The Changelog: Software Development, Open Source - Hiring only senior engineers is killing companies (News)
Episode Date: September 30, 2025Andrew Churchill thinks companies should really be hiring junior engineers, Addy Osmani announces Chrome DevTools MCP, GitHub lays out a roadmap to fend off npm attacks, Jerry Liu builds an app that g...enerates a timeline of your day's activities, and Sean Goedecke attempts to define "good taste" in the context of software engineering.
Transcript
Discussion (0)
What up, nerds?
I'm Jared, and this is Changelog News for the week of Monday, September 29th, 2025.
It's official. Robots are invading Major League Baseball.
Starting with the 26th season, MLB will implement a challenge system for balls and strikes
to, quote, usher in the era of robot umpiring.
Human umpires aren't going anywhere anytime soon, but the rioting is on the wall.
This makes me sad.
Sure, robots will make a higher percentage of correct calls,
but they'll also be able to throw harder, hit further, and run faster someday.
And that doesn't mean I want to watch them compete.
Oh well, let's get into this week's news.
Hiring only senior engineers is killing companies.
In the last three months, Andrew Churchill interviewed 134 engineers.
His main takeaway, there is a huge pool of exceptional junior engineers that most companies won't even consider.
In this post, Andrew outlines why he loves working with juniors, fresh energy, unshackled by prior experience, loyalty, and more.
How to hire the right juniors?
Fill up her mindset, home assignments, test with and without AI, etc.
And how to make it work after the hire.
Invest in mentoring, be patient, measure right, etc.
His call to action, quote, investing your time in passionate junior developers will pay off in the long run.
The question is whether you'll start now or wait until everyone else figures it out.
Introducing Chrome DevTools MCP.
Now in public preview, Chrome's DevTools now connects AI agents like cursor, Claude Code, and Gemini CLI, to its automation and debugging capabilities.
The end result?
Quote, your AI helper can not only write code, but actually really read code.
Run it in a real browser, inspect what's happening, and even fix issues based on real feedback from the page, end quote.
Chrome DevTools MCP acts as a bridge between an AI model and a real Chrome browser instance,
which means that your model can now open pages, click buttons, read the DOM slash CSS, capture performance metrics, read console logs, and much more, all autonomously, as if a human developer were using Chrome Dev Tools.
GitHub's plan for a more secure NPM supply chain.
NPM has been getting hammered by attackers recently,
so much so that I've struggled to track and contextualize all the events,
so we're having our friend Ferasibuka DJ from Socket Security on the show Friday
to help make sense of it all.
GitHub, as the owners and hosts of NPM, are at the center of the platform.
Here's what they're doing about it.
To address token abuse and self-replicating malware,
we will be changing authentication and publishing options in the near future to only include
one, local publishing with required two-factor off, two, granular tokens, which will have a limited
lifetime of seven days. And three, trusted publishing. Links to the details of all three of those things
are in the show notes. In addition to these changes, GitHub provides a list of actions that MPM
maintainers can take today to strengthen their package security. It's now time for sponsored news.
ChangeLog News Classifieds
We're playing with the idea of adding a classifieds section to ChangeLog News.
It would have a max five listings per issue that appear both in the newsletter and in the audio.
They'd be super brief, headlines only, and link to a URL of your choice.
If you'd like to put your startup, passion project, big idea, event, whatever, in front of change log's classy, tasteful audience of hackers, fill out the form that's linked up in this week's newsletter.
generate a timeline of your day automatically.
Quote, Dayflow is a native MacOS app that record your screen at one frame per second,
analyzes it every 15 minutes with AI, and generates a timeline of your activities with summaries.
End quote.
Dayflow's creator, Jerry Liu, built it because he realized that his calendar isn't the source
of truth of how he actually spends his time.
His screen is.
Quote, I wanted a calm, trustworthy timeline that let me see my workday with
without turning into yet another dashboard, I had to maintain, end quote.
Thankfully, Jerry had privacy and data ownership in mind from the very start, so it gives you total
control.
Quote, it's MIT licensed and fully open source because anything that watches your screen all day
should be completely transparent about what it does with that info.
The app should feel like a quiet assistant, respectful of your attention, honest about
what it captures, and easy to shut off, end quote.
All that said, I'm kind of afraid to run this app not because of the data concerns,
but because of what it might reveal about myself,
of which I'm now blissfully unaware.
What is good taste in software engineering?
I've written often about taste as a large differentiator
between man and machine,
but because of its subjective nature,
taste isn't the easiest thing to nail down.
That is especially true in the context of software engineering,
but Sean Godecki gave it a try.
Quote, here are some indicators of software taste.
One, what kind of code looks good to you?
What kind of code looks ugly?
Two, which design decisions you feel really good about and which ones are just okay.
Three, which software problems really bother you to the point where you're worrying about them
outside of work? Which problems can you just brush off? I think taste is the ability to adopt
the set of engineering values that fit your current project, end quote.
Sean goes on to explain why taste is different from skill, what engineering taste actually is,
and why it's too easy, especially for immature engineers, to know what you like, but to
mistake that for a principled engineering position.
That's the news for now, but go and subscribe to the ChangeLog newsletter for the full scoop
of links worth clicking on, such as How Ruby went off the rails, Super Mario Bros, remastered,
and Hyperrealist data centers and Potemkin McRibs.
Get in on the newsletter at changelog.com.
We have some awesome episodes coming up this week, Charlie Marsh from Astral, talking UVN-Ruff
on Wednesday and Farras from Socket on those MPM attacks on Friday.
Have a great week, like, subscribe, and five-star review us if you dig the show, and I'll talk to you again real soon.