HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tabbott

no profile record

Submissions

Zulip 12.0 Released

blog.zulip.com
75 points·by tabbott·2 months ago·10 comments

comments

tabbott
·2 months ago·discuss
Mozilla has had the unusual situation of having an enormous revenue stream from Google. It is reasonable in that situation to build some adjacent things that support the mission. MDN is amazing, for example! Rust was too! I do feel Mozilla has lost its way, and I think it would be crazy to spend resources available to the Zulip Foundation on projects that don't directly advance Zulip or its community.

I think the question presupposes that we solve the hardest problem for a new non-profit: Funding. We would be very lucky if Zulip with 1% of Mozilla's funding; we could do so so much with that scale of resources.

The biggest risk to Zulip's ability to succeed over the next few years is not risk of spending time on side projects. It's risk of not having the financial resources even to hire remarkable people who want to take a big pay cut to work on Zulip.
tabbott
·2 months ago·discuss
Like we always have. See https://zulip.readthedocs.io/en/latest/contributing/review-p... for the basics; but it's all written down in ReadTheDocs.

Like most large projects, we triage every new PR, and make decisions about which ones to invest what level of maintainer time into. We try pretty hard to efficiently review visibly high-quality PRs and those from highly engaged contributors who are visibly learning from the feedback we give.

Review latencies vary for myriad reasons. For example, when preparing to publish a major release like Zulip 12.0, there's about a month wherein we mostly only review PRs that might go into that release.

Historically, the great majority of PRs in zulip/zulip have been reviewed by two maintainers before being merged. First a "maintainer review", and then a second "integration review" by me. My reviewing everything is a quite unusual practice for a project of this scale, and I would not recommend anyone else try it. But it has worked for us, and everyone appreciated my having the complete context that comes with this practice.

All of our maintainers are very good at reviewing Zulip work. Thus, the great majority of those integration reviews involve my suggesting readability/documentation improvements, or merging the PR with just a comment thanking everyone who helped. So we're making the obvious adjustment wherein the other longtime maintainers also do integration reviews.

We've been writing a great deal of nice process documentation to support this plan (For example: https://github.com/zulip/zulip/pull/39290 details how I think about integration review, and https://github.com/zulip/zulip/pull/39229 greatly improves our database migration documentation).

I plan to hold regular office hours for more active project maintainers to use my time as they wish. It is likely that some of that time will be used doing reviews.

I hope this context helps!
tabbott
·2 months ago·discuss
There's new long-lived connection support in Zulip 12.0 that will enable the mobile app to do a lot better for startup in organizations with multiple 10ks of users.

I think it's expected to be enabled in the mobile apps in the next couple weeks.
tabbott
·2 months ago·discuss
As we do our best to explain in the post: The Zulip project is very much not being annihilated.

There are 220 people from all over the world who have contributed 20 or more commits to Zulip, and thousands more who've contributed code, volunteer translations, ideas, thoughtful questions, and in so many other ways.

Personally, I find remarks like this to be extremely disrespectful to all of those wonderful people and their open-source work.
tabbott
·2 months ago·discuss
Yeah I've often had the same thought! Ideas are very much appreciated.

I do like our current "organized team chat" quite a bit better than the original "group chat", which would often result in confusion with WhatsApp and its equivalents.
tabbott
·2 months ago·discuss
Historically, Zulip blog posts have actually gotten more engagement when they landed on the Hacker News homepage during off-peak times for regular news (After business hours and weekends) than when we've published them on weekdays mornings.

Fun fact: The original blog post announcing the Zulip Open Source project (https://news.ycombinator.com/item?id=10279961) was published on a Friday and I think got more attention because of that choice of date than it would have otherwise.
tabbott
·2 months ago·discuss
For those looking for more context on Zulip, we did a major release a couple weeks ago: https://blog.zulip.com/2026/04/27/zulip-12-0-released/.
tabbott
·2 months ago·discuss
I think the author misunderstands what is good about Python.

One of the big strengths of Python is legibility: most developers find it easy to read and understand.

If you are planning to have humans verify the code you're using in production, to confirm it implements your intent, the readability of the code you are producing is important.

Performance is valuable, but for a lot of code, performance is less important than correctness and ease of verifying it.

If you are imagining your codebase being one where nobody but Claude reads the code, you might as well do Rust for the better performance. But I don't think a lot of organizations are doing that.
tabbott
·2 months ago·discuss
It's interesting to me that the page doesn't describe the size of the rust binary (relevant for mobile app use cases where you would need to add the Rust binary to your app) or performance.

The webpage also does read like it was at least heavily LLM assisted, which makes it a bit hard to trust it.

