Changelog & Friends – Episode #51

A different kind of rug pull

with Jerod & Adam


All Episodes

Adam & Jerod discuss the news! But first, we discuss how you can keep up with the software world (good question, Tyler Boyd!) On the docket: Developer job postings trend, the Ladybird Browser Initiative, the Polyfill.js supply chain attack & is the future self-hosted?



SentryCode breaks, fix it faster. Don’t just observe. Take action. Sentry is the only app monitoring platform built for developers that gets to the root cause for every issue. 90,000+ growing teams use sentry to find problems fast. Use the code CHANGELOG when you sign up to get $100 OFF the team plan.

1Password – Build securely with 1Password - 1Password simplifies how you securely use, manage, and integrate developer credentials. Manage SSH keys and sign Git commits. Access secrets stored in 1Password. Automate administrative tasks. Integrate with third-party tools. Also, check out our file for more details on how we do secrets with 1Password.

NeonFleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.

Notes & Links

📝 Edit Notes


1 00:00 Finally it's time for... 00:50
2 00:50 Sponsor: Sentry 03:36
3 04:26 your favorite ever show 00:36
4 05:02 AI hyped (out) 01:07
5 06:09 Keeping up with what matters 11:51
6 18:00 Request an episode! 00:35
7 18:35 Dev jobs bell curve 10:48
8 29:23 Opportunities abound 07:21
9 36:44 Sponsor: 1Password 02:37
10 39:21 Ladybird Browser Initiative 17:04
11 56:25 Pollyfill.js attack 12:03
12 1:08:28 Adam on ad spots 02:47
13 1:11:15 Sponsor: Neon 05:21
14 1:16:36 The future is self-hosted 10:47
15 1:27:23 Mini-mini-mini Kaizen 00:38
16 1:28:01 Bye friends! 00:12
17 1:28:12 Coming up next 01:15


📝 Edit Transcript


Play the audio to listen along while you enjoy the transcript. 🎧

Alright, let’s start here. So we are here to discuss the news. Not cover the news, but talk about it. What’s up, Adam? How are you, man?

So good. So much happening out there. I feel like so much, but yet so little. Way too much –

It’s a lot going on, but how much of it actually matters?

Well, I’m paying less attention to AI hype, that’s for sure.

I’m AI hyped out. However –

Thank you. You join me. Because I’ve been hyped out for a little bit here.

I’m still using it, so internally, lots of hype. Lots of excitement about using it.

[laughs] Lots of internal hype.

Oh, yeah. I mean, I use it on the daily. But I’ve actually had a couple conversations, at least one conversation recently… Like, that’s actually a pretty good use of AI for developers. They’re not sponsoring us yet, so I’m not gonna mention their name… But when they do, I will tell you. Until then, they might sponsor the newsletter, let’s say in August. We’ll see.

Okay, so stay tuned. Perhaps.


Well, you know, the old BMC theme song says “Adam and Jerod and some other rando”, but…

Yes. Not today.

Today it’s falsified. Just the two of us.

Just the two of us digging in.

Digging in. Let’s dig into some stuff. So the first thing you want to do is go meta, go a layer up, and talk to listener Tyler Boyd, who put in an episode request May 15th about the news; not our news show, but how to actually stay updated in our tech world. That was the title of his request. And he says this: “I find that most of these tech blog sites have so many tutorials and random stuff… Which is awesome. But outside of listening to the Changelog and a few other podcasts, I’m struggling to actually stay up to date with what’s going on in tech. And does it even matter if I do?”

Well yeah, the last part is –

…which I think is a interesting question.

It’s a punch in the gut. “Does it even matter if I do?” Not to me, but I think just generally.

Oh, I thought he punched you in the gut.

Nah. I can get how that would land, but… What I find, Jerod - and I realized this not literally last night, but I had a slight a-ha moment last night… There’s a YouTuber, I think he goes by the name of BeatEmUps. Do you know this guy, by any chance?



I do not know BeatEmUps.

I believe he is Australian, I believe he is in the United States, I believe he was living in Pennsylvania, and I think he recently moved to Austin. And I think he’s actually suffered from some burnout, because he works a lot. He’s a creator. He would be what I would consider a content creator. If your life is constantly creating content, you are, even identity-wise, a content creator. Right?

And what I realized was that if I’m trying to – I’m a gamer by, I suppose, association. I’m not like a hardcore gamer. I’m a nostalgic gamer.

You don’t actually play video games.

Right. I am not on the edge of the game world. However, I enjoy games…

…and I find that my kids are actually getting better at games than I am. We’ve been playing Sonic on Nintendo Switch. I’m getting to the point, trust me. And I’m realizing “Wow, they’re so much faster thinking”, or whatever…

[00:08:22.17] Fast twitch muscles, yeah.

Yeah. And they’re beating me. But then I realized when we had dinner, I was telling my wife, I’m like “You know, when we buy these video games for these kids, our source is go to this BeatEmUps guy”, because he has a great opinion.

So he’s a video game-oriented content creator.

Right. And if I want to buy a new game for the kids, I want to kind of sift it through his lens. And I think what Tyler might be pointing to is that the blogs - and this is the point… The blogs that just have tutorials and random stuff are not opinions. They’re just sort of facts. How to get to here, how to go there. And maybe the tutorial’s sprinkled with some opinions. But I think that what you find here is part opinions, that are scrutinized, that it’s waypoints to the future, rather than a blueprint to today’s software necessarily. I think it’s where we’re going. And the reason I shared that story was that I realized that I value that person’s opinion a lot. How does this person look at the new Zelda game, or the new Donkey Kong game, or the new – even the latest Mario Wonder. That was an interesting game that came out… And I’m like “I want to kind of hear this guy’s opinion before I go and buy this game.”

Because I may or may not buy it, not necessarily because of his opinion, but I do value it. And so for the same thing that Tyler’s feeling, how do you actually keep up with what’s going on? And I think we need more – we’ve called ourselves tastemakers. That’s a synonym to curator. But you know, that’s where I’m going.

Yeah. I tend to agree with you. I think that it’s a lot easier to find a few trustworthy tastemakers that you jive with, than it is to keep up with everything yourself. Because there’s just so much. Whether it’s in tech, in video games, in music, in culture, in science… Whatever you happen to traffic in. I don’t think you have to keep up all that much.

I agree.

You know, that’s one of the things that I’ve said many times around these parts, is that we cover what’s going on in the world of software, but it’s not like everything we cover is then adopted and used and leveraged… And a lot of stuff is just like “Well, now I know that. I kind of have my finger on the pulse”, or my thumb, I’m not sure which one’s better to put on the pulse, but… I think your thumb has its own pulse, and so you shouldn’t use it. So you should use your fingers. I am not a doctor.

Your pointer, I believe, is what you use. Your first two fingers are what you use for pulse checking.

That’s right. Because your thumb actually has its own little heartbeat in there, I think.

I think there’s something with latency too with the beat between the two fingers, because it travels right down the vein…

Your index finger is faster than your thumb is, I learned this. Because I volunteer at the homeschool track meet, and they have us doing the timers, you know… And it comes down to the millisecond sometimes on these close races, and they say if you use your thumb to start the timer, it’s going to be a half beat slower than if you use your index finger. It’s just faster.

They just told me that. I didn’t fact-check it, I just believed it.

That is your trigger finger too, so that might be totally accurate.

That’s true. And I’ve got an itchy trigger finger, especially when I’m timing –

It’s not called the thumb finger, it’s called the trigger finger.

[laughs Or trigger thumb

The thumb is necessary, though. The opposable thumb is what makes us as good as we are as humans.

