Posts

Last month I opened a pull request that contained zero lines of code. Five markdown files, a decision log, a fact-check appendix, and a roadmap that explicitly admits which three decisions could still be wrong. That’s it. If you’d asked me a year ago whether I’d ship a “PR” like that, I’d have laughed. Designs were something you scribbled in a notebook on the way to the keyboard. The work was the code.

A Thousand Versions I wrote about Claude Desktop’s enterprise configuration a couple days ago after unpacking v1.1617.0 — Bedrock routing, token budgets, credential helpers, sandbox controls. Undocumented, shipping in every copy. Claude Desktop is already at v1.2581.0. Almost a thousand version bumps. The app structure changed under my feet — v1.1617.0 had readable JavaScript inside the Electron asar. The current version compiles core logic into native Rust and Swift binaries, with application code split across 553 minified JS chunks and a 10MB Vite bundle.

What I Was Looking For Claude Code supports Bedrock through an environment variable—set CLAUDE_CODE_USE_BEDROCK=1 and go. But Claude Desktop is a different story. Anthropic’s docs say Desktop connects to their API directly, and if you want Bedrock or Vertex, use the CLI. I wanted to know if that was the whole picture. So I unpacked the app. Claude Desktop ships as an Electron app, and the application code lives in /Applications/Claude.

The Question I wanted to know if I could delegate work to an LLM the way I’d delegate to a person. Not “ask it a question and get a response” delegation—actual structural delegation. Write a ticket, assign it, walk away, get a pull request back. The kind of handoff where you define the work, set the constraints, and trust the process to produce a result. Most LLM tooling right now is interactive.

Memory What is Claude Code memory? It’s the system by which you provide persistent instructions to the model across sessions. You write rules in files called CLAUDE.md at various levels of your project, and Claude Code assembles them into a block of text that gets included in every interaction. If you’ve spent any time configuring this system, you’ve probably noticed something odd. Claude follows your rules for a while, then quietly stops.

The most talked-about development methodology in AI coding right now is named after Springfield Elementary’s lovably dim student. Anthropic’s official Ralph Wiggum plugin for Claude Code implements an autonomous development loop that keeps working on your code until completion—embodying the philosophy that persistent iteration, not perfection, drives results. Developer Geoffrey Huntley’s technique has enabled developers to ship six repositories overnight and complete $50,000 contracts for $297 in API costs. The technique’s elegance lies in its simplicity: a feedback loop that intercepts Claude’s exit attempts and re-feeds the same prompt, letting the AI iteratively refine its work until success criteria are met.

TL;DR Three Pwn2Own competitions in 2025 (Tokyo, Berlin, Cork) resulted in 150 zero-day vulnerability disclosures across automotive, enterprise, and consumer IoT systems, with $2,989,750 awarded to researchers. Key findings: Memory corruption (45%): 68 instances of buffer overflows (CWE-787, CWE-121/122), use-after-free (CWE-416), integer overflows (CWE-190), and type confusion (CWE-843) Injection attacks (30%): 45 instances of command injection (CWE-78) and format string vulnerabilities (CWE-134) Authentication failures (13%): 20 instances including hard-coded credentials (CWE-798), missing authentication (CWE-306), and authentication bypasses (CWE-287) Notable exploits:

Hot take: Most “secure” cloud deployments are just expensive theater. You’ve got firewalls, access controls, endpoint protection - but what if someone compromises your bootloader before any of that even starts? This isn’t theoretical. Real attackers are targeting the boot process, hypervisors, and kernel-level compromises that happen before your security stack loads. Your fancy SIEM won’t help if the system reporting to it has been compromised from day one. The Trust Problem No One Talks About Here’s what keeps me up at night: How do you trust a system you can’t physically touch?

If you’re running microservices in production, you’ve probably hit this wall: how do services actually authenticate to each other? The old approach of “throw everything behind a firewall and call it secure” doesn’t work when your services are scattered across multiple clouds, spinning up and down constantly, and talking to each other over networks you don’t fully control. Most teams end up with some combination of: API keys stuffed into environment variables Certificates that someone manually rotates (when they remember) Service accounts with way too many permissions That one shared secret that’s been in the codebase since 2019 SPIFFE is designed to solve this mess.

TLDR: AI model files can execute malicious code when loaded, turning your ML pipeline into an attack vector. Security researcher Cyrus Parzian demonstrated at DEF CON 33 how popular AI frameworks blindly execute code embedded in model files. This isn’t about sophisticated exploits - it’s about the fundamental design of AI model formats that prioritize convenience over security. Essential reading for DevOps, ML engineers, and security architects deploying AI systems.