HR forced me to hire a junior systems administrator last week.
He's 23 years old and showed up on day 1 carrying a physical notebook.
He spent his first morning looking at our backend and realized my automation scripts were written in 2008.
He asked me why we're running deprecated code that relies on an unpatched version of Windows 7.
I told him we employ a strategy of chronological obfuscation.
I explained that modern malware is designed to attack modern architecture.
By keeping our infrastructure trapped in the Bush administration, we're immune to zero-day exploits.
You can't hack what you can't interface with.
He looked at me like I was insane and asked about data compliance.
I leaned back in my chair and whispered the phrase "asynchronous legacy tunneling".
He immediately closed his notebook and apologized for questioning my vision.
I spent the rest of the afternoon watching a 4-hour documentary about the Roman Empire at my desk.
Next week I'm going to make him untangle category 5 cables for character development.
No software development organization needs a standardized process.
40 years ago, Watts Humphrey, funded by the US Department of Defense, came up with something called the Capability Maturity Model (CMM)—one of many grasping-at-straw attempts to get DoD spending and quality under control. The model was forced onto all DoD contractors and eventually infected the corporate world. Everybody at the time was doing hard-core, huge-design-up-front, phase-gated (waterfall) software development, and CMM assumed that was just the way the world worked. CMM thinking mandated that the entire organization standardize on a single process under centralized control. It was the military, after all. Hierarchy and uniformity were a given.
Like SAFe nowadays, CMM was better than chaos, but didn't really achieve its objectives by most measures. Nonetheless, ideas from CMM are the corporate version of the zombie apocalypse. They refuse to die and define an of-course-things-have-to-work-that-way alternative reality.
For example, it's a CMM notion that the entire organization must march in lockstep to the Scrum (or SAFe, or (formal) Kanban Method, or lately, Spec-driven-AI) drum. We don't. The people best equipped to figure out how to do the work are the ones doing the work. It's a system based on trust, based on the idea that the people you hired because of their competence are actually competent, and you have to trust them to get the work done.
In the best organizations, the teams come up with their own processes. Sure, they can draw on the Scrums and Kanbans of the world for ideas, but ultimately, no standardized process works everywhere (anywhere?). Processes must be customized to the needs of the teams. This is not a new radical notion, by the way. Toyota has been doing it on its lines for 60 years.
(Sidebar: the people in the "don't understand Agile but nevertheless hate it " community claim that Agile advocated no process at all. That's nonsense. Process is good, but you need agility in your process thinking. Self-organizing teams figure out the best way for the team to work. They have a process, just not _your_ process.)
Of course, you can't have an every-team-for-itself chaos. The system is not adversarial, full of lazy people who hate one another, as many seem to think. The teams coordinate with each other constantly and adjust and adapt as needed. (Spotify calls this "alignment.") If they can't find alignment, management provides coordination and guidance (not directives and force) and always provides active support. Alignment is hard to do remotely, so get everybody together in one room every so often.
So, process is good. Trusting teams to figure out how best to do their own work is good. Whipping people into uniformity is not. Let's all start acting as if we're a community, not a gulag.
This has a clinical name. Revenge bedtime procrastination. And the ADHD version runs on a completely different mechanism than the neurotypical one.
A neurotypical person stays up late because they want more leisure time. The ADHD brain stays up because it spent every drop of dopamine it had on executive function during the day. Sitting in meetings, managing transitions, filtering impulses, remembering the thing you were supposed to remember. That burns through dopamine the way sprinting burns through glycogen. By 10pm the tank is empty.
But here's where it gets counterintuitive. The exhaustion is physical. The dopamine deficit is neurological. Those are two separate systems. Your muscles want sleep. Your prefrontal cortex is starving for the stimulation it was denied all day because it spent 14 hours on task-switching and impulse control instead of anything that actually felt rewarding.
The phone at midnight is the brain trying to collect what it's owed. Low-effort, high-stimulation content. Scrolling, short videos, rabbit holes. The exact profile of activity that delivers dopamine without requiring the executive function you already depleted.
The sleep researchers call this a "self-regulation failure." It's closer to a debt collection. You borrowed against your own reward system to function all day. The bill comes due at midnight. And the brain will not let you sleep until it gets paid.
I strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out.
I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really).
It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely.
The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture.
We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying.
I worry.
@github Just to be clear:
Microsoft’s GitHub was compromised when a Microsoft developer using Microsoft VSCode installed a rogue extension from Microsoft’s VSCode extension library, which is moderated and hosted by Microsoft.
