CRITICAL: Axios npm Package Backdoored — 100M Weekly Downloads, Cross-Platform RAT
CRITICAL: Axios npm Package Backdoored — 100M Weekly Downloads, Cross-Platform RAT
Categories
- Engineering 28
- AI Infrastructure 14
- AI-Assisted Development 12
- Product Management 7
- AI 6
- Process 6
- Best Practices 5
- Cloud Native 3
- Leadership 3
- Security 2
- Career 2
- Enterprise AI 2
- MLOps 2
- Go 2
- Cybersecurity 2
- Software Development 1
- Startup 1
- Cloud 1
- Infrastructure 1
- Tooling 1
- Culture 1
- Kubernetes 1
- Agentic AI 1
- Distributed Systems 1
- Open Source 1
- Philosophy 1
- Actualyze 1
- Product Engineering 1
- Engineering Leadership 1
- Vulnerability Research 1
Engineering
The Vibe Coding Trap: Why Architecture Matters More When AI Writes the Code
A team ported a Go implementation of JSONata from scratch last week. Seven hours. $400 in token spend. They estimate it saves $500,000 a year in engineering ...
AI Sycophancy Is Making You Worse at Decisions
Stanford just published a study in Science that should make every engineering leader pause.
The Warning Was Inside the Leak
Last week, Anthropic accidentally published nearly 3,000 internal documents to a publicly searchable database. A default CMS setting made uploaded files publ...
Issue Tracking Is Dead. Long Live the Spec.
Linear’s CEO made a striking announcement this week: the company is pivoting from issue tracking to agentic AI. The product will evolve to capture issues aut...
Cognitive Debt: What Happens When Your Agents Move Faster Than You Can Review
Mario Zechner, the creator of the Pi agent framework, published a frank piece this week that’s worth sitting with: agents compound mistakes faster than human...
Customer Discovery Is the Highest-Leverage Work You’re Not Doing
I’ve spent the last month in back-to-back conversations with potential customers. Twenty-plus meetings, each one between thirty and sixty minutes. Every conv...
Building the End-to-End AI-Native SDLC: What I’ve Learned
This is Post 6 of a series on the AI-Native SDLC. Previous posts: The Missing Half, From PRFAQ to Backlog, Specifications Are the New API, AI Drift Is a Prod...
Context Is the New Constraint: Managing What Your AI Knows
Your AI knows too much. And not enough. At the same time.
AI Drift Is a Product Problem, Not an Engineering Problem
Your coding agent isn’t broken. Your specifications are.
Specifications Are the New API Between Product and Engineering
Picture this. Your team just adopted an AI coding agent. Cursor, Claude Code, Copilot, it doesn’t matter which. The first week is electric. A developer promp...
From PRFAQ to Backlog: How Amazon’s Working Backwards Process Becomes an AI Pipeline
In my previous post on Amazon’s Working Backwards SDLC for SMBs, I walked through the structured artifact chain (personas, use cases, PRFAQ, capability maps,...
The Missing Half of AI-Assisted Development
There’s a growing conversation in the industry about building a “Cursor for product management,” an AI-native system focused on helping teams figure out what...
Amazon’s Working Backwards SDLC: A Practical Guide for SMB Engineering Teams
Amazon’s software development lifecycle is one of the most effective product development processes ever created. It has produced AWS, Kindle, Prime, Alexa, a...
Onboarding Our Founding Engineering Team
Today I’m onboarding the founding engineers at Actualyze. I’ve worked with all of them before. Excited to be getting the band back together.
Getting Started with the CNCF Cloud-Native AI Stack: A Practical Guide for New Engineers
If you’re a new engineer looking to understand the CNCF Cloud-Native AI (CNAI) ecosystem, you’re entering at exactly the right moment. The stack has matured ...
What KodeOps Means: Unified SDLC Automation
The name KodeOps is deliberate. Just as DevOps unified development and operations, KodeOps unifies the entire software development lifecycle under a single a...
Introducing KodeOps: Open Source SDLC Automation
In my year-end reflections, I mentioned that I’d be sharing more of my work through open source releases in the coming year. Today, I’m delivering on that pr...
The LLM Complexity Gap: Why No-Code Works for Web UIs But Not for Distributed Systems
LLMs have democratized software development in ways that seemed impossible just a few years ago. Tools like Lovable.com, Bolt.new, and v0.dev let non-technic...
