>Some of us here may be old enough to remember the days when Microsoft was pushing ActiveX controls as the future of the web. Basically they were binary components that would run in your browser and weren't really effectively sandboxed.
That's basically what's happening every time a developer runs "npm install" or "pip install". Sure, it technically not be a "binary", but it makes no practical difference given that no code scrutiny is given the majority of the time.
The introduction of LLMs doesn't change much. People are already predisposed to copy paste random commands from blogs/forums. LLM is just one more source on top of that.
> it makes no practical difference given that no code scrutiny is given the majority of the time.
I was thinking about this the other day. I wonder what my leadership would say if I told them I spent the day scrutinizing some of our open source dependencies. I assume even a day would be treated as wasted time, especially on the product side.
FWIW, I used to do this back in the early Rails day and was encouraged to do so. I ended up contributing heavily to the Rails ecosystem because of it, and it was all encouraged by my employer at the time, but they were a relatively small startup at the time and viewed things very differently than the FAANG I work for today.
That's basically what's happening every time a developer runs "npm install" or "pip install". Sure, it technically not be a "binary", but it makes no practical difference given that no code scrutiny is given the majority of the time.
The introduction of LLMs doesn't change much. People are already predisposed to copy paste random commands from blogs/forums. LLM is just one more source on top of that.