Since the explosion of AI coverage in late 2022, this is truly the very first interview that has given me things to think about, was incredibly interesting, and isn't riddled with misunderstandings. Thank you, both of you, for doing this.
Arguably, two of the most intelligent people in social media...AI is a subject we need to understand and take seriously for almost all creation and interpretation of information going forward...
Great interview as usual, but I wish you would have followed up on Hoffman's offhand claim that open source is "less safe" - I wasn't sure if he meant in general or just in the case of AI models, or just in the case of government-controlled AI models, but regardless, more elaboration here would have been very illuminating (and of course, it seems almost certain that Hoffman has a vested interest in closed-source AI models (he was on the board of OpenAI and while I don't know his exact portfolio at the moment of this interview, it seems pretty reasonable that he still has holdings in OpenAI and/or other firms in this niche)).
In general, the vast majority of open-source code is "less safe". Known vulnerabilities won't be fixed because there is no incentive to do so. The most actively maintained OS code are maintained by people on the payroll of private companies and not by the "many eyes". Open Source Security and Risk Analysis 2023 84% of codebases contained at least one vulnerability 48% of codebases contained high-risk vulnerabilities 89% were more than 4 years out of date 91% contained components that weren't the current version 91% had received no development activity in the last 2 years 88% contained components with no activity in the last 2 years and contained components that weren't the latest version. OPERATIONAL RISK IS PERVASIVE "A worrying number of codebases contained open source that had no development activity and no user updates in the last two years. When no feature upgrades, code improvements, or security remediation occurs for 24 months, it’s likely the project is no longer being maintained at all."
@@calvinsylveste8474 showing a bunch of stats about open source is meaningless if you don't have the corresponding stats for proprietary software (the question is about open source being LESS safe). There are billions of examples of private companies dragging their feet and not fixing known vulnerabilities mostly because they can just supress public knowledge of them. As for abandonware, sure it's full of bugs, but abandonware isn't a problem unique to open source.
