Author: drweb

SQL

I’m sure you’ve all heard the tale of Goldilocks and the Three Bears, but I’d like to apply the Goldilocks principle to a database object-namely, a materialized view.You might be thinking, how does that apply to database objects when it comes to things like not too cold, not too hot, or not too heavy, not too light? But bear with me (no pun intended) and we’ll see how all this pans out shortly.Just about every web application has a public page. Often that public page is just the login screen that takes you into the more private parts of the…

Read More
SQL

I type fairly well. Well, I type fast, but I do wear out a backspace key relatively quickly on most keyboards. That and a space bar.AI helps me deal with my issues in a way that I really like. This post looks at a small thing that I appreciate, and it’s why I wish I had a small local model running for more software.This is part of a series of experiments with AI systems.Searching for PostsToday I was searching for some posts. I typed in something and found nothing.Clearly, I mistyped something, but before I fixed this, I alt-tab’d over…

Read More

Harness today is providing DevOps teams with an ability to build and deploy autonomous artificial intelligence (AI) agents that automate the delivery of code to production environments.Trevor Stuart, a senior vice president and general manager at Harness, said the Autonomous Worker Agents eliminate the need for fixed scripts with custom AI agents or ones provided by Harness that run in a sandbox container environment.Via the Harness Model Context Protocol (MCP) Server, a developer using an AI coding tool can assign a task to a Worker Agent, with the result returned to wherever it was triggered. Each agent has its own…

Read More

Every time your server needs to look up a domain name, it sends a DNS request to another DNS resolver. If it’s asking for the same domains over and over, those repeated requests still have to travel across the network, even though the answer probably hasn’t changed. For example, imagine a web application that connects to three external APIs every time someone visits your site. If your server handles thousands of requests a day, it also ends up performing those same DNS lookups thousands of times. That’s unnecessary network traffic and adds a small delay to every request. A local…

Read More

A clean GitHub repository that contains no malicious code can launch an attack and fully compromise a developer’s systems by using indirect prompt injections to trick AI-powered coding agents like Anthropic’s Claude Code into taking steps that hand control to attackers and expose a wide range of secrets.In a proof-of-concept (PoC) attack, Mozilla 0DIN researchers Andre Hall and Miller Engelbrecht showed how chaining a few seemingly routine agent actions can give a threat actor shell command access and persistence on a targeted developer system.In addition, this all happens without any warnings or alerts because the payload doesn’t appear anywhere in…

Read More

OpenAI is preparing to launch its first branded hardware product, but rather than entering the crowded consumer device market, the company is starting with a tool designed specifically for software developers.The company has scheduled a July 15 unveiling for Codex Micro, a compact input device created in partnership with keyboard manufacturer Work Louder. OpenAI began teasing the product on social media with the message, “Your favorite Codex shortcuts are getting an upgrade,” offering a glimpse of a square-shaped controller while withholding technical specifications.The short promotional video posted on X received nearly one million views within 24 hours, despite being short…

Read More

Every engineering team I talk to is adding AI agents to their workflow. Almost none of them are updating the practices around those agents. The DevOps practices we built over the last two decades apply directly, but the failure modes have changed. If you don’t adapt to a world where some of your developers aren’t human, you’ll ship bugs faster than you ever could before.The biggest shift is that the bottleneck moved from shipping code to learning from what you shipped, and most teams haven’t built the rituals to close that gap. Gene Kim’s Three Ways from the DevOps handbook…

Read More

Configuration drift is the gap between the infrastructure state declared in code and the state actually running in your environment. It occurs when resources are changed outside of your infrastructure as code (IaC) workflow, so the live system no longer matches its definition.In a single cloud, drift is usually straightforward to find and correct. Across multiple providers, it is harder to detect and more costly to leave unaddressed.Why Does Multicloud Make Drift Worse?Each provider has its own API, resource model, console, and defaults. A change made directly in one cloud does not resemble the equivalent change in another, so the…

Read More

Threat actors are exploiting a known security flaw in the SimpleHelp remote monitoring and management (RMM) software to drop two previously unknown pieces of malware that can compromise a broad range of systems and steal massive amounts of sensitive data.Researchers with Blackpoint Cyber’s Adversary Pursuit Group said they detected an intrusion in which the adversaries abused a critical authentication bypass vulnerability — tracked as CVE-2026-48558 — to obtain an authenticated technician session without valid credentials on an internet-facing SimpleHelp server.“The compromised RMM platform provided the operator with a trusted administrative channel capable of transferring files and executing commands on systems…

Read More