I like simonw's take that open source should be more valuable [0]
>An interesting result of this is that open source libraries become more valuable, since the tokens spent securing them can be shared across all of their users. This directly counters the idea that the low cost of vibe-coding up a replacement for an open source library makes those open source projects less attractive.
I can understand why the reflexive move to fork the code and move it in-house, but how sustainable will that be when eng teams have MORE code to manage and mitigate vulnerabilities for?
I agree. The reflexive move is by a specific F50 that has the size, internal controls, headcount, and liability risk that they are taking such an approach.
Most other places will continue to use OSS, but much more locked down access to third party dependencies will be granted. I personally think it'll be a great time to be in the AppSec and SBOM validation space.
> I happen to have an account I post with that I don't generally want associated with my real name, so I figured it was a great test case
Interesting. I have a hard time believing that current models were actually able to place that connection by analyzing your writing style, unless both accounts were a part of the training set (they likely were), and the model was able to encode the similarities in the accounts during training.
The real world impact of this would be that new accounts that were not trained into the model would not be able to be deanonymized like this.
It said it was able to correlate where you live (I don't think it said anything about the tone, unless it said more than you included in the article). At best, it's really just using that for justification though. The model can't feasibly search the web for your writing style. That correlation had to be trained in.
My point is that, if you created a new account and actively used it for a while, I don't think the current version of Grok (never trained on your new account) would ever be able to make that association. It's certainly interesting that it could do it, I just want to drill into the how.
Took me a minute to realize Sid isn't associated with 0xide.computer. Clever domain name!
Getting Google to index my personal site has been a pain. Every other search engine works fine, but ever since I switched the images on my site to .webp (a format created by Google!), my site's content just doesn't get indexed anymore. I've given up since web search traffic matters less and less these days with LLMs, and it only really bothers me when I'm trying to search for my own articles.
Ha, thank you. I spent more time than I'm willing to admit to come up with it.
I use my older, much longer domain for email and identity (it used to be #3 on SERP for "Sid"). This one is just for giggles so I can blog in peace without affecting the main one.
You just realistically can't know everything. I have a tankless water heater. It's almost a magical black box to me, but I know a little bit more about it now that I've taken pictures of it and asked LLMs to explain it to me. I'm still not a water heater technician, but I feel more knowledgeable.
And on the topic of motorcycles, I recently got a crappy bike that barely starts, and I partially got it because I feel capable of fixing it. And now it runs pretty well because I used lots of "video chats" with Gemini (and the owner's manual as context) to fix it!
>An interesting result of this is that open source libraries become more valuable, since the tokens spent securing them can be shared across all of their users. This directly counters the idea that the low cost of vibe-coding up a replacement for an open source library makes those open source projects less attractive.
I can understand why the reflexive move to fork the code and move it in-house, but how sustainable will that be when eng teams have MORE code to manage and mitigate vulnerabilities for?
[0] https://simonwillison.net/2026/Apr/14/cybersecurity-proof-of...
reply