The IT Blog

  • Impressions from the TNG BigTechDay 2026

    End of May, I attended the TNG Big Tech Day (https://www.bigtechday.com/). TNG describes it as “a one-day conference on science and technology, with a focus on IT. The speakers often come from the field of information technology, but some also come from other scientific disciplines such as physics, mathematics, or mechanical engineering”.

    It’s a fairly large conference with about 2000 attendees. As usual there were multiple tracks, so it’s always hard to decide. But maybe the will also publish some of the talks later on as recordings.

    I chose most of my talks from the AI track and wanted to share my thoughts. The summaries of the talks can be found online so I won’t repeat them here. 

    AI for Humans

    https://www.bigtechday.com/vortraege#33ST2mGCEKRL00NHjiXfjQ

    Gregor Schmalzried: 
    https://www.bigtechday.com/speaker#4bU5a1LFwLeKPPU4qFJQHB
    https://www.linkedin.com/in/gregorschmalzried/

    Der Ki Podcast: https://www.ardsounds.de/sendung/der-ki-podcast/urn:ard:show:65505255c703e51e/

    The talk was inspiring as expected, if you know Gregor’s Podcast. Gregor showed the differences and advancements from a couple of years ago, how he uses agents and why we find things odd.

    An interesting statistics he showed was that in almost all countries about 20-30% of the people like AI but also 20-30% dislike it (with stronger sentiments in the UK and the US if I remember correctly). – Well given what we see in the press coverage about AI, no one is surprised about the negative feelings.

    But still, Gregor sees a good future if we manage to leverage AI for mor good things. Honestly: I’m not so positive, but I’d be happy to be proven wrong.

    How to OWN the AI – Building a custom AI workmate for Bank Frick

    https://www.bigtechday.com/vortraege#1UieGaHyAPaMR39LGgkGXN

    The team showed how Bank Frick (https://www.bankfrick.li) developed their own chat & agent framework which is now used by more than 120 of their ~300 employees. I liked the approach as they showed how they executed several use cases but always kept track of the business impact and some key metrics to measure the benefit of the solution.

    I asked how long it took to develop the solution so far. If I remember correctly, it was developed by about 3 people for like 5 months. The development is now handed over to an internal team.

    Regarding my rough estimation for the cost of the initial build (excluding infrastructure cost) plus further development internally … I’m wondering, if in 2026, there aren’t already some off-the-shelf solutions that might have lower cost (for the price of some dependency). But I’m sure they do/did that evaluation.

    Lessons from the bleeding edge of AI/ML security

    https://www.bigtechday.com/vortraege#6mEhk9SpfhzKaRIDmlhAZi

    Keith Hoodlet
    https://securing.dev/
    https://www.linkedin.com/in/securingdev/
    @securingdev@infosec.exchange

    Keith Hoodlet from 1Password showed the current state of security requirements when using AI / LLMs. From prompt-injection and the threats when Agents act on behalf of the user and how much AI has reduced the time from “disclosure” to “attack”. Honestly, after the talk, you don’t necessarily feel more secure than before. – Like after any security talk one attends. I liked the proposals he showed to make agents secure. But I wonder how many companies invest so much to make such a secure environment.

    I also like how Keith mentioned that AI in general might be controversial, but we have to accept that it’s there and that attackers do use it. So we have to prepare for it.

    I’m not sure if it was Keith’s talk or another. But I think he also mentioned the issue of vibe coded apps in enterprises (“Vibe coded” here used as a separation to “agentic engineering”, the former is more the quick and dirty, the latter with engineering, security etc in mind): Let’s face it, these vibe coded apps exist and the trend might not vanish. Yet, those applications also MUST obey to some standard company SDLC to not expose risks. The challenge will be, how to enforce that …

    Who reviews the agent? From IDE assistants to OpenClaw

    https://www.bigtechday.com/vortraege#4OsB6zRo4FA3VY6YuqhyGg

    Marius Wichtner
    https://www.wichtner.com/ 
    https://kilo.ai

    Marius showed kilo.ai, an agentic coding platform. How the agents write and test code. What this means for us developers and how agents can/should be leveraged. In fact I found kilo.ai really interesting. I didn’t know it before, maybe I’ll give it a try for some tests. One thing that I find still amazing, is the approach to let several agents implement a feature (maybe if you don’t exactly know how a UI should look like), review and compare the solutions and then decide for one of the solutions. Of course, it comes with token costs, but that’s the price to have a choice.

    Another interesting point he made was, that people who currently lead others (group leads, lead developers) are those who perform best when working with multiple agents as they know how to (communicate &) delegate so that other people know what is expected. What a “surprise”, communication is key – still.

    Btw: Marius said, yes in the end, YOU will review the code.

