Takeaways from the Octoverse with Jack and Paige - AUDIO EDIT
===

Paige: [00:00:00] Welcome back to Pod Rocket, a web development podcast brought to you by Log Rocket. Log Rocket provides AI first session, replay, and analytics, which surface the UX at technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free@logrocket.com.

Hey everyone, I am your host today, Paige needing Haus, and with me on the podcast is my co-host ~and~ of Pod Rocket and Front end Fire

Jack: Yeah. Amazing.~ Yeah. Amazing. Hey, ~hey Paige. Good to see you again, as always.

Paige: As always. Exactly. And today we are gonna talk about the Octo verse report, which

Jack: Yeah, it's fascinating.

Paige: of October. So ~I, ~I honestly didn't know about the Octo verse report until I was invited to be part of this podcast. But for those of you who are also unfamiliar with it, it is a yearly report that GitHub puts out, and it's a research program where they analyze the data from millions of developers on its end.

Repositories on the platform and then provide interesting insights into the [00:01:00] state of software development. So it's a really cool report that's been going on for a number of years, and we're gonna ~kind of ~talk about some of the highlights of it.

Jack: ~Right. ~And the whole Octo thing, like I, I originally, I was like, Octo, what? oh, they have, it's the Octo cat. ~Like ~that's the GitHub little mascot thing is the, now that you, now that I think about it at least ~kind of ~creepy like hybrid octopus slash cat thing.

Paige: It is, but they make it cute enough that everybody loves it and dress it up in different costumes and outfits. So yeah, it's, it is an odd little mashup of a monster though.

Jack: aspires to be a Mashable thing. Yeah,

Paige: very unique and recognizable, though. That's a good thing.

Jack: ~for sure. Yeah. It is a fascinating report.~

Paige: So the first thing that we're gonna talk about is, one of the interesting things is shipping faster with AI in the loop. So obviously 2025 has been the year of ai, just like probably 2024 and a little bit of 2023 as well. But I. Developers are using it to ship faster than ever. So monthly issues,~ uh,~ closed, [00:02:00] jumped to 4 0.25 million.

~42, Uh, ~code pushes hit over 82 million and commits reached nearly 1 billion this year, which are just huge numbers.

Jack: Staggering,

Paige: Staggering. ~Uh, ~notebooks like Jupyter Python, notebooks grew in usage by 75%. Docker files by 120%. Hinting at ~kind of ~a faster transition maybe from experimentation into production. And AI became the standard with 80% of new developers using copilot in their first week, and AI related repos hitting a record 4.3 million.

~So. ~More and more than 1.1 million public repos that are now importing some sort of an L-L-M-S-D-K into their projects. And we also saw over 1 million coding agent authored PRS this year. So copilot is going to work.

Jack: Yeah. ~You know, ~lots ~to ~to say about that. ~I mean, you know, ~the, also ~the, ~the whole TypeScript thing that TypeScript has also boomed, and I think that's directly in correlation with the fact that ~like, ~[00:03:00] AI is really happy to write TypeScript because it can go in a loop. Just, ~you know, ~output some code and then it can compile it to actually understand like if it broke or not, before it runs it.

So it's just much easier ~to, ~to go for,~ like,~ TypeScript is a target than it is. JavaScript is a target. I think so. Didn't they say ~like ~TypeScript hit number one this year?

Paige: Yes. TypeScript is the most used language on GitHub, over Python, over JavaScript, over everything.

Jack: That's bananas. But ~I mean, ~you ~kind of ~think about like that TypeScript plus JavaScript ~and, ~and it's just,~ it's,~ it's the language that we use nowadays for most of what we do. ~Um, ~yeah. ~And, ~and. Are you worried about this? Because, ~I mean, ~I gotta say like my initial thing was, oh wow, this is great. This is democratizing coding right now.

We've got all of these new people coming in and that's great. They're making applications and all that. But then on the other hand,~ right,~ they're making a lot of prs, they're ~making a, ~putting a lot of code out there that. [00:04:00] Probably has vulnerabilities and ~that's, ~that's worrisome. I think there's a lot of little, there's a lot of big, actually big issues about this and it's only gonna get worse.

Paige: I, yeah, I think I'm ~kind of ~in the same boat as you, that if you're using AI tools and you're already a developer who has a decent understanding of how to write code and also review it for safety and security and just general good coding principles like dry code and reusable code and things like that.

Then I can see that teams might be shipping better faster, but also if you are a more of a vibe coder who just likes to let the AI agents ~kind of ~take the wheel,~ uh,~ I can see a lot of unmaintainable code being pushed in. And I can also see, especially in when I think about ~like ~the open source software, I can see maintainers and creators getting overwhelmed with.

Junkie prs. ~Kind of ~like when we did ~like ~hack [00:05:00] Tober ~in the, ~in the past where people would just ~like ~submit an O-S-S-P-R just so they could get a free t-shirt or some other

Jack: Uh, right.

Paige: Yeah. Where they'd change a little bit in the read me or they'd update one file or they'd do something like that. So it's, I think we're gonna walk a very fine line between pushing more good code versus just pushing more code in general.

Jack: Yeah, I think we've maybe gone over that line, ~you know? ~And yeah, as you say, ~you know, ~as an open source, ~you know, ~contributor, right? You're flooded with these, if you are on a popular repo,~ um, you know, you, ~you just want to go and do cool stuff. And here you are getting essentially just flooded with these vibe prs and.

You've got the, on the good side of it, folks trying to fix bugs ~and, ~and that's great. That's nice. But then you've also got, like this, the MPM and the, and just more ~large~ broadly ~the, ~the,~ uh,~ supply chain attacks that we've seen. And, ~you know, ~you're burned out and here you are [00:06:00] getting code that potentially looks like it could be helpful, but it actually has, ~you know, ~a Trojan horse built into it.

~It, it, this is gonna get. If~ this is probably bad already and it's gonna only get worse. ~Yeah.~

Paige: ~kind of ~going along with that line, one thing that came out in the review or the report was that comments on commits are dropping by about 27%. So do you think that it's ai. Maybe making PRS better so that there are less comments needed, or is it just people are so overwhelmed with the amount of changes that they're just not, ~you know, ~they're just giving the looks good to me.

Stamp of approval and moving on.

