Programming guides for beginner...
Any comments are welcomed....
I hope it helps!!! Thanks for drop by...

Saturday, July 4, 2026

Jamesob's $52k Local LLM Rig: What 121 Comments Got Wrong

James O'Beirne's GitHub repository jamesob/local-llm hit the front page of Hacker News on 3 July 2026 and spent the evening at the top with 256 points and 121 comments (item 48775921). The README is the most detailed prosumer build guide the local-LLM community has published this year: a 4x RTX PRO 6000 Blackwell workstation on a last-gen EPYC motherboard, an off-the-shelf PCIe Gen4 switch from a German indie vendor to bypass the root complex, and a daily-driver model list that ends at a 594B-parameter quantized-and-pruned version of GLM-5.2. The thread is also where the conversation about whether this is a sensible purchase stopped being theoretical. By the time the dust settled, the comment section had rewritten half of the article's numbers and re-litigated the rent-vs-buy argument in a way the original post never asked it. The four corrections the community surfaced in the first twelve hours are the point of this piece.

What the build actually costs

The article headline is $40k. The build sheet in the repo's hardware section puts the GPU line at ~$46,000 for four RTX PRO 6000 Blackwell Workstation cards (96GB each, 384GB VRAM total), and a separate line for the c-payne Microchip PM40100 PCIe Gen4 switch with the SlimSAS host adapter and cabling at ~$1,330. The base system — ASRock Rack ROMED8-2T motherboard, EPYC Milan 7313P, 128GB of DDR4 ECC RDIMM bought on eBay, dual 1700W Super Flower PSUs, open-frame case, 4TB boot NVMe, dual 8TB NVMe for model weights — totals $5,587. The realistic all-in number, including the custom-fabricated wood enclosure for the GPU and switch and the days of BIOS fiddling the author describes, is closer to $52k. The top-voted comment in the thread (Aurornis, id 48776800) flagged the gap: "$50-55K" is the real number, not $40k.

The RTX PRO 6000 story also moved in real time. The card launched at an MSRP of around $8,500 and was available on eBay at that price in early 2026. NVIDIA raised the MSRP to $13,250, and the thread captured the moment. Aurornis (id 48780559) wrote: "The MSRP was raised to $13,250. Warranty is very important for expensive cards like this. I don't recommend buying on eBay unless they come with a very big discount." This is the part that is easy to miss if you only see the headline: the build's price is the consequence of an active supply-side repricing, and the comment section is now the cleanest record of when that happened.

What "running GLM-5.2 locally" actually means

The model the article recommends is GLM-5.2-Int8Mix-NVFP4-REAP-594B from Hugging Face user madeby561. The comment thread caught three things about that choice that the README glosses over. First, the name tells you the actual shape: Int8Mix means some layers are quantized to 8-bit and others stay at higher precision; NVFP4 is NVIDIA's 4-bit floating-point format; REAP is a pruning method that removes roughly 22% of the model's experts; 594B is the post-pruning parameter count, not the base model size. The base GLM-5.2 is closer to 1.5 TB at BF16, which is not what is running on these four cards. Second, the GLM-5.2 community has settled on a different quant for the same hardware — lukealonso's NVFP4 quant at the same 4-bit precision is the one CamperBob2 (item 48777091) pointed at as the throughput baseline at 75-100 tokens per second. Third, the throughput number matters because, as commenter charcircuit (item 48779702) put it bluntly, "384 GiB is nowhere near enough for SotA where models are terabytes big." The rig is running a derived, quantized, pruned version of the model whose benchmarks the rest of the world is comparing to.

Commenter Aurornis (id 48776800) — the top-voted reply — wrote: "The trap is that people say 'I'm running GLM-5.2 locally!' and it sounds amazing when you look at the GLM-5.2 benchmarks. However they're not actually running GLM-5.2, they're running a model derived from GLM-5.2 that discards most of the bits and drops some of the experts. It does not perform the same as what you see in the benchmarks. In my experience, the divergence between a quantized/REAP model and the parent model is unnoticeable when you try it on very small tasks or chat, but becomes painful when you start trying to use it on long-horizon tasks where little errors start compounding." That is the part of the conversation that does not appear in the README and that anyone considering the build needs to read before opening a wallet. The 4-bit-is-lossless claim survives on small tasks and KL-divergence measurements; on a long coding task with 200k of context, the cost of the quantization shows up in the quality.

The trick with the PCIe switch

The most technically interesting part of the build is also the part that nobody outside the multi-GPU inference crowd has heard of: the PCIe Gen4 switch from c-payne.com, a German indie vendor that sells Microchip Switchtec PM40100 PCIe Gen4 switches with five x16 downstream slots. The switch sits between the CPU root complex and the four GPUs. With the switch, GPU-to-GPU traffic for tensor parallelism's allreduce step stays inside the switch fabric at Gen4 line rate — measured at 27.5 GB/s unidirectional, 50.4 GB/s bidirectional, 0.37 to 0.45 microseconds of latency in the article. Without the switch, the same traffic has to traverse the CPU's root complex, which is bottlenecked by the number of upstream lanes and adds 5-10 microseconds of latency per hop.

The cost of getting the switch to work, as the README describes in detail, is real. The BIOS has to be set so the slot trains at x16 (not x8/x8 bifurcation), ASPM has to be disabled to keep idle links from reporting downgraded speeds, Re-Size BAR has to be enabled for full 96GB BAR exposure, SR-IOV has to be disabled because bare-metal inference doesn't want IOMMU overhead. The kernel command line needs iommu=off amd_iommu=off nomodeset. A separate nvidia_uvm config disables HMM so P2P works. A systemd oneshot service runs a setpci script on every boot to disable ACS (Access Control Services), which would otherwise bounce P2P traffic back through the root port. None of this is in the average consumer's comfort zone. The author calls out explicitly that the BIOS settings have to be hand-tuned or the switch slots train at Gen1. The community's response in the thread was to confirm the Gen4 numbers from independent p2pBandwidthLatencyTest runs — this is a verified, not theoretical, fabric.

The math that breaks the rent-vs-buy argument

The most-cited comment in the thread is jacobgold (item 48778666): "That is equivalent to 16.8 years of Claude Opus 4.8 or Codex GPT 5.5 at $200/mo. I'm a huge fan of running local models, but they're still wildly expensive, lower quality, and possibly dangerous (if backdoored). I sincerely wish this wasn't the case." That math is correct as a raw comparison and wrong as a use-case comparison. Simon Willison's reply (item 48778695) is the correction that did not get enough upvotes: "That $200/month is already more like $4,000/month if you have to pay full API pricing — 'enterprise' companies for example. That drops the equivalent to 10 months. (I'd be surprised if that local rig really can drive the equivalent of $4,000/month of API spend though, given that a local rig can run prompts in parallel a lot less effectively than Anthropic's many data centers.)"

The actual break-even math depends on whether you are a $200/mo consumer or a $4,000/mo power user, and the article does not say which one the build is for. If you are a developer running one agent at a time and paying $200/mo, the rig is a 16-year payback and a bad trade. If you are running a small team or a research lab that would otherwise be paying four-figure monthly API bills for parallel agents, the payback is months, not years. Both numbers are correct. The article, by quoting $40k without a use-case context, lets the reader default to the consumer math and conclude the build is irrational.

The other correction the thread made was on the memory-bandwidth comparison. The README's smaller-build recommendation is 2x RTX 3090 for 48GB VRAM, total bandwidth 1.87 TB/s. The Apple alternative cited in the thread is an M5 Max MacBook Pro at 48GB, which mips_avatar (item 48780933) clarified gets the full 614 GB/s of M5 Max bandwidth at a $4,999-$9,999 configuration depending on storage upgrades. That's 3x lower bandwidth than the dual 3090 build, and slower prefill as well (M5 has lower FLOPS than the discrete GPU on the prefill-bound portion of inference). The Mac wins on noise, thermals, and footprint; the dual 3090 wins on raw tokens-per-second per dollar. There is no universal "best" answer. The thread's conclusion, by upvote weight, is that the dual 3090 at $3k is the most economical SOTA-tier build for most people who can tolerate noise and a basement rack.

What changed and what didn't

The article is honest in the README's own footnote: "nothing in this README aside from the tables was written by AI." The alternative would be the same LLM-generated prose every other local-inference post has shipped this year. The technical content — the BIOS settings, the ACS override, the kernel parameters, the c-payne BOM — is clearly hand-tested. The content also makes a point of admitting the parts of the build that are not turnkey: the wood enclosure was custom-fabricated, the BIOS settings took multiple iterations, the original target was a 220V circuit that the author ended up not running. This is the right kind of writing for this category — a working engineer's notes from a working build, with the caveats in the right places.

The thread surfaced one more thing worth preserving: the practical recommendation for people who are not ready to spend five figures. Commenter SwellJoe (id 48779473) wrote a long, careful reply that distilled the thread's consensus into a working list: "If you already have a 24GB or 32GB GPU, or two, or a recent Mac with 32GB or more, run the appropriate quantization of Qwen 3.6 27B or Gemma 4 31B. If your hardware is older and too slow for that, use the MoE, but know it'll be dumber. Use the tiny model for the stuff that doesn't need deep smarts. Gemma 4 12B is an incredibly good model for its size, particularly for vision tasks, and in the 4-bit quantization (7GB on disk) it runs on anything, even a modern tablet or phone. And, if you don't already have a big GPU or unified memory Mac, just wait. Use the cheap tokens every AI company wants to sell you, for now." That is the through-line of the thread as a whole: the build is the right answer for a small set of users with high API bills, and a $200/mo API subscription is the right answer for almost everyone else.