Yea. Just amazing.

Yeah. Anyways, back to the topic.

[00:11:55.00] So… Finding curators, and finding tastemakers, and letting them keep up for you. I mean, that’s kind of what we do with news. That’s what we’ve done for a very long time. Obviously, Tyler’s plugged into the Changelog already, so we’re not here to promote what we do necessarily. Everyone who’s listening to this already has found us, and is at least listening to a little bit of what we’re up to… But you know, find more people like that in different niches, and then let them do that work, and support them and what they’re doing. And that way you don’t have to. It’ so much easier than keeping up yourself.

Now, of course, you still want to make your own informed opinions about stuff, so sometimes when you find a new thing, you have to look into it. And maybe Jerod thought it was interesting, but he didn’t really dive into it. And you’re thinking, “Wow, maybe this is worth diving further into”, and so you go do your own follow-up, and stuff like that… But I don’t know, I think that you can also do that with individual blogs… I mean, that’s a lot of what I do, is I just read individual engineering blogs, and I find the stuff that I think is interesting, and I pull the thread. And I think that that’s manageable for folks via RSS, and not having to check it daily, or hourly, as we do with other things that we think are important… Like the Hacker News homepage - you pretty much don’t have to go to the Hacker News homepage, and you’ll be just fine. Let the Hacker newsletter come to you once a week, and see the best stories, for instance… Which - that’s a great aggregator of the top stories on Hacker News throughout the week. And then you just get it once on the weekend, and you can just scan that real quick, and be relatively up to date in that way.

Same thing with Peter Cooper’s newsletters… If you’re in Go, Golang Weekly, if you’re into JavaScript, JavaScript Weekly… I mean, he does a great job, and has for many years. I mean, how long has Peter been putting out those weeklies?

15 years…

Longer than we have… With regard to the newsletter.

I don’t know, was it really longer?

With newsletters it was, yeah. 100%.

I think we were – like the original inception was similarly dated. I think around 2009 is my guess.

Not weekly…

If it’s before that – I know he’s been doing stuff, but I don’t know if he’s doing been doing the weekly newsletters.

Changelog weekly definitely goes after him, doesn’t it?

No, I know that. I’m not suggesting that’s not sure.

I’m not talking about podcasts, I’m talking about newsletters.

Me too. Yeah.

Oh, so you’re talking about a different newsletter we used to do?

No, I don’t think – well, we didn’t start weekly until 2013.

That’s my point.

Right. So I think 2009 is our real birthday, so I don’t think it began before 2009.

But we’re talking newsletters, not podcasts. He was certainly playing the newsletter game before we were.

I’m not arguing against that. I’m just saying –

Oh, what are you arguing? I’m not sure what you’re arguing.

I’m not arguing at all.

Okay… [laughs]

I was just trying to think, does it predate us generally? Not us in terms of like similarity. Like, when we began in 2009-2010 range, was he doing newsletters then? Because if that’s the case, then –

I do know that Ruby Weekly was his first newsletter… And if we can find Ruby Weekly issue one… Let’s do that.

Let’s do that. I was using our birth date in age as a proxy, 15 years.

He’s on issue 709 of that particular one. Issue one… Oh, no. It redirects. Come on, Peter… Maybe it’s 001?

He’s on 709?

He’s on 709. And I’m trying to URL-hack and just go back to issue number one…

Just based on the fact that there’s 52 weeks in a year, that maps to like 13 and a half years.

And then your ad breaks and stuff, because he takes some time off… He’s from London, and those Brits, they like their vacations. Their holidays, as they call them. Yeah, so 15 years. Point being –

He’s been doing weekly newsletters –

For so long.

For so long. He’s so good at it. I subscribe to many of his, especially I read JavaScript Weekly… And I check Golang Weekly when I’m trying to help him the Go Time folks find interesting stuff to talk about… So that’s an option. Newsletters, curators… You know, I would say don’t worry about it too much. If you’re listening to the Changelog, you’re already kind of plugged in, right?

I think so, honestly. I mean, like you said, I don’t think we cover the entire software world…

[00:16:11.10] …which does not upset me. But I think we cover enough to give you the required pulse, the required dip in, thread pull, should I go further myself, does this spark my curiosity? Are there others piling on? Is there a proxy to leverage?

And I think the only challenge is choosing the wrong - I won’t say content creators. But choosing the right opinion makers, I suppose, when you have a bubble by proxy. Because you’re kind of getting your opinion and your waypoints by proxy, obviously… And if you – I suppose it’s the job of us, too - I think we do this well - is point to others that are not us. I think that’s kind of what we do a lot.

Oh, yeah.

We’re really outwardly-facing far more than we’re inwardly-facing. I mean, aside from this podcast episode here, they’re not coming here necessarily for you and I to sit down to go through the stuff. We do that a small handful of times throughout the year, where it’s just you and I solo. And I enjoyed those times, too. I enjoy just having fun conversations with you. The one on 1999 at Build was so random… But I look back on that with like fond memories; like, wow, there was some a-ha moments on both sides. I didn’t recognize and realize, as much of a movie buff as I am, how much in ’99 was published. And then you with Johnny Cash, and Hurt… You know, there was two major revelations there. I think that was kind of cool.

Yeah, we both learned something that day, and it was a good time was had by all. And by all I mean by both of us.

That’s right.

[unintelligible 00:17:50.29] anybody else liked that episode… It was only for Plus Plus people, so you know, small audience… And that was fun, too. Well, let’s go through the stuff then. So hopefully, Tyler, I don’t know if that helped you out at all, but episode requests are cool, and we like to service our listeners directly, if possible. By the way, to you listening, if you do request an episode, whether it’s an interview, or a friend’s episode, or a JS Party, whatever, You can select the podcast that you want the show to be on, and then you can give a guest, you can give a topic, you can fill out the form and let us know. We read every one. We don’t make every episode, but we read them all.

So what’s been going on lately? Well, first of all, this is the July 4th week here in the United States, and so it’s the peak of summer, holiday time…

And yet there’s still a lot going on. I think we should start with some – shall we start with the scary thing that I put in News on Monday?

The bell curve?

Yeah, the bell curve.

I say let’s go there, because I really appreciate, personally, and enjoy Mondays, for Changelog News… And I like how you included this chapter data. That’s so cool, that even while I’m in my truck, driving, listening… Because I literally was going somewhere, and it was about an eight-minute trip. And I was like “Sweet. I can get News in.”

Perfect timing. Yeah, there you go.

I was like “I can compartmentalize, I can get my fix.” And there I’m driving, and thankfully, my Apple Play system supports the data that comes through. So I got the image on my heads-up display kind of thing.

On your dash. Isn’t that cool?

So cool. Yeah. So I mean, let’s pause for chapters and just like do an applause… Because chapters are awesome.

Right. Insert applause break, right here. [Cheeky!] Do you like my subtle digs at people who use podcast apps that don’t have chapters? I’m always like, “You know, if your podcast app supports chapters”, and tell them how much better of an experience they’re having. And for everybody else I described it. What this is is a chart which comes out of the Federal Reserve Bank of St. Louis; I’m not sure why they in particular have this information, but they do.

[00:20:07.17] And this made the rounds this week, a chart from 2020 up until current times; I mean May of ‘24. The software development job postings on Indeed in the United States. And like you said, Adam, it’s a bell curve, and it peaked mid-2020. Really high. And it has then precipitously declined back down.