Why Go is the Best Language for Production-Grade Agentic AI and Orchestration
A Personal Perspective
Choosing the Right Kubernetes Development Environment: Why KIND Wins for Enterprise AI Platforms
When you’re building a platform that runs on Kubernetes, you need a local development environment that doesn’t lie to you. The choice matters more than most ...
Building High-Performance Engineering Culture: Mission, Vision, and Tenets
Every high-performance engineering team needs a foundation. Not the technical stack-that’s the easy part. The foundation that matters is shared understanding...
The IDE Doesn’t Matter: A Philosophy for LLM-Powered Code Generation
LLMs are transforming how we build software. They can generate entire functions, refactor complex modules, and implement features faster than ever before. Bu...
Working Backwards with SDLD: Building a Go Service with Mage
Written in the working-backwards narrative style we use for launch docs.*
Spec-Driven Development: A Comprehensive SDLC for AI-Assisted Software Engineering
Modern software development teams face a fundamental tension: AI assistants dramatically accelerate code generation, but without structured workflows, this s...
The SDLD Specification Format: A Canonical Reference
A comprehensive guide to the SDLD specification format for LLM-assisted software development.
Spec-Driven LLM Development (SDLD): Precise Engineering Through Specifications
LLMs are transforming how we write code. They can generate entire functions, refactor complex modules, and implement features faster than ever before. But th...
re:Invent 2025: AWS Frontier Agents and Developer Tools
Last day at re:Invent. Want to share notes on the AWS developer tools announcements.
AI Infrastructure
The Agentic SDLC Transition Is Happening Whether Your Team Is Ready or Not
A leaked internal memo from Red Hat’s CTO and SVP of Engineering, dated March 31, 2026, is making the rounds. The headline: all of Global Engineering is requ...
CRITICAL: Axios npm Package Backdoored — 100M Weekly Downloads, Cross-Platform RAT
CRITICAL: Axios npm Package Backdoored — 100M Weekly Downloads, Cross-Platform RAT
The Vibe Coding Trap: Why Architecture Matters More When AI Writes the Code
A team ported a Go implementation of JSONata from scratch last week. Seven hours. $400 in token spend. They estimate it saves $500,000 a year in engineering ...
AI Sycophancy Is Making You Worse at Decisions
Stanford just published a study in Science that should make every engineering leader pause.
The Warning Was Inside the Leak
Last week, Anthropic accidentally published nearly 3,000 internal documents to a publicly searchable database. A default CMS setting made uploaded files publ...
Issue Tracking Is Dead. Long Live the Spec.
Linear’s CEO made a striking announcement this week: the company is pivoting from issue tracking to agentic AI. The product will evolve to capture issues aut...
Cognitive Debt: What Happens When Your Agents Move Faster Than You Can Review
Mario Zechner, the creator of the Pi agent framework, published a frank piece this week that’s worth sitting with: agents compound mistakes faster than human...
Production AI Inference on Your Laptop in 8 Minutes: Mastering KServe with kFabric
Deploy Production-Like AI Inference Infrastructure on Your Laptop – In Eight Minutes
Getting Started with the CNCF Cloud-Native AI Stack: A Practical Guide for New Engineers
If you’re a new engineer looking to understand the CNCF Cloud-Native AI (CNAI) ecosystem, you’re entering at exactly the right moment. The stack has matured ...
The LLM Complexity Gap: Why No-Code Works for Web UIs But Not for Distributed Systems
LLMs have democratized software development in ways that seemed impossible just a few years ago. Tools like Lovable.com, Bolt.new, and v0.dev let non-technic...
Why Go is the Best Language for Production-Grade Agentic AI and Orchestration
A Personal Perspective
Choosing the Right Kubernetes Development Environment: Why KIND Wins for Enterprise AI Platforms
When you’re building a platform that runs on Kubernetes, you need a local development environment that doesn’t lie to you. The choice matters more than most ...
KubeCon 2025: The Enterprise AI Infrastructure Moment Has Arrived
KubeCon + CloudNativeCon North America 2025 in Atlanta wasn’t just another cloud native conference. It was the event where the industry collectively acknowle...