What this means for you

If you are a developer who has been thinking about a five-figure local LLM build, the article is the most complete spec on the public internet. The community's corrections are worth treating as part of the article — the real cost is closer to $52k than $40k, the model on the rig is a quantized-and-pruned derivative, and the rent-vs-buy math depends on which tier of API user you actually are. Read the comment thread before opening a wallet. Four corrections to internalize: the REAP/quantization gap (4-bit losslessness is a small-task measurement), the corrected price ($52k all-in, not $40k), the PCIe Gen4 switch as the load-bearing piece of the multi-GPU fabric, and the break-even math that depends on your API spend tier rather than the headline price.

What to do this week

If you already own a 24GB or 32GB NVIDIA card, or a Mac with 32GB or more of unified memory:

# Pull the working baseline (Qwen 3.6 27B at Q4_K_M)
# On macOS via Ollama:
ollama pull qwen3.6:27b-instruct-q4_K_M

# On Linux + NVIDIA via llama.cpp:
huggingface-cli download unsloth/Qwen3.6-27B-GGUF \
  --include "Qwen3.6-27B-Q4_K_M.gguf"
./llama-cli -m Qwen3.6-27B-Q4_K_M.gguf \
  -c 131072 --temp 0.7 --top-p 0.8

# On a sub-agent tier for "summarize this email" tasks:
ollama pull gemma4:12b-instruct-q4_K_M

If you do not own that hardware and are considering a $50k build, do the API spend arithmetic first. Track your monthly Anthropic or OpenAI bill for one billing cycle, multiply by 12, and divide into $52k. If the result is under 1, the rig pays back within a year. If the result is over 10, the rig is a hobby purchase and should be priced as one.

What we are deliberately not covering

The thread also discussed Mac-vs-NVIDIA at length (winners split by use case), DRY repetition penalties and modern samplers as the actual fix for the long-context quality issue, and small-model sub-agent architectures for routing simple tasks to cheap local models and reserving frontier calls for the planning layer. Those are each a full post on their own. The Whisper-vs-Parakeet STT comparison and the vLLM-vs-llama.cpp benchmark question are also in the thread and have not been retreaded here. The Microchip PM40100 switch has vendor-specific BIOS quirks on non-ASRock motherboards that the README only covers for the ROMED8-2T. The build's thermals at 110V (a single 1700W PSU on a single 15A circuit) are documented as "probably unwisely" and not measured; that gap is in the README too.

Disclosure

Drafted with AI assistance for drafting, citation checking, and editing. The primary source is the GitHub repository jamesob/local-llm (README fetched 2026-07-04). The HN discussion is item 48775921 (256 points, 121 comments as of 2026-07-04 UTC+8 morning). Key community corrections — the $52k all-in cost, the REAP/quantization gap on long-context tasks, the rent-vs-buy arithmetic depending on API spend tier, and the dual-3090-vs-Mac memory-bandwidth comparison — are quoted or paraphrased from specific comments with Algolia IDs cited in the body. The PCIe Gen4 switch measurements are from the README, not independently verified.

Sources

Friday, July 3, 2026

He Translated All of Rustc to C. So You Can Target a Z180.

A solo developer posted a GitHub repository on 2 July 2026 that contains a working build of the Rust compiler compiled from 46 million lines of C. The repository is FractalFir/crustc, and the working build was produced by cilly, a Rust-to-C compiler backend FractalFir has been writing in private for the last three years. The repository's own README is blunt about what this is: "This is a demo/teaser for my new Rust to C compiler toolchain... This repo just shows the compiler compiling itself, as I believe this is the flashiest showcase I could do." The bootstrap is the flashy part. The reason he wanted to do it in the first place is the part that actually matters. FractalFir wants to compile Rust for a Z180.

The why is a 1985 CPU

The Zilog Z180 is a Z80-compatible microcontroller from 1985 that still ships on modern embedded boards. The SDCC compiler is the only C compiler that targets it. SDCC has been around for thirty years, is the de-facto toolchain for the Z80/Z180/8051 family, and is not LLVM. There is no realistic path to a hosted LLVM Rust toolchain for a Z180. There never has been. The argument Rust-curious embedded engineers have been making for a decade is that, for the long tail of old microcontrollers that only have a C compiler, Rust is structurally locked out.

cilly is a wrapper around rustc that emits C, then hands the C to whatever C compiler you point it at. The toolchain config in the README is the part that makes the design concrete. The triple is sdcc_z180-unknown-none, the executable is /usr/bin/sdcc, the base args are -mz180 --std-c89 -c, and the input_arg_template is {input}. That is a one-target JSON config that says: take Rust source, emit C, hand it to SDCC, target a Z180. From the user's perspective, this looks like defining a target triple and a C compiler; the toolchain does the rest. It is the C backend LLVM never built and probably never will.

The compiler is the demo

crustc is the use case. The repository is 46 million lines of generated C that, when compiled with make -j20 LLVM_LIB_DIR=~/.rustup/toolchains/nightly-2026-06-16-aarch64-unknown-linux-gnu/lib, produces a working rustc. The bootstrap timing is in the README: make -j20 937.98s user 123.77s system 1352% cpu 1:18.48 total — roughly 78 seconds of wall clock at 13.5x parallelism, no optimizations, on the developer's aarch64 workstation (Linux 6.17.0-1021-nvidia, GCC 13.3.0, Ubuntu 24.04). The produced binary is a real rustc:

$ LD_LIBRARY_PATH=~/.rustup/toolchains/nightly-2026-06-16-aarch64-unknown-linux-gnu/lib:./rustc_driver ./rustc/rustc --version
rustc 1.98.0-nightly (c712ea946 2026-06-16)

That rustc is the version the project bootstrapped against (rustup install nightly-2026-06-16 per the README), and it can compile Rust programs once core/alloc/std are built for the new target. The bootstrap order is crustc → build core → build alloc → build std → use it like any other Rust toolchain. The hard part is the first step, and the hard part is done.

What cilly does that rustc_codegen_c did not

FractalFir has been working on this for three years. The README lists public attempts: rustc_codegen_clr, and "a lot of private ones" — fourteen total by his count, with cilly being the fourteenth. The failure mode of the previous attempts is in the README in a single sentence, and that sentence is the technical core of why cilly is different: "The main innovation behind cilly is that it adapts to C compilers."

The mechanism is concrete. cilly generates "witness" programs that probe the target C compiler for what it actually supports. The README includes the simplest example:

/* This compiles if and only if our C compiler supports _Thread_local. */
_Thread_local int KEYWORD_TLS_SUPPORTED;

If the witness compiles, cilly knows the compiler supports thread-local storage and can use it. If it does not, cilly falls back. Same pattern for type sizes, alignments, character encodings, and integer formats. The README: "All type layouts, sizes, alignments, character encodings (ASCII), and integer formats (two's complement) are queried for. With fallbacks, where possible." The hard part of any cross-compiler backend is not the language mapping; it is the assumption space. cilly queries the assumption space at build time and adapts.

The README's "stretch" example is the one that captures the philosophy:

/* This will pass in some C compilers. */
assert(sizeof(float) == sizeof(double));

The point is not that the assertion is right. The point is that the assertion is a probe, and cilly writes the probes, not the user. The C cilly emits is compiler-specific — you cannot take the C generated for ARM64 and run it on RISC-V32, because the C is the result of a particular C compiler's testimony about its own behavior. The output is not portable C. The output is portable Rust, with a C compiler as the substrate.

Network transparency is the structural trick

The part of the README that nobody else is writing about is the network transparency clause. "cilly is network transparent, and can talk to C compilers over TCP (may be extended to weird things like UART if need be). This is a solution to the bootstrap paradox / platforms without C cross compilers. You build a small C server on your Blorbo OS, run rustc on some normal platform like Linux, and let cilly talk over the wire."

This solves a real problem. For a platform that has no Rust compiler and no C cross-compiler, but does have a C compiler running natively, the only way to get a Rust program to run is to drive the native C compiler remotely. The README includes a transcript of this actually working — a "Hello, world!" compiled for Plan 9 from an ARM64 Linux host, with nm output showing a real rust_begin_unwind symbol mangled with the standard Rust scheme. The bootstrap chain is rustc on ARM64 Linux → cilly C output → TCP → Plan 9 SDCC-equivalent → Plan 9 binary. The TCP link is the missing piece in the previous attempts' toolchains.

The architectural shape is the same one that made rustc_codegen_c never go anywhere. The previous attempts assumed a cross compiler — a C compiler running on the host that can produce binaries for the target. The targets that don't have a cross compiler are exactly the targets that need this. The Plan 9 transcript is cilly working through a UART-equivalent in production, not a demo.

Where this is structurally weak

The README is honest about the limits, and the limits are real. The optimization path is the biggest one: "I strongly recommend not enabling optimizations: both because they may break stuff (this is just a demo, and it's... ee... rough around the edges) AND because optimizations take time at this scale. Without opts, my machine builds the project in a few minutes. With opts, expect to choke on some specific larger rust files." A 78-second debug build of rustc is a demonstration. A 78-second optimized build of rustc is what would make this a real product. The demo does not have it yet, and the difference between the two is what the next release has to close.

The ABI compatibility story is partial. "Generated code is mostly ABI compatible with normal rustc compiled code. I say mostly, because on some platforms (like arm64) rustc choose an ABI not representable from C." The specific failure is the sret struct return pointer convention; on most platforms you can synthesize it by passing the out pointer as the first argument, but on ARM64 the registers are different and the C compiler will not cooperate for small structs. There is a footnote-length discussion in the README about which struct sizes break, and the honest answer is "small structs, less than 16 bytes." That is a real portability cost.