Jack: exactly. And not even saying, oh, it looks good to me. 'cause that would be a comment. ~Um, I don't know. I'm, you know, ~who knows? But ~my, ~my guess is that between these two things, it's probably ~the, ~the latter where it's, ~you know, ~just folks that are burnt out and they're just like, okay, I'm either not gonna respond to this, you know, just gonna let.

Linger here, or I'm just gonna take it 'cause it looks good. ~Um, ~and it would be really [00:07:00] nice, ~you know, if, ~if these PRS were vetted before they went in, but, ~you know, ~I don't think they are. I mean, this morning I'm having to deal with one where, ~you know, ~good content, ~but you know, not, ~not structured correctly and ~you know, ~now I've gotta go through it.

That one was actually generated by human though, so that, that's cool. Everything, all these things take time, right? ~And all the, you know, they,~ to properly do a PR review, that takes time. And

Paige: It does.

Jack: you're just flooded with them ~and, ~and who's paying for this? ~I mean, ~that at the end of the day,~ that I think that's really where like we.~

The whole industry lives on this 10 tenuous balance with these multi-billion dollar corporations pushing out tons of software on top of free open source maintained out of the goodness of folks' heart, ~you know, ~and the more that they're pushing AI and pushing developers into ai, and then that's crushing down on those OSS folks.

~You know, ~this could all come into a grinding halt pretty quickly.

Paige: Yeah, that really seems to be to, when we talk about it, that seems like the thing that should be the next really important thing that AI tackles is. Whole requests, but [00:08:00] reviewing them in a way that makes sense because I get GitHub copilot to review some of my prs because we have it as part of our, just ~our, ~our organizational business group, whatever. But half the time, the PR comments just don't apply. Or GitHub will go through and it'll be like, everything looks fine, thumbs up, and you're just like,

Jack: That's a se, that's an injection attack right there. Whatcha talking about? Yeah. ~Yeah, ~yeah. Yeah.

Paige: It's one thing to have it a, it's one thing to have it write your code, but then it's another, it takes, like you said, it takes a lot of time to also review it thoroughly and do a good job at that, and that's where we're struggling.

~Mm-hmm.~

Jack: and I've heard from GitHub that their policy is that high profile, open source projects all get GitHub copilot for free. ~Uh. ~I have yet to see that. And I'm on the Tans SEC team, which is pretty high profile. ~So, uh, ~yeah. ~You know, ~but that could certainly be helpful. That would be nice. ~I mean, ~I think what we really need, honestly, long term is some sort of economic model where, ~you know, ~these billion dollar corporations that are making all [00:09:00] this money off of this are also basically ~kind of ~funding this open source ecosystem that they're, ~you know, ~making their livings off of and, ~you know, ~and that, that would certainly help motivate people to, ~you know.~

Do all those PR reviews if they're getting paid for it. A living wage. Yeah.

Paige: OSS is largely still a thankless job except for those lucky few who have either been bought by companies so they, you know, Versal snaps up a few of them and helps keep them going. Or the React Foundation that's just recently opened to ~kind of ~steward react into the future. But unless you're owned by one of those, Google and Angular.

~You're,~ if you're just left pad and you're used by 70 million different NPM packages, but you're just left padding, nobody's gonna fund that. But you hold up the ecosystem.

Jack: ~Right. ~Although why I have no idea. Like ~why, ~why are you bringing, why are you bringing in is odd and is even and left bad, but,~ uh,~ yeah, no,~ I,~ I totally see where you're coming from with that. And ~you know, ~that's a real issue is that you get folks who. You know, the, the ALS of the world that, [00:10:00] yeah, great.

They are kind of funding, you know, those open source projects and ~they're, ~they're kind of housing them, but at the same time, ~you know, ~they're making money off 'em. There's, it's a profit making venture. They're making a service off of it, all that. So, you know, it's not like, it's kind of. Closed slash open source software.

It's ~kind of ~in the middle there. Yeah. So you probably see more of that and you, and unfortunately, what my guess is that if it starts to actually genuinely collapse, you'll get this weird thing where these big companies will go and just grab all of their current packages, put them into their own private repos and just like disconnect, be like, okay, we're good.

We'll just, ~you know, ~fork our own thing from here on out ~and, ~and go, which would be

Paige: We'll stay with our current version of whatever and never upgrade from there on out.

Jack: Yeah, exactly. ~We'll just, ~we'll just start eating it all and apparently I actually ran these, ran this through with Claude and Claude was like, yeah, MIT would allow that. The copy left wouldn't, but most stuff is on MIT. So yeah. But,~ so, you know, ~back to the report, they interesting that they had this specific call out around broken access control being the number one [00:11:00] code QL alert, so you know.

Yeah, there's clearly a lot of vulnerabilities in this code that is being generated, which is not great.

Paige: Do you think that there are workflows that do really benefit from AI agents, like testing, refactoring dependency upgrades? ~Like if you were,~ if you just had to choose a few things that agents can do well, what would you say people should try and use them for?

Jack: ~Well, ~that's a great question. ~Um, ~I would say definitely ~the, ~the keeping the packages up to date, that's huge. ~Right? Um, you know, ~in Monte repos that's a big deal. And then getting into ~that, ~that. Virtuous test cycle. So certainly doing that, does that require ai? ~I, ~I don't know. ~Um, ~I think one of the things that can be really helpful is keeping docs up to date.

~Like ~Like that's one thing that I see a lot of is, ~you know, ~you get somebody who puts in an API change, it actually does end up changing the surface area of the API and then there's no corresponding README change 'cause they just forgot, ~you know, it's like, there's no, ~there's no linkage there. But one, that was one of the things that I was actually impressed with,~ uh,~ KIRO, which is~ the, um, uh, ~the AWS [00:12:00] version of VS.

Code.

Paige: ~Mm-hmm.~

Jack: So many forks of VS code. ~Uh, ~but they had a hooks thing where you could say, Hey, if I change the APIs, then, ~you know, ~as part of that, before you commit, ~you know, ~here,~ like,~ make sure that the docs are up to date. That's really

Paige: Oh, nice.

Jack: Yeah. Oh yeah. That's really nice. What do you think, ~what do you, what do what,~ where do you think AI fits really well into this?

Paige: ~I mean, ~I found AI very useful for writing unit tests 'cause I hate writing unit tests, but I know that they serve a purpose. They are important to a project. ~Um, ~so I've really enjoyed being able to just tell Claude, Hey, here is an existing unit test file so that you understand what it looks like and what kind of syntax I'm using.