The Enterprise AI Infrastructure Stack: From Proof of Concept to Production
Why 87% of AI Projects Fail (And How to Be in the 13% That Succeed)
AI-Assisted Development
Cognitive Debt: What Happens When Your Agents Move Faster Than You Can Review
Mario Zechner, the creator of the Pi agent framework, published a frank piece this week that’s worth sitting with: agents compound mistakes faster than human...
Building the End-to-End AI-Native SDLC: What I’ve Learned
This is Post 6 of a series on the AI-Native SDLC. Previous posts: The Missing Half, From PRFAQ to Backlog, Specifications Are the New API, AI Drift Is a Prod...
Context Is the New Constraint: Managing What Your AI Knows
Your AI knows too much. And not enough. At the same time.
AI Drift Is a Product Problem, Not an Engineering Problem
Your coding agent isn’t broken. Your specifications are.
Specifications Are the New API Between Product and Engineering
Picture this. Your team just adopted an AI coding agent. Cursor, Claude Code, Copilot, it doesn’t matter which. The first week is electric. A developer promp...
From PRFAQ to Backlog: How Amazon’s Working Backwards Process Becomes an AI Pipeline
In my previous post on Amazon’s Working Backwards SDLC for SMBs, I walked through the structured artifact chain (personas, use cases, PRFAQ, capability maps,...
The Missing Half of AI-Assisted Development
There’s a growing conversation in the industry about building a “Cursor for product management,” an AI-native system focused on helping teams figure out what...
The IDE Doesn’t Matter: A Philosophy for LLM-Powered Code Generation
LLMs are transforming how we build software. They can generate entire functions, refactor complex modules, and implement features faster than ever before. Bu...
Working Backwards with SDLD: Building a Go Service with Mage
Written in the working-backwards narrative style we use for launch docs.*
Spec-Driven Development: A Comprehensive SDLC for AI-Assisted Software Engineering
Modern software development teams face a fundamental tension: AI assistants dramatically accelerate code generation, but without structured workflows, this s...
The SDLD Specification Format: A Canonical Reference
A comprehensive guide to the SDLD specification format for LLM-assisted software development.
Spec-Driven LLM Development (SDLD): Precise Engineering Through Specifications
LLMs are transforming how we write code. They can generate entire functions, refactor complex modules, and implement features faster than ever before. But th...
Product Management
Customer Discovery Is the Highest-Leverage Work You’re Not Doing
I’ve spent the last month in back-to-back conversations with potential customers. Twenty-plus meetings, each one between thirty and sixty minutes. Every conv...
Building the End-to-End AI-Native SDLC: What I’ve Learned
This is Post 6 of a series on the AI-Native SDLC. Previous posts: The Missing Half, From PRFAQ to Backlog, Specifications Are the New API, AI Drift Is a Prod...
Context Is the New Constraint: Managing What Your AI Knows
Your AI knows too much. And not enough. At the same time.
AI Drift Is a Product Problem, Not an Engineering Problem
Your coding agent isn’t broken. Your specifications are.
Specifications Are the New API Between Product and Engineering
Picture this. Your team just adopted an AI coding agent. Cursor, Claude Code, Copilot, it doesn’t matter which. The first week is electric. A developer promp...
From PRFAQ to Backlog: How Amazon’s Working Backwards Process Becomes an AI Pipeline
In my previous post on Amazon’s Working Backwards SDLC for SMBs, I walked through the structured artifact chain (personas, use cases, PRFAQ, capability maps,...
The Missing Half of AI-Assisted Development
There’s a growing conversation in the industry about building a “Cursor for product management,” an AI-native system focused on helping teams figure out what...
AI
AI Agents Are Finding Vulnerabilities Faster Than You Can Patch Them
The Linux kernel security list used to receive 2-3 bug reports per week. That was two years ago. Last year it was 10 per week. This year it is 5-10 per day.
What KodeOps Means: Unified SDLC Automation
The name KodeOps is deliberate. Just as DevOps unified development and operations, KodeOps unifies the entire software development lifecycle under a single a...
Introducing KodeOps: Open Source SDLC Automation
In my year-end reflections, I mentioned that I’d be sharing more of my work through open source releases in the coming year. Today, I’m delivering on that pr...
Year-End Reflections: The Last 18 Months, and What Comes Next
As the year comes to a close, I’ve been reflecting on the last 18 months since leaving AWS. It’s been a long, focused chapter of deep work, and it’s now sett...
re:Invent 2025: AWS Frontier Agents and Developer Tools
Last day at re:Invent. Want to share notes on the AWS developer tools announcements.
