Changelog News – Episode #76

The I in LLM stands for intelligence

+ weird things engineers believe, npm package chaos, what Go got right/wrong & code is not tech debt


All Episodes

Daniel Stenberg is frustrated with the state of AI tooling for finding security bugs, Brian Birtles is surprised by weird things engineers believe about web dev, Feross Aboukhadijeh details the fallout from a nasty npm prank, Rob Pike shares what he thinks they got right and wrong with Go & Gavin Howard writes up why he believes “all code is tech debt” is all wrong.



Synadia – Join the NATS community for RethinkConn 2024

Notes & Links

📝 Edit Notes

All links mentioned in this episode of Changelog News (and more) are in its companion newsletter.



📝 Edit Transcript


Play the audio to listen along while you enjoy the transcript. 🎧

What up, nerds? Did you you miss me? I’m Jerod and this is Changelog News for the week of Monday, January 8th 2024.

As the kids say: we are SO back! (Do the kids say that?)

Turns out I collected too many high quality links during break. I didn’t even know what to do with them all. So, be sure to check out the companion newsletter for big heaping pile of links at the end.

Ok, let’s get into the news.

Curl creator/maintainer, Daniel Stenberg, documents his frustration with recent AI tooling “advancements”:

I have held back on writing anything about AI or how we (not) use AI for development in the curl factory. Now I can’t hold back anymore. Let me show you the most significant effect of AI on curl as of today – with examples.

Daniel is clearly of the opinion that we haven’t gained much of value from generative AI tooling, but he does seem more optimistic about the future than he is about the present:

I am convinced there will pop up tools using AI for this purpose that actually work (better) in the future, at least part of the time, so I cannot and will not say that AI for finding security problems is necessarily always a bad idea.

I do however suspect that if you just add an ever so tiny (intelligent) human check to the mix, the use and outcome of any such tools will become so much better. I suspect that will be true for a long time into the future as well.

My mind is open and willing to be changed, but I’m with Daniel. The human touch is absolutely necessary today and I suspect that will remain the case for much longer than some would have us to believe.

Since Brian Birtles quit Mozilla and went back to full-time web development, he’s discovered a few surprises:

It turns out Web development is actually pretty hard, Web developers are actually very smart, and some of these frameworks and techniques we mocked as browser engineers aren’t so bad. Oops.

At the same time, it turns out some Web developers have ideas about browsers and the Web that, as a former browser engineer and standards editor, I’m a bit dubious of.

In the linked post, Brian shares eight things that surprised him and why. Things like, “All sites should work without JavaScript”, “Browsers aren’t made to run SPAs” & “Web development shouldn’t need a build step.”

“Web development shouldn’t need a build step”… that sounds like a wonderful topic for our next JS Party debate episode! If you agree that’s a great premise, hop in to the jsparty channel in our free community slack and debate with us. Join today at

It is now time for Sponsored News!

When it comes to distributed systems, NATS is proving to be the go-to open source tech for solving all kinds of challenges. Pub-sub? Request-reply? Data streaming? Key-value store? Object store? NATS does THAT!

NATS enables truly innovative solutions. Who better to hear stories from than the actual users themselves? Join the NATS community for RethinkConn 2024 and hear them for yourself, for no cost whatsoever!

The FREE 3-hour virtual event is happening on Jan 11th, 2024 at 16:00 UTC. Learn more and Sign up today at (with two n’s) and thank you to our new sponsors at Synadia, for supporting Changelog News!

An npm user named PatrickJS launched a troll campaign with a package called “everything,” which depends on all public npm packages. But that’s not all. The creator took their prank to the next level by setting up, showcasing the chaos they unleashed. They even included a meme from Skyrim, adding some humor (or mockery, depending on your perspective) to the situation.

Feross Aboukhadijeh details the fallout from this prank, the unintended consequences that trapped even PatrickJS in his own web & the (since-deleted) apology he wrote on GitHub Issues.

In a post titled ‘what we got right, what we got wrong’, Go(lang) co-creator Rob Pike summarizes his closing keynote from GopherConAU in November, 2023. Things he thinks they got right include the gopher mascot, the specification, having multiple implementations, portability, tooling & more. Things he thinks they got wrong revolve around the compiler, project management, package management & documentation.

There’s lots to learn here for anyone creating a language of their own or anyone interested in the why behind the success/failure of (at least one) large open source efforts.

Gavin Howard reacts to a post he thinks is “so wrong” called All Code Is Technical Debt, where the thesis is:

As the more code you add to an application, the slower development becomes, I view all code as technical debt.

Gavin breaks down why he believes this thesis is wrong and then establishes his own rule:

Your software is trying to solve a problem, and every problem has an unknown shape because reality has a surprising amount of detail…

Technical debt is every place where the software does not fit the problem.

He then goes on to explain why this is true and the nuance surrounding it. This entire exchange has me thinking that perhaps Kris Brandow was right (gasp!) about the whole “tech debt” metaphor just being bad and that we should ditch it altogether…

If that ruffled your feathers or had you nodding along in extreme agreement, we did an entire episode of Changelog & Friends on the topic. It’s called You call it tech debt I call it malpractice

That’s the news for now, but do check the companion newsletter, which you can find in your show notes or on the web at, for a boat load of more newsy goodness. Including, the AHA stack, Heynote, DeskHop, FireDBG, bash one-liners for LLMS & more.

we have some great episodes coming up this week: Justin Garrison tells us about Amazon’s silent sacking on Wednesday and Gerhard is back for Kaizen 13 on Friday!

Have a great week, get your friends in on Changelog News if you dig it, and I’ll talk to you again real soon. 💚


Our transcripts are open source on GitHub. Improvements are welcome. 💚

Player art
  0:00 / 0:00