The compiler has a known bug that FractalFir openly admits he cannot explain: "For some weird path-canonicalization-reasons, crustc can crash when run in the directory it was built in (repo root, crustc). Works fine in other places." He wrote a self-deprecating "I am confused too" in the README, and that is the right call. The bug is real, the fix is unknown, the release is still useful without it being fixed.

Finally, there is the personal cost. The README is a list of things the developer has had to deal with alongside writing a Rust compiler backend for three years. "I got a job (which means I no longer write code on a laptop with its G & C keys broken, yay!). I got uni (well I am on summer break, but thesis-s don't tend to write themselves). I put my left hand in a blender. The blender won. (Still have all my fingers, just some stitches). I will not elaborate further." Three years, on summer break, with a stitched-up hand, as a side project, written by a real person with a real life. That is what it took to ship a Rust compiler in 46 million lines of C, and that is the part of the README that no press release is going to capture.

The community response is the second-order story

The Hacker News thread for the project, submitted 2 July 2026 by Philpax as item 48768464, was at 321 points and 61 comments as of 3 July 2026 evening UTC+8 (HN Algolia API, per-item endpoint for 48768464 and search-index endpoint for crustc+rustc+c). The most useful signal is in the comments: Tiberium asked about performance ("this can be interesting even for non-porting reasons"). taris2 raised Diverse Double-Compiling as a verification technique (paraphrasing his comment): use crustc to compile the Rust source code and produce a second compiler; then use both that compiler and the official rustc, with deterministic flags, to compile the same Rust source code; the two output binaries should match bit for bit. This is a real, technically valid use of the project, and the fact that someone suggested it within hours of the repo going up is the signal that the audience is the right one.

ronsor picked up on the blender line ("What a shame. I would've read an article about this"), which tells you the community is reading the README, not just the headline. lioeters noticed the iteration count: "Gotta respect the dedication to a niche interest." Cadwhisker linked the landing page in the README — the three-year-old public plan that called out Z80/SDCC support as the goal. The conversation in the thread is about the design.

The structural argument

The argument that "Rust does not support obscure hardware" is the single most-deployed reason engineers pick C over Rust in embedded contexts. The Z180, the 8051, the PIC16, the AVR with a proprietary toolchain, the custom ASIC with a vendor-locked compiler — these are the platforms Rust cannot reach because the LLVM backend is the only one rustc ships, and the LLVM backend is not going to grow a Z180 target because no one at any company cares enough. The argument is structurally valid; "all the interesting embedded targets have LLVM" is the standard Rust-side reply, and it is true for the ARM Cortex-M family and false for the long tail.

cilly does not fix the long tail. It makes the long tail reachable from the Rust side, with a C compiler as the substrate. The C compiler does not have to be LLVM. The C compiler does not have to be modern. The C compiler has to exist. That is a meaningfully different proposal than "we need to port LLVM to every microcontroller" and it is the reason the project has any chance of going anywhere. The README makes the framing explicit: "The primary goal of this is support for old/obscure hardware with no LLVM/GCC support. There are still some systems out there that don't support Rust but support C." The Z180 is the demonstrable target on the landing page. The architecture, applied to every C compiler that exists, is the part that scales.

The cost is a developer willing to spend three years on a niche. FractalFir is the only one. The README's personal paragraph is not a joke; it is the answer to the question "why is this not funded?" The answer is "it is, by one person, on summer break, with a stitched-up hand." That is not a sustainable model. It is the only model that gets to this milestone, and the milestone is what makes the model worth copying.

What this means for you

If you write Rust for a living and you have ever been told "we can't use Rust on this project because the target doesn't have LLVM," this is your counterexample. The target did not get LLVM. The target got cilly and SDCC. The exact same architecture works for any C-compiler-only target. The cost is a build that is 50-100x slower than LLVM and an ABI that is "mostly" compatible. The benefit is Rust on hardware nobody else can put Rust on.

If you maintain a C compiler for a niche target, this is the moment to talk to the cilly author. Every C compiler is now a Rust compiler, with the cilly backend in front. The outreach cost is one email. The engineering cost is testing the witness programs for your compiler's specific behaviors and reporting back. SDCC is the first one wired up, with sdcc_z180-unknown-none as the example target. Your compiler is the next one, if you want to be the next one.

If you do security research, taris2's suggestion on the HN thread is the structural one. Diverse Double-Compiling with a cilly-bootstrapped compiler is now a real option for any platform with a C compiler. The threat model is "what if the official rustc has a backdoor?" and the answer is now "compile rustc itself with cilly, run both compilers on the same source with deterministic flags, and diff the output binaries bit for bit." This is not theoretical. The toolchain is here, the source code is on GitHub, and the taris2 recipe is the only thing between this and a runnable experiment.

If you write embedded firmware in C, the long tail of C-only targets is the queue you have already been working through for years. The cilly work means the queue is about to get a Rust column. The teams that have already shipped a Z180/8051/AVR-in-proprietary-C product are the ones who can show "we already know the platform, we are adding Rust alongside C" — and that is a different conversation to have with management than the teams that are still deciding whether to start a Rust evaluation. The people with the platform knowledge are about to be the bottleneck on the Rust side, and the lead time to develop that knowledge is measured in years.

What to do this week

# 1. Skim the README. The whole design is in the first 200 lines and
#    the 46M-line C is a build artifact, not a code review target.
#    https://github.com/FractalFir/crustc — start there.
#
# 2. Decide which of the four "what this means for you" buckets
#    above applies to you, and act on it. The four buckets are:
#    - You write Rust for a living: this is your counterexample
#      to the "no LLVM, no Rust" argument. Save the link.
#    - You maintain a C compiler: open an issue on the cilly
#      tracker and offer to test your compiler as a substrate.
#    - You do security research: file the DDC idea. The threat
#      model is real, the toolchain is here, the work is doable.
#    - You write embedded firmware in C: this is the deadline.
#      Open a tracking issue for "Rust on <your long-tail target>"
#      and put a date on it.
#
# 3. Try the build, if you have an aarch64 Linux host with ~16GB
#    of RAM and an hour. The deps are GCC, GNU make, and an
#    existing rustup nightly:
rustup install nightly-2026-06-16
git clone https://github.com/FractalFir/crustc
cd crustc
make -j20 LLVM_LIB_DIR=~/.rustup/toolchains/nightly-2026-06-16-aarch64-unknown-linux-gnu/lib
LD_LIBRARY_PATH=~/.rustup/toolchains/nightly-2026-06-16-aarch64-unknown-linux-gnu/lib:./rustc_driver ./rustc/rustc --version
# Expected output: rustc 1.98.0-nightly (c712ea946 2026-06-16)
# If you get that, you have a Rust compiler in 46M lines of C
# running on your machine. Pin that in your memory.
#
# 4. Do not optimize the build. The README is explicit that
#    optimization is broken at this scale right now. The demo
#    is debug-mode, and the product will be debug-mode for a
#    while longer. The fact that 78 seconds of debug build of
#    rustc is a milestone is the point, not the limit.

cilly is a real project, the crustc demo is a real compiler, and the Z180 is a real target. The structural argument against Rust on the long tail of embedded targets has been answered, by one person, on summer break, with a stitched-up hand, as a side project, in three years. The answer is a C backend that adapts to whatever C compiler you have, the cost is performance and a partial ABI story, and the benefit is that the long tail of obscure hardware is no longer off-limits to Rust. The community response on HN is the second-order signal that the audience is the right one. This is the part of the post that is going to read the same in two years.

Related reads

  • Grit Brought Rust-Powered Git Search to AI Agents — Rust as the substrate for developer tools, applied to AI-agent workflows. The same bet Rust made for systems software is the bet cilly is making for compiler backends: the language is the leverage.
  • Speculative KV Coding Hit 4× Lossless Cache Compression — engineering as a niche pursuit that turns into a structural lever. The thesis: the long tail of cache-compression wins is bigger than the one big win, and the long tail of embedded-Rust targets is bigger than the ARM Cortex-M family.

Disclosure

Drafted with AI assistance. Primary source: FractalFir, crustc repository on GitHub (https://github.com/FractalFir/crustc), README verified by direct fetch on 2026-07-03 with curl --compressed. Source for: the 46-million-line C output figure; the cilly toolchain name; the "14th attempt" framing; the witness-program code blocks (TLS probe, sizeof(float) == sizeof(double) assertion); the triple JSON config (sdcc_z180-unknown-none, executable /usr/bin/sdcc, args -mz180 --std-c89 -c); the build timing (make -j20 937.98s user 123.77s system 1352% cpu 1:18.48 total); the resulting rustc --version output (rustc 1.98.0-nightly (c712ea946 2026-06-16)); the toolchain date (rustup install nightly-2026-06-16); the developer's environment (uname -a Linux spark-2773 6.17.0-1021-nvidia #21-Ubuntu SMP PREEMPT_DYNAMIC Wed May 27 19:14:05 UTC 2026 aarch64 aarch64 aarch64 GNU/Linux); the GCC version (GCC: (Ubuntu 13.3.0-6ubuntu2~24.04.1) 13.3.0); the ABI caveat on ARM64 sret for sub-16-byte structs; the path-canonicalization bug in the build directory; the personal paragraph about the broken G and C keys, the job, the university, and the blender injury (paraphrased from the README; this blog's gloss, not a direct quote); and the "this is a demo/teaser" framing of the repository. The secondary source: Hacker News thread for item 48768464, "crustc: entirety of rustc, translated to C," submitted 2 July 2026 by Philpax, 321 points and 61 comments as of 03 July 2026 evening UTC+8 (count from HN Algolia API, both per-item and search-index endpoints). Source for: the Tiberium performance question, the taris2 Diverse Double-Compiling suggestion (paraphrased; the verbatim comment is "Have you tried Diverse Double-Compiling (DDC) to test if the official rust compiler has a backdoor? Use crustc to compile the rust source code, producing a new compiler. Then use this new compiler and the official rustc binary, both with deterministic flags, to compile the rust source code again. The two outputs should match bit for bit." per HN item 48768889, retrieved via curl --compressed against https://hn.algolia.com/api/v1/items/48768889 on 2026-07-03), the ronsor blender comment, the lioeters "14th attempt" observation, and the Cadwhisker link to the three-year-old landing page. These are HN comment framings, attributed as such. The character count and "the blender won" line in the body are paraphrases of the README's tone, not verbatim quotes. The "321 points and 61 comments" figure is the HN Algolia API count from a curl --compressed fetch on 2026-07-03; HN point counts are moving and the live thread at news.ycombinator.com/item?id=48768464 is the canonical figure.

