22 Apr 2021, 08:59

Developing inside of a Dark Forest

I have these- and other- news items on my mind-

https://arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/

https://lwn.net/Articles/853717/

For decades now, we as developers have all really benefited from a strong culture of sharing. From experience reports to polished open source projects, from stack overflow answers to professionals livecoding, it’s been almost all love and rainbows1.

Unfortunately, the kind of people who break things for a living look at all of the rainbows and say “lol there are no gates here”, and are very busily and aggressively poisoning all of the wells they can find.

Instead of a freewheeling community zone, we’re entering something that’s going to look more like a Dark Forest. This is one of the less appealing answers to the question of “why, if we can see so much of the universe, can we not see any evidence of other life?” In the Dark Forest model, it’s because anything that’s noisy gets eaten.

The next steps are grim and unavoidable. We’re going to need to lock down our repos, and be suspicious of newcomers. We are going to have a rise of new, restrictive corporate policies at work, and we are going to have to share less.

Incompetent proprietary companies like SolarWinds will be exempt from the new, more highly scrutinized routine- it will only negatively effect people trying to be generous with each other. Everything will get worse, but it will definitely feel like we are being more responsible, especially at first.

Even worse, the logical next step is probably more anti-immigrant paranoia and team firewalling. It’s going to be a rough few years.

I’m feeling pretty down about it.


  1. I already know, don’t bug me about it [return]