I guess I’ll be reevaluating my life choices.
This is such a great example of theory vs practice. In theory, UUIDv4 collisions don't happen (generating one million per second, probability of seeing one collision in a year is ~10^-8).
But they have been observed to happen in practice, especially in distributed systems. Why?
MICROSOFT EDGE STORES ALL YOUR PASSWORDS IN PLAIN TEXT
edge password manager security fail
A security researcher just found that Edge decrypts EVERY saved password at startup and keeps them in memory - even if you never visit those sites.
The wild part? Edge still asks for your Windows password to VIEW them in the UI. The passwords are already sitting there, naked in RAM.
Chrome only decrypts passwords when you actually need them. Edge just.. doesn't.
Microsoft's response when reported: "working as intended"
If someone gets admin access on a shared machine, they can dump ALL Edge passwords from ALL logged-in users. Even disconnected ones.
This the load increase over 2 years that is breaking GitHub.
Numbers on where the Y axis start provided by GitHub, added to the graph by me. Full analysis from today's @Pragmatic_Eng The Pulse issue
AWS just announced Claude Platform on AWS.
No Bedrock required!!
You get Anthropic's native Claude experience directly in your AWS account!
- IAM handles access
- Billing is consolidated
- CloudTrail logs everything alongside your other services
The best teams solve problems nobody notices. Ravi Nagayach, Prashant Singh, Kshitij Gupta, and the Lambda networking team have been doing exactly that for about a decade. Read their story here: https://t.co/TTPUuxxpAV
Prediction:
The next 12-24 months, "UX-pilled" builders will be in massive demand.
Who can create intuitive interfaces, web+mobile+desktop apps that "feel good," natural, fast, and far better than the competition.
THIS will be the difference vs those building "just" with AI.
AWS finally shipped a dedicated private connection to other clouds!!!
No more VPNs and no more public internet routing! 🎉
It's called AWS Interconnect!
Google Cloud is the first supported provider, with Azure and Oracle Cloud coming later this year 💪
La vida útil promedio de una casa habitación típica en EEUU, SIN MANTENIMIENTO, es de entre 20 y 40 años.
La vida útil de una casa habitación típica en Latinoamerica, SIN MANTENIMIENTO, es de entre 60 y 100 años.
El mercado constructivo habitacional estadounidense está basado en el gasto bajo, eficiente y continuo durante toda la vida útil del inmueble.
El mercado constructivo habitacional latinoamericano está basado en un gasto fuerte de inicio, pero estable y de poco mantenimiento durante toda la vida útil del inmueble.
El estadounidense es más un producto de transacción y transición; el latinoamericano es más un bien de preservación y resiliencia.
Nota;
Es importante entender la palabra "promedio", antes de venir a contarme casos de excepción.
There is massive irony in how AI coding tools are starting to become TOO expensive for many enterprises - after eg Anthropic removed subsidizing AI subscriptions.
We might go from "everyone use AI for everything!" to "you have $300/month AI budget; use your brain for the rest."
I was chatting with my buddy at Google, who's been a tech director there for about 20 years, about their AI adoption. Craziest convo I've had all year.
The TL;DR is that Google engineering appears to have the same AI adoption footprint as John Deere, the tractor company. Most of the industry has the same internal adoption curve: 20% agentic power users, 20% outright refusers, 60% still using Cursor or equivalent chat tool. It turns out Google has this curve too.
But why is Google so... average? How is it that a handful of companies are taking off like a spaceship, and the rest, including Google, are mired in inaction?
My buddy's observation was key here: There has been an industry-wide hiring freeze for 18+ months, during which time nobody has been moving jobs. So there are no clued-in people coming in from the outside to tell Google how far behind they are, how utterly mediocre they have become as an eng org.
He says the problem is that they can't use Claude Code because it's the enemy, and Gemini has never been good enough to capture people's workflows like Claude has, so basically agentic coding just never really took off inside Google. They're all just plodding along, completely oblivious to what's happening out there right now.
Not only is Google not able to do anything about it, they don't seem to be aware of the problem at all. I'm having major flashbacks to fifty years ago as a kid at the La Brea Tar Pits, asking, "why can't they just climb out?"
My Google friend and I had this conversation over a month ago. I didn't share it because I wanted to look around a bit, and see if it's really as bad as all that. I've been talking to people from dozens of companies since then. And yeah. It's as bad as all that.
Google is about average. Some companies at the bottom have near-zero AI adoption and can't even get budget for AI. They may have moats and high walls, but the horde is coming for them all the same.