Here's the controller or the whatever that I need you to test. Go to town and it will test all the edge cases that I don't want to. It'll test the 400. ~You know, ~HTTP responses and the five hundreds and all this stuff that's like, I don't, the unhappy paths that I don't wanna care about. ~Um, ~so I found it really good for that,~ uh,~ refactors if I've got some, ~you know, ~some gnarly files that just are doing too much in one function, it's pretty [00:13:00] good at breaking those out into smaller functions and keeping it a little bit cleaner.

And like you said, updating documentation, which is everybody's least favorite thing to do in code. Is so much better when it actually is slightly more up to date with what the code's actually doing.

Jack: ~Well, ~especially when the LLMs have to get that data from somewhere. ~Right. ~And ~so, you know, we, ~we talk about like the TypeScript being the number one language and. If you, if your types don't match the documentation, ~you know, ~then you're gonna have these issues where it tries its initial run to, ~you know, ~implement this thing and then it runs into issues and it's ~like, ~oh wait, the document, the documentation lied to me and all that.

So there's that. But yet, but. The, all those iterations, all ~that, ~that loop around,~ like,~ I'm gonna write some code, then I'm gonna go and, ~you know, you know, ~to run it and build it and see if it works and build it and see if it actually just compiles. ~I mean, ~every one of those ~is, is, ~is burning tokens, is burning ~your, ~your, whatever it is, you know, cla quota or your VSCO quota.

And so ~the, ~the. Fewer of those you can [00:14:00] do the better. So having documentation that's actually up to date and is in the M'S hands ~is, ~is absolutely, I mean, really critical for this kind of stuff.

Paige: Yeah, it will save you

Jack: you're a company that wants to, ~you know, ~have people spend a lot of money on you, which I guess it is maybe not, I don't know, maybe copilots like sure.

You just have me do 8,000 iterations on this AP and this unknown API that I've never seen before. Yeah.

Paige: ~I mean, ~that's why, ~you know, ~Claude Code has jumped to the Claude on desktop or Claude on the browser, and we have, ~you know, ~cursor, which now has multi-agent modes. You can have multiple cursor agents working on a single feature at once. ~I mean, ~it seems like they're coming up with a lot of ways to use AI in not very.

Money saving or token saving ways, which will make the companies plenty of money, but also cost us potentially an arm and a leg.

Jack: ~Right. I mean, ~I can't even imagine, unless I had some unlimited corporate account, like ~saying, ~saying to cursor, Hey, why didn't you like, spin up three different [00:15:00] agents, ~you know, ~all trying to do the exact same thing and then ~I'll, ~I'll pr review that and try No, ~I mean, ~one, it's just crazy. And two, it's, ~you know, ~it would be a, ~uh, ~an ungodly amount of tokens spent on that.

Paige: Yeah. Yeah. ~Well, ~let's transition a little bit more to talk about TypeScript and how it's becoming and has become the most. Favorite language and the most used language on GitHub. So it has overtaken Python, which has traditionally been ~kind of ~the AI ML language of everybody's choice, and it still is to a large extent.

It's overtaken JavaScript, which was every web developer's favorite choice up until a few years ago, and it has over a million contributors this year, which is just. Massive, absolutely massive. ~Um, ~but they say a lot of it is driven by frameworks because they now scaffold in TypeScript by default. And AI workflows, as you said, benefit dramatically from having types that are strictly written.

~Um, ~and while Python is still the dominant,~ uh,~ player for the AI [00:16:00] contributors. ~You know, ~new repos overall are in six languages, Python, JavaScript, TypeScript, Java, C ~plus ~plus, and C. That is 80% of all new projects on GitHub.

Jack: I'm kinda surprised ~that ~that's not like more like 95%. I can't think of what the other 20% are. Like Pearl, maybe a lot. PHP, ~you know?~

Paige: Yeah, PHPI think is still in there. And the fastest risers, which kind of reflect maybe this experimental tact that some people are taking are Lua, which is for Lua luau. don't know.

Jack: Yeah, I think like a gaming language, but,

Paige: Yes. Roblox actually is built on it. I was looking it up

Jack: Oh,

Paige: It's the, it's what powers Roblox,~ uh,~ types, which is for formatting documents.

~Like ~if you're writing like a word processor, almost ~kind of, uh, ~formatter

Jack: I saw that and I was like, what the heck is that? And what ~Astro ~Astro's not a language, what are you talking ~like, I mean, ~not you obviously, but the report was like, what a i, I love Astro. It's not a

Paige: right. And then the [00:17:00] last one was Blade, which I believe is also for PHP

Jack: Yeah.

Paige: templating. For PHP.

Jack: I think it's all by, by like file extension. So the fact that there is like a dot astro file, I guess means that it's an astro. Language, ~you know, like, ~yeah, that's.

Paige: ~so, ~so based on ~like ~who the big players are, basically TypeScript and Python, do you think that this is going to ~kind of ~drive. What our stacks look like in the future. Is it going to be TypeScript, JavaScript front ends and then python backends that are doing all the heavy AI ML lifting?

Jack: That's certainly what it is currently. I was actually just at the YC Hackathon and we were using Emergent, which is ~a, ~a vibe coding tool. So it was a it, the hackathon was Vibe Con. And in order to make a project that would could win, you had to use emergent for that. And it was basically just prompt your way to an app.

And, but you could go and actually look at the code, which ~I, ~I actually, having talked to a lot of the competitors, that's what they did pretty much right away. ~Um. ~But their like default stack was fast, API Python [00:18:00] on the backend,~ uh,~ with cores. And then on the front end it was, oh God, it was React. Yay. But it was BA based on create React app with,

Paige: Oh no.

Jack: Yeah.

Paige: so old.

Jack: no. And deprecated. And deprecated. ~Like, ~it's like somebody talked to an AI like last year and was like, Hey,~ uh,~ I don't know anything about this. Front end thing, why don't you just tell me what I should use? ~And, ~and some old AI was like, well you should use Create React app. And ~they, ~they dropped it in there and they're like, I guess that works, whatever.

~Um, ~yeah. So it would, it was outta the box basically creating an unmaintainable app. ~You know, like, ~'cause they also some links to private Rebos and things

Paige: Mm-hmm.~ Mm-hmm.~

Jack: ~Um. ~But yeah, so I mean that, that's what they think the future looks like. I'm not sure. So sure. To be honest, like I see, I, so ~why, ~why is Python the ML thing?

