Luca Rossi argues that the right measure of AI effectiveness isn't lines of code but leverage — how much output you get per unit of human input. Teams progress through three stages: writing full specs for everything, then encoding knowledge into shared rules (like AGENTS.md), and finally building reusable modules that enforce correctness by design.

The security case for serverless just got stronger

AI agents can now scan an entire open-source codebase for exploitable vulnerabilities in hours.

Frontier models carry the complete library of known bug classes in their weights. So you can simply point an AI agent at a codebase and tell it to find zero-days.

This isn't theoretical.

Yan Cui highlights that AI agents can now find real zero-days in open-source codebases at scale, shrinking the patch window from weeks to hours. Serverless and managed services have a structural advantage because AWS patches the runtime for you. The practical takeaways: eliminate long-lived AWS keys everywhere, treat LLM API keys like credentials, and scan your repos for exposed secrets.

Do not use secrets in environment variables and here's how to do it better

Every Layer of Review Makes You 10x Slower

Each approval layer adds 10x wall clock time, and AI can't fix that. It only speeds up the first step. Drawing on Deming and the Toyota Production System, the argument is that review layers hide root causes rather than fixing them. The memorable line: "The job of a code reviewer isn't to review code — it's to figure out how to obsolete their review comment, that whole class of comment, forever."

The common thread across all four: the bottleneck isn't writing code, it's the systems around it. Whether it's review layers, security patching, or AI leverage, the answer is the same: engineer quality into the system itself through tests, automation, modules, and clear interfaces, rather than adding layers of inspection after the fact.

Claude Code cache chaos creates quota complaints

Anthropic changed the prompt cache TTL from 1 hour to 5 minutes in March. Long, high-context sessions hit quota limits much faster. Pro users report as few as 2 prompts per 5 hours. Leaving your machine for >1 hour = full cache miss on the 1M token context. They're considering reducing the default to 400K tokens.

Token consumption matters more than ever. The next two tools address this from both ends.

Caveman — Output Token Compression

Constrains LLM output to minimal-token structures. Strips pleasantries and padding, keeps code and technical content. Up to 87% output token reduction. Paper shows brevity constraints improve accuracy by 26pp.

RTK (Rust Token Killer) — Input Token Compression

Intercepts shell command outputs (git, ls, grep, test runners, docker, AWS CLI — 100+ commands) and compresses them before they reach the LLM context. 60-90% input token reduction, < 10ms overhead.

Works with: Claude Code, Copilot, Gemini CLI, Codex, Cursor, Windsurf, Cline.

Serverless PostgreSQL database with real zero-scaling. The fully managed serverless Postgres with a generous free tier. We separate storage and compute to offer autoscaling, branching, and bottomless storage.

Compute scales dynamically to ensure you're ready for peak hours. Compute scales to zero and cold storage offloads to S3 for cost efficiency. Create a fully managed serverless Postgres instance in seconds.

Make your app faster with PHP 8.3

PHP 8.3 is the latest version of PHP. It has exciting new features and major improvements in performance. By upgrading to 8.3, you can achieve a significant increase in speed. In this article, we dive into how PHP 8.3 can be a game changer. It can speed up your application's performance.

OWASP Top 10 Explained: SQL Injection

SQL Injection (SQLi) is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.

The vulnerability is present when user inputs are either improperly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

This allows an attacker to manipulate SQL queries, enabling them to unauthorized access, modify, and delete data in the database. This can lead to significant breaches of confidentiality, integrity, and availability, ranging from unauthorized viewing of data to complete database compromise.

15 Quick Useful Tips for AWS CDK Engineers

In this short article, we will cover 15 useful tips with accompanying code snippets for AWS CDK users.

Implementing DTOs, Mappers & the Repository Pattern using the Sequelize ORM [with Examples] - DDD w/ TypeScript

There are several patterns that we can utilize in order to handle data access concerns in Domain-Driven Design. In this article, we talk about the role of DTOs, repositories & data mappers in DDD.

A walk-through of using CQRS along with Event Sourcering using PHP.

Is my autovacuum configured properly?

Some tips to identify if you need to tune your autovacuum configurations. A proper house cleaning can improve your database health and performance.

Learn how to migrate to the PHP framework Symfony

SensioLabs and Smile released a joint white paper “PHP framework migration: from legacy to Symfony” explaining how to migrate to modern PHP frameworks like Symfony. Find a selection of the key information in this infographic design by SensioLabs.

trufflehog

Find leaked credentials. Search on your repos, source-code, etc.

