The Changelog: Software Development, Open Source - The I in LLM stands for intelligence (News)
Episode Date: January 8, 2024Daniel Stenberg is frustrated with the state of AI tooling for finding security bugs, Brian Birtles is surprised by weird things engineers believe about web dev, Feross Aboukhadijeh details the fallou...t from a nasty npm prank, Rob Pike shares what he thinks they got right and wrong with Go & Gavin Howard writes up why he believes "all code is tech debt" is all wrong.
Transcript
Discussion (0)
What up, nerds? Did you miss me?
I'm Jared, and this is Changelog News for the week of Monday, January 8th, 2024.
As the kids say, we are so back.
Do the kids say that? The kids say that, right? Do the kids say that?
The kids say that, don't they? I don't know. Go ask some kids. Report back.
Howdy new fellow kids say that? The kids say that, don't they? I don't know. Go ask some kids. Report back. How do you do, fellow kids?
What?
Turns out I collected too many high-quality links during break.
I didn't even know what to do with them all.
So be sure to check out our companion newsletter this week
for a big, heaping pile of links at the end.
That is one big pile of links.
Okay, let's get into the news.
Curl creator slash maintainer Daniel Stenberg documents his frustration with recent AI tooling advancements.
Quote, I have held back on writing anything about AI or how we do not use AI for development in the
Curl factory. Now I can't hold back anymore. Let me show you the most significant effect of AI
on curl as of today with examples. End quote. Daniel is clearly of the opinion that we haven't
gained much of value from generative AI tooling, but he does seem more optimistic about the future
than he is about the present. Quote, I am convinced there will pop up tools using AI for this purpose that
actually work better in the future, at least part of the time. So I cannot and will not say that AI
for finding security problems is necessarily always a bad idea. I do, however, suspect that
if you just add an even so tiny intelligent human check to the mix, the use and outcome of any such
tools will become so much better.
I suspect that will be true for a long time into the future as well. End quote.
My mind is open and willing to be changed, but I'm with Daniel here. The human touch is absolutely necessary today, and I suspect that will remain the case for much longer than some would have us
to believe. Since Brian Bertels quit Mozilla and went back to full-time web development,
he's discovered a few surprises.
Quote,
It turns out web development is actually pretty hard.
Web developers are actually very smart.
And some of these frameworks and techniques we mocked
as browser engineers aren't so bad.
Oops.
At the same time,
it turns out some web developers
have ideas about browsers
and the web that, as a former browser engineer and standards editor, I'm a bit dubious of.
End quote. In the linked post, Brian shares eight things that surprised him and why. Things like,
all sites should work without JavaScript. Browsers aren't made to run SPAs. And web
development shouldn't need a build step. Hmm, web development shouldn't need a build step.
That sounds like a wonderful premise for our next JS Party debate episode. If you agree it's a good
premise, hop in the JS Party channel in our free community Slack and debate it out with us.
Join today at changelog.com slash community.
You know what time it is. Sponsored news.
When it comes to distributed systems, NATS is proving to be the go-to open source tech for solving all kinds of challenges. PubSub, request reply, data streaming,
key value stores, object stores. NATS does all of that. NATS enables truly innovative solutions,
and who better to hear stories from than the actual users themselves? Join the Nats community for RethinkCon 2024 and hear them for yourself for no cost whatsoever.
This free three-hour virtual event is happening on January 11th, 2024.
Learn more and sign up today at Cynadia.com slash RethinkCon with two N's,
or just follow the link in your show notes.
And thank you to our new sponsors at Cynadia for supporting Changelog News.
An NPM user named PatrickJS launched a troll campaign with a package called Everything,
which depends on all public NPM packages.
But that's not all.
The creator took their prank to the next level by setting up
everything.npm.lol, showcasing the chaos they unleashed. They even included a meme from Skyrim,
adding some humor or mockery, depending on your perspective, to the situation.
In the linked post, Firas Aboukadej details the fallout from this prank,
the unintended consequences that trapped even PatrickJS himself in his own web,
and the since-deleted apology he wrote on GitHub issues.
In a post titled, What We Got Right, What We Got Wrong,
Go language creator Rob Pike summarizes his closing keynote
from GopherCon AU in November of 23.
Things he think they got right include the gopher mascot, the specification,
having multiple implementations, portability, tooling, including GoFmt, and more. Things he
thinks they got wrong revolve around the compiler, project management, package management,
and documentation. There's a lot to learn here for anyone creating a language of their own
or anyone interested in the why behind the success or failure
of at least one large open source effort.
Gavin Howard reacts to a post he thinks is, quote, so wrong,
called All Code is Technical Debt.
In that post, the thesis is,
As the more code you add to an application, the slower development
becomes. I view all code as technical debt. Gavin breaks down why he believes this thesis is wrong
and then establishes his own rule. Quote, your software is trying to solve a problem and every
problem has an unknown shape because reality has a surprising amount of detail.
Technical debt is every place where the software does not fit the problem.
End quote.
Gavin then goes on to explain why this is true and the nuance surrounding it.
This entire exchange has me thinking that perhaps Chris Brando was right.
Gasp.
I know.
About the whole tech debt metaphor just being bad and that we should ditch it altogether.
I think that the tech debt analogy, we should get rid of it because I don't think the thing that we're talking about when we're talking about tech debt is debt. I think it's more akin to
malpractice and people are being irresponsible. Because I think most of the time when tech debt
gets brought up, it's like, oh, we're just going to skip writing the test or skip writing documentation
so that we can get this thing out the door faster
or we're just going to code this in a really messy way
so it gets out the door faster
and I'm like that's not debt
that's you not doing your job properly
please just write the comments and the docs and the tests
it's part of the job
you can't cut out vital things
or if you do then you're committing malpractice.
And like we should we should call it that.
And that's why I think it's going to be unpopular.
So it's not tech debt.
It's malpractice.
If that ruffled your feathers or had you nodding in extreme levels of agreement, we did an
entire episode of ChangeLog and Friends on the topic is called You Call It Tech Debt,
I Call It Malpractice,
and I'll link it up for you in the show notes.
That is the news for now,
but do check the companion newsletter,
which you can find in your show notes
or on the web at changelog.com slash news slash 76
for a boatload of more newsy goodness,
including the AHA stack,
HeyNote, DeskHop, Fire Debugger, Bash one-liners
for LLMs, and so much more. We have some great episodes coming up this week. Justin Garrison
tells us about Amazon's silent sacking on Wednesday, and Gerhard Lazou is back for Kaizen
13 on Friday. Have a great week. Get your friends in on ChangeLog News if you dig it.
And I'll talk to you again real soon.