Vibecoding is not the future, it is a commoditization of the past.

The future of software engineering is building robust bug-free software, in a world where the cost of each bug is dramatically higher than before.

The "lean Ethereum" megaproject is an example of what this looks like.

Quote fromhttps://shazow.net/posts/permissive-vs-copyleft/#copyleft-nuances-and-complexity ## Copyleft nuances and complexity I can write Python that has a copyleft GPL dependency without relicensing my project to match, but I can’t write Go that has a GPL dependency without relicensing. Why? Python is interpreted and the code is linked dynamically, whereas Go produces a statically linked binary so the copyleft “infects” the rest of the code. Unless, of course, if I want to ship my Python program as a py2exe bundle with a GPL dependency, then that changes everything. Does anyone actually understand these implications and how they vary across languages? Of course not! But wait, what if I split out the GPL dependency into a shared library that is dynamically linked? Oh, that’s fine. Unless you ask the FSF, who disagrees with almost everyone else. What about other copyleft licenses like LGPL? MPL? AGPL? What if I wrap an AGPL dependency in a network-isolated container which batch-processes input from a proprietary component in my system? That’s fine. Did we really improve anything or are we just asking people to create complex infrastructure and deployment workarounds?

One note: When comparing permissive vs copyleft across ecosystems, keep in mind that they mean different things if the language is dynamic/interpreted like Python/Ruby vs compiled/statically linked like Go/Rust/etc (GPL boundary changes).

I write about it here: shazow.net/posts/permis...

Re "outsized impact on screwing people over": Do you feel people are indirectly forced into using source-available licenses? Or is more that the liability of choosing to depend on that software is unclear in the beginning? (I wrote a bit about the latter but curious what your experience has been.)

Dunno about #2, but I feel like #1 is deciding whether the thing is slop or not.

If it's disposable with no plans of maintaining, then treat it accordingly. If someone is going to commit to owning/maintaining it, then doesn't matter how it's coded.

Related rant here: bsky.app/profile/shaz...

Screenshot of contents inside https://github.com/shazow/wifitui/issues/164: I kinda don't love seeing things like "(3 APs)" in the list view. <wifitui screenshot> Some ideas of how to improve them: Emojis? Max out on three emojis for APs, so 2 APs would say 📡📡, 5 APs would still say 📡📡📡➕ maybe? 1 AP would be nothing (since that's implied) Or maybe 📡···+ for 8? AP✖️3? Or 📡✖️3? Or simply 📡3? 3📡? 📡·3? Other ideas? This annotation should be configurable in the theme.

Are you a wifitui user?

I want to improve how we render "(5 APs)", what do you think of these ideas?

Currently leaning on: 📡·5

github.com/shazow/wifit...

If you're optimizing for adoption, I advise a simple algorithm: Pick the most popular permissive license in your ecosystem.

It has to be popular for this reason, because everyone is already comfortable with using it.

I wrote more about this here: shazow.net/posts/permis...

"How hard is it to get an exemption for a different license?"

This is the wrong question to ask. When is it worth digging up the relevant corporate policy document, reading it, emailing legal, waiting 2 weeks, arguing, etc?

Not for a random link. The project never gets a chance to get that far.

How open source projects leak the top of the funnel:

Anyone who worked at a tech company with a license policy (any company that builds software) has muscle memory to look for a few popular licenses.

1. Click project link
2. Glance at license
3. Not a license you use all the time? Close link

Looks cool! Gentle reminder to add a LICENSE. :)

(I suggest something permissive like MIT or Apache2 if you don't have a preference.)

Free as in Hop On A Quick Call

Doesn't prescribe how it's maintained. Just means that if there's bugs, it will be fixed. If something is broken, someone will take responsibility and fix it.

A program can't take responsibility for things in a meaningful way, at least not yet.

Tweet from @jessfraz: I give it less than 6 months before Garry stops preaching LOC and starts preaching maintainable code bases. And with that one move he will go from junior engineer to a bit more senior. We watching his Eng journey live 🍿 -- Quoting @garrytan's tweet: If I can do 16k LOC per day across 3 different projects (including one open source one you can see yourself) then I think almost any technical CEO CTO pair at YC will That's the bar now [...]

Another good take on how maintaining is becoming increasingly important from @jess.dev: x.com/jessfraz/sta...

End of the day, AI is a program. There's many kinds of programs out there, some are bad, some are biased, some are emulating a specific statistical distribution, some are in a loop trying to do guided search through a constraint space. We keep making new kinds of programs with new properties.

I can't stop you but I don't think that's a meaningful distinction in many contexts.

I have another take I need to write about: It's more instructive to talk about AI as just programs. Would you call any content that was produced with the help of a program as slop? IMO dilutes any meaning of slop.

Yea, I think the challenge is people coming to believe that there is another better option.

Agree, the label should apply to DIDs but the issue to address is spammy PDS's (which are currently getting bulk-blocked).

See thread: bsky.app/profile/scoi...

I like @apenwarr.ca's piece on how each layer review adds latency, I believe the same thing is happening here:

People in the review pipeline are making a decision whether they want to commit to maintaining this thing. This is the expensive part.

apenwarr.ca/log/20260316

The only useful distinction between slop or not is whether we're committing to maintain the thing.

If it's disposable and going to rot in a few weeks, then it's slop (whether written by meat or otherwise). If it's reviewed and someone commits to owning it, then it's fine.

bsky.app/profile/shaz...

@boscolo.co @goat.navy One more angle (to address spammy PDS's): What about a labeler which verifies the account has committed/burned a small bond onchain?

Email came to be that way because we lacked the ability to put a price on spam. That's not true in 2026, but perhaps it's not a popular position in this community.

bsky.app/profile/shaz...

Permissionless is definitely the harder.

Putting yourself in between two people potentially at odds and saying "just trust me, I won't betray you" is by far the easiest thing to do.

Building a structure where two people at odds can collaborate/coordinate within directly is very hard, but possible!

We can go the easy way or the hard way!

Sometimes the hard way is worth it.

Yea, need to think it through because "move to another server" only works when we're not talking about a point of consensus. If we're expecting the consensus to get abandoned (who gets to rotate whose key to sign whose messages) then that breaks a lot of assumptions above it.

Isn't the entire premise of 2026 is that social contracts are made up and constantly being broken?

There's no recovery if the attack is a result of scale/value. Moving to another server is still vulnerable unless it's permissioned.

Price spam or become permissioned: bsky.app/profile/shaz...

not too worried about user counts for vanity, more worried about sybils being used to take down critical services like plc directory because they refuse to put a price on spam

has there been any writing/thinking about how plc directories are expected to handle DoS/sybil spam attacks?

did:cow: Another idea to billionaire-proof ATProto IDs, also "art of using a blockchain without using a blockchain".

Blockchain-managed wrapper ID, no tx to create, points to a did:plc/did:web but you can move it if something goes wrong.

Got carried away and made a resolver and front-end
cow.watch

what are you thinking of?

Has anyone here submitted a package to Debian before? How'd that go?

Screenshot of wifitui showing a bunch of mocked funny wifi names in a TUI.

Output of `wifitui --help`, showing the non-interactive mode with commands like connect, list, radio, show, tui.

WiFi connection details, includes a QR code for phone sharing.

🛜 wifitui v0.11.0 is released!

Do you dream of managing your wifi in a terminal? Now is your time. Made for Linux, but has experimental macOS support! Please open an issue if it can be improved. :)

It even has a non-interactive mode for your beloved scripts/molts.

github.com/shazow/wifit...