And then there are a few companies I've met recently who are *amazingly* leaned in to AI adoption. One category-leader company just cancelled IntelliJ for a thousand engineers. That's an incredibly bold move, one of many they're making towards agentic adoption. In my opinion, that company is setting themselves up for a _huge_ W.
As for the rest, well, it's the Great Siloing. Everyone's flying blind. With nobody moving companies, no company knows where they stand on the AI adoption curve. Nobody knows how they're doing compared to everyone else.
Half of them just check a box: "We enabled {Copilot/Cursor} for everyone!" Cue smug celebrations. They think this is like getting SOC2 compliance, just a thing they turn on and now it's "solved." And they don't realize that they've done effectively nothing at all.
All because of a hiring freeze.
The scariest finding in this paper: the subjects couldn't tell it was happening.
UPenn ran this study on 48 healthy adults. One group slept 8 hours. Another slept 6. Another slept 4. For 14 straight days. They tested cognitive performance every 2 hours from 7:30am to 11:30pm.
The 6-hour group's reaction times, working memory, and sustained attention deteriorated on a near-linear curve. By day 14 they were performing at the same level as someone who hadn't slept at all in 48 hours. The 4-hour group hit that threshold by day 6.
Here's the part that should unsettle everyone who thinks they "do fine" on 6 hours: the subjects' self-reported sleepiness flatlined after the first few days. Their brains kept getting worse. Their perception of how impaired they were stopped updating. The cognitive decline was invisible to the person experiencing it.
The researchers found a hard threshold. Any wakefulness beyond 15.84 hours in a day produces cumulative neurobiological cost. That cost compounds every single day you exceed it and does not reset with a weekend of sleeping in.
About 35% of American adults sleep less than 7 hours a night. 40% of those get 6 hours or less. In 1942 that number was 11%. We built an entire professional culture around a sleep schedule that this paper says is functionally equivalent to pulling consecutive all-nighters.
"I'm fine on 6 hours" is the most common response to sleep research. The first thing chronic sleep debt destroys is your ability to notice chronic sleep debt.
Bjarne Stroustrup (creator of C++) recently gave an interview to the StackOverflow blog...
He answers a few interesting questions... I share me thoughts after each Stroustrup's quote.
1. What is the best way to handle errors in software ? It depends...
« You could terminate the program. Now you don't have the security problem and wrong results. And if you are in a server farm with 40,000 processes, that's probably the right thing to do. Then you could give some kind of error message somewhere. That's a little bit hard to do for a vector access, but in many, many cases, giving an error code will be a reasonable thing, and then you hope people test the error code. And my favorite is to throw an exception.
That is, somewhere in your program, you have something that catches all exceptions, and you terminate if that's what you want to do, preferably after giving dump of the information of what caused it, so that you can fix it and you don't get it again next time. Or you have a more specific recovery mechanism, which is needed in some cases. Say if you run out of memory on a small computer that has separate memory banks, things like that. So what is the right answer to that kind of problem? The memory exhaustion, out of range access? It depends on what you're doing. »
Things go wrong. What do you do when things go wrong? There is no one strategy that always work. It depends on your specific application. A reasonable option is to just stop, halt. But that's not always what is best!
2. On code guidelines...
« I'm working on something called profiles. Note the plural because my experience is that different organizations, different environment, different applications have different criteria. I actually think that people who talk about memory safety and only memory safety are not very realistic. That's more propaganda than it is good engineering. »
People often seek some universal coding guidelines, but that's not possible. What is unacceptable in code base A could be desirable in code base B.
3. On safety...
« People do what I consider unfair attacks on C++ by using examples from badly written C. And you don't have to have badly written C, and you don't have to have badly written C++.
Of course, you can find examples that crash, but you can do that in any language and you do. »
I have worked, and I still work, on very large code bases that are mission critical. If you are a competent C++ programmer, you are just not going to see null pointer accesses or memory corruption. I see with students who just started to learn system programming a month or a year ago.
Source:
https://t.co/uUzc9qLgw1
Boris walked into the Anthropic office one day and saw a data scientist running SQL queries with ASCII visualizations in a terminal using Claude Code.
The next week, the entire row of data scientists had Claude Code open. Then half the sales team. Then finance.
He calls this latent demand. People already want to build things. They already want to query their own data, automate their own workflows, prototype their own tools. The desire was always there. The friction was the barrier.
The adoption curve for AI tools doesn't look like a product launch. It looks like a virus moving through an open office. One person figures it out, the person sitting next to them sees the screen, and by Friday the whole floor has it installed.