And it's because it has ~like ~the NumPy extensions and the NumPy stuff is all. Basically native [00:19:00] code. So all Python is doing is just gluing together ~these, ~these native code bundles that aren't doing, ~you know, ~the actual ML work. And you could do that just as easily in TypeScript. So I don't know, I don't think Python has any particular like huge win there that makes it all any better.

Paige: I think Python's ubiquity has stemmed from the fact that it is more englishy if you're not a coder. By default, if you're a data scientist.

Jack: More of a data science. Exactly. Data

Paige: Yeah. Or you're a machine learning researcher or you're somebody who's coding is not your main job. It's ~like, ~it just, it's a part of your job.

Jack: ~Yes,~

Paige: And looking at JavaScript versus looking at Python syntax, yeah.

JavaScript is a little, is quite a bit more intimidating and a little less intuitive, ~I guess, ~than Python. ~When you, if you're, ~if you're not familiar with

Jack: Yeah.

Paige: And so all these people who started out in the ML world before ML transitioned to calling everything ai, I [00:20:00] think just built everything that they could with Python just because they ~kind of ~understood it and it was fairly simple to get going with

Jack: And it had the right packages. It had num high, it had all that. It had all the, ~you know, ~those statistics packages and all the rest of it, ~you know. ~But I, the same reason that TypeScript is now, number one, is the same. Could help. Migrate folks off of Python, which is, ~you know, ~you could have those same packages, but they would be, and so that when you're asking your.

Claw code or whatever. Hey, I wanna make this, ~you know, ~AI pipeline that goes from these images to, ~you know, ~these concept terms. Whatever,~ uh, you know, ~it could easily generate. ~I, ~I think far more reliably generate that in TypeScript than it would in Python. And those little bits of glue code that are actually making that all happen are faster.

'cause the JavaScript PM is faster. Python ~is, ~is horribly slow.

Paige: It is not very performant. Yes. When you get right down to it.

Jack: Yeah, it's terrible.

Paige: But same thing of like people don't know what they don't know. [00:21:00] So you say you could translate this into TypeScript or JavaScript fairly easily, but unless somebody has actually taken the time to do that. You're just stuck with whatever the Python version of it is sometimes. But that is always my first question of like when somebody brings to me something about TensorFlow or PyTorch or Nu Pie or whatever, is to look for the JavaScript equivalent of it.

Because very often it's already out there. 'cause

Jack: ~Right.~

Paige: is ~like, ~I don't wanna deal with this. Let's do it. And Node.

Jack: Yeah. And I gotta tell you some of that researcher Python code. Boy, it's scary. Oh my God, it's so bad. It's ~like, you know, it, it, ~it's the. It's absolutely the cultural,~ uh,~ and the culture of if it works, ship it.

Paige: Right.

Jack: don't care. Like I had one guy I was working with who he returned ~an ~an array out of a function and it was like 18 elements and they were all different.

Types. And it was, ~you know, ~he basically just, everything was by index. And I'm like, dude, seriously, you could return like a dictionary. There is a thing called a dictionary, you can make keys. And [00:22:00] he is ~like, ~I don't know what that is. I'm like, what? Oh God. But he knew all about the, ~you know, ~the ml, like all the, ~you know, ~all the math, right?

But the, but as you say, ~like ~the coding was just ~sort of ~a. Unnecessary evil in afterthought. And it's ~like, ~to me, like I, I grew up coding, ~you know, ~and math is the kind of thing that I would ~like ~learn in order to make the game work or make, ~you know, ~the trig work, whatever, ~you know, ~that kind of thing. I, we just came out from two different directions and he's ~like, ~dissing, he's dissing my thing, man. ~Like, I, I like~

Paige: ~why,~ and that's why those people who are part of who are shipping code of some, so some sort, they need actual developers to do code reviews for them you look at it from a completely different angle and you're like, this is terribly unmaintainable. Let's refactor this. While they understand either the business logic or the math logic or the whatever behind it, but you need both.

Jack: Yeah.

Paige: You can't just have one and expect to have a working long scale maintainable application.

Jack: And I'll be honest with you,~ I,~ I actually [00:23:00] enjoyed, once I understood what he was doing with his 18 return things and I'd refactored it into something reasonable,~ uh, you know, ~I was like, I, it was ~kind of ~cool. I'm into the stats. I'm into how it all works, ~but you know. ~Seriously, guys, ~you know, ~it's ~like, you know, ~I can only imagine there were, ~you know, ~if you could ~like ~take that same thing and apply it to ~like ~a house, ~you know, ~it would look like some sort of house that's out of ~like ~one of those like anime movies.

It's all just ~sort of, you know, ~things sticking out ever everywhere. And ~you know, ~nails driven through everything. ~Like, ~whoops, hold on, I got my nail in my hand. ~You know, ~whatever. Yeah, it'd be awful.

Paige: So do you think that kind of the, we talked about a little bit, there's ~like ~six main languages that seem to be the basis of 85, 80% plus of what is in GitHub. Do you think that AI is going to ~kind of ~accelerate that language churn? Or do you think it's going to consolidate it down and we're only gonna see those stats ~kind of ~grow over time?

Jack: Totally consolidate, I think, I'll be honest with you, ~um, ~this is something we talked about on our podcast about like the framework consolidation and, ~you know, our, ~our new [00:24:00] framework's gonna be able to make it out there because all these AI have been trained on. ~You know, ~next to As and all that,~ I'm,~ I'm still reasonably confident that ~like, ~frameworks can make a go of it.

~Like, ~I think Panax starts is gonna make a go of it because AI can be trained to okay, ~you know, ~you don't make routes this way, you make them that way kind

Paige: Mm-hmm.

Jack: Um, but I, in terms of full languages like that, I. I don't think so. I mean, it's kind of break. Break those two things down, right? You had the Python, JavaScript, and TypeScript, and really it's JSTS, so you know, it's basically just those are your interpreted languages.

And then all the other ones that you mentioned, Java. ~C~

Paige: C sharp, c plus plus compiled

Jack: are your system languages, right? And yeah,~ that,~ that, you know, so you got every and every one of them is kind of plays its key role in the world, right? So Js and ts are your, ~you know, ~front end slash full stack thing.

