{ 07 } — Blog

Thoughts & Writings

Notes on building, AI, and the craft of software. Each article is something I wish I had when I started.

Sort by

17 articles

2026-05-2612 min read

Gemini Spark vs Amazon Quick vs OpenClaw in 2026

Gemini Spark, Amazon Quick, and OpenClaw all promise to work for you as AI agents in 2026. Here is how they compare and which one actually fits your situation.

AI AgentsGemini SparkAmazon QuickOpenClawGoogle I/O 2026

Engineering

2026-05-2011 min read

GitHub Breach: How a VS Code Extension Became a Weapon

A poisoned VS Code extension gave TeamPCP access to 3,800 GitHub repos. What happened, how to vet extensions, and how to lock down permissions before it's your machine.

SecurityVS CodeDeveloper ToolsExtensions

Engineering

2026-05-1213 min read

npm Supply Chain Attacks: What Happened and What to Do

Over 416 npm packages were compromised in waves from Sept 2025 to May 2026. Here is what happened, which packages are affected, and what to do now.

SecuritynpmJavaScriptSupply ChainDevOps

Engineering

2026-05-0718 min read

SaaS Pre-Launch Audit: 5 Checks Before You Ship

The five audits SaaS engineers skip before launch and pay for later: code reuse, security, performance, error handling, and cost exposure.

EngineeringSaaSSecurityPerformanceDevOps

Engineering

2026-05-0110 min read

AI Traffic Broke GitHub Twice in One Week

Two GitHub incidents in April 2026 revealed what happens when AI agent traffic hits infrastructure built for human-pace commits. Here is the full breakdown.

GitHubAIInfrastructureIncidentsDevOps

2026-04-2910 min read

Salesforce Headless 360 Is the Most Important Platform Shift in 25 Years

Salesforce just made the browser optional. Here's why Headless 360 and Agentforce are about to reshape how software gets built, deployed, and consumed.

SalesforceAgentforceAI AgentsMCPEnterprise AI

2026-04-2810 min read

Amazon Quick: AWS Launches Always-On Desktop AI

Amazon Quick is AWS's new desktop AI. It runs in the background, connects your files, calendar, and apps, and surfaces what matters before you even ask for it.

AIAmazon Web ServicesDesktop AIBedrock

2026-04-277 min read

MCP Toolbox for Databases: Wire AI Agents to Any DB

Google's MCP Toolbox for Databases connects AI agents to PostgreSQL, BigQuery, Spanner and more — with auth, connection pooling, and observability built in.

AI AgentsMCPDatabasesPostgreSQLGoogle CloudClaude Code

2026-04-267 min read

The AI Agent Gold Rush: Miners and Shovel Sellers

Everyone's building AI agents in 2026. Most are shipping for-loops in a trench coat. Here's how to tell the difference—and when not to build at all.

AI AgentsLLMsSoftware EngineeringAI Hype

2026-04-229 min read

Anthropic's Mythos Finds 271 Firefox Security Bugs

Mozilla patched 271 Firefox vulnerabilities found by Claude Mythos in a single pass — 12x more than the previous Claude model found. Here's what that actually means.

AI SecurityAnthropicClaude MythosFirefoxProject Glasswing

Engineering

2026-04-2110 min read

Pretext: Faster Web Text Without DOM Reflow

Pretext is a 15KB library that measures and lays out text 300x faster by bypassing the DOM entirely. Here's why that matters.

Web PerformanceJavaScriptEngineering

Engineering

2026-04-1912 min read

Vercel Breach 2026: The AI Tool That Opened the Door

A compromised AI OAuth app breached Vercel in April 2026. Hackers are selling 580 employee records and API keys for $2M. Full breakdown and mitigation steps.

SecurityVercelAI ToolsOAuthDevOps

2026-04-168 min read

Claude Opus 4.7: What's New and Why It Matters

Anthropic just dropped Claude Opus 4.7 — better vision, smarter coding, and a secret more powerful sibling. Here's what changed and what it means for you.

AIAnthropicClaude

2026-04-1311 min read

Claude Mythos: The Model Anthropic Won't Release

Anthropic's Claude Mythos hits 93.9% SWE-bench and finds zero-days in every major OS — but you can't use it. Here's why, and what it means.

AIAnthropicCybersecurityClaude CodeFrontier Models

2026-04-1114 min read

LLM Calls to Autonomous Agents: Building with LangChain

Most LLM integrations plateau at single-turn Q&A. Here's how to build agents that reason, plan, and act across multi-step tasks using LangChain.

AILangChainAgentsPythonLLM

2025-01-158 min read

Building an AI Code Review Tool with GPT-4

A deep dive into architecting an automated code review pipeline powered by GPT-4 — from prompt engineering to CI integration and handling edge cases at scale.

GPT-4OpenAICI/CDCode Quality

Engineering

2024-12-106 min read

Next.js Performance Patterns I Use on Every Project

Practical performance patterns for Next.js apps — from route-level code splitting and image optimization to server component strategies that cut bundle size in half.

Next.jsReactPerformanceWeb Vitals