Blog

A software engineer's window into Eid al-Fitr. Not a lecture on Islam. Just what tonight and tomorrow actually look like from the inside.

Ollama 0.18 shipped with native OpenClaw integration. Local models now get tool calling, multi-agent workflows, and permission boundaries. No API costs, no data leaving your network.

Amazon.com went down for six hours because of AI-assisted code changes. A week later, they required senior engineer sign-offs. LinearB analyzed 8.1 million pull requests and found AI code waits 4.6x longer for review and ships 19% slower. The productivity gains were a mirage.

I picked DynamoDB through Amplify for a professional networking app with swipeable cards. The first two weeks were magic. Then we needed queries DynamoDB was never built to answer.

Everyone's arguing whether AI agents should use MCP or CLI tools. The answer depends on a question nobody's asking: does the model already know how to use the tool, or did your team build it last Tuesday?

GitHub published the most sophisticated platform security for AI agents I've seen. Isolation, token quarantine, constrained outputs, audit trails. It doesn't stop the attacks that actually happened this month.

MCP servers have no input sanitization layer. Every JSON-RPC request flows straight from AI client to tool server, unfiltered. So I built one.

An autonomous AI agent breached McKinsey's internal AI platform in two hours. No credentials. No insider access. The entry point was SQL injection through JSON field names, a bug class older than most junior developers.

Someone put a prompt injection payload in a GitHub issue title. An AI triage bot executed it, poisoned the build cache, stole npm credentials, and pushed a rogue package to 4,000 developers. The full chain took five steps.

Agent skills became an open standard. MCP connects everything. But the layer between them, the one that keeps agents from failing catastrophically in production, barely exists.

A canonical URL mismatch between www and non-www kept my entire blog invisible to Google for three months. Six files, twelve line changes, and a sitemap resubmission fixed it. Here's how to check yours.

Claude Code manages your context through three systems: microcompaction, auto-compaction, and structured rehydration. Here's how the machinery actually works, and why most developers burn tokens without realizing it.

AI accelerates code production but expands scope, raises expectations, and shifts the bottleneck from implementation to judgment. Engineers are doing 2x the work and feeling 10x the burnout.

60,000 GitHub stars. One billion Docker pulls. Officially archived. MinIO's five-year wind-down from Apache 2.0 to AGPL to dead is the most dramatic open-source infrastructure collapse in years. Here's the migration playbook.

MCP servers are everywhere. Production-ready ones aren't. Here's the architecture I use after running MCP in real workloads: error boundaries, state isolation, security hardening, and scaling patterns that actually hold up.

Google told developers API keys aren't secrets. Then Gemini changed the rules. Truffle Security found 2,863 live keys on public websites that now access private Gemini endpoints, including keys belonging to Google itself. The attack is a single curl command.

Amplifying.ai ran 2,430 prompts against Claude Code and found it builds custom solutions in 12 of 20 categories. The tools it picks are becoming the default stack for a growing share of new projects.

One engineer, $1,100 in tokens, and 94% API coverage. Vinext is either the future of framework development or the most impressive demo that will never matter. I think it's both.

3.9 million requests across Java, Go, Node.js, and Python. Go wins on memory, Java on latency. But after running MCP servers in production for months, I think the benchmark misses what actually matters.

Boris Cherny says the software engineer title disappears in 2026. He's wrong about the title, right about the shift. Here's what 9 years of production engineering taught me about surviving it.

Cloudflare's Durable Objects give you single-threaded, globally unique compute with embedded SQLite. AWS has no equivalent. Here's how they change backend architecture.

AWS Lambda Durable Functions look like Step Functions killers. They're not. Here's when each one wins, what the checkpoint-and-replay model actually costs, and the architectural patterns I'd use in production.

Firefox just shipped setHTML in version 148, replacing the notorious innerHTML with something that actually sanitizes by default. Here's why this matters and what it means for your security posture.

When an independent browser engine switches from C++ to Rust mid-flight, it's not just a language choice. It's a bet on maintenance burden, contributor velocity, and long-term survival.

The best AI model finds 49% of backdoors in compiled binaries. With a 22% false positive rate. Here's what that means for your supply chain security strategy.

Most developers are using AI assistants inefficiently. Here's how separating planning from execution can 10x your productivity.

GGML.ai joined Hugging Face this week, creating a complete stack for running AI locally. The assumption that AI requires the cloud is already obsolete—we're just waiting for everyone to notice.

Dependabot opened thousands of PRs for a vulnerability that affected nobody. The real fix isn't more automation - it's smarter automation.

A startup just hit 17K tokens/sec on a single chip by hard-wiring Llama into silicon. The GPU monoculture in AI inference has an expiration date.

Every infrastructure decision is a bet on the future. After watching teams make the same mistakes across multiple startups, here's what actually matters when choosing your stack.

The Pentagon wants AI labs to allow 'all lawful use' of their models. Anthropic pushed back. Now the DoD is threatening to blacklist them. Here's why engineers should care.

Google's Gemini 3.1 Pro just dropped with a 77% on ARC-AGI-2 - up from 31%. The benchmarks are staggering. But the people actually building with it keep saying the same thing: it can't call tools.

Claude Sonnet 4.6 just dropped and developers with early access prefer it over Opus 4.5. This isn't an accident. It's a pattern that should change how you pick models.

There's a new name for something engineers have been feeling for a year: token anxiety. The compulsive urge to always be prompting, always shipping. This is what that actually is.

Anthropic collapsed Claude Code's file output in v2.1.20. Devs pushed back immediately — and they were right. This isn't a UX preference. It's about catching AI mistakes before they cost you.

Apple's App Store got 557,000 new submissions last year, up 24%. Building an app went from a $50K project to a weekend. When development costs disappear, subscription pricing follows. The businesses that survive know exactly why.

OpenAI's GPT-5.2 conjectured a new formula in theoretical physics that humans missed for decades. A concrete data point on where AI reasoning actually stands.

Google and OpenAI both shipped major AI releases this week — one betting on deeper reasoning, one on faster inference. These aren't just product launches. They're two different theories about where the real bottleneck is.

Everyone's arguing GPT-5 vs Opus while the real bottleneck in LLM coding agents is something nobody talks about: the edit tool format.

287 Chrome extensions with 37.4 million installs are quietly exfiltrating browsing history to data brokers. Here's what was found, who's behind it, and what you can do about it.

Anthropic's AI writes nearly 100% of their code, but Microsoft research shows devs miss 40% more bugs reviewing AI code. The essential skill of 2026 is code cynicism.

The cost of testing an idea has dropped to zero. In 2026, we don't build MVPs to test tech feasibility anymore. We build them to test market feasibility.

A look at the shift from brute-force AI to bio-inspired efficiency and quantum computing breakthroughs.

Learn the key principles and patterns I've used to build Next.js applications that scale to millions of users, with insights from real-world production systems.

A technical deep dive into the stack used for this portfolio. Highlighting React Server Components, Tailwind's new engine, and performance benefits.