Announcing ActualyzeAI
One year ago, I decided to leave Amazon Web Services to start my own company. Since then I’ve had the chance to meet some amazing people, build some incredib...
Process
Amazon’s Working Backwards SDLC: A Practical Guide for SMB Engineering Teams
Amazon’s software development lifecycle is one of the most effective product development processes ever created. It has produced AWS, Kindle, Prime, Alexa, a...
The IDE Doesn’t Matter: A Philosophy for LLM-Powered Code Generation
LLMs are transforming how we build software. They can generate entire functions, refactor complex modules, and implement features faster than ever before. Bu...
Working Backwards with SDLD: Building a Go Service with Mage
Written in the working-backwards narrative style we use for launch docs.*
Spec-Driven Development: A Comprehensive SDLC for AI-Assisted Software Engineering
Modern software development teams face a fundamental tension: AI assistants dramatically accelerate code generation, but without structured workflows, this s...
The SDLD Specification Format: A Canonical Reference
A comprehensive guide to the SDLD specification format for LLM-assisted software development.
Spec-Driven LLM Development (SDLD): Precise Engineering Through Specifications
LLMs are transforming how we write code. They can generate entire functions, refactor complex modules, and implement features faster than ever before. But th...
Best Practices
The IDE Doesn’t Matter: A Philosophy for LLM-Powered Code Generation
LLMs are transforming how we build software. They can generate entire functions, refactor complex modules, and implement features faster than ever before. Bu...
Working Backwards with SDLD: Building a Go Service with Mage
Written in the working-backwards narrative style we use for launch docs.*
Spec-Driven Development: A Comprehensive SDLC for AI-Assisted Software Engineering
Modern software development teams face a fundamental tension: AI assistants dramatically accelerate code generation, but without structured workflows, this s...
The SDLD Specification Format: A Canonical Reference
A comprehensive guide to the SDLD specification format for LLM-assisted software development.
Spec-Driven LLM Development (SDLD): Precise Engineering Through Specifications
LLMs are transforming how we write code. They can generate entire functions, refactor complex modules, and implement features faster than ever before. But th...
Cloud Native
Production AI Inference on Your Laptop in 8 Minutes: Mastering KServe with kFabric
Deploy Production-Like AI Inference Infrastructure on Your Laptop – In Eight Minutes
Getting Started with the CNCF Cloud-Native AI Stack: A Practical Guide for New Engineers
If you’re a new engineer looking to understand the CNCF Cloud-Native AI (CNAI) ecosystem, you’re entering at exactly the right moment. The stack has matured ...
KubeCon 2025: The Enterprise AI Infrastructure Moment Has Arrived
KubeCon + CloudNativeCon North America 2025 in Atlanta wasn’t just another cloud native conference. It was the event where the industry collectively acknowle...
Leadership
Customer Discovery Is the Highest-Leverage Work You’re Not Doing
I’ve spent the last month in back-to-back conversations with potential customers. Twenty-plus meetings, each one between thirty and sixty minutes. Every conv...
Amazon’s Working Backwards SDLC: A Practical Guide for SMB Engineering Teams
Amazon’s software development lifecycle is one of the most effective product development processes ever created. It has produced AWS, Kindle, Prime, Alexa, a...
Building High-Performance Engineering Culture: Mission, Vision, and Tenets
Every high-performance engineering team needs a foundation. Not the technical stack-that’s the easy part. The foundation that matters is shared understanding...
Security
AI Agents Are Finding Vulnerabilities Faster Than You Can Patch Them
The Linux kernel security list used to receive 2-3 bug reports per week. That was two years ago. Last year it was 10 per week. This year it is 5-10 per day.
The Importance of a Secure Development Lifecycle
In today’s digital landscape, security is more crucial than ever. Cyber threats are evolving at an unprecedented pace, and the need to build secure software ...
Career
Year-End Reflections: The Last 18 Months, and What Comes Next
As the year comes to a close, I’ve been reflecting on the last 18 months since leaving AWS. It’s been a long, focused chapter of deep work, and it’s now sett...
Announcing ActualyzeAI
One year ago, I decided to leave Amazon Web Services to start my own company. Since then I’ve had the chance to meet some amazing people, build some incredib...