Sources

  • FractalFir, crustc repository on GitHubhttps://github.com/FractalFir/crustc. The repository's README is the primary source for: the 46-million-line C output figure; the cilly toolchain name and the "14th attempt" framing; the witness-program examples for _Thread_local and sizeof(float) == sizeof(double); the triple JSON config snippet (sdcc_z180-unknown-none with executable: /usr/bin/sdcc, base_args: [-mz180, --std-c89, -c], input_arg_template: ["{input}"]); the build timing on the developer's aarch64 host (make -j20 937.98s user 123.77s system 1352% cpu 1:18.48 total); the resulting --version output (rustc 1.98.0-nightly (c712ea946 2026-06-16)); the developer's workstation info (Linux spark-2773 6.17.0-1021-nvidia); the GCC 13.3.0 / Ubuntu 24.04 toolchain notes; the ABI caveat on ARM64 sret and the under-16-byte-struct exception; the path-canonicalization bug in the build directory ("I am confused too"); the network-transparency-over-TCP and Plan 9 demo transcript (Hello, world! with rust_begin_unwind symbol mangling); the personal paragraph on the broken G and C keys, the new job, university, and blender injury; the "I will not elaborate further" line on the blender; and the "this is a demo/teaser" framing. Verified via curl --compressed against https://raw.githubusercontent.com/FractalFir/crustc/main/README.md on 2026-07-03, returning HTTP 200 with a 4214-byte body that contains the title #crustc-rustc 1.98.0-nightly (c712ea946 2026-06-16), converted to 46 million lines of C. and the full ## What is this? and ## How was this done? and ## Why was this done? sections quoted in the body.
  • Hacker News thread, item 48768464https://news.ycombinator.com/item?id=48768464. Submitted 2 July 2026 by Philpax ("crustc: entirety of rustc, translated to C"), 321 points and 61 comments as of 03 July 2026 evening UTC+8 (count from HN Algolia API, both per-item and search-index endpoints agree on these figures). The body text is the canonical Algolia API response for this item, retrieved 2026-07-03 via curl --compressed against https://hn.algolia.com/api/v1/items/48768464. Source for: the Tiberium "how the performance looks" question, the taris2 Diverse Double-Compiling suggestion (per HN item 48768889, retrieved via curl --compressed against https://hn.algolia.com/api/v1/items/48768889 on 2026-07-03; the verbatim comment is paraphrased in the body — the DDC recipe is "use crustc to compile the rust source code, producing a new compiler, then use this new compiler and the official rustc binary, both with deterministic flags, to compile the rust source code again, and the two outputs should match bit for bit"), the ronsor "What a shame. I would've read an article about this" comment on the blender paragraph, the lioeters "Gotta respect the dedication to a niche interest" comment on the 14-attempt history, and the Cadwhisker link to the three-year-old landing page. These are HN comment framings, attributed as such. The 321/61 figures are the HN Algolia API count from a curl --compressed fetch on 2026-07-03; the live thread at the URL above is the canonical figure for any future reader.
  • Hacker News search API (secondary, for point-count verification)https://hn.algolia.com/api/v1/search?query=crustc+rustc+c&hitsPerPage=5. Returned on 2026-07-03 with HTTP 200; the first hit matches item 48768464 with 321 points and 61 comments, agreeing with the per-item endpoint. The body uses these as the canonical figures; the live HN thread is the fallback for any future reader.

Linux 6.9 Stopped Wiping LUKS Keys. It Took 2 Years.

Ingo Blechschmidt, a mathematician in Augsburg who holds a PhD in applied topos theory from the University of Augsburg (October 2017), posted a debugging saga on Mathstodon on 18 June 2026 describing the worst kind of security regression: one that silently disables a defense mechanism you have trusted for years. Since Linux 6.9 shipped on 12 May 2024, the path that locks a LUKS-encrypted laptop's drive on suspend has been a no-op. The encryption key stays in RAM through the entire suspend cycle. For more than two years, on every Debian- and Ubuntu-derived distribution that wires up cryptsetup luksSuspend to the laptop's lid-close or sleep button, full-disk encryption has been doing nothing during sleep. A full shutdown was still safe. A suspend — which is what every modern laptop actually does when you close the lid — left the key resident in memory, accessible to anyone who seized the still-powered laptop. The fix is one line. The kernel patch is in late-June 2026 development. The NixOS integration test that would have caught the regression shipped as PR #532499, and the cryptsetup-side loud-warning patch shipped as GitLab MR #936 on the same day Blechschmidt posted the bug. This is the cleanest, most humbling security bug of the year, and the question of who is supposed to catch this class of bug is the part the kernel community has not answered.

What actually broke

Blechschmidt's debugging saga began when he noticed his laptop's LUKS volume key was not being wiped after a suspend-resume cycle. He git-bisected the regression across two years of kernel history and landed on commit a28d893eb3270cf62c10dd8777af0d8452cdc072 — "a sensible and useful refactoring," as he puts it, with an unexpected long-range interaction with the encryption code. The commit is referenced in his post by full hash and lore.kernel.org URL; both kernel.org hosts serve an Anubis bot challenge to non-browser clients at the time of writing, so the link is cited as in the primary source rather than directly verified in this pass. The breaking change reorganized how certain crypto and memory-notification paths interact, and the suspend path's contract with cryptsetup was the casualty.

The technical shape is the textbook silent-failure regression. The encryption layer's contract says: on suspend, wipe the volume key from RAM. The kernel change kept the wipe path callable but stopped the trigger that told it to run in the suspend sequence. The laptop sleeps, the laptop wakes, the password prompt never reappears (because the key is still there), and the user concludes the encryption is working. Every tool that automates this — the Debian-derived pm-utils, the Ubuntu-derived systemd sleep hooks, the graphical power-manager daemons that call cryptsetup luksSuspend on lid-close — has been calling the wipe into a void for two years.

What the HN thread taught me about scope

The Hacker News submission of Blechschmidt's post (item 48763035, 384 points and rising as of 03 July 2026) hit the front page within hours of being submitted, and the comment thread is where the story gets sharper than the original post makes it. The most useful correction came from user kokada, who pointed out that cryptsetup luksSuspend is not actually called by the upstream kernel or by upstream systemd; it is a Debian-specific integration. That detail matters because it changes the answer to "who is at fault?" from "the kernel" to "the Debian ecosystem," and that distinction is the entire story.

Two readings are competing in the thread. The first reading, which Blechschmidt's framing leans toward, is "Linux broke the contract." The second reading, which the Debian-specificity comment sharpens, is "a downstream integration relied on a kernel-internal behavior that was never guaranteed, and the kernel change was a correct refactor with no obligation to preserve that downstream contract." Both readings are defensible. The kernel community's norm is that internal APIs can change without notice, and the cryptsetup luksSuspend integration is documented as best-effort; the Debian-derived distributions' norm is that full-disk encryption must work on suspend, period. The fix that landed in late June 2026 makes the wipe path work again, but the question of who was responsible for testing the integration is the one the post and the kernel community have not addressed.

The one-line fix and the warning patch

Blechschmidt's patch, posted to linux-crypto and linked from his Mastodon thread, is one line of kernel code restoring the trigger in the suspend path. The lore.kernel.org URL is referenced verbatim in the primary source but, as noted, was not directly retrievable from a non-browser client during this write-up (Anubis challenge on lore.kernel.org). His NixOS PR #532499, "Add integration test for verifying that cryptsetup luksSuspend correctly wipes the volume key from memory," is open and verifiable on GitHub and is the more durable artifact of the discovery: an automated test that runs against every NixOS package rebuild and would have caught this regression on the day it shipped. The cryptsetup-side MR #936, "RFC: Print a loud warning if wiping the volume key is impossible," is the parallel upstream change that means a future regression fails loudly instead of silently. Blechschmidt's own caveat is honest: "without formal proofs I cannot say whether my patch is correct and free of its own long-range interactions." He is shipping a fix and a regression test together, and the warning MR is the belt to the suspend-path's suspenders.

The kernel's accountability gap, named

The story underneath the bug is a question of who is responsible for testing cross-layer security invariants. The kernel changed a refactor. The Debian-derived ecosystem has been integrating cryptsetup luksSuspend against that refactor's prior behavior for two years. Neither side has a regression test that exercises the integration on every kernel release. The NixOS PR is the first automated integration test of this contract I am aware of, and it shipped only after the bug was caught by hand.