Python ~as you, ~as you rightly say, is, ~you know, ~owns that ML space. ~Um, you know, ~c ~plus ~plus is gonna be where ~you, ~[00:25:00] you got. Folks doing the driver action. C Sharp is,

Paige: Enterprise. Just enterprise everything.

Jack: Yeah. ~I mean, ~I think if anything's gonna fall off, it's probably gonna be, ~you know, ~Java because like the Java, the JSTS world could probably make a decent play at going into that space.

~Um, ~and maybe C Sharp, although, ~I mean, you know, ~that's really just driven by the fact that there is this huge world of. Net folks out there, and if you ever go to ~like a ~a net conference, ~I mean, ~these folks just live and breathe. Microsoft, ~you know, ~it's like I only use Microsoft products, I only use Windows.

And it's like this whole ecosystem and culture of that. And ~so, you know, ~C not that it's not a great language, actually C is a great language, but ~uh, ~it is interesting to see that F Sharp, which is their version of a functional programming language. I was gonna say that, that might go up against Python.

Nah. Okay. No, that don't make any sense. I was just ~kind of ~thinking outta the

Paige: that~ that ~that go, didn't make the list because it seems like such a well liked language when people use it.

Jack: ~Right. ~Yeah. ~Hmm. ~My last job they had,~ uh,~ or, you know, one of my last jobs was they used go for [00:26:00] their like, systems

Paige: Mm-hmm.~ Mm-hmm.~

Jack: and Yeah. Yeah, no, I definitely liked it. ~Um, ~actually I was ~kind of ~surprised that PHP didn't make the list.

Paige: ~Mm-hmm.~

Jack: Yeah. I think that's an, it plays it into, into an interesting spot.

Paige: Yeah. And PHP is for, correct me if I'm wrong, but that's what powers WordPress. Correct. Like all the WordPress sites all over the world.

Jack: Yep.

Paige: Yeah.

Jack: Yeah.

Paige: ~Is, ~is it maybe that people aren't storing their PHP projects in GitHub for whatever reason?

Jack: Maybe. Yeah. Yeah.

Paige: never really been in that world, so I really can't speak to why.

It wouldn't be what? Why it wouldn't be there.

Jack: Yeah, ~I mean, ~in that world, like for the WordPress folks, you do have all these extensions and stuff to WordPress, and there's a whole marketplace of them out there and people that make, you know, Lambo level livings,~ uh, you know, uh, making, ~making extensions to WordPress. I, my, maybe they don't post those in GitHub.

Paige: Yeah.

Jack: be, maybe they [00:27:00] just like package 'em and put 'em into, ~you know, ~some repo for that. Maybe if anybody wants to join in and, ~you know, ~let us know ~in the, ~in the comments or, ~uh, what the, ~what the deal is of that. ~Um, ~yeah, no, but I. Yeah, ~I think, ~I think W as at least J as A-T-J-S-T-S developer, I think I, ~you know, ~I personally always ~kind of ~seem to forget that PHP exists when in reality PHP runs like 90% of the web or traffic craziness like that.

Paige: It's true. It is true, but it's also funny. It does, it still does run a lot of the internet, but Shopify runs another massive chunk of it. 'cause it seems like I can't go to a website today that's doing any sort of e-commerce, and if I inspect it, I will see Shopify shoved in there somehow. ~So, ~and Shopify owns the, or hired the team that made remix and React router.

~So even they are kind of, ~even those e-commerce sites are moving towards more of a JavaScript type script type of interface ~and, ~and functionality, ~I guess, ~as opposed [00:28:00] to PHP.

Jack: ~Uh, ~yeah, certainly. ~Uh. ~They're trying to,

Paige: They're trying to.

Jack: I think ~most, uh,~ most of those Shopify starts are just still on whatever micro, on Shopify's core, ~you know, ~product, whatever that is. Yeah. You can use like the Shopify API and I think you can deploy to Shopify and make your own, roll your own thing, which, yeah, I think that's where they were looking at, like the whole react router thing.

~Um, ~but ~that's, ~that's his own, ~you know, ~remix three and React router is its own thing.

Paige: Very much. All right, so let's talk a little bit more about the open source, the governance, the security that you were mentioning before and how that's. Because open source has hit new highs, even though we were just talking about some of the lows. There are 1.12 billion contributors according to the report.

~Uh, ~500 and. 18 million merged prs, which is just staggering to think about and massive growth in some of the AI infrastructure repos, like the LLM Llama Rag flow. So [00:29:00] alongside some of our evergreen ecosystems like VS. Code and Go Dot and Home Assistant. But like we've talked about, the governance is not keeping pace.

~So. ~I didn't realize how bad this was because I feel like most of the stuff that I use either in GitHub or on NPM has read mes, but only 63% of public repos have read mes.

Jack: Oh, my guess is that, and they only have them because literally whatever they U were using to bootstrap the thing had to read me in it.

Paige: Yeah, exactly.

Jack: the stock read me of whatever that was. Yeah,

Paige: So 63% have a read me 5.5% include a contributor guide and 2% ship with a code of conduct. Can you, ~I mean, ~is that possible?

Jack: si. Yeah. ~You know. I mean, ~I think all the hand stack does. So that's good. It definitely gives,

Paige: is miles ahead

Jack: yeah, 2%. Yay. ~Uh, ~yeah,~ it's,~ it's sad, right? Because it really should be out there. ~Um. ~Yeah. ~I, ~I think it's just because at the end of the day, like I, [00:30:00] I don't know what all these repos are. Like 1.1 billion people out of a planet that's got 8 billion people on it.

That means that e every one in eight people are open source. Could I don't ~I mean, ~what. Where does this

Paige: are they putting these numbers together?

Jack: don't know. ~I, ~I really would want a definition of that maybe. Is that just GitHub users, ~you know, and if, ~and if so, yeah, maybe ~like, ~I'm sure there are services out there that like park some user data on GitHub or make it GitHub account for you automatically and you have no idea or whatever.

And yeah,

Paige: ~Well,~ it says 1.12 billion contributions, so

Jack: Oh, okay. So not,

Paige: that makes more sense

Jack: That makes more, yeah, that makes more sense. All right, cool, cool, cool.

Paige: There are some people who are just prolifically creating stuff that other people are consuming.