    Get comfortable being uncomfortable: The Great Pacific Escapade

    https://www.bigtechday.com/vortraege#6KYPOBatZvQU398UUFUhr3

    TNG Big Tech Day wouldn’t be the BigTechDay if there were no inspiring sports-talks! I heard so much about AI that I needed something else for a bit. Attending the talk of Jessica and Miriam was definitely something else. The two women rowed(!) their boat 165 days over 8,213 nautical miles (15.212 km) from Peru, South America to Cairns, Australia – non-stop and unsupported.

    There were quite a couple of “omg” and “wow” moments during the talk. Just thinking about rowing 15h a day – every day, having to filter your water each and every day (and the water filter breaking), cleaning the hull every 4 days from molluscs, rowing in hailstorms, navigating, being alone for half a year and burning over 5,000 calories each day. And all this in such a small boat. And besides surviving and rowing, they also had to household with their electronics and solar-charging to navigate, but also satisfy sponsors by creating some content.

    The whole talk was a testament what we can achieve with an according mindset, the will to continue and to tackle challenges.

    2 Million Dollars worth of code for $20,000: Rewriting large software projects with AI agents

    https://www.bigtechday.com/vortraege#1ckBbBfvwisPk3PzQoQneD

    “Rewriting a behemoth” is a story that every developer has heard in his life. That why I wanted to attend that talk, too. Rewriting about 60,000 Lines of code usually would account for 7 digits budgets and quite a time. The two did it in 3 weeks and 20,000 $ token budget.

    BUT it was was quite impressive how much effort they still had to put into it! If you think it’s just firing up Claude Code and say “rewrite” .. you couldn’t be more wrong. Especially as they tried in early 2025 and had to freeze the project and restart in 2026 as the models weren’t good enough a year ago and had become so much better. And still it did sound like so much engineering effort that went into this setup! Pretty wow.

    But – in contrast to the talk to talk “Who reviews the Agent”, the two decided that no human reviews the code any more. They had to trade velocity over safety. That’s quite a statement that needs to settle in the mind. – But still, agentic engineering could indeed be a way out of the problem of big legacy systems where you simply cannot afford multi year rewrites.

    Summary

    As expected, the TechDay was loaded with impressive talks and insights. Also the conversations in the coffee breaks were pretty precious. The AI topic was quite overwhelming (well I only attended the AI track) in all the varieties.

    One thing that I really appreciated, was that AI wasn’t just presented as a silver bullet. From threat modelling that just shows the dark side – to the impressive agentic engineering talks that show how much software engineering is involved to succeed.

    But also the conversations in the coffee breaks were precious that connected back to Gregor Schmalzried’s talk (reproduced from my mind) “About 20–30% are against AI. Well, no wonder! We (ordinary people) hardly see any benefits from it. Instead, we can’t trust any videos anymore, computers are expensive, and nuclear power plants are being built for this. – And this so-called increase in efficiency – where is it? Whome exactly does it help? Not me. It’s just leading to layoffs“.

    But AI is definitely in our (developers’) lives. Whether we like it or not. Especially the “rewriting legacy” problem is a very interesting one that could add benefit. But what it all means for us? I don’t know. The pricing will be a corner stone for the further development. Interesting times are ahead of us, for sure.

    And if you couldn’t attend, watch out for the recordings on https://www.bigtechday.com/rueckblick and the YouTube channel https://www.youtube.com/@tngtech/playlists.

    Fediverse reactions

  • How to shrink Docker Virtual Harddisk: docker_data.vhdx

    I just discovered that I had a >120 GB VHDX file in “%LOCALAPPDATA%\Docker\wsl\disk\docker_data.vhdx“).

    According to the description of Ahmed Moussa on dev.to (and some other articles), this is the virtual hard disk when using Docker for Windows and WSL. The Virtual Harddisk is dynamically increasing when needed. Unfortunately not decreasing.

    To compact and reclaim free space, perform those steps:

    1. Prune docker (see the FAQ)
      docker system prune -a --volumes
      this freed ~15 GB
    2. Compact the virtual Hard disk(s) (VHDX)
      • Stop Docker: “Quit Docker Desktop” from the Tray Icon
      • Shut Down WSL:
        wsl --shutdown
      • Compact the VHDX in Powershell (manual page):
        Optimize-VHD -Path "PATH/TO/VHDX" -Mode Full
        (Reclaimed ~85 GB)

    Fediverse reactions

  • GenAI coding needs more than just a Licence

    I just found this blog post from Rob Bowley in my RSS feed and one paragraph just so resonated with what I read and hear so much:

    For CEOs and founders hoping to benefit, the answer isn’t as simple as handing out Claude licences […]. It’s investing in the engineering culture and practices. Unglamorous, slow work, but there’s no way around it.

