Featured post what's this? ✨ How the AI bubble bursts The catalysts for a crash are already laid out, and it can happen sooner than most expect. AI is here to stay. If used right, chances are it will make us all more productive. That, on the other hand, does not mean it will be a good investment. Big tech do...
Monitor Claude Code Usage With Grafana Use Grafana Cloud and OpenTelemetry to observe your Claude token usage.
DNS is Simple. DNS is Hard. DNS looks like configuration, but behaves like a global control plane with weak consistency and hidden state
The blurred line between overengineering and anticipating change Check out Giorgio Garofalo's blog post
The Trouble with Fusion: Nuclear Fusion Will Not Give Us Infinite Power Fusion will not be built for a long time. There is an astounding and impressive amount of work being done, much of it useful, but none of it is even in the same league as a commercial power plant, not to mention ballparks. As mentioned above, only a singl...
Package Upgrades Feel Like Russian Roulette Axios just got compromised. 83M weekly downloads. A RAT on every machine. Here's what shipping desktop software taught us about npm supply chain risk.
Craft is Untouchable - Christopher Butler AI doesn't threaten craft—the temptation to skip iteration does.
Will everything become an API? How do you value a business when the specter of a new model looms over EBITDA multiples and forward ARR?
Building Multi-Tenant SaaS with Rails 8, Caddy, and Kamal A production guide to building multi-tenant SaaS with Rails 8 — subdomain routing, custom domains, and automatic SSL with Caddy's on-demand TLS.
My letter to my reps regarding California’s age verification law My name’s Chris Taylor. I’m a software engineer and a constituent in your district. I grew up in California and got a computer engineering degree from UCSB (the one by the beach). I’ve worked on defense robotics, drones, and other high-stakes industrial s...
Liquid Glass updates in 26.4 Apple recently updated all their OSs to 26.4, and there were plenty of Liquid Glass updates. Most of them for the better! Here are some of the changes that stood out to me, as well as a bit more grumbling about Liquid Glass in general (sorry).
Code and Cake - Your job isn't programming We’ve been doing software development wrong. When trying to improve a poor codebase, the solutions we often reach to are generic and technical. Move the frontend to React. Split the backend into microservices. Rewrite everything in Rust. Some of these app...
Your Engineers Aren't Lazy, Your Codebase Is Punishing Them A two-minute interactive audit to score whether technical debt is dragging your engineering team. Five signals that separate people problems from code problems.
A Dot a Day Keeps the Clutter Away — Scott Lawson The simplest organization system I've tried is a sheet of colored dot stickers. It's also the best.
Why I Like Real Estate January 2023 I’m often asked why I like real estate better than any other asset class like equities, bonds, crypto, startup shares etc. Beyond that I think the returns are better, every time I’m asked…
An effect notation based on with-clauses and blocks A bad habit of mine is that I’ll write 10.000 or 20.000 words on a topic, and then never publish that. A lot of my longer-form writing never sees the light of day because it gets stuck in editing purgatory. Editing small pieces is easy and quick, editing ...
The World's First Bullshit I opened Twitter this morning and three different startups were announcing "the world's first" something. An AI CMO, an autonomous AI marketer, and a design agent "with taste," which is a phrase that made me close my laptop for about ten minutes. None of...
Minimum Release Age is an Underrated Supply Chain Defense | Dani Akash A 7-day package delay would have blocked installs in most short-lived malicious publish attacks from the last 8 years
I Read Claude Code's Leaked Source. Here's What's Inside. 380K lines of TypeScript leaked via source maps. Undercover mode, autonomous agents, and a Tamagotchi.
Time to Start Treating Dev Machines as Untrusted - Work & Life Notes Shai-Hulud, Shai-Hulud 2.0, Trivy, LiteLLM, and now Axios, and many smaller compromises bring us to the realization that existing supply chains are highly
7 Configuration Changes That Turn a Multi-homed Host into a Switch/Router – blog This was written on March 1, 2026
I Read the Leaked Claude Code Source — Here’s What I Found Today, the source code for Claude Code — Anthropic’s AI-powered CLI tool — leaked online. Naturally, I did what any curious developer would do.
When to Use an Agent There are times where it is prudent to use an AI agent (like Codex) aggressively. There are other times where they should be avoided like the plague. The question of into which bucket a particular endeavor falls is difficult to answer.
Tracing Goroutines in Realtime with eBPF — Ozan Sazak Built a Go runtime tracer called xgotop to trace and visualize goroutine lifecycles and memory allocations in realtime, and won eBPF Summit '25 Hackathon with it!
When an ALB Can Replace Nginx (and When It Can't) — yaw An AWS ALB handles routing, SSL, health checks, and redirects natively. Here's when you can drop Nginx entirely.
SITUATIONAL AWARENESS: THE DECADE AHEAD Everything laid out in JS. Resize horizontally and vertically, then click the logos.
The man and the elevator · Jose Antunes This is a post about “vibe coding”/”agentic engineering”, and my mental journey to come to terms with it.
OkCupid gave 3 million dating-app photos to facial recognition firm, FTC says OkCupid and Match settle with Trump FTC, don't have to pay any financial penalty.
Supply Chain Attack on Axios Pulls Malicious Dependency from... A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHu...
.NET CLI Shebangs and Argument Parsing | no dogma blog Trying to pass something like -v or -h to a .NET CLI application that uses the shebang style of `dotnet run app.cs` can cause issues because `dotnet run` itself has options that conflict with the application's arguments. Here's how to work around that.
Prediction: The Shopify CEO's Pull Request Will Never Be Merged Nor Closed The CEO of Shopify used an AI tool called autoresearch to optimize Liquid parsing speed. The code quality is poor and no one will ever merge it.
axios Compromised: npm Supply Chain Attack via Dependency Injection axios 1.14.1 was published to npm via a compromised maintainer account, injecting a trojanized dependency that executes a multi-platform reverse shell on install. No source code changes in axios itself, just a new entry in package.json.
GitHub backs down, kills Copilot PR ‘tips’ after backlash Updated: Letting Copilot alter others' PRs was the wrong judgment call, says product manager
Ollama is now powered by MLX on Apple Silicon in preview · Ollama Blog Today, we're previewing the fastest way to run Ollama on Apple silicon, powered by MLX, Apple's machine learning framework.
Android developer verification: Rolling out to all developers on Play Console and Android Developer Console News and insights on the Android platform, developer tools, and events.