Why we don’t use a staging environment

Squeaky deploys their code directly from laptops to production environments. The blog posts details their strategies, such as a good suite of tests, clear branch strategy and use of feature flags.

Scaling containers on AWS in 2022

Benchmarking for different types of workloads and scales capabilities on AWS services in 2022: lambda, EKS, ECS, Fargate...

Building well-architected serverless applications: Introduction

Multi-part series addressing each of the questions within the Serverless Lens of the Well-Architected Tool.

Comparing Workflows

Comparision of different types of git flows: centralized, feature branch, gitflow and fork flow. Simple comparision, but easy to get the sense of their use cases.

Construct Hub

Find libraries for AWS Cloud Development Kit (AWS CDK), which generates AWS CloudFormation templates, CDK for Terraform (CDKtf), which generates HashiCorp Terraform configuration files, and CDK for Kubernetes (CDK8s), which generates Kubernetes manifests.

Too much magic?

A good thinking about the "magic" under some awesomeness that are provided by frameworks or libraries. Although they are good for quicker development, there is good to think a little bit more about how and when use it when we have a software that we aim to last longer and get to the phase of greater maintainability.

PHP é à quinta-feira – 50 dicas sobre desempenho e segurança | Peopleware

Howto access ext3 partition from Windows | Ubuntu Geek

This tutorial will allow you to access your ext3 partition under Windows, using Sun VirtualBox and Ubuntu. The tutorial is pretty long due to the images, but they explain things easier sometimes (they are not just meaningless screenshots) (forgive me for your scroll button )

Upload Pie - The Simple Image Sharing Tool

Sharing files with expiration dates

Mantis Bug Tracker

Gerenciamento de erros

TIOBE Software: Tiobe Index

Index of languages being used around the world.

Busca de CEP em PHP, Ajax, PHP, ASP, Java, Python, Flash, XML, C#, Ruby

Color Fading Menu with jQuery | CSS-Tricks

Increase your internet speed with Namebench | Ubuntu Geek

Guia de referência de comando em PT-BR | Ubuntu Dicas

Uma lista com os comandos mais usados no linux em português brasileiro. É possível salvar os comandos em algum imagem para que fique como um papel de parede.

Blog do Márcio d’Ávila » Fraude Surpreendo - Proteja seus dados pessoais

RootSudo - Ubuntu Brasil

Ripando e Gerando DVDs no Linux de forma simples « jmmwrite – simples e direto

Eficiência e segurança com SQL parametrizado

O uso de comandos SQL, na maioria das linguagens de programação e gerenciadores de bancos de dados que suportam esta linguagem de manipulação de dados, pode ser parametrizado com variáveis de ligação (bind variables). Este recurso que, para um programador desavisado e inexperiente, pode parecer uma burocracia desnecessária, na verdade é um mecanismo muito importante para trazer segurança e eficiência ao uso de SQL em programas. Veja porque e como.

PHP: SQL Injection

Documentation for preventing SQL injection in PHP projects. Many web developers are unaware of how SQL queries can be handled and assume that an SQL query is a reliable command. It means that SQL queries are able to bypass access controls undetected, therefore bypassing standard authentication and authorization checks, and sometimes SQL queries can allow command access at the server operating system level.

PHP: Relatando Erros - Manual

Senhas armazenadas com segurança

Como Criar um Website :: Avi Alkalay

As 5 distribuições que mudaram o Linux

Segundo a chamada deste artigo da edição internacional da Linux Magazine, a história do Linux pode ser medida com base nas versões deste kernel, mas também pode ser medida pelas suas principais distribuições.

MySQL: Oracle assume um compromisso: GPL, documentado, sem contrato de suporte obrigatório, etc.

Scrum - Wikipédia, a enciclopédia livre

O Scrum é uma metodologia ágil para Gerenciamento de Projetos.

CentOS: Instalando mod_security

Spam: CGI.br determina bloqueio da porta 25 (smtp) a partir de janeiro

vivaotux: Afinando seu violão usando o bash - geek d+

[Dicas-L] Lista de servidores DNS abertos e rápidos

When Geeks Have Twins [PIC]

Lançado o Pl/PHP – iMasters

You can run PHP code inside PostgreSQL database.

