I got hacked, and that has uncovered all the things I've been doing wrong
stfn.plA vulnerability in a docker container caused my VPS to catch a bug A vulnerability in a docker container caused my VPS to catch a bug
The previous post in this series looked at the effects of re-work on throughput.
Its version of the simulation assumed that
a task that needed to be re-done was given back to the developer who had originally worked on it,
and that she would tackle that task once she finished whatever she was doing at the time.
In reality,
though,
developers (and testers) often interrupt what they’re doing,
switch to another task,
and then switch back.
This post looks at how to simulate that in SimPy .
A S...
LLM Evals: Everything You Need to Know
hamel.dev
This document curates the most common questions Shreya and I received while teaching 700+ engineers & PMs AI Evals. Warning: These are sharp opinions about what works in most cases. They are not universal truths. Use your judgment.
👉 Want to learn more about AI Evals? Check out our AI Evals course . It’s a live cohort with hands on exercises and office hours. Here is a 25% discount code for readers. 👈
Listen to the audio version of this FAQ
If you prefer to listen ...

Even in a world where large language models (LLMs) and AI chatbots are commonplace, it can be hard to fully accept that fluent writing can come from an unthinking machine. That’s because, to many of us, finding the right words is a crucial part of thought — not the outcome of some separate process. But what if our neurobiological reality includes a system that behaves something like an LLM?
Source Even in a world where large language models (LLMs) and AI chatbots are commonplace, it can b...
Mechanical Habits
Dec 6, 2025
My schtick as a software engineer is establishing automated processes — mechanically enforced
patterns of behavior. I have collected a Santa Claus bag of specific tricks I’ve learned from
different people, and want to share them in turn.
Caution: engineering processes can be tricky to apply in a useful way. A process is a logical cut
— there’s some goal we actually want, and automation can be a shortcut to achieve it, but
automation per se doesn...

In part 1 we covered how durable function trees work mechanically and the importance of function suspension. Now let's zoom out and consider where they fit in broader system architecture, and ask what durable execution actually provides us. Function Trees and Responsibility Boundaries Durable function trees are great, but they aren’t the only kid in town. In fact, they’re like the new kid on the block, trying to prove themselves against other more established kids. Earlier this year I wrot...
Inspired by Daniel Litt's X Post Started asking mathematicians whose career started before the internet if they think Google, email, etc. have sped up the pace of math research. Wide variety of opinions but the broad consensus seems to be “yes,” among those I’ve spoken to. — Daniel Litt (@littmath) October 30, 2025 and Bill's recent post on finding papers on the web I would tell the story of the before times. In the 1980s if you wanted to read a paper, you either had to find it in...

I didn't expect a parable about a fisherman to smack me in the face with such clarity, but here we are.
While reading Grow slowly, stay small on Herman’s blog, I learned about The Fisherman and The Businessman , which goes like this:
A businessman meets a fisherman who is selling fish at his stall one morning. The businessman enquires of the fisherman what he does after he finishes selling his fish for the day. The fisherman responds that he spends time with his friends and family...

Any future perfectly known, said Alan Watts, is already the past.
But life is not in the past. Life is now, life is here, life is this moment.
The only way to live it is to be as truthful as you can be. With others, of course. But mostly with yourself.
Doing anything else is not living or being in the moment. Anything less than truthfulness is an attempt to distort the past or control the future.
When you’re busy trying to distort or cover or rearrange the past, you’re not in t...

Programming note : Bits about Money is supported by our readers . I generally forecast about one issue a month, and haven't kept that pace that this year. As a result, I'm working on about 3-4 for December. Much financial innovation is in the ultimate service of the real economy. Then, we have our friends in crypto, who occasionally do intellectually interesting things which do not have a locus in the real economy. One of those things is perpetual futures (hereafter, perps), which I find fasci...

For various reasons, I find myself working on a laptop with no external screen, mouse, or separate keyboard for a time. Of course, since I don’t normally use this setup, I obviously needed an entirely new Linux setup to celebrate the occasion and so that I could spend the requisite day of setup before going back to real work.
This time I’m on a minimal kick and so started with Ubuntu Server with the minimize option to have basically nothing, and build up just the parts I want and need. For ...
It’s Saturday morning, and I’m sitting here at my desk, working on client projects and sipping my coffee. While taking a break, I was clicking around the web, as one does, and found a post titled “ Is Pixelfed sawing off the branch that the Fediverse is sitting on? ” by Ploum ( also featured on P&B ).
I find this topic quite interesting, so I’m gonna take a moment to share my thoughts. I don’t have skin in the game, I’m not on any of these social media platforms, and I frankly do...
I keep a Google Doc titled "Notes". I look at it every day. I feel guilty when I look at it. I feel guilty because Notes has my TODO list. Notes has a log of how slowly I do things, if I do them at all. I haven't had a job for one third of a year and I am not rich yet; and I don't deserve to be. I'm not doing much of anything at all. When the year ends, I will have been unemployed for 136 days. August Summary One Week of Unemployment Two Weeks of Unemployment In August, I read a lot of books. I ...