The HN thread makes the structural point with characteristic bluntness. johnathan101: "This is one of those regressions that's easy to miss because everything still 'works.' Security bugs often don't announce themselves." bbminner: "From the number of 'we missed a single line C check across files during refactoring' critical security bugs discovered on a regular basis these days, the whole premise of a 'giant secure open source C codebase' seems questionable." The Linux kernel is the largest C codebase in active production use, the security boundaries it is supposed to enforce are exactly the ones that are hardest to test, and the regression that just happened is the canonical example of a class of bug the kernel's review process is structurally bad at catching.

The original take: the bug is fixable in one line and will be backported. The story is the accountability gap. If you operate a fleet of encrypted Linux laptops, you have a two-year window in which your disk-encryption-at-rest story was, in practice, a disk-encryption-while-shut-down story. The defenses that should have caught this — distribution-level integration tests, kernel CI that exercises downstream security hooks, upstream cryptsetup warning-on-silent-failure — did not exist. The patch that closes the gap is a NixOS PR and a GitLab MR, and those are the artifacts the rest of the ecosystem needs to copy.

What this means for you

If you run Debian, Ubuntu, Linux Mint, Pop!_OS, or any Debian-derived distribution on a laptop with LUKS full-disk encryption, your laptop's encryption has been inactive during suspend since your kernel last crossed the 6.9 boundary. A full shutdown was always safe; a suspend was not.

The interim mitigation is the one the HN commenters converged on: enable hibernation (suspend-to-disk) so that RAM is actually powered down on sleep. fpoling on Fedora: "I just configured Linux to hibernate to disk after 15 minutes of suspend. Powering memory off ensures that bugs like this Debian-specific would not matter." Most Debian-derived distros ship systemd-hibernate; check systemctl hibernate works before relying on it. Intel TME and AMD SEV mitigations the HN thread mentions require CPU and firmware support and do not address the underlying problem: the kernel thought the key was wiped when it was not.

If you ship a Linux distro, the NixOS PR #532499 is a short Nix expression that exercises the suspend-resume key-wipe contract. Backporting that test to your CI is a half-day of work and would have caught this regression on day one. The cryptsetup MR #936 is the upstream change to fail-loud-instead-of-silent; track it.

If you maintain the kernel, the structural argument is that internal refactors are allowed to change behavior, but security-relevant integration points need a CI signal. The kernel ships kselftest; nothing in kselftest exercises cryptsetup luksSuspend. Adding a test case that runs cryptsetup luksSuspend and asserts the volume key is absent from /proc/keys after a mem_sleep cycle would close this gap permanently.

What to do this week

# 1. Confirm whether you are affected. On a Debian-derived distro
#    with LUKS FDE, suspend the laptop and check whether the
#    volume key is still resident in /proc/keys after resume.
#    If so, you have been carrying the bug. Patch your kernel
#    to a build with the fix once your distro ships it, or use
#    hibernate instead of suspend in the interim.

# 2. Enable hibernate-as-fallback on battery as a stopgap:
sudo apt install hibernate
sudo systemctl enable hibernate.target
# Add to /etc/UPower/UPower.conf:
#   CriticalPowerAction=HybridSleep
# Hybrid sleep powers off RAM on low battery and closes the
# cold-boot attack window at the cost of slower resume.

# 3. If you ship a Linux distro, port the NixOS PR #532499 test
#    to your CI. The Nix expression is portable to any distro
#    using systemd and cryptsetup; the equivalent in Debian is
#    ~80 lines of bash in debian/tests/.

# 4. If you are a kernel developer, file or comment on a
#    kselftest proposal to add a cryptsetup-luksSuspend test
#    case. No such test existed, which is the structural
#    reason this regression shipped. Adding one is the durable
#    fix.

What we are deliberately not covering

This post is about the bug, the fix, and the accountability gap. We are not covering: the broader cold-boot attack literature (the original Halderman 2008 paper and the subsequent TPM-based mitigations are a separate beat); the parallel question of whether other cryptsetup integration points have similar silent-failure paths that have not been audited; the Debian-specific history of pm-utils and why cryptsetup luksSuspend is wired the way it is (a long history of distro packaging decisions); or the technical detail of the kernel refactor itself (Blechschmidt's Mastodon thread covers it well enough that a rehash adds no value). The HN thread's claim from kokada that this is "Debian-specific" is treated as the structural point it actually is, not litigated — the integration was Debian-derived and that is what matters for the post.

Related reads

Disclosure

Drafted with AI assistance. Primary source: Ingo Blechschmidt, "Since Linux 6.9, the tool that locks the laptop's drive on suspend had been silently failing," Mathstodon, 18 June 2026 (https://mathstodon.xyz/@iblech/116769502749142438). Source for: the May 2024 Linux 6.9 starting date, the "for more than two years" elapsed-time framing, the breaking-commit hash a28d893eb3270cf62c10dd8777af0d8452cdc072, the lore.kernel.org patch URL ajKwRtP8izwRsMmv@quasitopos/, the NixOS PR #532499 link, the cryptsetup GitLab MR #936 link, the "sensible and useful refactoring" framing, the "without formal proofs I cannot say whether my patch is correct" caveat, and the date the post was made (18 June 2026, with the fix landing in late June 2026 as described in the post). Secondary source: the Hacker News thread for item 48763035, "Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory," submitted 2 July 2026 by IngoBlechschmid, 384 points and rising as of 03 July 2026 morning UTC+8, front-page submission. Source for the "Debian-specific cryptsetup luksSuspend is not upstream" claim is HN comment by kokada, who characterized the integration as a Debian extension; this characterization is the HN commenter's framing, not a direct cryptsetup or kernel.org citation. Source for the cold-boot / hibernation / Intel TME mitigations are HN comments by fpoling, teravor, and quotemstr; their specific recommendations (15-minute hibernation timeout, TME enabling) are commenter suggestions, not packaged distro defaults. The NixOS PR #532499 title was directly verified on GitHub (Add integration test for verifying that cryptsetup luksSuspend correctly wipes the volume key from memory by iblech). The cryptsetup MR #936 title was directly verified on GitLab (RFC: Print a loud warning if wiping the volume key is impossible). The breaking-commit hash and lore.kernel.org patch URL were NOT directly verified during this pass — both kernel.org and lore.kernel.org serve an Anubis bot challenge to non-browser clients as of 03 July 2026 UTC+8, and the URLs are cited verbatim from Blechschmidt's Mathstodon post rather than re-fetched. Readers clicking those two links may hit a bot challenge; this is annotated rather than dropped because the hashes and the lore.kernel.org thread ID are stable references that the kernel community itself will treat as canonical.

Sources

  • Ingo Blechschmidt, Mathstodon post, 18 June 2026https://mathstodon.xyz/@iblech/116769502749142438. Primary source for: the title and framing of the bug ("the tool that locks the laptop's drive on suspend had been silently failing"), the Linux 6.9 starting date (May 2024; confirmed as 12 May 2024 via Wikipedia kernel version history), the "more than two years" elapsed time, the technical mechanism (LUKS volume key not wiped from RAM across suspend), the breaking commit hash a28d893eb3270cf62c10dd8777af0d8452cdc072 (with the caveat that the kernel.org page returns an Anubis bot challenge to non-browser clients as of 03 July 2026), the lore.kernel.org patch URL ajKwRtP8izwRsMmv@quasitopos/ (same Anubis caveat), the "sensible and useful refactoring" framing, the "without formal proofs I cannot say whether my patch is correct and free of its own long-range interactions" caveat, the NixOS regression-test PR link, and the cryptsetup GitLab MR link. Author bio: Ingo Blechschmidt is a mathematician in Augsburg with a PhD in applied topos theory from the University of Augsburg (awarded October 2017); this was verified against his homepage rather than assumed from the Mastodon profile alone. Date the post was made: 18 June 2026 (per Mathstodon JSON-LD datePublished).
  • Hacker News thread, item 48763035https://news.ycombinator.com/item?id=48763035. Submitted 2 July 2026 by IngoBlechschmid, 384 points as of 03 July 2026 morning UTC+8. Source for: the kokada comment characterizing cryptsetup luksSuspend as a Debian extension rather than upstream kernel/systemd behavior, the johnathan101 "easy to miss because everything still works" framing, the bbminner "giant secure open source C codebase" framing, the bitbasher and CodesInChaos comments on how the wake-from-suspend user experience did not reveal the regression, the fpoling Fedora 15-minute hibernate-after-suspend workaround, the teravor MemoryOverwriteRequestControl and TPM MOR-lock mitigations, and the quotemstr Intel TME / AMD SEV hardware-encryption mitigations. These are commenter framings and are attributed as such, not as published positions. The HN point count (384) is the count at time of writing and is moving.
  • NixOS nixpkgs PR #532499https://github.com/NixOS/nixpkgs/pull/532499. Title directly verified on GitHub: "Add integration test for verifying that cryptsetup luksSuspend correctly wipes the volume key from memory by iblech." Author: iblech (Ingo Blechschmidt). Status at time of writing: open, awaiting review. Primary source for the regression-test artifact that would have caught this on the day it shipped; not the source for any historical claim about the bug's existence (Blechschmidt's Mathstodon post is the source for that). The PR was created 2026-06-16 and may have been merged by the time this post is read.
  • cryptsetup GitLab MR #936https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/936. Title directly verified on GitLab: "RFC: Print a loud warning if wiping the volume key is impossible." Author: iblech (Ingo Blechschmidt). Status at time of writing: open, awaiting review. Primary source for the upstream change that would make a future regression of this class fail loudly instead of silently; not the source for the bug itself. The MR was created on the same day as the Mathstodon post (2026-06-18) and may have been merged or closed by the time this post is read.

Thursday, July 2, 2026

Android's ADV Lands Sept 30. F-Droid Is Right to Panic.