Jack: Some entity is prolifically creating something where entity might be a human or might not be, might be a bot that's looking around for, ~you know. ~Packages [00:31:00] that are weekly maintained, but have a lot of downloads and are thus, ~you know, ~potential vectors for, ~you know, ~virus attack is my

Paige: And s and speaking of that, on the security side, critical fixed times improved from 37 to 26 days. Helped along by depend Abot, which a lot of packages have, all of our, a lot of our repos have it as well ~at ~at Blues and by AI AutoFi, which I have actually never used.

Jack: never used that either. Wow.

Paige: Didn't really know that was a thing, to be honest.

Jack: ~I'll be honest. You know, ~I was looking around at the GitHub, like settings yesterday for copilot, and there's just so many products in there. Like ~I, I did, like, I, whoa, you know, like ~it's grown exponentially.

Paige: Yeah, trying to keep up with the new features that are added is almost an impossible job in itself.

Jack: Yeah. Yeah. ~I mean, ~you almost need somebody at work who's like the person that just keeps the whole team or all the teams sort of up to date with, like what they could be using or whatever. It's crazy. Yeah. ~And is it, you know, sort of ~tangential to [00:32:00] this, I've heard this interesting metric about Microsoft 365, ~um, ~and they've got their own version of.

Copilot. ~Right. ~And I think the percentage use was like 1.8% of all Microsoft 365, ~you know, ~folks are using this.

Paige: Yes,

Jack: doesn't really have

Paige: low

Jack: shockingly low. ~Right? ~Yeah. ~So, you know,~

Paige: ~and the amount of,~

Jack: ~people.~

Paige: ~yeah, and the,~ not only are people not using it, but even if they have access to it, they might be getting it for free. Like typically you would have to pay $30 a month or something on top of your Microsoft subscription to have access. But I think because the adoption rates have been so low.

They're actually giving it away either at steep discounts or for free, ~kind of ~bundled into a Microsoft oh 3 6 5 account.

Jack: Yeah. Can I just encourage people out there if you have access to it, use it. ~You know, I mean, ~you could use it for things like grammar checking. ~You know, I, ~I get a lot of emails that are just like, oh my God, did you not like, like [00:33:00] I'm sure there are red, red squigglies around all this. ~Like, ~what are you doing?

Yeah, it's crazy.

Paige: true. That's true. ~But you know, ~going back a little bit to ~the, ~the security and the governance and what is popular or what seems to be growing in importance, do you think that kind of the AI infrastructure projects that we talked about, like O Llama and the LLM and things like that, are those going to become the new platforms that developers are building around since they're obviously some of the most contributed to projects at the moment in GitHub?

Jack: Yeah, probably certainly ~like the, ~the value of that OO lama. So if you're not familiar with ~ol lama, ~ol lama allows you to run models locally. So if you have ~some, ~some decent GPU hardware lying around, ~you know, ~you don't have to pay open AI slash ~uh, you know, ~or. ~You know,~

Paige: Perplexity.

Jack: perplexity, hugging face, philanthropic type money for these things, you can basically just use that GPU hardware to crank through making your embeddings ~or, ~or doing the LLM chat work or that kind of [00:34:00] thing.

~And yeah, you know, a lot of these, these, and~ we've been talking about this a lot ~on, on front and fire,~ about like the idea that these smaller network models, so yeah, every model has like end number of billion. ~Uh, you know, ~connection points,~ um,~ and ~the, the, ~the one,~ the,~ the frontier models have, you know.~ you know. ~I don't know, thousands of billions or whatever, they run a massive hardware.

But the smaller ones, ~you know, ~like the three B models have actually gotten quite good. ~And you can run those on,~ you can run those on your laptop and have a chat session. ~I mean, ~you might not get really great token throughput, but you drop ~a ~a, a decent GPU on that and ~you can,~ it can be snappy and then you can go and host a service on that.

And so that's why I think you're gonna see, ~you know, ~a lot in that space is people want to control, hey. So many projects out there that are, like all of these projects, like all of, there's a huge wave of projects. As you say, they're all using LLM adapter libraries, which means they're all basically AI projects, which means that, ~you know, ~they could potentially, instead of going with an open AI subscription, go with, ~you know, uh, an o ~an O Lama dedicated hardware, and they probably wouldn't even need to host it.

They could probably just go and. ~You know, ~go to some [00:35:00] company that has that as part of their, ~you know, ~standard, ~you know, ~setup is ~like, ~okay, you wanna host your app? ~Well ~cool, here's, ~you know, ~here's, you can also buy GPU access and we can go and put a model on it for you. And there you go. You're done.

Paige: ~Mm-hmm. ~any models in particular that you would say you've had good luck with? For running locally?

Jack: ~Um, ~they're hyper-focused, right? So every,~ like,~ if you want just a more of a chat tool, chatting, tool calling thing, ~like ~something, ~you know, ~oh, I could, ~you know, ~oh my God. You could, ~you know, ~the usual flight reservation system thing that people talk about,~ uh,~ there was one that I looked at just recently, small lm, where it's like S-M-O-L-L-M three from hugging face where that was actually.

Really good ~at, ~at doing that. ~Kind of like, you know, ~hey, we'll just talk to it and it'll make a reasonable decision about calling a tool. ~Right? ~And so that, that can actually be a really nice way to test stuff without paying the tokens. 'cause usually our AI tests are, ~you know, ~put in enough of a prompt to make it call this tool.

See what comes out the other end. [00:36:00] There you go. Either worked or didn't ~kind of ~thing, and so you could run that kind of thing. ~Um, ~I haven't really looked at the small coding models, but I know some folks are using that for their, like visual studio. They'll bring in Klein or something like that, and then they'll just use like an a lamo with ~like ~a, I think there's a bunch of different little coding models out there that are supposedly, ~you know, ~pretty good.

~And, ~and that's where I see, ~you know, ~that kind of thing going is. Because ~these, ~these models, these high-end models, like the, ~um, you know, ~sonnet four, five, and all that are all heavily subsidized. So it's all, ~you know. ~You pay a dollar, they're paying three. ~Right? ~Because they just want customers. That's not sustainable.

So my guess is what's gonna happen is the frontier models are going to become more like project manager kind of folks, and then they're gonna farm out like, oh, we need a form here to some really small, ~you know, ~three B model that's really good. And making and turning human readable text. For ~a, ~a definition into, ~you know, ~a formic form or tanic form or whatever, and, ~you know, ~that kind of thing.

