing. it isn't like how you take mortgage or business loan, it isn't even a loan it's an investment funded by loans. So long as the investment is still promising, what are they going to do? destroy its value by calling in trillion dollar loans?