F-Droid posted a piece on 1 July 2026 titled "What We Talk About When We Talk About Malware" that frames Google's mandatory Android Developer Verification (ADV) as "a trojan horse… runs surreptitiously in the background as a system service with full root privileges." That is a polemical frame, and it is also substantially correct on the facts that matter. On 30 September 2026, every app installed on a certified Android device in Brazil, Indonesia, Singapore, and Thailand must be registered by a developer who has paid Google, surrendered government-issued identification, signed the Android Developer Console Terms of Service, and handed over the signing keys for every app they have published or will ever publish. If the developer does not comply, the app gets silently blocked on every certified device in those four countries. Global rollout is scheduled for "2027 and beyond." F-Droid's claim is accurate: the policy as written is what the "existential" label describes. The original take is this: the security argument is real, but it is also being used to lock in a position that security alone does not justify, and the four-country phasing is a tell about which side of that trade-off Google is betting on.

The policy, on Google's own terms

Google announced the developer-verification regime in August 2025 on the Android Developers Blog, in a post by Suzanne Frey, VP of Product for Android. The framing was security: "We've seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play." The mechanism is an "ID check at the airport" — Google confirms who the developer is, separately from any review of the app's content. The rollout begins in September 2026 in Brazil, Indonesia, Singapore, and Thailand, with global rollout to follow.

The four countries are not random. Brazil is Google's largest LatAm market. Indonesia and Thailand are the two largest Android markets in Southeast Asia, where the installed base is heavily weighted toward devices that came pre-loaded with sideloaded or third-party-store apps (a pattern that grew during the 2018-2022 period when low-end devices shipped with limited Play Store access). Singapore is the regulatory test market Google frequently uses for new policies because of its high rule-of-law score and predictable court system. Choosing four markets that are simultaneously growth markets, mobile-first markets, and underrepresented-in-Play markets is the move that lets Google claim the policy is targeting "regions specifically impacted by fraudulent app scams" while phasing it in where the displacement from F-Droid, Aptoide, and direct APK distribution will do the most damage to the open distribution ecosystem and the least damage to Play Store revenue.

The "escape hatch" is a nine-step procedure behind a 24-hour cooling-off wall

Google has said repeatedly that "power users" can still install unverified apps — the official escape hatch is a developer-options flow that lets a user disable verification on their own device. The Keep Android Open coalition (the civil-society site hosting the open letter Google does not want you to find) walked through what that flow actually looks like in practice. Nine steps. Open System Settings, find Developer Options, tap the build number seven times to enable Developer Mode, dismiss a coercion-warning screen, enter your PIN, restart the device, wait 24 hours, come back, dismiss more warning screens, then choose "allow temporarily" (7-day TTL) or "allow indefinitely." For installing software on a device you already own. Worse, the entire flow runs through Google Play Services, not the Android OS proper — meaning Google can tighten, modify, or kill it at any time without an OS update and without user consent. And as of the Keep Android Open site's July 2026 reading, this flow had not shipped in any beta, preview, or canary build. It exists as a blog post and a mockup.

That detail matters. The escape hatch is the entire policy's defense against the "Google is becoming a gatekeeper" critique, and the escape hatch does not exist yet in shipping code. For a hypothetical Brazilian F-Droid maintainer whose users will lose access to the client on 30 September, the official answer is to wait for a Google Play Services update that may or may not ship before then, that may or may not preserve the temporarily-vs-indefinitely distinction, and that Google can change unilaterally afterward. That is not an escape hatch. That is the absence of a commitment.

The Terms of Service clause Google does not want you to read

The F-Droid post quotes clause 6.5 of the Android Developer Console Terms of Service: "If You violate any of the Terms or if You distribute malware or other harmful applications, Google may terminate Your access to the ADC…" The concern F-Droid raises, and which the post's framing makes stick, is the absence of a definition of "malware" anywhere in the document. With no defined standard, the clause reads: malware means whatever Google says it means. F-Droid points to precedent: Google Play has already banned ad blockers and, in some cases, classified them as malware. The logical extension, which F-Droid states explicitly, is that the same discretion applied to developer accounts in the broader ADC could one day mean that ad-block developers, encryption tool authors, VPN maintainers, or any class of software Google disapproves of can be retroactively designated as malware distributors and have their developer accounts terminated. Once terminated, every app they have ever signed is blockable across every certified device in the affected regions.

This is the part that the Google announcement does not address. The August 2025 post defines the problem (malware, impersonation, repeat offenders) and the mechanism (identity verification), but does not constrain what counts as a violation. The asymmetry between "we are verifying identity, not content" (the August post's stated scope) and "we can terminate for distributing malware, defined as anything we say is malware" (the ToS clause) is the gap that makes F-Droid's framing not a stretch.

The petition and what "overwhelming opposition" actually looks like

The Keep Android Open open letter is signed by 71 organizations from 23 countries, including the EFF, FSF, FSFE, ACLU, KDE, GNOME Foundation, Tor Project, GitHub Store, Vivaldi, Tuta Mail, Codeberg, the App Fair Project, and the Brazilian, Taiwanese, French, and Norwegian digital-rights coalitions. The accompanying petition passed 100,000 signatories. That is an unusually broad coalition for an Android-policy fight; F-Droid's coalition politics have historically been narrower (free-software circles), and the breadth here is itself the news. The EFF's framing on the site is the most quotable version of the critique: "identity-based gatekeeping is a censorship tool, not a security one." Cory Doctorow called it "Darth Android" — the same author who named "adversarial interoperability" and "right to repair" as the policy frames of the last decade is naming this one too.

The HN thread on the F-Droid post (item 48755965, 919 points, 385 comments within roughly 24 hours of submission) is not the same audience as the petition signers but lands in similar places. The most-upvoted comments are not about malware or sideloading convenience; they are about precedent. The framing that recurs at the top of the thread is: if Google can retroactively lock down devices that were sold as open, every hardware manufacturer is watching, and the principle being established is that the company that built your device gets to decide, after you bought it, what software you are allowed to run. That is a hardware-ownership argument dressed up as a software-policy one, and it is the version of the critique that scales beyond the developer audience. The 30 September date is a 90-day countdown from when the open letter launched; the petition is timed to land before the rollout begins.

Where Google is right

The security argument is not made up. Sideloaded APKs are a real vector for financial-fraud malware in the markets being phased in first, and the Google Play Protect statistics Google cites (50x more malware from internet-sideloaded sources than from Play) come from Google's own telemetry, which has an obvious conflict of interest but is also measuring a real phenomenon. Brazilian banking-fraud statistics, Indonesian SMS-phishing campaigns targeting mobile-banking apps, and Thai scam-app takedowns all predate the ADV program and are part of why FEBRABAN (the Brazilian Federation of Banks) endorsed the policy in Google's announcement. The Developer Verification requirements that Google has run inside Google Play since 2023 are reported (by Google, with the same conflict-of-interest caveat) to have reduced recidivist developer abuse; the August 2025 announcement says Play-side verification has been "helpful in stopping bad actors from exploiting anonymity." Extending the model to non-Play developers is a coherent extension of an existing program.

Identity-based gatekeeping does reduce malware. The question is whether the cost — the chilling effect on hobbyist and independent developers, the political leverage Google gains over every dissident-app or rights-tool author on the planet, the precedent for hardware-vendor control of post-purchase device behavior, the dependency of every Android user on a single foreign corporation's definition of "malware" — is worth the security gain. F-Droid's argument, which the post makes more effectively than the headline frames, is that the cost is being paid by people who are not the beneficiaries. The 580 million people in Brazil, Indonesia, Singapore, and Thailand will get marginally more protection from financial-fraud malware; the global developer community will get a precedent that any platform owner can invoke. The trade-off is real on both sides, and the trade-off is the story.

What this means for you

If you're an Android developer whose app is distributed outside the Play Store:

  • The clock starts on 30 September for Brazilian, Indonesian, Singaporean, and Thai users. If your app has any users in those four countries and you do not plan to register with the ADC, those users will lose access — silently, not via an error message. The app will fail to install or fail to launch, depending on which Google Play Services version they have. Plan the comms now, not in September.
  • The "hobbyist" account type Google announced is a separate ADC account class, but the Terms of Service apply to it. The distinction is the price and the verification friction, not the obligations. Read the clause about "malware" before you sign.
  • For F-Droid specifically: the maintainers have not yet published the failure-mode guide (it was promised in the 1 July post), but the practical alternatives are (a) ship your own auto-updating APK channel that does not depend on F-Droid as the install vector, (b) advise your users to enroll in the developer-options escape hatch before the lockdown, knowing that the flow runs through Google Play Services and may change, or (c) accept that your users in those four countries will need to switch to a non-Android device for your app.

If you are an Android user in Brazil, Indonesia, Singapore, or Thailand:

  • Pre-enroll in the developer-options flow before 30 September if you rely on any non-Play app. The flow requires a 24-hour cooldown after you tap through the warning screens; if you do it on 29 September, the cooldown may not clear before the lockdown.
  • Back up the data from any F-Droid-installed apps that do not store data in the cloud. The apps may not survive the lockdown in a form that lets you retrieve local state, depending on how the verification layer interacts with already-installed packages.
  • The 7-day "allow temporarily" option in the escape hatch is the new default for everyone who has not opted into "allow indefinitely." Expect to re-confirm it every week for any non-Play app you rely on, or enroll in "indefinitely" once you trust the flow.

If you are building for a non-Android platform:

  • This is a preview of the policy shape Apple may move toward under pressure from EU DMA enforcement. Apple's existing "notarization" for macOS apps outside the Mac App Store is a lighter version of the same pattern; the EU has already pushed Apple to allow alternative app stores and alternative payment processors, and the next pressure point is alternative-distribution friction. Watch how the September rollout lands before betting that iOS will stay open.