~Um, ~yeah. So ~it's, ~it's [00:37:00] gonna be interesting. But yeah, no, I definitely see a lot more interesting.

Paige: So it'll be like, ~kind of ~like the subagent,~ uh,~ orchestration that we've talked about ~and, ~and that some companies have already ~kind of ~tried to pioneer of ~like ~one main orchestrator and then all of their little subagents doing ~little, ~little tasks underneath them.

Jack: With specialized models ~that, ~that are really focused for that, which is good. 'cause ~I mean, you know, ~do you really need a, an application, ~you know, ~a model that can talk to you about heart surgery that can also do, ~you know, ~a form,

Paige: Yeah.

Jack: HTML form, ~you know, you know, ~you don't need that,~ well,~ what they call,~ um,~ a mixture of experts model, MOE model.

Yeah, I'd rather have ~like ~one model that's ~really, ~really good at heart surgery and another that's ~really, ~really good at coding.

Paige: And honestly, that kind of a workflow seems to have proven out, at least right now, to be better. ~Like ~if you have multiple different things that your app needs to do that are LLM related, breaking them down into discrete individual tasks that have their own prompts and have their own context. Seems [00:38:00] to work a lot better than just giving it all the things at once and asking it to try and make sense of it.

Jack: Yeah. Yeah.

Paige: Okay, so ~let's, ~let's go back a little bit to, to talk about how the documentation, as we've said before, is not really keeping up in terms of the OSS things that, ~you know, ~read mes are out of date or there are none. ~Um, ~do you think that this. Docs gap is going to be a problem for people who want to get into OSS or want to become first time contributors to it.

Jack: I think it's an opportunity for sure, and it's never been easier if you. Want, and that's a, that is ~a, ~a risk-free pr if somebody just wants to go and, ~you know, ~update my architecture.md file,

~you know, uh, ~great. ~I mean, ~I don't even act like that, ~you know, ~as long as it looks good like LGTM. Data comment mark that good.

'cause there's no way it's gonna a, it's gonna do bad stuff in my repo unless I get some really weird setup. ~Um, ~so yeah, no, that's, that is ~a, ~a fantastic way to get [00:39:00] started with an open source journey. And I know that obviously hiring is a big thing right now and it's hard to get jobs, hard to differentiate yourself.

And the, one of the ways that we've talked about,~ uh,~ in the past is you can either. And or,~ uh,~ write articles. Get yourself out there. ~Right. ~Do some podcasts, ~you know? ~Yeah. I think writing articles is probably the easiest way to go. ~Uh, ~or do some open source contributions or both. And, ~you know, ~we've talked about ~the, ~the path to writing articles is pretty easy.

~I mean, ~if you go and have some technical problem,~ like,~ oh, I, it was really hard for me to figure out how to make a login for this particular system, and there didn't seem to be any documentation out there on it. And you. ~You're, ~you're doing,~ you're,~ you're keeping notes in markdown as you go. Just add some little pieces of text in between the two, and now you got yourself an article, ~you know, ~and then you're, they become the person who's, who knows about that.

And Yeah. And vs code,~ like, you know, ~they'll do a lot of tab completion for you. They might write the article for you. It's pretty easy.

Paige: ~It's true, ~it's true. Even in this AI driven world that we live in now, you can still stumble across stuff that [00:40:00] will be helpful either for future you, 'cause I've definitely written articles like ~that ~that were so helpful for me years down the road or that will also be helpful to other people and the LLMs that are trying to figure stuff out.

'cause there's still stuff to be figured out. It really helps to have somebody write about it because that also, for me at least, and for probably everybody, it uncovers stuff that you don't really know because you have to teach, try and teach someone else. So those things that are ~kind of ~fuzzy, you'll get a much better understanding of by the end.

Jack: ~yeah, ~yeah. ~You know, ~what was this little option? What did that mean?

You know? And then it's ~like, ~oh, ~well ~I actually have to write something about that, so I gotta go look into it. See, oh, ~well ~that, oh, that does that. Oh, I, and here I could have saved myself some time if I just, ~you know, ~not read the docs.

But I guess they're bad, but, yeah.

Paige: Or if it's just something new, ~like ~if it's the new version of Spel or the new version of Tans Stack or just something that the LLMs haven't trained on yet, you can be one of those subject matter experts that they turn [00:41:00] to or other people turn to, to learn about this stuff.

Jack: Yeah, I wonder if we're gonna see, 'cause there's this thing called context seven, which is ~kind of ~interesting. It's an m an MCP server that you can put on your visual studio code and then it goes, and I think it looks at your local package, JSON. And it'll go and grab ~like. ~It'll go and turn the docs for whatever that is into, ~you know, ~human into MD files for the LLM.

I've had ~kind of ~mixed success with that. ~I, ~I tried it on,~ hmm,~ AI, SDK, V four, V five to V or V four to V five, which is ~a, ~a big pain in the butt. And it didn't get it,~ like, it, it, ~it kept rolling back to V four and it was like, I think it's this. And it was like, and then it would chew tokens. Getting those type errors, ~you know?~

And it would be interesting, I wonder if there's an opportunity there to have ~like ~curated versions of that where somebody's actually, like a human has gone through this and been like, oh, that, that's wrong. That's right,

~that's wrong.~ And then, ~you know, ~clean it up and I don't know, maybe that's a service, I don't know.

Paige: Yeah, ~I mean, ~contact seven. I've used it a [00:42:00] little bit, although I tend not to be on ~the, ~the latest and greatest, like cutting edge JavaScript frameworks or whatever. So I haven't had too much of that issue, but. ~It's, ~it's right now, I think it's just a free open source thing that you can add. But if somebody were to turn that into a paid product where you could get better results, that would definitely probably be something that people would be willing to pay for.

Jack: Yep.

Paige: So one other question or thing that we can talk about is the, ~I mean, ~just the complete lack of codes of conduct and contributor guidelines. Do you think that those should be maybe a new requirement if you're gonna have some sort of an open source project? Like I, I'm not sure how GitHub would enforce it or how anybody else would, but my goodness just, ~I mean, ~it doesn't need to be long.

Just ~like ~put a couple lines in there about be nice

Jack: Yeah, be nice, right? Yeah, exactly.