12 senhas que nunca devem ser usadas - Geek List

Como é o dia de um “gerente de mídias sociais”? » CrisDias weblog

Blog do Márcio d'Ávila » Relatórios de mercado de TI 2010/2011

Create your Google Sitemap Online - XML Sitemaps Generator

The 15 Most Detrimental Social Media Mistakes You're Making

Blog do Márcio d'Ávila » Corrida dos navegadores rumo a HTML5 e CSS3

Validar é importante?! | Tableless - Desenvolvimento com Padrões Web

What is Browsershots? Browsershots tests your website's compatability on different browsers by taking screenshots of your web pages rendered by real browsers on different operating systems. Free tier!

Reinstalando o GRUB

Alguém tentou reinstalar o outro Sistema Inoperacional e ele, genialmente, apagou a MBR e, conseqüentemente, a opção de escolha do GRUB? Agora dá para recuperar. Pelo Ubuntu (distribuição que uso e o do exemplo), é claro.

Ferramentas de segurança de rede

SecTools.Org: Top 125 Network Security Tools

O mundo de lunga: Conexão 3G - Solução para problema com DNS

Para resolver o problema de DNSs para conexões com modems Huawei, que sobrescreve o /etc/resolv.conf

50 exemplos de menu de navegação

Chartle.net - interactive charts online!

Ferramenta para montagem de gráfico para colocar em sites

Piwigo.org | Photo Gallery Software for the Web

Mais um exemplo de uma boa galeria de fotos

Resize your image online - It's easy, it's free!

Redimensionamento de imagens pela web

Filmow

"O Filmow foi criado para pessoas viciadas e apaixonadas por filmes. A principal ideia do Filmow é que você mostre aos seus amigos os filmes que já assistiu, comente sobre eles e dê sua opinião, na página do filme. Mas, para os que apenas gostam de filmes, o Filmow também é uma rede social onde é possível encontrar pessoas e amigos. No Filmow você fica sabendo quais filmes são lançados, os que estão no cinema e aqueles que já estão em DVD, para você assistir em casa." (http://filmow.com/sobre-o-filmow/)

Each year, OWASP (the Open Web Application Security Project) publishes the top ten security vulnerabilities. It represents a broad consensus about the most critical security risks to web applications. Click through on the lessons below to learn more about how to protect against each security risk.

Your Product Owner Is Not Your Product Manager

Your Product Owner Is Not Your Product Manager. Product management has evolved to encompass numerous roles and responsibilities. Leaders looking to hire a product professional must consider what skills and knowledge their business needs demand.

While the market has evolved and will continue to evolve, there remains a need for both a product owner’s and a product manager’s skills and expertise. By considering the nature and scale of a project and understanding the skills and responsibilities associated with each of these distinct roles, leaders can ensure they hire the right person to help them develop and launch products successfully.

Insert-Only Tables and Autovacuum Issues Prior to PostgreSQL 13

If you have write-only tables (or heavy, heavy writes), you may need to check this post. Autovacuum has some issues before PostgreSQL 13, and you might have some great workarounds to use until upgrading your database version.

Enterprise CI/CD best practices

Free book with 23 best practices to apply to your CI/CD pipeline. Those best practices aim to help you design (or use as a checklist) a solid pipeline for your software.

A war story about COVID, cloud, and cost. And why serverless wins.

Nice story about serverless outcomes and potential. Based on COVID-19 pushing of infrastructure and computing services, billing is an important subject. The article has an excellent example of how both scale environment and low bill costs work together on a serverless tech stack.

Use Open Source. Stay Secure.

A developer-first solution that automates finding & fixing vulnerabilities in your dependencies

Reading List - by Mathias Verraes

Code Reviews and Blame Culture

A common belief is that gated reviews lead to blaming individuals. The opposite can be true.

How to Write a Git Commit Message

Why good commit messages matter

Better Commits with Static Review

How Much maintenance_work_mem Do I Need?

While I generally like PostgreSQL's documentation quite a bit, there are some areas where it is not nearly specific enough for users to understand what they need to do. The documentation for maintenance_work_mem is one of those places. It says, and I quote, "Larger settings might improve performance for vacuuming and for restoring database dumps," but that isn't really very much help, because if it might improve performance, it also might not improve performance, and you might like to know which is the case before deciding to raise the value, so that you don't waste memory. TL;DR: Try maintenance_work_mem = 1GB. Read on for more specific advice.

JSONPlaceholder

Fake Online REST API for Testing and Prototyping

A Beginner’s Guide to the True Order of SQL Operations

The SQL language is very intuitive. Until it isn’t. A guide to understanding the order of a SELECT operation.

The state of open source security - 2019

Snyk is an incredible tool for package security. And they released a state of open source security, talking about open source adoption and package, images and code vulnerabilites. We are talking about maven, npm, pypi, docker, etc.