And so we’re trending down in software development job postings, in Indeed, in the US, but probably a nice proxy for what’s going on in the software world. And so that’s bad. Are we at the lowest ever? It’s right down there near lows of these last five years? And so this has a lot of people kind of up in arms, wondering what’s going on… Is this the new normal? They said COVID was the new normal. It turns out that was not. It was an anomaly. Is this the new normal? Is this an anomaly? Is it going to go back up again? Will it ever be what it was? A lot of just maybe FUD, maybe just uncertainty. A lot of folks out of work, and looking for work, and realizing why it’s so hard to find new employment is because the jobs are just not there right now.

If you zoom in to this graph, though… Tell me if this is accurate to you, where it begins in May of 2020, there seems to be like a rise just before May of 2020, where there was a big dip. And COVID was announced roughly in March.

Right. March 2020.

At least here in the US. I think it was happening, and I paid attention to it, Thanksgiving, Christmas, January, February in the Far East, in Asia and India and different places… And I was like “This is getting scary.” I see that thing moving, and I was like “Is it come in here? What is this?” And then obviously, March… And I know because my son’s birthday is early March, and we had a birthday party, and the last thing we did that was major with crowds was his birthday, and shortly after he and I got super-sick in their chests. And looking back, I think – I think I got COVID early on. But anyways, that’s beside the story. I’m burying the lead here. Does it drop from 100 on this graph down to 60 in May 2024? Is that how you’re reading it? So like there was an up, and then an obvious down?

Because it looks like March would have been right before that, obviously. It’s March, April, May, and it’s kind of going every other month or so, for me at least, on my graph.

I do think that the lockdowns began, and hiring probably froze for a while, while nobody knew what was going to happen next… And so it makes sense that the postings dropped - yeah, like you said, from 100 down into the 60s, in the matter of a few months. And then just climbed, climbed, climbed, probably as stimulus money was injected, we had the PPP loans… The markets were going crazy, valuations were high, money was easy… We were still at ZIRP, zero interest rate policy… And it just climbed, to where it was just sunshines and rainbows, up until mid ‘22, and then it just drops from there. And of course, we know what happened in our industry, in the tech world; everything tightened up, money got more expensive, layoffs began, hiring freezes began… And it seems like we’re still on our way on the downslope of that. And where does the downslope stop? Who knows…?

[00:23:53.03] What’s explaining this? Some people are saying this is AI already hitting us where it hurts. I think that’s premature. I don’t think anyone’s losing their job because of AI. Maybe on the margins, in the tech world. Obviously, in art and other places there are people who aren’t as valuable as they were, because their job has been somewhat offset by language models and image models etc. But I don’t think any software developers, unless their bosses are pointy-haired bosses who don’t understand what’s going on, are like flat-out not getting hired because AI is so productive right now. I just don’t think that that’s the case.

That’s my two cents.

I agree with that sentiment. What I do see though is as it goes to the right, past the bell, into what seems like maybe a flattening of sorts… It’s not quite a flattening, but it seems – it’s down, it’s going down, and we can’t see beyond may. Here it is July, so we’ve got two months, or at least one month in the past - did it continue down?

At the same time, when you look at a market and you just inject - as you mentioned, we were in ZIRP - and you have so much free money, you’re going to have some version of bell in a job market. I suppose the Chicken Little thing that you referenced in the audio version of this, and I think also in the newsletter - because I don’t read the newsletter. I’m sorry.

How dare you…?

I hate to admit that…

You miss all the extra stuff.

I want the extras. I don’t know how to subscribe. I’m just kidding, I know how to subscribe. It was a joke. Is that it was very high. It’s not like a little bell curve, it’s a very big bell curve in comparison to what would be considered – if this the lows are the normal, the non-normal, the high is just so high. And what drove that really, I believe - because I study this loosely; I’d see I pay attention to it - is when you have access to free money, and you have… I mean, we saw valuations in the pandemic era so high. I was like, we saw unicorns being born on the weekly. Companies you’d never thought would be unicorns were like “Wow, we’re a unicorn.” Well, I mean, that’s just because it was a matter of inflation, which I think the entire world is feeling… I don’t know about you, Jerod, but when I go get groceries even, like anything these days, it’s just like…

Everything’s expensive.

Yeah, you’ve got to – there’s some things I’m like “That costs that much? There’s no way. How in the world does that thing cost that much? I’m gonna go ahead and skip that.” I don’t want to go on the Debbie Downer, but I think it’s because of free cash in the market. When you have ZIRP and you have zero interest, or very low interest, or very free money, and then even not just free, but like a large injection of it… Because when you have money that is free to lend, and you have balances that come in as a result of those coming out, it creates money in the market. Because money in a bank can be lended based on a multiple. So that’s really how a lot of this, I think, worked, was that there was a lot of free money in the marketplace, and they had to use it… And so they thought, like you had said “Is this the new normal? Well, let’s invest in that new normal.” And then it was like “Whoa, whoa, this is not the new normal.”

But what do you think caused the decline? Because obviously, in the 2022 range we had non-ZIRP. Interest rates went up dramatically; they’re in my lifetime some all-time highs. I think probably your lifetime as well, at least here in the US, so as a proxy…

So when you have that kind of thing happen, it’s more expensive to grow. It’s more expensive to expand. It’s more expensive to invest. And so you have to, I guess, be more cautious or more calculated with your growth. And you have to sort of be more planned to win, rather than “We might lose.”

[00:27:57.23] Yeah, I just think it’s a lagging indicator. I think it was just – we see it now, and we can plot the curve and watch it, of what was happening then… And there are leading indicators, and there are lagging indicators. And it just seems like new job postings over time is a lagging indicator of what was going on… Which a lot of us felt very acutely. I think if you recall the beginning of this year, my sentiment was “Hey, we’re on the other side of it. We’re kind of coming out”, and I was dead wrong on that. I mean, I just felt like the sentiment had changed. And I think now, looking back at the first six months of ’24, maybe some sentiment has changed, but has it been actual change? It seems like not so much.

But the stock market’s back, so some people are feeling like we’re alright… And the Fed hasn’t done what they said they were going to do with their cuts. They’re still holding off on cuts, and so a lot of that stuff was priced in, and expected, and hasn’t happened… And so I think people are still kind of just…


Trepidatious. Yeah. And it’s an election year, so there’s so much uncertainty.

I do think the other side of this curve does change a lot, because like you said, now it’s an election year… I think with it being an election year, regardless of which way it goes, there’s always change in this perspective here. I wonder – and I don’t think there’s any data to back this. I wonder, could you map – because I guess my question is, okay, so if this is this true, which it is - it’s data backed - or if it’s even by proxy true… And again, you caveated this in the audio of the newsletter, you did say “Hey, by the way, this is Indeed data, based in the United States.” So it’s definitely compartmentalized.

Yeah, which is just one company, in one country.

So I guess the question is, for me at least - and I don’t know what questions you’re asking yourself as a result of this… But it’s like “What can I do? Okay, so what? So if this is true, so then what?” kind of thing. And I wonder if there’s any data or if it’s even possible to put the same timeline together with similarly marketed data of sorts - I’m not even sure what this would be; what kind of index would it go against - is opportunity. Because jobs being available does not equal lack of value to be created in the marketplace. This is where a lot of innovation happens. The status quo, “Go get a job, work somewhere on someone else’s idea, move that forward”, is changing. And so what can I do is “Where is the most value you see in your purview?” If you can’t get a job, you’re having a hard time getting a job, which I just feel for you, that totally sucks.

If it were me, I would be like “Okay, what do I have career capital in? What do I have domain knowledge in? Where do I see a lack of value being created?” Because money exchanges hands when problems are solved, basically. If I solve a problem – and the bigger the problem is, the more money and the more value in the problem-solving and the value exchanging happens. So if you want to get money, you’ve got to solve problems. So I would say look for problems. I don’t think this bell curve tracks to opportunities/problems being solved, or to be solved. It just tracks to job opportunities in the existing marketplace.