Paige: to Maine, things like that.

Jack: Yeah. Although I'm pretty sure a lot of projects have, ~you know, ~pushed a main,~ um,~ yeah, and maybe like ~for, ~for entrance [00:43:00] into ~like ~an MPM. ~You know, ~or something like that, you, to have a sort of ~a, ~a low bar threshold on that. I know that NPM is now enforcing that. You have to have two fa on some of the more popular projects.

So yeah, there really should be, ~you know, ~let's be honest. ~Um, ~but, ~you know, ~a good code of conduct is always, ~you know, just, ~just for, ~you know, ~for everybody listening,~ just,~ just don't be a jerk. ~Right. ~Please don't be a jerk. Try and be 

Paige: are, there are people on the other end.

Jack: Yeah, and also ~like, you know, ~don't assume ~that ~that OSS folks are just like your.

~You know, ~servants or whatever. ~Right. You know, that, ~that the, I've seen, I've been in a bunch of discord channels of folks who are like, I need this answer now. And it's ~like, ~I'm not,~ what, what, ~what are you talking about? ~Like, ~I, your crisis is not me. My crisis like that. ~That's, ~that's not okay. ~You know, ~just don't do that, ~you know?~

Paige: Thanks for reporting this bug. If you would like to fix it, we would be happy to review your poll request.

Jack: Exactly right. ~And, ~and ~you know, ~those are often coupled with ~the, ~the terrible bug, which is, ~you know, ~it [00:44:00] doesn't work. ~What, ~what do you mean? What does that mean? It doesn't work. ~Right. Like that's ~that's crazy. Yeah.

Paige: Oh man, we could, I'm, we could go on about this for a while longer, but to keep the podcast moving along,~ uh,~ we will take a short ad break and then we'll go on to our hot takes for this episode. So this episode is brought to you by Log Rocket. Log. Rocket provides the AI first session, replay, and analytics, which surface the UX and technical issues impacting user experiences.

Start understanding where your users are struggling by trying it for Fleet, trying it for free@logrockets.com. Okay, so this is one of my favorite parts of every panelist episode that we do, which is the hot takes. They can be rants about anything that's going on in the dev world. They can be. Ridiculous.

They can be serious. ~So, ~Jack, do you have a hot take for us this time?

Jack: ~Um, ~my hot take is I think these billion, billion dollar companies should be ping it up ~for, ~for this free software. Like we're being used, we're being exploited,~ and, and, ~and I gotta, I'll be honest, like I've, I, that hackathon that I was just on. [00:45:00] It felt a little exploitative. ~Like, you know, ~you had these people who were desperate for jobs and you told them that, ~you know, ~if they win this context, they would get an interview with yc.

Not even a guaranteed job, but just a guarantee of an interview with yc. ~But you know, ~the, what they were doing was helping ~this, ~this company out. This company, it has millions of dollars of investment, right? To go and debug. Its. It's code and all that, and it's like I, we, our whole tech system is ~kind of ~built ~on, ~on multiple layers of exploitation and ~I, ~I, it's gonna come crashing down here at some point.

Paige: Yeah.

Jack: it's a hot take or.

Paige: No, but it's ~kind of ~the same thing that happens ~when you're, ~when you're an artist for instance, and they're like, oh, we're not gonna pay you to do this thing. But it's exposure

Jack: Oh yeah. ~Right. ~Yes, but that's exactly, you're right. That's exactly it. Your OSS is getting paid an exposure, which is,

Paige: yeah,

Jack: yeah, not

Paige: that doesn't pay the bills for

Jack: Nate exposure. Don't pay the bills. Exactly.

Paige: No, I think that's a really good one. ~Um, ~so my hot take [00:46:00] for this. This episode is gonna be that I don't think many of these AI powered browsers are gonna actually catch on with the general public. I think that who is using them, they're all tech people, they're all excited about New tech.

They're all seeing all the,~ um,~ problems with them. The. Privacy concerns, the open source or the script injections that are happening, the prompt injections. And I honestly just think that normal people who don't, who aren't aware of these things, are not gonna adopt them. ~Like ~everybody knows how to use chat GPT, but beyond that, I don't think they're gonna get the benefit of these AI browsers the way that the tech world hopes they will.

Jack: I don't even think everybody knows how to use trap GBT. I think ~that ~that's, you know it, there's certainly a young. An element ~of, ~of the current generation of young folks. I know my, one of my,~ uh,~ nieces is like, it literally has a longstanding relationship with GBT, ~you know. ~Probably the most consistent man in her life.

~Um, but, ~but yeah, ~I mean ~the, and, but she only uses it on mobile. ~Right. ~And so [00:47:00] she's not gonna get any benefit outta that now. ~I, ~I, you're right. You're absolutely right. It is gonna be a bunch of hardcore geeks and it's going to,~ uh, ~try and fill that void that we've been talking about for years of the agentic thing that's gonna go do all my travel agency stuff for me, which most people don't even want anyway.

And I probably wouldn't want. ~So,~

Paige: No, all we've seen are the limitations of these browsers and how bad the agents can be, not. How they're saving anybody anytime or frustration it seems ~like.~

Jack: And I mean that prompt injection thing, is anybody come up with a cure for that?

Paige: no.

Jack: No. Yeah.

~So,~ 

Paige: every time a new browser comes out, a new paper comes out on how it's vulnerable. ~That's, ~that's all that happens, is that there's yet another attack vector that's been opened up.

Jack: ~Right. ~Yeah. ~On a, ~on a browser that 0.0, 0 0 0 1% of people ~in, ~in the world use. Yeah. Whoops. Oh,~ well,~ yeah. Yeah. I wouldn't wanna be

on one of those teams. I don't think there's a lot of there. There.

Paige: yeah, I just, I don't, I think that the idea is [00:48:00] great, but I think that the execution is not going to make it ubiquitous and adoptable by the majority of the world in the end.

Jack: Completely agree.

Paige: Yeah. ~Well, ~Jack, thank you for joining us. It has been a very fun top topic of talking about the Octa versus report that neither of us knew existed before now, so that was really cool.

We'll, I'm sure we'll talk about it again in the future and we'll see if TypeScript continues to rule the world 

Jack: it will. Yeah.

Paige: But yeah, thanks to everybody who's been listening, and we'll see you on the next episode of Pod Rocket.

Jack: Thanks for having me.