There is a particular flavour of engineering dysfunction that looks, from the outside, like peak performance. Deployments are frequent. Sprint velocity is high. The feature backlog is shrinking. Leadership is pleased. And underneath all of it, the system is quietly rotting. Technical debt compounds with every rushed deployment. Observability gaps widen because nobody has time to instrument the new services properly. The on-call rotation gets noisier every month. But the velocity metrics keep climbing, so nobody sounds the alarm until something breaks badly enough that velocity stops being the conversation. I call this the velocity trap, and it is the…
Author: drweb
Let me describe a scenario that is already playing out in production environments. A team deploys an AI agent to handle routine infrastructure scaling. The agent performs flawlessly for weeks. It optimizes costs, responds to traffic patterns faster than any human could, and the team starts trusting it implicitly. Then one Thursday at 3 AM, the agent encounters a pattern it has never seen before, a cascading partial failure combined with a DNS propagation delay, and it confidently makes exactly the wrong call. It scales down the healthy instances because it misread the health check responses. This is not a…
Apr 23, 2026 Trivy, KICS, and the shape of supply chain attacks so far in 2026 We caught a malicious image pushed to checkmarx/kics on Docker Hub, the image was quarantined, and we coordinated response with Socket and Checkmarx. This blog walks through what happened and why we believe open, fast collaboration is the key to responding to this new pattern of emerging supply chain attacks. Read now
I always thought it would be fun to create my own open source libraries or applications and distribute them somehow. When I started writing my book, Creating TUI Applications with Textual and Python, I took the plunge and wrote a helper package called textual-cogs, which is a collection of reusable dialogs and widgets for Textual. Right now, it is mostly just dialogs, but I do hope to add some widgets to it as well. Anyway, I have released two new dialogs in the past week, with one in v0.0.4 and the other in v0.0.5. A Textual Directory Dialog In v0.0.5, I added…
Anthropic has launched Claude Security in public beta for Claude Enterprise customers. The tool gives security teams a way to scan entire codebases for vulnerabilities — and generate targeted patches — without the usual back-and-forth that slows down remediation. It’s a meaningful step forward for teams struggling to keep pace with the growing volume and complexity of security threats. And it signals where AI-assisted development is heading next. From Research Preview to Public Beta Claude Security isn’t brand new. Anthropic first released it as Claude Code Security in February, initially limited to Enterprise and Team customers. Since then, hundreds of…
The honest case for Python in connected hardware Here’s the short answer: the best Python libraries for IoT development right now are paho-mqtt, RPi.GPIO, gpiozero, pigpio, Adafruit CircuitPython, PySerial, Pandas, TensorFlow Lite, boto3, and Flask or FastAPI. Pick the right combination and a two-person team can wire a sensor to the cloud in a single sprint. Python isn’t the obvious hero of IoT. It’s interpreted, not compiled. It’s heavier than C. On a bare-metal microcontroller with 256KB of flash, it has no business being there at all. And yet – it keeps showing up. In factory automation scripts, in Raspberry…
You’ve been running a long rsync job or a Python script on a remote server only to watch it die the moment your SSH session drops, and now you need to understand nohup, screen, tmux, and systemd to stop that from ever happening again. You logged out for a second. Maybe your VPN dropped. Maybe your laptop lid closed. Either way, that 4-hour database export you were running is gone, and you’re starting from zero. This happens because Linux ties every process you start in a terminal to that terminal’s session, and when the session ends, the kernel sends a…
The 2025 Stack Overflow Developer Survey ranked Python fourth among the top five languages. It has reached a point where it’s often the main choice for teams that want reliability and long-term scalability for their work. The ecosystem in 2026 is all about picking the right combo of proven libraries and frameworks for your needs. This article focuses on that, as we have compiled the most useful Python libraries you should know about. We also explain how they can be used for actual tasks and when each tool really makes sense. Source What Types of Python Tools Are Used in…
Most AI coding tools do one thing well: Help developers write code faster. IBM wants to go further than that. The company this week announced the general availability of IBM Bob, an AI development partner built to support the entire software development lifecycle — from planning and design through testing, deployment, and modernization. The timing makes sense. Enterprises have spent the past few years experimenting with AI-assisted coding. Many have seen real productivity gains. But they’ve also run into a familiar wall: speed without structure creates problems. Legacy systems, compliance requirements, and hybrid environments don’t disappear just because your developers…
Arm this week made available a free toolkit for analyzing agentic artificial intelligence (AI) workloads as they are being developed by DevOps and platform engineering teams. Earlier this year, Arm unveiled a 3nm processor based on its Neoverse V3 architecture that is specifically designed for AI workloads. The Arm Performix toolkit provides system-wide analysis across metrics such as memory bandwidth, latency, cache efficiency and CPU utilization for workloads running on that processor. Additionally, Arm has included recipes for testing multiple classes of agentic AI workloads. Developed in collaboration with Microsoft, MongoDB, Redis and SAP, the Arm Performix toolkit surfaces expert…