[00:31:25.05] Yeah, I agree. I’ll echo what I said, I think, last fall… Or maybe it was January, with Gergely Orosz, when we had him on the show talking about this questionable tech hiring market… Is that there’s never been a better time to start a business, especially if you are out of work. What are your options? Well, you can just keep pounding the pavement. I’m not saying don’t do that. Looking for that next full-time job. But also, there is a lot of opportunity to create value, create new businesses. And where are those opportunities right now? Well, it seems like, similar to the past, where you found small businesses and maybe medium-sized businesses who are handling all of their backend accounting, all of their processes, their operations on paper, previously, or on spreadsheets in Microsoft Excel, and providing web development services to those companies in order to break them out of those little silos, and really streamline their operations. I mean, so much money was made turning Excel spreadsheets into web forms.

I think similarly – first of all, that work is still out there. It’s not like it’s done. There’s tons of opportunities still out there to this day, and there’s a lot of people making good livings doing that work. But if you want to be more on the cutting edge, of course, there’s a lot of low-hanging fruit with this AI stuff. I mean, there’s a lot. We talked about summaries. It seems like the killer feature of the current wave of text-based models is summarizing stuff, taking a lot of words and making it a few words, and taking a few words and making it a lot of words. So summaries and slop, basically. And the real value is in the summaries, isn’t it? I mean, the slop is sloppy, and it’s whatever… But the summaries are like super-valuable. So summarizing this document, summarizing this meeting, summarizing these emails, summarizing whatever raw data accompany has - huge value in that. I mean, you save so much time with a good summary. And there’s so many verticals. There’s so many individual industries in which you can go into that industry and apply the basics of language models in a productionized way, and hook them up with some summaries that they will pay you happily for. I think that’s low-hanging fruit, and I think there’s lots of opportunity there.

Can I mention a sponsor, as a way of like an opportunity?

I really don’t want to do this necessarily, but I talked to David Hsu recently from Retool. And I’ve always been a fan of them, and they are a sponsor, so take this with a grain of salt, listeners. We also don’t like to blur the line. This is not an ad spot. But as an example, there’s a lot of opportunity in the internal tool space, inside of companies. People are being tasked with doing more with less, and that’s a lot of the reason why Retool is very successful, because they help you do more with less. You can be a backend engineer, or an API developer, and leverage Retool, and build out tooling for your company and not have to be a frontender. So you kind of get to minimize that footprint of a person.

You could become a specialist in understanding what SaaS companies need from an internal tooling standpoint, and find the ones that aren’t using Retool, and specialize in that, and join their team temporarily as a consultant, and say “I will just come in and tell you how Retool works, and implement Retool for you”, and I bet your Retool would even sponsor you, if you added so much value to them that you went company to company to company and did that kind of thing.

And then his version of that. There’s versions of leveraging, like you said, these companies that are doing their accounting differently. You mentioned on paper with Excel; I thought the place you were going was where they’re outsourcing to tooling that specializes, where they don’t have to be specialists. They can be generalists, and spend money on a tool, versus having to become the domain expert and do it themselves. They can sort of outsource a task, so to speak. But I’m thinking like “Gosh, if I was a backend engineer”, somebody who really understood APIs, really understood how a lot of the internal tooling needs to happen or should happen for SaaS companies, I would become that kind of expert, and go out there and just implement Retool for people.

[00:35:48.26] And you get to leave all the management behind, right? Because Retool is going to do it all. All you are is an implementer. You provide your value, you get in, you get out, maybe you stick around for some consulting or some future whatever… But at that point, you’re like in and out. Maybe that lasts for a season, maybe that lasts for THE season between the dip in the bell curve and the rise. Maybe it’s not a long-term thing, but that’s – I really didn’t want to use this sponsor, Jerod, but that was the best… It was what came to mind, it was what percolated. Like coffee.

Sure. No, I like it. I like it. I think Retool will like it also. Not a sponsored mention… Let’s move on to some cool news, some good stuff… Because we’re down here in the [unintelligible 00:36:30.18]

I’m excited about this. I know where you’re going.

Break: [00:36:35.05]

The Ladybird Browser Initiative. Of course, listeners of our interview show, The Changelog, remember us speaking with Andreas Kling from SerenityOS and how he was really into this browser that he and the Serenity team had been building for SerenityOS. Well, since then he has left Serenity, to focus on Ladybird - that’s the name of the browser - and has been working on breaking Ladybird free from Serenity’s clutches… Of course, Serenity doesn’t really clutch it, but it was built for SerenityOS. But now he’s working on having it work on macOS and Linux OS’es. And so that was a really cool change that happened a few months back. Well, just this week, just yesterday, July 1st, Andreas and others announced the Ladybird Browser Initiative, the next chapter of Ladybird… Which is being called “The truly independent, open source web browser we’ve been developing from scratch for the past few years.”

First of all, before we get into the details of this initiative, which are interesting, can we just be excited about this open source, cross-platform, completely independent browser? I mean, haven’t we been talking about how cool that would be in light of the various walled gardens that we live in, and Chrome becoming weaponized by Google, for lack of a better term, and Firefox losing its way with various initiatives that are not Firefox inside of Mozilla? And Safari, which you and I both enjoy, but obviously has Apple’s best interests in mind… To have – like, it’d be like the new Firefox, right? Instead of “Get”, it’s like “Get” And because it’s not just SerenityOS now - or will be soon; I’m not sure the status of that work - it’s going to be a standalone cross-platform browser, built by a guy in his team who really understand browsers.

Pretty cool.

Very cool. I echo your sentiment and excitement, so I won’t layer on there… But what didn’t surprise me was when we talked to Andreas – I think he says… Does he say Andreas, or does he actually put something in there? Either way, Andreas. I’ll just say Andreas, because I speak English, and I don’t have that accent, so I won’t try… Was that he had come from the Nokia days - you know this, because you were on the podcast with me. And then later at Apple, and was on the WebKit team. So this was an itch for him. He did, for his passion, and for various reasons – you should go listen to the Show, episode 554. So will get you there. “The serenity of building your own OS.” He’s got a great story, and it’s very touching. And I think he got into SerenityOS for the reasons that it’s a touching story, and then ended up at Ladybird, and that’s why he sort of like stopped touching SerenityOS, because he was back to where his itch really needed to be scratched, if that translates.

And he has the history of Nokia, and Apple WebKit, and was on that team, and so he was primed to be a good person to lead this kind of initiative. I’m very excited. I was actually just somewhere last night for dinner, and was standing in line to order, because it’s a place we had to go to the counter and order; it’s strange. And the person in front of me “Get Firefoxed” the clerk.


I just barely overheard it. She’s like “Gosh, I’m gonna go home tonight and install Firefox. Thank you.” That’s all I heard. And I said to my wife, I’m like “Did he just Get Firefox” her?”


But anyways, he might have to “Get Ladybird” her, or whatever. What is the domain for this?… They should have tried, just for –

I think you can have both. You can have like the getladybird and redirect, or something…

Yeah, for sure.

I think it’s a cool – I think Get Firefox nerds will enjoy Get Ladybird, you know?

Yeah. Especially if it’s like a nostalgic nod, an homage to what was promised, was for a bit, and then isn’t much anymore. I would personally enjoy it. I mean, I was in the days of “Tabs are awesome.” I know you were, too. “IE is dead, long live Firefox. Get Firefox”, the whole push. Like, what an amazing global grassroots effort, at the right time.

