I’m going to say something that will make every engineering manager uncomfortable: Stop asking your team to write documentation. Not because documentation doesn’t matter. It matters more than ever. But because asking humans to document their work after they’ve done it is a process that has failed consistently for thirty years, and no amount of “definition of done” checklists or documentation sprints is going to fix it. The people who know the most write the least. The docs that get written are stale within weeks. And the knowledge that matters most — the decisions, the gotchas, the “why” behind the…
Author: drweb
You’re running df -h every 30 seconds by hand to watch a disk fill up, typing the same command over and over like it’s your job, when there’s a single built-in tool that does it for you automatically. Every sysadmin hits this situation at some point. You’re watching something (like disk usage or a process), and you keep running the same command again and again to see updates. Using tail isn’t helpful here, and you don’t feel like writing a loop or setting up a cron job. That’s where the watch command comes in, which is a simple tool that…
There is a particular flavour of engineering dysfunction that looks, from the outside, like peak performance. Deployments are frequent. Sprint velocity is high. The feature backlog is shrinking. Leadership is pleased. And underneath all of it, the system is quietly rotting. Technical debt compounds with every rushed deployment. Observability gaps widen because nobody has time to instrument the new services properly. The on-call rotation gets noisier every month. But the velocity metrics keep climbing, so nobody sounds the alarm until something breaks badly enough that velocity stops being the conversation. I call this the velocity trap, and it is the…
Let me describe a scenario that is already playing out in production environments. A team deploys an AI agent to handle routine infrastructure scaling. The agent performs flawlessly for weeks. It optimizes costs, responds to traffic patterns faster than any human could, and the team starts trusting it implicitly. Then one Thursday at 3 AM, the agent encounters a pattern it has never seen before, a cascading partial failure combined with a DNS propagation delay, and it confidently makes exactly the wrong call. It scales down the healthy instances because it misread the health check responses. This is not a…
Apr 23, 2026 Trivy, KICS, and the shape of supply chain attacks so far in 2026 We caught a malicious image pushed to checkmarx/kics on Docker Hub, the image was quarantined, and we coordinated response with Socket and Checkmarx. This blog walks through what happened and why we believe open, fast collaboration is the key to responding to this new pattern of emerging supply chain attacks. Read now
I always thought it would be fun to create my own open source libraries or applications and distribute them somehow. When I started writing my book, Creating TUI Applications with Textual and Python, I took the plunge and wrote a helper package called textual-cogs, which is a collection of reusable dialogs and widgets for Textual. Right now, it is mostly just dialogs, but I do hope to add some widgets to it as well. Anyway, I have released two new dialogs in the past week, with one in v0.0.4 and the other in v0.0.5. A Textual Directory Dialog In v0.0.5, I added…
Anthropic has launched Claude Security in public beta for Claude Enterprise customers. The tool gives security teams a way to scan entire codebases for vulnerabilities — and generate targeted patches — without the usual back-and-forth that slows down remediation. It’s a meaningful step forward for teams struggling to keep pace with the growing volume and complexity of security threats. And it signals where AI-assisted development is heading next. From Research Preview to Public Beta Claude Security isn’t brand new. Anthropic first released it as Claude Code Security in February, initially limited to Enterprise and Team customers. Since then, hundreds of…
The honest case for Python in connected hardware Here’s the short answer: the best Python libraries for IoT development right now are paho-mqtt, RPi.GPIO, gpiozero, pigpio, Adafruit CircuitPython, PySerial, Pandas, TensorFlow Lite, boto3, and Flask or FastAPI. Pick the right combination and a two-person team can wire a sensor to the cloud in a single sprint. Python isn’t the obvious hero of IoT. It’s interpreted, not compiled. It’s heavier than C. On a bare-metal microcontroller with 256KB of flash, it has no business being there at all. And yet – it keeps showing up. In factory automation scripts, in Raspberry…
You’ve been running a long rsync job or a Python script on a remote server only to watch it die the moment your SSH session drops, and now you need to understand nohup, screen, tmux, and systemd to stop that from ever happening again. You logged out for a second. Maybe your VPN dropped. Maybe your laptop lid closed. Either way, that 4-hour database export you were running is gone, and you’re starting from zero. This happens because Linux ties every process you start in a terminal to that terminal’s session, and when the session ends, the kernel sends a…
The 2025 Stack Overflow Developer Survey ranked Python fourth among the top five languages. It has reached a point where it’s often the main choice for teams that want reliability and long-term scalability for their work. The ecosystem in 2026 is all about picking the right combo of proven libraries and frameworks for your needs. This article focuses on that, as we have compiled the most useful Python libraries you should know about. We also explain how they can be used for actual tasks and when each tool really makes sense. Source What Types of Python Tools Are Used in…