The IT Blog

  • The Fear of DevOPs

    I just read Walking Skeletons, Delivery Pipelines & DevOps Drills and came to the paragraph about “throwing s.th over the wall:

    DevOps – the marriage of software development and operations – means that the team writing the solution code also handles these matters. We don’t throw it over the wall to a separate “DevOps” team.

    In the past years I’ve been driving the DevOPS culture and work style. And I just had to smile when I read the article because I can so feel it!

    Whenever some new people came to the team and were told that they would not just do “the fancy coding” but also “the intimidating operations”, teh reaction is hardly ever enthusiasm. It usually is fear and concerns.

    And I can totally feel that, because a lot of people who never worked in a good DevOPS environment think about the operations part as endless updates, fixing breaking changes, being an call, having to fix bugs and fightig with deployments.

    And this is the case if you do not have a proper environent and noone to support in making things robust. In our setup I was in the operations side who didn’t “take over” anything. But didn’t block off work, didn’t leave people alone – we assisted, consulted and offered services. Because the aim is to minimize the overall work for the company, not just for a single team.

    We provided templates for deployment pipelines, assisted with monitoring, consulting how to make things more roust, developed frameworks to simplify development, offered services like Renovate to help keeping things updated.

    Most of those things were soft guidlines and offers. If a team didn’t want to use it, okay. But please don’t cry if your maintenance efforts will scale faster than others’.

    And then I can totally second what Jason Gorman writes at the end:

    I see teams doing them monthly, and as they gain confidence, […], while learning how to optimise pipelines to keep them as frictionless as possible.

    The whoel DevOPs approach is not a means to harras the Dev team while bringing an easy life to Ops! It’s about optimizing the overall maintenance expenses while enabling developers. And this only works together.

    If there is no “together”, there is no DevOPs.

    Fediverse reactions

  • Spec-first Agentic Development is not Vibe Coding

    Not even two weeks ago I wrote about “Reproducable Vibecoding” and that the specification as a permanent context to document all decisions is important.

    I just stumbled across the article “Notes on Six Months of AI-Enabled Building” by Isaac Flath. There are a couple of good quotes in there, especially in the chapters “Your Thinking Style Determines Your Success

    (more…)
    Fediverse reactions

  • How Deepfakes and AI-Slop Undermine Democracy

    I am still watching the recordings of talks given on the Chaos Communications Congress (see the talks here). Katharina Nocun gave a talk titled Doomsday-Porn, Schäferhunde und die „niedliche Abschiebung“ von nebenan where she shows a really disturbing trend: AI-generated content is becoming a cornerstone of authoritarian and far-right communication strategies.

    (more…)
    Fediverse reactions

  • Happy New Year!

    I want to wish all of you a Happy 2026! I thought about writing a recap of 2025 but … naah :-D There are so many ideas waiting.

    I wish you all the best.

  • The Malicious (Coding) Agent …

    I just watched Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents from Johann Rehberger on the . He shows quite impressive how the future threat model looks like, the more AI Agents are deployed.

    In his talk he demoes a couple of attacks that were applied by using agents. I don’t want to summarize the talk here (you might want to read the heise online article instead), but it is ways beyond “simple prompt injection”!

    But my most “aha”-moment was the statement to treat an Agent as a Malicous Internal. Which is probably the worst scenario you want to deal with. Usually you would like to trust your co-workers and not treat them as if they could stab you in the back while smilig at you.

    Anyways, I’m pretty sure the technology will evolve into more secure ways. But it will also stay as a new way of attack in the future. I’d recommend checking it out!

    https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents

    PS: I’d embed it here, but this obviously requires some CSS / WordPressTheme-magic …

    Related links:

    Fediverse reactions

  • The 39C3 has ended and lot’s of Talks are waiting

    The 39C3: Power Cycles, the 39th Congress of the Chaos Computer Club has finished. I followed the congress via the #39C3 Hashtag on Mastodon which was quite interesting. I’ve never been there myself but at least I got some impressions via the posts.

    (more…)

  • You Don’t Need to be the Boss to Influence

    I just read Influence Without Authority: How to Get People to Listen Without Being the Boss from Bri Chapman.

    Most people think influence comes from a title. From being the person who approves budgets, signs off on decisions, or sits at the top of an org chart.

    But that’s not how it actually works.

    Bri Chapman

    And I can pretty much second what she writes there! Not just the quote but also the stepts she’s mentioning there. I was often in a same position: not being the boss but making things work.

    Og course it doesn’t work always. But I am surprised how often it just worked in the past. I’d recommend reading it! https://www.brichapman.com/p/how-to-build-influence-without-authority

  • Blogs Have Become to Me What LinkedIn Should Be

    To me, LinkedIn was supposed to be the professional network — a place for thoughtful discussion about work related stuff and genuine connection. Yet, over the years, it feels that the content and tone has shifted for engagement (“what do you think?”, “how do you do it?”), self glorification (“especially after quitting a company and highlighting all the successes” srsly, if it was so cool, why did they quit?) and provocative extremes. Everything for the reach.

    (more…)

  • Reproducible Vibe Coding | It’s all About Context

    Actually I wanted to try a bit GithubCopilot with Agents.md. Yet .. I think during the project I totally forgot to test the influence of the Agents file but tried “vibeCoding” in a reproducible way.

    I had a very little project in mind that authenticates to Mastodon, fetches some data, saves into a database and displays some metrics on a web page in basic charts. Nothing overly fancy, but also some stuff that would simply take some time when coding “alone”. Like proper OAUTH flow, paging through mastodon apis, rate limiting, database writing, database setup script and cleanup. Some Javascript for the chart, etc.

    But I thought it might be nice to try with GithubCopilot (GHC). But I’m also a big fan of reproducible results. So … step by step, what did I do.

    (more…)

  • Recommended read: What Actually Makes You Senior

    On Mastodon, I just found a link to the Terrible Software Blog. (Definitely a blog to follow, I just added it to my RSS reader).

    I found this article pretty good: What Actually Makes You Senior.

    But if you strip away the title, the salary, and the years of experience, there’s one core skill that separates senior+ engineers from everyone else: reducing ambiguity. Everything else flows from that.

    Matheus Lima

    It’s about the ability to handly fuzzyness and derisking projects. I really like the “they first make the problem clear. Then, and only then, they go to solve it.”

    Check it out: https://terriblesoftware.org/2025/11/25/what-actually-makes-you-senior/