Iran bombed AWS, GPT-5.4 dropped, brain cells play DOOM, and new M5 MacBook Pros are here.

Changelog NewsDeveloper news worth your attention

Adam here! šŸ¤©

Big week here at Changelog with some big change all around, but the bigger news since we last shipped news was AWS data centers getting bombed by Iran to take down Claude. Seriously, you canā€™t make this stuff up. And on the ligher side of things, we have new MacBook Pro models with M5 Pro and M5 Max available to pre-order. Iā€™m so torn and so tempted.

Ok, letā€™s get into the news.

šŸšØ GPT-5.4

OpenAI shipped their latest model last Thursday. GPT-5.4 is seriously good and the phrase ā€œtrust the modelā€ has never been more true, for coding. Our friends at Augment Code made this statement.

ā€œā€¦itā€™s the first model weā€™ve used that feels built for agent workflows: planning cleanly, delegating well, and consistently following through without getting lost halfway.ā€ Source: GPT-5.4 is our default model now

Fun fact, I was actually reviewing the models when I saw this new model in the listā€¦and I was like yea! Changed to 5.4 and was seriously impressed and making some amazing progress instantly.

If youā€™re sleeping on Codex or GPT-5.4, you might be missing out.

šŸ§  Living human brain cells play DOOM on a CL1

When I talked with Drew Wilson on episode #639 about ā€œChasing that next BIG thingā€ he mentioned his design work with Cortical Labs on the CL1. Now the thing plays DOOM and they have the video to prove it. The future is now my friends. The future is now.

šŸ’” I was a 10x engineer. Now Iā€™m useless.

This video on X from Mo Bitar hits on the toll booth idea as well as the ā€œOMG why would I keep writting code by hand when this thing can produce better and faster, or near instantly?ā€

Weā€™re all tip-toeing around these feelings. But Mo put it out there and he put it out there well. Weā€™ll get in on the pod soon (check your DMs Mo).

šŸ› Your codebase is full of bugs

Ok, I havenā€™t tried this yet for myself, but I saw enough posts on X about ii, so I had to log it here to News. Detail scans your codebase to find serious bugs. Each scan spends a few hours exercising your code in creative ways to uncover bugs youā€™ll be glad to know about.

šŸ¤‘ Your AI recommended a vulnerable package?Thanks to Sonatype for sponsoring Changelog News

Hereā€™s a fun experiment: ask your coding agent to recommend a logging library for your next project. Now check when that recommendation was last updated. Feeling lucky?

AI coding agents are trained on data with a knowledge cutoff. That package they just confidently suggested? Could have three CVEs disclosed since the model learned about it. Your code runs. Your security audit does not.

Thatā€™s why Sonatype built Guide, and hereā€™s the fun part: the unauthenticated version is ready for you to play with. No signup. No credit card. Just go to guide.sonatype.com and start querying.

Sonatype Guide is an MCP server that plugs directly into Claude, Cursor, and other AI assistants. Instead of your agent pulling from stale training data, it pulls from Sonatypeā€™s live component intelligence. These are the folks behind Maven Central, trusted by over 15 million developers. They know which packages are safe and which ones you should avoid.

Hereā€™s your challenge: go to guide.sonatype.com, search for a dependency your AI recently recommended, and see what Sonatype knows that your model doesnā€™t. The results will be interesting.

Learn more at fandf.co/4ahP5MZ or check the full link in the newsletter.

āœ‹ Talk to the Handy

Drop the paywall and talk to the Handy. Handy is a free and open source speech-to-text Mac app that runs locally on your computer. Press a keyboard shortcut, speak, and it pastes the transcription into whatever text field youā€™re typing in. The best part, itā€™s fully private since all transcription happens on-device. No audio gets sent to the cloud.

šŸ„¹ Bring haptics to the web

Itā€™s time to bring Haptics to the web. Now you can make your app feel as good as it looks. Create custom tactile patterns with strengths + durations for your web interactions. Works in the usual suspects, React, TypeScript, Vue, and Svelte.

šŸ“„ Google Workspace CLI, finally

Google announced their official CLI for Google Workspace and X was on fire about it. But why is everyone so excited about a CLI like this? Because navigating a Google Workspace is just the worst. There really should be a CLI for that. And now there is.

šŸŽ›ļø jj v0.39.0 Released

jj v0.39.0 is a significant release for the Git-compatible VCS, headlined by two features: jj arrange, a TUI for interactively reordering and abandoning revisions, and jj bookmark advance, which automatically moves bookmarks forward to a target revision (inspired by the popular community jj tug alias).

šŸŖ– Hardening Firefox with Anthropicā€™s Red Team

Anthropic partnered with Mozilla to test Claude Opus 4.6ā€™s ability to find security vulnerabilities in Firefox ā€” one of the most well-tested open-source codebases in the world. In two weeks, Claude discovered 22 vulnerabilities (14 rated high-severity), more than were reported from all sources in any single month of 2025. These were novel zero-day bugs in the current Firefox codebase, not reproductions of known issues. Mozilla shipped fixes to hundreds of millions of users in Firefox 148.0.

šŸ™ˆ Good Software Knows When to Stop

Good software has a clear, bounded purpose and resists the urge to expand beyond it. Knowing when to stop adding features is a strength, not a limitation. This post opens with a satirical scenario: ls gets ā€œupgradedā€ into an AI-powered ā€œAdaptive Listing Systemā€ that predicts which files you meant to see ā€” complete with a 30-day deprecation notice. The absurdity makes the point: some tools are done. They solve their problem well and donā€™t need reinvention.

āœ… BONUS (un)ordered list

Laters!

-Adam