Enterprise AI
KubeCon 2025: The Enterprise AI Infrastructure Moment Has Arrived
KubeCon + CloudNativeCon North America 2025 in Atlanta wasn’t just another cloud native conference. It was the event where the industry collectively acknowle...
The Enterprise AI Infrastructure Stack: From Proof of Concept to Production
Why 87% of AI Projects Fail (And How to Be in the 13% That Succeed)
MLOps
Production AI Inference on Your Laptop in 8 Minutes: Mastering KServe with kFabric
Deploy Production-Like AI Inference Infrastructure on Your Laptop – In Eight Minutes
The Enterprise AI Infrastructure Stack: From Proof of Concept to Production
Why 87% of AI Projects Fail (And How to Be in the 13% That Succeed)
Go
Why Go is the Best Language for Production-Grade Agentic AI and Orchestration
A Personal Perspective
Working Backwards with SDLD: Building a Go Service with Mage
Written in the working-backwards narrative style we use for launch docs.*
Cybersecurity
CRITICAL: Axios npm Package Backdoored — 100M Weekly Downloads, Cross-Platform RAT
CRITICAL: Axios npm Package Backdoored — 100M Weekly Downloads, Cross-Platform RAT
The Warning Was Inside the Leak
Last week, Anthropic accidentally published nearly 3,000 internal documents to a publicly searchable database. A default CMS setting made uploaded files publ...
Software Development
The Importance of a Secure Development Lifecycle
In today’s digital landscape, security is more crucial than ever. Cyber threats are evolving at an unprecedented pace, and the need to build secure software ...
Startup
Announcing ActualyzeAI
One year ago, I decided to leave Amazon Web Services to start my own company. Since then I’ve had the chance to meet some amazing people, build some incredib...
Cloud
re:Invent 2025: AWS Frontier Agents and Developer Tools
Last day at re:Invent. Want to share notes on the AWS developer tools announcements.
Infrastructure
Year-End Reflections: The Last 18 Months, and What Comes Next
As the year comes to a close, I’ve been reflecting on the last 18 months since leaving AWS. It’s been a long, focused chapter of deep work, and it’s now sett...
Tooling
Working Backwards with SDLD: Building a Go Service with Mage
Written in the working-backwards narrative style we use for launch docs.*
Culture
Building High-Performance Engineering Culture: Mission, Vision, and Tenets
Every high-performance engineering team needs a foundation. Not the technical stack-that’s the easy part. The foundation that matters is shared understanding...
Kubernetes
Choosing the Right Kubernetes Development Environment: Why KIND Wins for Enterprise AI Platforms
When you’re building a platform that runs on Kubernetes, you need a local development environment that doesn’t lie to you. The choice matters more than most ...
Agentic AI
Why Go is the Best Language for Production-Grade Agentic AI and Orchestration
A Personal Perspective
Distributed Systems
The LLM Complexity Gap: Why No-Code Works for Web UIs But Not for Distributed Systems
LLMs have democratized software development in ways that seemed impossible just a few years ago. Tools like Lovable.com, Bolt.new, and v0.dev let non-technic...
Open Source
Introducing KodeOps: Open Source SDLC Automation
In my year-end reflections, I mentioned that I’d be sharing more of my work through open source releases in the coming year. Today, I’m delivering on that pr...
Philosophy
What KodeOps Means: Unified SDLC Automation
The name KodeOps is deliberate. Just as DevOps unified development and operations, KodeOps unifies the entire software development lifecycle under a single a...
Actualyze
Onboarding Our Founding Engineering Team
Today I’m onboarding the founding engineers at Actualyze. I’ve worked with all of them before. Excited to be getting the band back together.
Product Engineering
Issue Tracking Is Dead. Long Live the Spec.
Linear’s CEO made a striking announcement this week: the company is pivoting from issue tracking to agentic AI. The product will evolve to capture issues aut...
Engineering Leadership
The Agentic SDLC Transition Is Happening Whether Your Team Is Ready or Not
A leaked internal memo from Red Hat’s CTO and SVP of Engineering, dated March 31, 2026, is making the rounds. The headline: all of Global Engineering is requ...
Vulnerability Research
AI Agents Are Finding Vulnerabilities Faster Than You Can Patch Them
The Linux kernel security list used to receive 2-3 bug reports per week. That was two years ago. Last year it was 10 per week. This year it is 5-10 per day.