I haven't had a desktop query tool in years

09 Apr 2026 🔖 professional development databases 💬 EN

I just noticed someone on a huge monitor working in a query tool – the kind where you type out the query up top and surf an Excel-like spreadsheet down below – and realized that it’s been a while since I needed one of those installed onto my machine.

Music, bird brains and LLM math

08 Apr 2026 🔖 music prompt engineering 💬 EN

Wanna go really trippy about philosophy and LLMs? Check this shower thought about “what if language itself is sorta deterministic?”:

Pyramid summaries for LLMs

08 Apr 2026 🔖 prompt engineering 💬 EN

This notion of Pyramid Summaries for, as Simon Willison puts it, “providing multiple levels of summary, such that an LLM coding assistant can enumerate the short ones quickly, and zoom in on more detailed information as it is needed,” is interesting, because I’ve done forms of it intuitively for a long time when using LLM coding assistants:

Let LLMs remember what mutation testing is

01 Apr 2026 🔖 devops web development integration prompt engineering 💬 EN

A colleague sent me Sushant Singhal’s Gartner webinar “Use AI Mutation Testing to Improve Software Quality”, and while I’ve only had a chance to skim the slides, not listen in full, I have a few thoughts:

Checkmarx auth into ADO for Feedback Apps needs work

31 Mar 2026 🔖 security devops azure integration architecture 💬 EN

I recently learned about Checkmarx One Feedback Apps, which can open “please fix this bug” tickets in your software developers’ work-tracking software (e.g. JIRA, GitHub Issues, Azure DevOps Boards) whenever a static application security testing (“SAST”) scan fails. I love the way this can help developers remember what failed and get their usual work-tracking system’s nudges to doing the fix. However, I’m not thrilled about the security model of how Checkmarx One authenticates into Azure DevOps (ADO).

TeamPCP hack and your CI/CD pipelines

24 Mar 2026 🔖 devops security 💬 EN

A malware author named TeamPCP has been hacking GitHub Actions plugins authored by static application security testing (“SAST”) tool vendors. It looks like they hit Trivy earlier this week (CVE identifier CVE-2026-33634), and just hit Checkmarx’s checkmarx/ast-github-action and checkmarx/kics-github-action GitHub Actions plugins yesterday. Here’s what I’ve been able to glean so far about the blast zone.

This blog has an identity crisis

23 Mar 2026 🔖 professional development 💬 EN

I don’t know what to blog about.

I suppose that comes with the territory of:

1. being a jill of all trades, via personality
2. becoming a master of several, via the passage of time

Matt Broberg’s recently addressed the way this plays out in resumes, and he’s clearly shaped his blog as a “digital garden” to embrace the topic chaos, but I’m not sure I can be bothered to rewrite my HTML, so that leaves me with a intermittent quiet hum of anxiety about my actual practice of properly authoring / editing / content curating. 😆

Salesforce nostalgia as career development

23 Mar 2026 🔖 salesforce professional development databases 💬 EN

For someone whose last remaining production Salesforce account was deactivated over three years ago, I sure get a lot of value in my career from asking LLMs about Salesforce. 🤔

Open Observability Summit 2026 conference talk

22 Mar 2026 🔖 web development 💬 EN

Register now for the Cloud Native Computing Foundation’s (“CNCF”) 2026 Open Observability Summit (“#O11ySummit”) because:

1. Minneapolis is amazing, and
2. You can watch me speak!

Bookmark “Secure by Design: Rethinking Test Credentials for Synthetic Monitoring” in Sched to make sure you don’t miss it. Last talk of the day on Thursday, May 21st.

IBM FileNet P8 code modules remind me of Salesforce Apex classes and triggers

17 Mar 2026 💬 EN

FileNet is reminding me of Salesforce, and not in a nice way.