It was.

Right? So crazy.

[00:43:54.13] Yeah. It was like the nerd uprising. And we helped everybody, freed them from the shackles. So what they announced specifically is the Ladybird Browser Initiative, which is a US 501(c)3 nonprofit, which will be tax-exempt, and its purpose is to drive work on the browser and make it easier for supporters of all shapes and sizes to sponsor development. They say “Unlike traditional business models that rely on monetizing the user, Ladybird is funded entirely by sponsorships and donations from companies and individuals who care about the open web. Our nonprofit will not pursue corporate deals or revenue outside of unrestricted donations. The software as source code will be available for free, forever”, and they have a board of directors starring Andreas himself, of course, and - the surprise entrant for me… I was like “This is so cool.” Chris Wanstrath, co-founder of GitHub, CEO of GitHub for many years, now working on a games company called Null Games. Chris will be the secretary and treasurer of this new initiative, and I believe he personally donated - he and his wife donated a million dollars as part of a seed funding for this nonprofit. So an injection to get things going. I mean, pretty cool by Chris.

Very cool by Chris. And I would even say – I don’t think I’ve seen Chris… Definitely not personally… In the wild, I would say. I don’t know how to phrase it otherwise. In quotes, “in the wild”, on the internet, since I think being on stage at Universe or something with GitHub. The last moments of the acquisition by Microsoft of GitHub. I think that was the last time I’ve seen him out there, proclaiming anything.

Yeah. So in addition to – he’s been on Twitter/X, talking about things for a while, but he actually put out a video, like a three-minute video, announcing his participation in this deal. And that was the first time – I remember looking at him and being like… I don’t think I’ve seen him since he had long hair. He looks a little bit older, a little wiser, a little more cleaned up…

And yeah, pretty cool to see him… First of all, he disappeared for many years. Now he came back with this gaming company, and has been talking on social media some… But really getting out there and putting some of his personal money behind a very cool initiative.

The free forever aspect of this is the clincher. I love taht Chris is involved. And I think that Chris being involved, and his family donating a million dollars to this initiative is telling. And I think him coming out of the woodwork, if that’s a phrase you want to use, which is known, but I don’t think that’s necessarily the case, because as you said, he’s been on X, talking, but not visually… Like, this was a video. This is like “Hey, I’m gonna put my full likeness, and personal words, my voice even, behind this new push.” But the fact that its software and its source code – this is quoted. “The software and its source code will be available for free, forever.” And just the need of – I think Chris said it best, is “We’re not trying to beat Chrome. It’s not about winning. It’s about choice. It’s about something that is not owned by the big market players, something that’s independent, something that is backed by a nonprofit, something that is for the people, for individuals.” And with it being open source means that you’ll have your opportunity, if you feel so inclined, to participate, and to be involved. Probably on GitHub, right? That’s probably what’s happening…

For sure.

…as we know, which is a good thing. So I think - great news, but let’s consider, if you don’t mind… Hypothesize, Jerod. Two years from now. What changes? Where do you think they’ll be in two years? What will change?

Well, I do believe they will have those macOS and Linux versions out there. It will be freed from SerenityOS. And I do think that it will probably be packaged up nicely in every Linux distribution that’s mainstream, so you can apt-get install Ladybird… And who knows, maybe in two years time it’ll become a pre-installed browser on a few big distros, which would be great.

[00:48:14.20] There are, of course, many things that go into a modern browser initiative. I think they’ll have a good foundation of websites rendering correctly. That, of course, is the main thing. It must render websites correctly. But there’ll be a bunch of stuff missing, which may or may not ever be there. I mean, if you think about a Windows version, they don’t have any plans to support Windows in the short term. They want to eventually, but it’s not a priority.

Will it have an iOS or Android version that syncs to your browsers? No. This is going to be very much a desktop browser, this is going to be a focused thing, for especially in the short-term of two years, but maybe for a very long time. And so there are things where it’s like, you know, why do I use Safari? Well, a lot of the reason why I use Safari is because of the integration between my laptop and my phone, and that continuity stuff. And so all that stuff is not going to be a thing.

So this will be very much a choice, to use this browser, and one that will still require, especially for those of us inside our walled gardens, some sacrifices in order to leave the walled garden. It’s not going to be a one for one switch. And so that will be a challenge for Ladybird as adoption; it means you have to give up something that you are otherwise happy with. But I think a lot of people are definitely willing to do that, especially on the Linux side.

What do you think?

I have a couple more questions… And I do have a point, too; I have my own thoughts. But I know you all covered on JS Party - and I haven’t listened back to this episode yet - more so the development, I suppose, with Apple and multiple web browsers. Can you catch me up on what the status of that is? Because I think that’s the clincher. If we can get native Ladybird that doesn’t have to have Safari - or WebKit, I suppose - as its underpinnings, then you can do a lot of what Safari offers you and I as Apple users, when you have the application installed on iOS, and you can have cloud syncing with tabs, and whatever, if that’s something that Ladybird wants to offer. But give me a one-minute update on what that status is for, I suppose, everyone in the Apple world, not just the EU.

Right. So historically, every web browser in the App Store was a skin on top of WebKit. So Chrome, Firefox, Vivaldi, you name it. Brave… All of these iOS apps, as you mentioned, have WebKit under the hood, and have to use Apple’s APIs. So they’re basically the Chrome UI, and maybe the Chrome sync engine on top of that. So Google is very much hamstrung in what they can do. The reason – EU laws that have passed break that bond in the EU. And so Apple will allow – a) they’re allowing alternative app stores, although it’s a huge pain in the butt to get one of those spun up… They made it significantly difficult. But they will also allow alternate rendering engines, and I believe - and I’m happy to be fact-checked on this, because it’s been a while since I looked at it… I believe it’s in the EU only. And here in these United States of America nothing changes, but in European Union countries, you will have the ability to have alternate rendering engines, which means Chromium can run on your iPhone, which means Gecko or whatever the Firefox thing is currently called, can run on your iPhone…

[00:51:54.04] And this would be great, because then we’ll at least be able to have the comparison, and say “Oh, it looks like Chromium on iOS is faster than Safari on iOS” etc. which will spur some innovation and some competition… But in the day to day lives of Westerners – I know many countries in Europe are also in the West, but you know what I mean… Those of us on this side of the pond - our lives are pretty much going to be the same. At least for now.

So I think when it says – in the same announcement it says “But it is still very far from finished. We want to turn Ladybird into a browser that you can use every day, for all your web-related tasks. It should be fast, stable, support web standards, and protect your privacy. A browser for you”, end quote. And so that’s why I went to that, because I feel like you’re going to have the pain, right? I’m a Safari user, I’m only truly really a Safari user because it’s minimalistic on iOS, which I appreciate… And it’s also on my mobile device. And there’s continuity. That’s the only real thing I think that – from the surface. Now, there may be other things I uncover by using something else and it falling short… But thus far, that’s the true reason, the true feature I’m for, is that continuity and the cross-device availability.

I think if – this has a real shot to do, I wouldn’t say damage, because that’s not the right phrasing… But the good, I suppose, that it’s trying to do for the people… There’s so much in the “protect your privacy” quoted phrase in what I just read, that I think needs to be examined. Because Apple is notoriously known for protecting your privacy and caring about that as a feature of their business. However, if you make all app installations in my country require your engine, is that for you? Some would say yes and some would say no because of how deeply Apple wants to own the entire spectrum from zero to one, so that they can provide the “best user experience.” That’s their innovation factor. That’s their moneymaker, is their ability to care so deeply and preemptively know what you want, to give you what you want without even knowing it.