That all said, this is definitely something I'd be interested in using for Zulip if is indeed going to be a well maintained open source project.

(We currently have a node server component that the Zulip server runs only the render LaTeX).
tabbott
·2 months ago·discuss
Funding to pay the core team (via revenue/grants/VC) requires a lot of leadership attention for any independent company that is developing an open-source project as its main activity. Yet more leadership attention goes into other administration (Taxes/hiring/legal/policies/etc.).

I don't have any direct context, though I have run an open-source business (Zulip) for the last decade wearing both the CEO and technical lead hats.

But my simulation is that the Bun leadership team might well be spending 2x as much of their time working on the technology than they reasonably could have as an independent venture-funded company, just because they don't have to do all that other stuff anymore. (There's of course probably a significant bias in that focus towards whatever Anthropic needs from Bun, only some of which other users may care about).

So I agree. Personally, I would not be concerned unless you see the tell-tale signs of the team being reassigned to other priorities at the buyer, which tends to be obvious, because, say, the GitHub project activity falls off a cliff.
tabbott
·2 months ago·discuss
We can and should advocate for preserving sideloading.

But boycotting a wonderful public-benefit program that Google has funded for 20 years over this sort of product policy issue seems crazy to me. Sure, GSoC does improve Google's brand.

But Google Summer of Code is one of the most effective charitable programs I've seen from any large corporation. And I think it's very telling that nobody else does anything like it.

Google is is the only company on the planet that cared about supporting the open-source community enough to invest, fund, and administer a program like this that has _no_ direct benefit to the company. (Many corporate grants/sponsorships to OSS projects are in exchange for something tangible).

The scale of GSoC is enormous, and the program has been very meaningful. A huge portion of our contributor community and about half the Kandra Labs team are people who I originally met via GSoC.
tabbott
·3 months ago·discuss
To me, it seems like the Pro tier is priced for using Sonnet a lot or Opus a little, and Max for using Opus a lot.

So that seems about what you should expect.
tabbott
·3 months ago·discuss
I find it interesting that folks are so focused on cost for AI models. Human time spent redirecting AI coding agents towards better strategies and reviewing work, remains dramatically more expensive than the token cost for AI coding, for anything other than hobby work (where you're not paying for the human labor). $200/month is an expensive hobby, but it's negligible as a business expense; SalesForce licenses cost far more.

The key question is how well it a given model does the work, which is a lot harder to measure. But I think token costs are still an order of magnitude below the point where a US-based developer using AI for coding should be asking questions about price; at current price points, the cost/benefit question is dominated by what makes the best use of your limited time as an engineer.
tabbott
·3 months ago·discuss
The original blog post for Mythos did lay out this safeguard testing strategy as part of their plan.
tabbott
·3 months ago·discuss
If your revenue doubles every month, then in the first month where you make $2.5B, your total lifetime revenue has been $5B ($2.5B this month, $1.25B the month before, etc. is a simple geometric series). But your current revenue run rate for the next year will be $2.5B x 12 = $30B.

They're not quite growing that fast, but there's nothing inherently inconsistent between these claims... as long as the growth curve is crazy.
tabbott
·4 months ago·discuss
Just about every UI component has been redesigned over the last two years. So your experience may be different these days :).
tabbott
·4 months ago·discuss
I lead the Zulip project and I'm not aware of any common crash issues with either our server or any of our apps.

Can you share details on what you're experiencing with us? https://zulip.com/help/contact-support.
tabbott
·4 months ago·discuss
I recommend that anyone who is responsible for maintaining the security of an open-source software project that they maintain ask Claude Code to do a security audit of it. I imagine that might not work that well for Firefox without a lot of care, because it's a huge project.

But for most other projects, it probably only costs $3 worth of tokens. So you should assume the bad guys have already done it to your project looking for things they can exploit, and it no longer feels responsible to not have done such an audit yourself.

Something that I found useful when doing such audits for Zulip's key codebases is the ask the model to carefully self-review each finding; that removed the majority of the false positives. Most of the rest we addressed via adding comments that would help developers (or a model) casually reading the code understand what the intended security model is for that code path... And indeed most of those did not show up on a second audit done afterwards.
tabbott
·4 months ago·discuss
What makes you want to believe the Trump Administration when it claims it doesn't want to do domestic mass surveillance?
tabbott
·4 months ago·discuss
An organization character really shows through when their values conflict with their self-interest.

It's inspiring to see that Anthropic is capable of taking a principled stand, despite having raised a fortune in venture capital.

I don't think a lot of companies would have made this choice. I wish them the very best of luck in weathering the consequences of their courage.