Posts

We used to click through to websites and open apps. More and more, a single assistant does the work in the background. Here is what that changes, and why it already happened with Google and Stack Overflow.

Exploring the chardet v7.0.0 controversy: Can an AI rewrite legally 'launder' a library from LGPL to MIT?

Most people know BuildKit as the thing that makes docker build fast. But BuildKit is a general-purpose build framework with a programmable architecture that can produce any artifact, not just container images. Here's how it works and how I used it to build Alpine APK packages.

The kernel CNA now assigns CVEs to almost every bug fix but refuses to score them. Manual triage can't scale; blind patching causes update fatigue. bootc (bootable containers) reconciles both: atomic updates, environmental triage by design, and patch-as-policy.

Agents are non-deterministic. Security assumed determinism. Sandboxing and isolation aren't just for AI; they're the only path when we can't policy our way out.

In the age of AI agents, we're not just shifting left for humans. We're shifting left so agents can run and trust CI themselves. That means local CI that's fast enough to iterate on.