I think for me, it’s gotta have – and maybe this pushes it. Maybe this is what we need, is a tipping point to say “We as users want choice. And why should it only be given to the EU because there were certain laws passed?” That is not a thing you should do because a law was passed, it’s a thing you should do because you care about your users. And I think that innovation happens whenever there’s competition, and you can’t have competition when you’re forced to use the same rendering engine.

Yeah, I don’t know. Time will tell on Apple’s positioning after the floodgates kind of have opened… Because at a certain point you’re just holding back the flood.

Once you get a break in the dam, it’s just a matter of time, and it’s kind of a fool’s errand to try to stop it… But I think they still have a pretty strong stranglehold on the market…

I agree.

…especially outside of EU countries. And so I don’t expect it to change too much, unless United States legislature follows suit. And I think our lawmakers have proven themselves across the board to be highly incompetent in regards to many topics, and especially technology. So I don’t trust –

“It’s a series of tubes…”



It’s a series of tubes…!

Let’s end this segment here with a congrats then. Congrats to Andreas, congrats to Chris for seeing that vision. Congrats to Andreas getting through what you went through to get to SerenityOS, and then ultimately Ladybird, and now you’re on this new trajectory… So stoked for you, by way of just hearing your story and talking to you one time on a podcast. I’m excited. So congrats to both of you guys doing this new mission, this new initiative, and to anyone that is so excited about it that they start to personally get involved in whatever way they want to, whether it’s a user, whether it’s a developer, contributor, community, whatever.


Sponsor. There you go. Ladybird… What is it? Too easy.

It’s just too easy. Alright, back to some bad news… Polyfill supply chain attack hits 100,000 plus sites. This one has made the news a few times, and so it’s not exactly new news… But I wanted to bounce off you what I said on Monday on Changelog News, and get your take on it. Because in light of this, which - for those of you who didn’t hear this news, there is a JavaScript library called polyfill.js. It provides, as is the name, some polyfills for features that don’t exist in older browsers. It was served up via a CDN that the polyfill people set up very kindly. Cdn.polyfill.js, which I’m sure served tons of bandwidth and traffic for many years, probably free of charge, subsidized by whoever it is that was putting out the open source… And eventually got sold to a malicious company. The domain got sold, polyfill.js. And so they set up a CDN at the same address, that did some nefarious things. And so this is kind of your “Rug pull, not cool” situation. Different kind of rug pull. Not an open source run pull. A domain rug pool.

Still not cool.

Super-not cool.


And so a lot of people have been trying to react… Like I said, it hit 100,000+ websites, including some pretty big ones who were using that particular asset… And I said this in yesterday’s or Monday’s news, I said “Yesterday’s best practice are today’s malpractice”, which is kind of interesting. Everybody pretty much said “Well, you should be loading off of a CDN, because it’s faster than yours, it’s closer to them than yours… You have HTTP pipelining with separate domains, so it’s faster in loading as well… It’s easier because you don’t have to pay for bandwidth…” There’s like 17 reasons why it was a best practice to just load your third party JavaScript, especially like jQuery, and jQuery UI, and React, and all these things, from a CDN and not from your own domain. That was standard operating procedure for many years. And here we see some serious, I guess, myopism/short-sightedness on that. It’s like, well, when you don’t have control over everything, things change, and not always for the better. So that goes from best practice to malpractice.

And then I thought I started thinking about Jeff Bezos’ regret minimization framework. I’m not sure if you’ve heard about that… His decision-making process when faced with two choices, his framework is make the choice that minimizes your potential regret. And so if you’re gonna go left or right, think about which one you might regret the most, and do the other one. Minimize the regret. And I said “Maybe it’s time to have a dependency minimization framework.” I don’t want to be a “not invented here” zealot, but dang, it sure seems like we’re getting bit often by our supply chain. And so maybe if we limit that supply as much as possible, that’s a framework that we should be operating under. Your thoughts?

Okay, so I want to pause for a second, and just lean into your copywriting, if you don’t mind, first…

Okay… [laughs] I’m a little nervous.

Yesterday’s best practice are today’s malpractice.” That’s yours, right?

Yeah, I wrote that.

[01:00:08.27] I mean, just - dude, bravo. That’s phenomenal writing right there. That’s how you know that you’ve –

Oh, thank you.

…fine-tuned, repeated, made easy, as you’ve said, by doing something over and over to make it easier…

That’s an art right there. Writing that line right there alone is why you listen to Changelog News. And if you don’t, you’re wrong. Okay?

Well, let me let me say, everything’s a remix, of course…

Okay. Hey, I’m sure it is.

And when I thought of that phrase, that phraseology…

Oh, yes. I know what you’re gonna reference.

…I was referring back to Kris Brandow’s “You call it tech debt, I call it malpractice.” And then I realized that best practice rhymes with malpractice, and I was like “You’re just changing the front.” So I giggled, and I wrote it down.

Either way…

So you know, shout-out to him… And that’s how it is.

Take the praise, man. That’s good stuff there.

Well, thank you. I’ll take a moment to appreciate that compliment.

Okay, that moment has passed. Now let’s dig in.

Okay. [laughs]

I like the idea of the supply chain. There’s a reason why the supply chain exists. What I don’t like is how it’s been weaponized against us. And I think there is now an opportunity, and I don’t really want to mention one more sponsor, but Feross is a friend first, before he’s a sponsor…


And I think Feross is in a blue ocean sort of scenario when it comes to the open source supply chain, in regards to dependencies. This would not have stopped this particular best practice or malpractice, as you so eloquently wrote… But I wonder – I don’t think we should be linking to CDSs. I mean, I think that practice is dead. I’m gonna let that one go. However, I don’t want – your sentiment, what you had said there was I guess the vulnerableness we have with our supply chain. There’s a reason why open source won, there’s a reason why we’re lean on other people’s amazing code, there’s a reason why – for all those reasons, there’s reasons. I’m gonna say reasons 17 more times.

I’ll count.

So I would prefer folks to lean in like Feross has in his particular niche, which was JavaScript web development and dependencies. And now it’s transcended simply Npm to all the others; there’s four of them on the list now, that they support when it comes with dependencies and checking those things.


I’d like to see better security tooling, that aids a developer. Does that shift left. Versus being like “Nah, third party. Not cool. Rug pool, not cool.” Super-not cool. I would like to have more security tooling in there that’s for developers, and developer-focused, and doesn’t become this - and I hate to use the word “like” in there… Doesn’t become this signal versus noise issue where you’re just getting alerted to things [Dependabot!] that don’t matter. Right? We talked about this recently on securing GitHub, with Jacob DePriest. And so I think my stance is really like “This sucks.” That linking out to third-party CDNs - that’s dead to me, based on this for sure… Because you can’t trust the domain ownership anymore, right?

You can just download that file and rehost it yourself, and you’re just free from this particular problem, right?

Gosh, yes. And CDNs are, apparently, a pipe dream, and potentially a dime a dozen.

[laughs] Yeah, exactly. I mean, we need to replace them ourselves, potentially. Yeah.

So I think that’s even why I asked you, I think in the post show, like “Is there a product here for this pipe dream?” Y’all, that’s a reference to the last Changelog & Friends, episode 50. So go back a clip – a click. A clip. An episode, whatever. Or several, if you’re in the Master feed… And listen to that, because we’ve had this pipe dream – and I’ve been pushing back against it, because I’m like minimizing how much software we develop and manage… I’m trying to… And y’all are trying to create more in that case… But hey, whatever. I get it.