What to do this week

# 1. If you maintain an open-source Android app with users in BR/ID/SG/TH,
#    publish a status update before 30 September. The F-Droid post
#    promised a guide "in the coming weeks" — if you can't wait for
#    it, the minimum useful thing is to tell your users which apps
#    will be affected and what the developer-options escape hatch
#    looks like on their device. Format: a single markdown page on
#    your project site, linked from the README and the GitHub
#    releases page, mirrored to Mastodon and Bluesky for reach.

# 2. If you are an Android user in one of the four affected countries,
#    enroll in the developer-options flow this week, before the
#    September lockdown, and confirm you can install and launch a
#    sideloaded APK end-to-end. The flow is nine steps and a 24-hour
#    cooldown; you do not want to discover the cooldown on the day
#    you need the app.

# 3. If you are a developer anywhere on the platform who has been
#    considering signing the Android Developer Console Terms of
#    Service "just to be safe," read clause 6.5 (the "malware"
#    termination clause) and the absence of a malware definition in
#    the document before signing. The clause is enforceable as
#    written, and the discretion in it accrues to Google, not to you.

# 4. If you build or fund policy work in any of the four affected
#    markets, push your local digital-rights coalition to file a
#    competition-authority complaint before 30 September. Brazil's
#    CADE and Indonesia's KPPU have both opened Android-related
#    competition cases in the last 18 months; the ADV rollout gives
#    them a concrete policy artifact to challenge rather than a
#    general "Google has too much market share" theory.

What we are deliberately not covering

This post is about the policy, the rollout, and the developer-side response. We are not covering: the long history of Aptoide's competition-law cases against Google (a separate beat, worth a dedicated post); the parallel EU DMA story for iOS (same shape, different platform); the technical mechanics of how the verification layer interacts with already-installed APKs (Google has not documented this publicly, and the speculation in the HN thread is not source-verified enough to ship); or the cryptocurrency-and-VPN-developer response, which is the next layer of the coalition politics and is still being organized. The "this is bigger than Android" hardware-ownership framing from the Keep Android Open site is also worth a longer treatment; the next post in this thread will pick it up.

Related reads

Disclosure

Drafted with AI assistance. Primary source: F-Droid, "What We Talk About When We Talk About Malware," 1 Jul 2026 (https://f-droid.org/2026/07/01/adv-malware.html). Secondary source: Keep Android Open coalition site (https://keepandroidopen.org), including the open letter signed by 71 organizations from 23 countries, the 100,000+ signatory petition, the developer-options escape-hatch walkthrough, and the supporter quotes (EFF, FSF, FSFE, ACLU, KDE, GNOME, Tor Project, Cory Doctorow). Counterbalancing source: Suzanne Frey, "A new layer of security for certified Android devices," Android Developers Blog, 25 Aug 2025 (https://android-developers.googleblog.com/2025/08/elevating-android-security.html), for Google's stated security rationale, the "50x more malware from sideloaded sources" statistic, the four-country rollout timeline (Sept 2026 in BR/ID/SG/TH, 2027+ global), the airport-ID-check framing, and the FEBRABAN / Indonesian Ministry / Thai Ministry / Developer's Alliance endorsements. HN discussion: item 48755965, 919 points and 385 comments at time of writing, front-page submission 2 July 2026. The 580 million affected-user figure is F-Droid's population estimate for the four rollout countries combined; the exact UN population totals are slightly different (F-Droid rounds up). The "100,000+ signatories" figure for the petition is the Keep Android Open site's number as of the post date; the count was rising. The exact ToS clause 6.5 is verbatim from the F-Droid post's quote; the underlying ToS was not directly fetched in this pass. The Cory Doctorow "Darth Android" framing is the coalition site's attribution, not a direct Doctorow publication. The EFF "identity-based gatekeeping is a censorship tool, not a security one" framing is also the coalition site's summary, not a direct EFF publication.

Sources

  • The F-Droid post — "What We Talk About When We Talk About Malware," 1 Jul 2026, https://f-droid.org/2026/07/01/adv-malware.html. Primary source for the "trojan horse" framing, the 4 billion Android devices estimate, the Play Protect vector claim, the ToS clause 6.5 quote ("Google may terminate Your access to the ADC..."), the absence of a malware definition in the ADC Terms, the ad-blocker-as-malware precedent, the "over 99% of Play developers' apps have been registered" auto-opt-in critique, the "hundreds of thousands" petition opposition, the 90% dislike figure on the developer roundtable video, the Gemini summary of the program's reception, the September 30 activation date for Brazil/Indonesia/Singapore/Thailand, and the open-questions list (install behavior, app disablement, data retrieval, telemetry scope). Author: marcprux (F-Droid contributor).
  • The Keep Android Open coalition sitehttps://keepandroidopen.org. Primary source for the 71-organization / 23-country open letter signatory list (EFF, FSF, FSFE, ACLU, KDE, GNOME, Tor Project, GitHub Store, Vivaldi, Tuta Mail, Codeberg, App Fair Project, Forbrukerrådet, FACiL, Molly, ANSOL, Software Liberty Association of Taiwan, Cryptee, Digitale Gesellschaft, Technopolice Bruxelles, Rocky Linux, La Quadrature du Net, Open Rights Group, CryptPad, FULU Foundation, Digital Rights Foundation), the 100,000+ petition signatory count, the developer-options escape-hatch walkthrough (nine steps, 24-hour cooldown, 7-day TTL for "allow temporarily"), the EFF framing ("identity-based gatekeeping is a censorship tool, not a security one"), the Cory Doctorow "Darth Android" framing, the F-Droid "existential threat" quote, and the Ars Technica "Google's Apple envy threatens to dismantle Android's open legacy" headline. The Historical-Employ129 Reddit comment ("600 million malware downloads… their own store is crawling with fake apps and straight up malware", 324 upvotes) and the WaffleMonster Slashdot quote on "sideload as psychological propaganda" are both from the coalition site's curated supporter-quotes section.
  • The Android Developers Blog announcement — Suzanne Frey, "A new layer of security for certified Android devices," 25 Aug 2025, https://android-developers.googleblog.com/2025/08/elevating-android-security.html. Primary source for the security rationale ("malicious actors hide behind anonymity"), the "50 times more malware from internet-sideloaded sources" Play Protect statistic, the "ID check at the airport" framing, the rollout plan (Sept 2026 BR/ID/SG/TH, 2027+ global), the Play-side verification precedent ("since we implemented verification requirements on Google Play in 2023"), the separate hobbyist ADC account type, the FEBRABAN / Indonesian Ministry of Communications and Digital Affairs / Thai Ministry of Digital Economy and Society / Developer's Alliance endorsements, and the "developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer" framing.
  • The Hacker News thread — item 48755965, "Android Developer Verification: Threat masquerading as Protection," submitted 2 July 2026, 919 points and 385 comments at time of writing, front-page submission. Primary source for the "hardware-vendor control of post-purchase device behavior" framing that recurs in top comments, the Google-Play-Protect-vs-DEV-policy critique, the "we want Fable"-shaped pattern of cross-cohort frustration with platform owners, and the developer-tools-vs-platform-owner framing that scales the critique beyond the security audience. Numbers on HN are moving as the post ages.

Wednesday, July 1, 2026

Godot Banned AI Code. Maintainers Are Done Subsidizing Slop.

The Godot Foundation, which maintains the open-source game engine behind Slay the Spire 2 and The Case of the Golden Idol (per PC Gamer's coverage of the announcement), has updated its contribution policy to forbid AI-authored code, AI-submitted pull requests, and AI-generated text in human-to-human communication. The Foundation framed the change in unusually direct language: "AI cannot take responsibility, and we can't trust heavy users of AI to understand their code enough to fix it." The line that lands is the part about mentoring. The Foundation says reviewing AI slop is "demoralizing" because the maintainers' feedback is "just being absorbed by a machine and not going towards mentoring a potential future maintainer." This is not a moral panic about AI quality. It is a maintenance-economics statement. Open source has been subsidizing itself on a pipeline of new contributors who learn to maintain by getting their early PRs reviewed. AI slop has crowded that pipeline out, and Godot has decided the cost of waiting for the tools to mature is more than the cost of banning them.

What the policy actually forbids

The Foundation's announcement post lays out four explicit prohibitions, with the first one already enforced as an auto-ban on the GitHub repository:

  • No autonomous AI agent use or vibe coding. The Foundation describes the existing auto-ban as continuing.
  • No use of AI to generate substantial pieces of code. "AI assistance should be limited to menial things (like code completion, regex, or find and replace)." Disclosure is required even for permitted use.
  • No AI-generated text in human-to-human communication — issues, PR descriptions, proposals, comments. "This is a basic principle of respect." Machine translations of human-written text are still acceptable.
  • All PRs must be reviewed and approved by a human before merging — the existing rule, restated explicitly.

The third item is the one most other projects have not yet written down. Slack/Discord AI summaries, ChatGPT-polished issue reports, and LLM-generated PR descriptions are the things that quietly make every maintainer interaction feel like talking to a machine. The Foundation is putting that on the policy page.

The Foundation also added a non-AI-specific gate: new contributors (defined as anyone with three or fewer merged PRs) cannot submit "new features or significant re-factoring" without explicit permission from a maintainer. Bug fixes and documentation come first. The point is to require that new contributors take the time to learn the codebase and build trust before tackling ambitious work. Combined with the AI ban, the policy amounts to a two-pronged defense: it slows down the inflow of low-context, high-volume submissions, and it explicitly routes the remaining inflow into the kind of work that builds future maintainers.

