← All episodes

2026-07-03 · No LLM code in dependencies cover art

2026-07-03 · No LLM code in dependencies

Show notes

BRINE — 2026-07-03 · show notes

Guest: the tooling optimist (a fictional archetype).

Claims are paraphrased and attributed; nothing is read verbatim. Where a thread disagreed with the article, the show surfaces the disagreement.

Segments

  1. No LLM code in dependencies
  • Source: https://joeyh.name/blog/entry/no_LLM_code_in_dependencies/
  • Discussion: https://lobste.rs/s/oe8pxn
  • Topic: software supply chain · interest 85
  • Joey Hess, author of git-annex, details his arduous process of purging LLM-generated code from his dependency tree. The piece highlights specific issues like incomprehensible commit history and low-quality automation, sparking a nuanced discussion on the future of software maintenance, trust, and community standards in an AI-assisted ecosystem.
  1. picoem: Cycle-accurate Rust emulators for the Raspberry Pi RP2350/RP2354 and RP2040
  • Source: https://github.com/0x4D44/picoem
  • Discussion: https://lobste.rs/s/saozu4
  • Topic: hardware emulation · interest 85
  • picoem is a Rust-based, cycle-accurate emulator for Raspberry Pi RP2040 and RP2350 microcontrollers. It supports core ISA, dual-core logic, and PIO, providing a robust toolset for firmware development without physical hardware, with verification against QEMU.
  1. I ported Kubernetes to the browser
  • Source: https://ngrok.com/blog/i-ported-kubernetes-to-the-browser
  • Discussion: https://lobste.rs/s/pzqj6b
  • Topic: Infrastructure/Tooling · interest 85
  • The author presents 'webernetes', a TypeScript-based simulation of Kubernetes that runs entirely in the browser. Unlike a WASM port, this implementation provides a functional, lightweight cluster environment for educational purposes, developed via extensive LLM assistance coupled with rigorous manual review and automated testing.

Transcript

Transcript. Paraphrased; sources in notes.md.

HostWelcome to July 3rd, 2026. I am Daniel, and joining me today is Samantha. We have a packed slate. We are looking at the realities of software supply chains, some impressive hardware emulation work, and a project that somehow got Kubernetes running entirely inside a web browser. Samantha, it is great to have you here. I have to imagine that last one has you feeling pretty caffeinated already.

GuestOh, absolutely. Running a cluster in the browser, Daniel? My developer brain is doing backflips. It is the kind of wild, unnecessary, and deeply impressive engineering that reminds me why I got into this game in the first place. But honestly, looking at our first topic, I think I might need that extra espresso.

HostYeah, let us dive into that. Over on Lobsters, Joey Hess, the maintainer of git-annex, has been writing about a massive undertaking. He spent about 100 hours of manual labor purging dependencies from his project that contained LLM-generated code. His argument is that these dependencies are bringing in unreadable commit histories, low-quality automation, and just general instability. It sounds like he is at his wits end.

GuestI feel for him. Truly. I love AI-assisted workflows, they are my bread and butter for boilerplate, but there is a massive difference between using an agent to spin up a test suite and dumping a thousand lines of unvetted, hallucinated junk into a dependency tree.

HostIt is a friction point that seems to be popping up everywhere. The Lobsters thread is fascinating here. A user called LolPython points out that for them, the real issue is how this degrades human interaction. They talk about how even a bad proposal in the past was at least a human-readable attempt, whereas now, people can mask poorly thought out ideas under a veneer of professional-looking code.

GuestThat is the tragedy of it. If the code is coherent, you can audit it, you can critique it, and you can collaborate. But when you are debugging a black box that spits out random logic, the social contract of open source just breaks. That said, I have to agree with another user in the thread, mitchellh, who suggests that while this is a totally reasonable reaction, it is probably a futile effort in the long run. We are at a point where the tooling needs to catch up to the verification side.

HostSpeaking of better tooling, let us pivot to hardware. There is a project called picoem, which is a cycle-accurate emulator for the Raspberry Pi RP2040 and the new RP2350 chips. For our listeners who might not be familiar, these are the microcontrollers powering everything from custom keyboards to industrial sensors, and picoem lets you simulate that hardware in Rust without needing a physical board on your desk.

GuestThis is pure builder fuel. I have spent so many afternoons waiting on a flash cycle for a tiny microcontroller, only to realize I missed a single register bit. Having a cycle-accurate emulator like this means I can run my CI pipelines on my laptop without juggling a tangle of USB cables. It is clean, it is performant, and it is exactly the kind of library-first approach I love.

HostIt is interesting that the developer is quite upfront about not promising long-term support or PR SLAs. It is very much a "use it if it helps, fork it if it breaks" philosophy.

GuestAnd that is exactly how it should be! If a tool works for your stack, you take it and you own it. You do not need the maintainer to do your homework for you. It is a refreshing bit of honesty in an ecosystem that sometimes gets too obsessed with "enterprise-ready" labels for personal research code.

HostLet us talk about that "browser-ready" Kubernetes project. The author of webernetes, a play on Kubernetes, managed to port the core functionality of a cluster to TypeScript so it runs in the browser. They were very clear that this is not a WebAssembly compilation of the existing Go codebase. Instead, it is a lightweight, functional rewrite. They say they used LLMs to generate almost 100,000 lines of code, but they stress they did the heavy lifting of manual review and testing.

GuestI read the post, and my first reaction was skepticism, but the execution is undeniably clever. They avoided the bloat of compiling Go to WASM by literally building a custom TypeScript implementation of the Kubelet. I actually spent the morning playing with the demo. I dropped a little custom agent workflow I use for cluster state monitoring into the repo just to see if I could make it talk to their in-browser API, and it actually responded exactly how I expected. It is a fantastic educational tool.

HostIt is a massive project. 629 files, hundreds of commits. Do you think this changes how we look at running complex infra locally?

GuestIt makes it accessible. If I want to teach a junior developer how a ReplicaSet tracks state, I do not want them to have to install a local cluster or deal with container networking nightmares. I want to show them the state transitions in the browser console. It is not going to replace production clusters, but for experimentation? It is a total win. It shows that if you actually audit the machine-generated output, you can build something incredibly complex in a fraction of the time.

HostIt sounds like the perfect middle ground between the "ban all AI" approach we discussed earlier and the "blindly commit everything" trap.

GuestExactly. It is about using the tool to scale your effort, not to outsource your brain. You keep the context, you do the code review, and you end up with a tool that actually helps people learn.

HostI think that is a great note to end on. I am already imagining how much time we could have saved on our own projects with a sandbox like that. Are you taking any of that "browser-cluster" energy into the weekend, or are you finally logging off?

GuestOh, I am definitely going to be poking at the webernetes source code a bit more. There is something satisfying about having a cluster that disappears the second I close the tab. No dangling processes, no background daemons, just pure code. I might actually get a break from the terminal for once.

HostSounds like a plan. Thank you for joining me, Samantha. And a huge thanks to the community over on Lobsters for all the discussion that made today’s episode possible. We will be back tomorrow with more.