[01:03:59.10] So if there’s CDNs everywhere, this practice is dead. But I would prefer that the future be “Okay, who has got a security mind, and can help us not allow attackers to leverage the supply chain?” …of any supply chain, whether it’s a CDN, or a dependency tree, or transitive dependencies, or whatever it might be. Let’s put some good tooling in there, that at least surfaces – and I think thus far, back to Feross and, I’m so stoked for him. I think what they’re doing is truly helping applications be better. It’s truly helping developers not feel like “Oh my gosh, I need to build a new feature, and so I go out there and I find things that are trusted in the marketplace, and I randomly do the wrong typo thing and I install the thing and I’m owned”, or whatever might happen as you’re building this thing on. There hasn’t been much out there, aside from you literally having to dig through “Has the core contributors changed? Has the code been rewritten basically from scratch recently? Has there been this slow burn of a social engineering against somebody?” We as individual developers just don’t have the patience, nor the time to do that. We need tooling. And that would be where I would welcome AI to help us. Pattern matching has amazing features for summarization, basically, in that kind of scenario. That’s where I would love people to lean in.

So if you go back to the bell curve that’s going down, and you find yourself in a position where you’ve got some knowledge in security, and you see areas of the supply chain that is under attack, and no one’s solving the problem, or there’s a team that’s small or disparate solving the problem and they need more resources, maybe step in there. And maybe there’s an opportunity to create something brand new, like Feross did, that begins to solve that problem. Because our supply chain needs to be secured. And it won’t be unless it is secured. And it can’t be, unless it’s secured. There you go, that’s my two cents.

I think that’s a solid take. I think I’m more thinking like make the rug as small as possible, so it can’t get pulled. And you’re thinking “Let’s lock that rug down, because that’s a valuable rug, and somebody put a lot of work into it, and it’s better than making your own rug.” And I think that you can probably happily deploy both strategies. I’m not saying never use third-party code, or… I mean, go look at our website, and see how many dependencies we have.

And I agree with you that security tooling may be a very good avenue. And I also agree with you that this particular practice should just be dead. Like, if you’re listening to this and you have JavaScript files that are loading from a third party CDN that you don’t control, just stop listening, pause it, go download those files, and reupload them to something that’s inside your control… And just sleep better at night, knowing that this can’t happen to you, this particular threat vector; there’s just no reason for it.

But I still think that we could individually and on our teams deploy a dependency minimization framework, and just reduce the size of that rug, just in case it gets pulled, man. Because there are real threats that are unmitigated. And yes, I think that the path forward includes companies like Socket, Feross’es company - this is another non-sponsored mentioned in the show.

They may actually sponsor this episode. I don’t even know. They may be a sponsor.

Every time you say that, it happens. With our 1Password one…

I know. They are a current sponsor, and it might happen. So if it does, I don’t know. Let me actually check the sponsor list real quick.

So this happened actually on our recent episode with Justin Searles, talking about the Apple keynote… We talked about 1Password, and are they getting sherlocked, and what’s gonna happen with them… And you’re like “They might even sponsor this episode.” And they literally sponsored that segment, which - we just had fun with it; we put a non-sponsored portion…

By proxy. They were sponsoring as a midroll, and we placed them there because it made the most sense to put them in that midroll. Because it didn’t make sense to skip the midroll and let them come later. It was more on point to literally land it there.

[01:08:08.25] Yeah, it was kind of funnier that way. We had a not sponsored, and then we had a sponsored.

I have confirmed that Socket is not a sponsor this week on these episodes. However, they may be a sponsor - let me check - on other shows…

Sure. Well, that’s gonna happen…

And they’re a sponsor of JS Party this week, so if you listen to JS Party this week, you will hear kind of what I’ve been talking about. These ad spots - can we just pause for a second and give me a little praise? Do you mind, Jerod?

Let’s do it.

Can I self-praise here?

Yeah, man. Go for it.

Maybe you can praise me, I don’t know. Like, I just love producing our ad spots with our sponsors, really. I just love digging in, because I do learn their story… In a lot of cases, these interviews I do with folks are very much like a literal podcast. And you and I have hypothesized how we can turn that into additional content… But they’re not always like clean content. Some of it is coaching, a lot of it is stuff in there… So it doesn’t always fit well, so it’s not a repeatable thing. What is repeatable is what I get out of them… Is I want to know why people should use it. Why does it exist? Who cares? Who’s getting value from it? And I’m asking various questions from that lens.

And so I did this with Feross. Like, “Feross, okay, you’ve got these things out there… Tell me what’s happening here.” And he just leans in. And so as doing these ad spots, I learn a lot more, and to some degree become more, way more bullish, or way less bullish on these folks.

So if you see somebody come through this system, let’s just say, and they go away, it’s either because they didn’t get value, or I didn’t think they really made sense for us long-term.

So it’s one of those two things. And the “Don’t get value” thing does happen if we’re not speaking to an audience they care about. I totally get it. You shouldn’t waste your money or spend your money in places you’re not getting value. However, these ad spots to me are almost just as hard as producing one more podcasts, because I’m meeting with multiple people in a week, having deep conversation with them, and distilling that down into a minute or two… And I’ve just been enjoying the process a lot. And this one for Feross over here, or this one you’ll hear from Feross on Socket on Friday, on JS Party, is an example of that.

Well, I would agree with you. I truly enjoy them. Of course, when I’m listening to our shows, I’m listening for QA purposes, and also for clipping purposes. So a lot of what I’m doing is for speed, and so yes, I will skip our own sponsorships… But sometimes I’m mowing, I’m driving, I’m not in a skipping position. And I will listen and I’ll say “You know what? This is stinkin’ good.” It’s almost like a mini little podcast right there inside of the podcast.

Of course, if you don’t like our ads, there is an option for you. If you like our shows, but not Adam’s ads, first of all, how dare you? How dare you? But secondly, go ahead and skip them. It is better, I’ve heard.


It’s better!

It is better. It’s been better for years.

[BMC tune]

Well, piling on…

Ooh. I like this one.

Should we play the pile-on song?

Piling on to this CDN issue, this third-party hotlinking…. Basically, that’s what it is. You’re hotlinking to somebody’s JavaScript, and you get – if you hotlink to polyfill.js, you get the traditional goatse, only worse. If you don’t know goatse, don’t go google that. But if you know what it is, you know what I’m talking about. Piling on is Alex Lazar, writing at I thought you might like this one, Adam: “The future is self-hosted.” Alex thinks the future is self-hosted. And in light of me saying “Go take down your third-party JavaScript loading and self-host it”, I don’t know, man, maybe the future is self-hosted. This is what Alex says.

A few points… He says privacy is baked in. This is if you’re self hosted. The pricing is simple. It’s distributed by design, which - that one might take some unpacking. And it’s easy, in 2024. So he thinks the future is self-hosted. Those are four reasons that I can unpack the full paragraphs if you like… And then he goes on to ask what’s stopping us, complacency, etcetera, etcetera. Trying to describe why we don’t self host. But what do you think about this response to the supply chain? It’s like “Well, use the supply chain, but just self-host it yourself.” Redundant. But still.

