The same way they do in every other bubble.
Most of that huge overall investment is lost, but everyone wants to be in on the one or two that succeed, and those specific investments could have huge returns
I’m not buying this. Sure minimizing dependencies is a good practice, but not updating? That’s a recipe for disaster.
It’s important to note that you can’t predict supply chain attacks or vulnerabilities, and vulnerabilities are much more common. Also, while frequent updates might expose you to that supply chain attack more quickly, it also mitigates it more quickly. Frequent updates in combination with vulnerability scanning, and limiting downloads to reputable sources (that try to prevent supply chain attacks and discover them quickly) is a much better approach.
There also the maintainability argument, that I’m having right now with a couple of our legacy software teams. Not updating can lock you into the past, for entire ecosystems of dependencies. You cant update if you have to, you cant take advantage of new features anywhere in the ecosystem, and it’s now an expensive emergency when something stops being maintained or has an unresolved vulnerability. If you’re being continually kept up, then choices or features are easy
Then the goal is how do you automate your updates as smoothly as possible so they do not become noise, do not create extra work? Tools like dependabit and renovate bot have a lot of config options to help that
I was with you up to “cloud computing”. That bubble was a huge success that has really revolutionized how software is provided
AI has a lot of mindshare and has demonstrated contributions in several areas. For example, ai slop you see on YouTube is making some people money. As a coder I do find it sometimes a useful tool, and I can definitely see the near future where it’s a required skill, and no, if you just ask it to spit out slop you’re not getting anything but slop ). I don’t see how it’s going away. However it doesn’t (yet?) live up to its hype nor is there (yet?) a profitable business for providers.
Meanwhile the crypto and NFT bubbles were pyramid schemes that only ever made money from themselves. Web 3.0 probably looks useful to its proponents but was only ever a niche that no one else cared about