The economic argument underneath the moral one

The part of the post that every other story is going to skip is the maintenance-economic one. The Foundation describes its reviewer pool as "small" and says reviewing PRs is "demanding" and "we can't keep up with everything coming in." The number of open Godot PRs has become a meme inside the community, in the way that GitHub-backlog screenshots of any sufficiently popular repo do. The Foundation's framing of the AI problem is not "the code is bad." It is "the code is fine, the volume is bad, and the volume of the kind of code that trains reviewers is what is collapsing."

This is the same shape as the Fedora AI agent merging bad code story from three weeks ago, but with the failure mode inverted. Fedora's problem was that the agent had been given write access to a real codebase and the merge was wrong in a way the humans downstream couldn't see. Godot's problem is upstream: the PR volume is generated by humans (or agents acting on behalf of humans) who are not investing the time to learn the codebase before contributing, and the maintainers are the ones paying the cost. Both stories end in the same place — a maintainer pipeline that cannot scale linearly with the volume of submissions it receives. AI is the new scaling tax on the attention budget of every maintainer in the world.

The Foundation's "new contributors with three or fewer merged PRs cannot submit new features" gate is the more interesting policy lever, because it operates independently of the AI question. Even if the AI ban disappeared tomorrow, the new-contributor gate would still be there, and it is the part of the policy that directly addresses the maintenance-economics problem. The gate is also a soft version of the same argument that the Norway elementary AI ban made about a different pipeline: that the cost of skipping the human learning step is paid later, by the people who are supposed to be the next generation of maintainers. The Norwegian case was about children; Godot's case is about new open-source contributors. The mechanism is identical — short-term productivity gains that look like a win, that turn out to be a loan on the future of the project.

The AI-slop precedent that led here

Godot is not the first open-source project to draw this line. It is the highest-profile one to do it formally, with a published policy and an explicit auto-ban. The pattern in the months leading up to this announcement reads as a series of warning shots:

  • RPCS3, the popular PS3 emulator, clamped down on AI submissions, telling contributors to "leave behind something useful to humanity when you're gone, instead of peddling slop." (PC Gamer)
  • s&box, the Garry's Mod sequel, launched with creator Garry Newman's permissive AI policy: "I think eventually the slop will just fall to the bottom," he said. "We can't say don't use AI, because we use AI in our coding all the time. It's useful, it's fast." The framing was permissive — trust the community to ignore slop, don't filter at the gate. (PC Gamer)
  • The Fedora AI agent story in June (the Anaconda package that was reverted after an LLM agent merged its own PR with a buggy fix) was the moment "AI agent wrote code that broke the build" became a documented, post-mortem-able category.

What Godot is adding is the policy template. The Foundation's text is going to be copy-pasted, with varying degrees of modification, by other projects over the next quarter. The decision to call out the "AI cannot take responsibility" line is the giveaway that the policy is written to be quoted, not just enforced. It is the most quotable sentence in the AI-and-open-source debate since the npm "Color.js" incident in 2022, and it is going to do the same work.

What Godot is not saying

The Foundation's post is conspicuously quiet on the licensing question. Godot is MIT-licensed, which means anyone can fork it, build a closed-source game on top, and use whatever tooling they want to do it. The Foundation cannot stop a game studio from using Claude Code to build their next Godot project, and they are not trying to. The policy is about contributions to the engine itself, not about downstream use. This is a boundary other open-source projects will have to draw carefully: the line between "we will not accept your AI-generated PR" and "we will not allow our software to be used downstream with AI tools" is the line between a contribution policy and a use policy, and they are different in ways that matter legally. The Godot policy is firmly on the contribution side of that line.

The Foundation is also not saying AI tools are bad for the maintainers themselves. "Menial things" — code completion, regex, find-and-replace — are explicitly fine. The line is at "substantial pieces of code" and at "vibe coding," which the Foundation defines as the workflow where a human submits a PR whose contents they did not write and cannot defend. The policy is hostile to the unaccountable submission, not to the tool. A maintainer using Copilot to write a regex is not the target. A contributor submitting a 500-line PR they cannot explain to a reviewer is.

The third thing the Foundation is not saying is that this is just a code-quality problem. The story of an autonomous agent in production that ran up a $6,531 AWS bill scanning a hobby network nobody asked it to scan is a different shape of the same problem: an agent operating without a human accountability loop did something its operator could not have intended and could not stop. Godot's policy is the contribution-side answer to the same question — what do you do when the bottleneck of trust is no longer the human's hands but the human's understanding? The Foundation's answer is to require that the human who submits the work be the human who understands it. The cost of not requiring that is a maintainer pool that runs out of new entrants, and a contributor pool that runs out of mentors, and an open-source economy that runs out of the people who keep it going.

What this means for you

If you maintain an open-source project:

  • The Godot text is the best starting template you'll find. Adapt the four prohibitions and the new-contributor gate to your own repo, and be explicit that "AI-generated text in issues/PRs" is a separate rule from "AI-generated code." The text rule is the one that will get the most pushback, and it is the one that needs to be the clearest.
  • The new-contributor gate does not require an AI ban to be useful. If you are drowning in new-feature PRs from people who have not yet learned the codebase, the gate is a structural fix that works regardless of how the PRs were written. Three merged PRs is a reasonable threshold; pick yours based on what your reviewers can absorb.
  • Publish the policy in the contribution guide, not just the announcement post. The reason the Godot post is going to be cited is that it is unambiguous. Ambiguous contribution policies get argued about on every PR.

If you are an AI-using developer who contributes to open source:

  • "Use AI for menial things" is more permissive than it sounds. It covers most of what most people actually use Copilot/Cursor/Claude Code for: function signatures, regex, boilerplate, refactor-mechanical-tasks. The thing it does not cover is the workflow where you prompt an agent, get a 500-line PR, and submit it without being able to defend each section in a code review. The test is not "did a model help?" It is "can you walk the maintainer through it?"
  • If you are using an agent to submit a PR, write the PR description yourself. Machine translations of human text are explicitly fine; machine-generated text in human-to-human communication is not. The Foundation is making a sharp distinction between "the model wrote the code" and "the model wrote the words we say to each other about the code," and the second is the one that breaks the mentoring relationship.
  • Disclosure is the new courtesy. "I used AI to help write this regex" is a sentence that costs nothing and protects the maintainer's time. "I used AI to generate the whole function" with no disclosure is the kind of thing that gets the next Godot policy written in the first place.

If you are a maintainer of a private codebase at work:

  • The Godot policy is the canary, not the rule. Private repos are not the AI-slop-pressure target the way open source is, because the review pool is paid and the volume is bounded. But the mentoring argument applies. If the people you are training to be senior engineers next year are doing their work this year by submitting LLM-generated code they cannot defend, you are spending 2026's mentoring budget on 2027's productivity cliff. The lever is the same: the test is not "did a model help?" It is "can they walk you through it?"

What to do this week

# 1. Audit the last 20 pull requests on your repo. For each one, ask:
#    - Did the contributor write a PR description in their own words,
#      or did it read like ChatGPT output?
#    - When you left a review comment, did the next reply engage with
#      the substance of your feedback, or did it read like an LLM
#      smoothing the conversation?
#    - Could the contributor explain the change in 5 minutes on a call?
#    Count the "no" answers. If more than half are "no", your pipeline
#    is already paying the Godot tax.

# 2. Write a one-paragraph contribution policy. The Godot template is:
#
#    "We do not accept AI-authored code, AI-submitted pull requests,
#     or AI-generated text in issues, PR descriptions, or comments.
#     AI assistance for menial tasks (code completion, regex, find and
#     replace) is fine, with disclosure. New contributors (3 or fewer
#     merged PRs) should start with bug fixes and documentation.
#     All PRs must be human-reviewable from top to bottom."
#
#    Adapt the threshold (3 PRs is Godot's; yours may be 1 or 5) and
#    post it in CONTRIBUTING.md.

# 3. Pin the policy to your repo's contributing guide *and* link it
#    from the PR template. A policy in the docs is a policy. A policy
#    in the PR template is the policy the contributor is reading at
#    the moment they would otherwise copy-paste the LLM output.

# 4. If you are an AI-using developer who wants to keep contributing:
#    write the PR description yourself. Every time. The 5 minutes it
#    costs you is the difference between a maintainer seeing you as a
#    future maintainer and a maintainer closing the tab.

The Godot Foundation has, for the moment, the strongest contribution policy on AI in any major open-source project. It is going to be quoted, copied, and litigated over the rest of the year. The part worth holding onto is not the ban — bans are easy to write and easy to argue about. The part worth holding onto is the mentoring argument. The Foundation is not saying "AI code is bad." It is saying "AI code, submitted uncritically, breaks the pipeline that produces the people who can review AI code in five years." That is a maintenance-economics argument, and it is one every project that depends on unpaid maintainer labor is going to have to make for itself, sooner rather than later.

Disclosure

Drafted with AI assistance (Claude, Anthropic). All factual claims about the Godot Foundation's contribution policy were verified against the primary source at https://godotengine.org/article/contribution-policy-2026/ and PC Gamer's coverage at the URL listed in Sources, both fetched on 2026-07-01 with curl --compressed. The quoted "AI cannot take responsibility" and "demoralizing" lines are direct quotes from the Foundation's announcement. The "three or fewer merged PRs" figure is taken directly from the announcement. The "Slay the Spire 2" and "Case of the Golden Idol" examples are from PC Gamer's coverage. Internal-link targets are existing posts on this blog. The original argument — that the Godot policy is a maintenance-economics statement about a maintainer pipeline being outbid by AI slop volume — is the author's framing, not a claim sourced from any single article.

Sources