With the recent spate of high profile npm security incidents involving compromised deployment workflows, I decided that it would be prudent to do a full inventory of my npm security footprint (especially for 11ty ).
Just in the last few months:
November 2025 : Shai Halud v2 (PostHog) (and PostHog post-mortem ): Worm infected ×834 packages. Propagated via preinstall npm script.
September 2025
Shai Halud ( @ctrl/tinycolor , CrowdStrike) : Worm infected ×526 packages. Propagated...
InnovatiON 2022
AI Flame Graphs
GPU Flame Scope
Harshad Sane
SREcon APAC
Cloud strategy
Last day
I've resigned from Intel and accepted a new opportunity. If you are an Intel employee, you might have seen my fairly long email that summarized what I did in my 3.5 years. Much of this is public:
AI flame graphs and released them as open source
GPU subsecond-offset heatmap
Worked with Linux distros to enable stack walking
Was interviewed by the WSJ about eBPF for secur...
Shield AI Expands into Space Domain through Partnership with Sedaro
shield.ai
Shield AI Expands into Space Domain through Partnership with Sedaro
WASHINGTON (December 3, 2025) — Shield AI and Sedaro today announced a strategic partnership to advance autonomous operations in orbit. The collaboration establishes Shield AI’s Hivemind Pilot as Sedaro’s preferred autonomy software for on-orbit demonstrations, extending the company’s proven edge autonomy from air and sea into space.
Under the agreement, Shield AI will use the Sedaro Platform as its primary enviro...

World’s largest ring forging, via Chinese Academy of Sciences . Welcome to the reading list, a weekly roundup of news and links related to buildings, infrastructure and industrial technology. This week we look at 3D printed legos, exploding wire detonators, the David Taylor model basin, multi-point metal forming, and more. Roughly 2/3rds of the reading list is paywalled, so for full access become a paid subscriber. No essay this week, but I’m working on a more involved piece about internati...

The one constant that I have observed in my professional life is that people underestimate the need to move fast.
Of course, doing good work takes time. I once spent six months writing a URL parser. But the fact that it took so long is not a feature, it is not a positive, it is a negative.
If everything is slow-moving around you, it is likely not going to be good. To fully make use of your brain, you need to move as close as possible to the speed of your thought.
If I give you two PhD stud...

I have been thinking about redesigning my website for a while. I wrote a bit about one of the design directions I explored recently. I loved doing the design part of the project, but knew there would be several hours of work to integrate the new style into my website. Today I came back to the metaphorical drawing board – aka, browser developer tools – and started tinkering around with designing only a new home page. This gave me room to play while also not committing myself to redesigning ...
Source
1. Slippery Ideas
Nadia Asparouhova’s Antimemetics is, itself, antimemetic. 1 I devoured this
book in a few sittings on the bus to work, but if I had to describe it, I really
only have a few conceptual handles that I could grasp onto:
Memes are ideas that spread easily. Antimemes are ideas that resist
spreading.
We live in an information ecosystem which is made up of various types of
memes. Memes have varying level of impact, salience, and transmissibility.
Ofte...

Rob Bowley summarizes a study from Carnegie Mellon looking on the impact of AI on a bunch of open-source software projects. Like any such study, we shouldn’t take its results as definitive, but there seems enough there to make it a handy data point. The key point is that the AI code probably reduced the quality of the code base - at least if static code analysis can be trusted to determine quality. And perhaps some worrying second-order effects
This study shows more than 800 popular Gi...
The RAM Shortage Comes for Us All
Memory price inflation comes for us all, and if you're not affected yet, just wait.
I was building a new PC last month using some parts I had bought earlier this year. The 64 Gigabyte T-Create DDR5 memory kit I used cost $209 then. Today? The same kit costs $650 !
Jeff Geerling
December 4, 2025
The RAM Shortage Comes for Us All
Memory price inflation comes for us all, and if you're not affected yet, just wait.
I ...
A space program can only move as swiftly as its rockets. It’s India’s time to act on that.
jatan.spaceThe Launch Vehicle Mark III (LVM3), India’s most powerful rocket to date, mounted on its launchpad in Sriharikota. Image: ISRO Before we begin, I’m very happy to welcome globally published space writer & author Gurbir Singh as a sponsor of both my Moon Monday and Indian Space Progress newsletters for the third year! 🚀 Not sponsored: Among his several books, India’s Forgotten Rocket Pioneer is most relevant to this edition of Indian Space Progress. I also encourage you to c...