If I wrote this headline, I would write the same headline, but I would add parentheses to it… And I would add the words “For some.” Because when he says in the intro – let’s first praise it. Awesome. I think it is a great idea. But I still agree that it’s for some. And this is why. Because when he described self-hosting being easy in 2024, in the very first sentence Docker is mentioned. You go find somebody who cares about their privacy as a layperson, who is not really into tech. They use tech, they’re users of tech, they buy products. They’re generally not savvy with Docker. Does that mean they can’t use it? No, because then you can build another abstraction layer on top of that. And I think TrueNAS is a version of that kind of abstraction. But I was using TrueNAS recently, because I got this test unit from them that I’m testing out, which - I think it’s just amazing hardware, by the way. And amazing software. But at the same time, this is designed for a nerd. And that’s not a bad thing. It’s just not designed for this headline, “The future is self-hosted.” Because I think it is, but I think for some. Because if I wanted to on my 10-gigabit network put my Raspberry Pi - which will not be 10-gigabit. I don’t even know if the R Pi 5 is 2.5… And host my own JavaScript files, like be my own single-node CDN… Like, is that gonna scale? I mean, I don’t know, because then you’ve got like this personal ISP. What is self-hosted? Can you get your own colo space at a data center?

That’s what I’m thinking over here while you talk.

Tim Stewart, aka Techno Tim did this recently. He moved a lot of his stack, his home lab stack - a large portion is in a colo datacenter. Is that home lab anymore?

It’s colo lab.

[01:20:03.19] I mean, yeah, it’s – like, I love Tim, and he’s amazing… And he’s doing it for exploration, so it’s not like he’s trying to extend the idea of home lab. Like, “This is home lab. The future of self-hosted is own lab”, or some version of it. I agree with it, I want that to be the case… I think there needs to be this marriage between available hardware, and available software that doesn’t require the end user to know or understand Docker. It should not deploy Kubernetes on this thing, and use Helm charts. That’s just too nerdy.

So I agree with it. For some, for now. I think the future though, there is an opportunity to build some software and some hardware that marries each other together, that says “Put this in your home. And here’s a UI that anybody can pretty much use.” But back to the supply chain, that’s an attack vector, so it needs to be secure.

For sure.

And it needs to leverage the open source supply chain in wise ways. They should be using some of our sponsors to secure themselves. So yeah, I like the idea, long story short.

Yeah, I agree. I think it is difficult to define exactly what self-hosted means, and what the audience is of this particular thought. You’re self-hosting your business in your house? Is this you’re self-hosting your JavaScript files on S3? I mean, what exactly does he mean by self-hosting? And I think at the consumer level – and it’s a completely different conversation when we talk about businesses, consumers, developers etc. Home labbers. I think when it comes to consumer tech - and I know that Next Cloud, for instance, does a lot of this stuff. But I remember the good old Apple – what was Apple’s router called?


Apple AirPort Extreme. That thing was awesome, right? They had been [unintelligible 01:21:48.07] market. But that thing was awesome. I remember when they first announced iCloud, and they changed kind of the orientation of what they saw your computer setup to be, where it used to be like “Here’s your desktop”, and that was like the source of truth. And maybe you have a laptop, maybe not, but like this computer in your house was the source of truth. And then they – this was even back in the Jobs era, they inverted that and they’re like “No, the cloud is the source of truth, and your machines are going to sync to the cloud.” And it took them a long time to deliver on that, because iCloud was terrible years. It’s actually gotten to be pretty reliable now.

But I remember when they first announced that, I was like “I feel like that sucks”, compared to making like an AirPort Extreme in your house, with some sort of hard drives and stuff… Like a Next Cloud. Your own personal cloud, in your house. That seemed to me like that was a cool future… Which is self-hosted cloud, basically. And I know companies like Next Cloud - which also has open source stuff going on, that’s open core, I believe - have done a lot of that work, but they haven’t brought it to the masses. Is the future actually self-hosted? I think it’s gonna be – like, if Apple had gone that direction, then for consumers I think the future could have been self-hosted. And I think that’d be a better place for your cloud to live, than on Apple servers. But obviously, it didn’t go that route.

So yeah, I guess my thoughts all revolve around who are we talking about, in what context? What does self-hosted mean? And I do not think the future of web development and running servers is self-hosted… Unless by that you mean self-managed somewhere else. Because I don’t know, I’m not going to stand up a rack in the closet, and host our business off of it myself.

I like the idea of this thought being pushed forward. I think it has merit.

But like you had said, Next Cloud, I believe, for the most part is being built for mostly nerds; not quite fully nerds, but mostly nerds. I agree with [unintelligible 01:23:52.08] share, which was - I’ll paraphrase, because I’m not gonna read it exactly… You know, reducing hardware costs, long-term costs etc. I think having privacy is kind of to some degree there, because you can still have like non-VPN traffic, SSL traffic happening… So even then you’ve got to become a bit of an expert on that stuff, too.

[01:24:18.08] You may choose a networking system that aids you in that, but doesn’t remove it completely. But then it also puts all the ownership on you, and then you multiply that by everybody who self-hosts, and you’ve got a lot of people. He does say “There are billions of people in the world. Tens of millions of them turn 18 every year, and they all need software.” And I don’t have an 18-year-old, Jerod; I have a 20-year-old, and she is not at all interested in purchasing hardware and self-hosting anything whatsoever.


And I know you have children that are close to that age, not quite that age, so that’s an up and coming milestone for you. Maybe you can share - is that even on your daughter’s radar? …that would even be like “She doesn’t want to self-host anything.” That’s why I say “for some”.

She doesn’t even know what that means.

Yeah. As much as I want to believe this, I think the words “for some” could have been in there. Or maybe for nerds; maybe just for nerds. Because for nerds, I think self-hosting is here. You hop into – okay, here’s an invitation., hop in our home lab channel there. There was some cool stuff recently shared by [unintelligible 01:25:29.14] in terms of his migration to different UniFi hardware. And I love that. We just like chatted quickly yesterday, I threw a couple of [unintelligible 01:25:39.08] out there… But there is a home lab channel in our Slack community, and if you disagree with me, or agree in some cases, but mostly disagree, or even agree, hop in the home lab –

[laughs] …or disagree… Or agree.

Whatever your opinion is. If you have an opinion, share it in there. Or even in main, but it’s probably more better, or better applied in the home lab channel, because it’s kind of like synonym for self-hosted. Home lab is self-hosted. And that’s your great invitation. Hang your hat here. You’re welcome. It’s free, it’s a precursor, in my eyes, to Changelog Plus Plus, or just getting a little closer to the free Changelog metal…
And yeah, I want this to be true, though. So I’m like an advocate for this becoming true, I just don’t think it’s going to come true. It requires decent hardware, that’s made well, that’s affordable, and mostly user friendly as an interface, that does all the techie Docker, Kubernetes, whatever, however, this maps out in the future… But it needs to be non-nerd-only, in my opinion.

I think that’s fair. Should we call it a show?

Well, that’s it from me. You came up with a bunch of good topics just by way of what you do… One more time, give it up for “Yesterday’s best practice are today’s malpractice.” Phenomenal writing, Jerod.

[laughs] Oh, now you’re just flattering…

And one more nod to, and subscribing, listening and paying attention to actually staying up to date with what’s happening by listening to Changelog News or reading Changelog News every Monday. That’s awesome.

Very good. Well, by the way, many, many, many Kaizen… Did you notice? I changed the Play button on our Changelog News homepage to green, and I put the word Play underneath it.

I did notice, I liked, and I pushed. And I was happy.

Sweet. [laughs]

I was very happy.

Constantly improving. I don’t know, I was like maybe this is a little bit – draws your eye. I think the green draws your eye more than the white. Alright, there you go. We’ll save that for Kaizen 16, which will be coming, not so soon, but eventually.

Soon enough. Soon enough.

That’s right, on our regular two and a half month cadence. Alright, well, that’s Changelog & Friends for this week. I guess now we just say “Bye, friends.”

Bye, friends.

Bye, friends…


Our transcripts are open source on GitHub. Improvements are welcome. 💚

Player art
  0:00 / 0:00