    Rob Bowley

    I’ve been trying and since a while now in my own projects and I can just say: to really leverage it, you must adjust the style of working. And this is a learning curve you must be willing to take.

    Fediverse reactions

  • Now on the Fediverse!

    I wrote a couple of times that I reduced my activity on and put more effort into the blog here – and I did! And I’m quite happy about that.

    In parallel I had an anonymous account for IT related topics, but honestly, I missed posting as my true identity. Also as I couldn’t link my LinkedIn-contacts to a fediverse identity (okay, as if they’d all just follow eagerly into the fedi …).

    Anyways! Last week I requested an account at Hachyderm.io and there I am now! I’ll be posting longer articles here and small ideas and thoughts etc on the fediverse. I’d be happy if you drop me a “hi” there as well :-)

    @fgraf@hachyderm.io

    Honestly, I was very very tempted to start a small selfhosted goToSocial instance. But I put that idea on th backlog for now. I don’t want too have too many open projects in parallel.

    Fediverse reactions

  • How to Choose Your Level of Digital Sovereignty

    In the context of the (https://di.day), I noticed discussions on whether Tool A or Service B is “sovereign enough.” But – the more I thought about it, the clearer it became: Digital sovereignty isn’t binary. What works (or is acceptable) for one person or organization might not fit another.

    Over the past weeks, I’ve realized that these discussions often miss a key point: context. Not everyone aims for — or even needs — the same level of souvereignity. Some prioritize data privacy (Level 1), others focus on avoiding proprietary software (Level 6) or geopolitical risks (Level 10).

    So, before are arguing about the ‘right’ level, maybe we should first clarify what the ‘right’ level is for each of us. For some a higher level is a must, for others it’s just optional. And well – it might be okay to disagree.

    Below is a breakdown of 10 levels of digital sovereignty, from individual control to systemic independence. This isn’t meant to be a definitive guide — it is just my attempt to structure the problem. I also don’t claim it to be complete or universally applicable, but I found it intersting to think about the nuances. The layers are not always clearly separable and some companies & products can be found in multiple layers.

    Levels of Sovereignity

    The levels are structured from the most immediate and individual issues (data privacy, software choices) to systemic dependencies (infrastructure, hardware, geopolitics). It is a bottom-up approach to digital sovereignty, where early steps are more actionable for individuals / organizations, while later steps require larger-scale efforts or policy changes.

    LevelGoalNegative Examples
    1Avoid services that use data as currency.Meta (Facebook, Instagram, WhatsApp, …), TikTok, …
    2Control over internal data usage.Microsoft 365, Apple iCloud, GitHub Copilot, most Free Tier Services
    3Avoid dependence on tech giants.Google (Search, Youtube, ..), Microsoft (Windows/Office), Apple Ecosystem, Amazon
    4Reduce risks from SaaS/niche providers.Atlassian (Jira, Confluence), Slack, Google Analytics, Paypal, Adobe
    5Protection from government data access (e.g., CLOUD Act, FATCA, or other foreign laws).AWS (USA/CLOUD Act), Alibaba Cloud (China), Google Cloud (USA), Stripe (payments), …
    6Transparency and control over software (File formats, online registration, most SaaS solutions)Microsoft Office, Adobe Products, Windows 11, Slack, Zoom, Google Workspace, …
    7Resilient, independent infrastructure.AWS, GCP, Azure, Cloudflare, Akamai, Alibaba.
    8Control over hardware and supply chain.Chipsets with closed-source firmware, Smartphones wihtout custom ROM support, …
    9Internal control over knowledge/processes.External IT providers, knowledge monopolies, missing redundancy.
    10Reduce geopolitical hardware risks. Only very few manufacturers for RAM, Storage, CPUs, GPUs, Risk of Oligopoly, Forced Obsolescence, Backdoors
    Fediverse reactions

  • KI-Kataog.de An Independent Directory for AI Tools

    Finding the right AI tool can be overwhelming. With new solutions emerging constantly, it’s easy to get lost.

    KI-Katalog.de offers an alternative: an independent, German-focused directory that compares over 1,000 AI tools. Including pricing information and compatibility with the DSGVO / GDPR.

    https://ki-katalog.de

    Fediverse reactions

  • Why Settle for One AI Assistant When You Can Have Two?

    Two weeks ago, I discovered that Mistral.ai also provides a coding assitant, similar to GitHub Copilot (GHC), called Mistral Vibe (GitHub page).

    In those two weeks I’ve been using Mistral Vibe in parallel to GHC. Just because I wanted to try and see the difference! And just after a couple of days I noticed that the agents definition in Mistral Vibe are a bit different from GHC (in hindsight: of course!). This, of course, leads to a dual configuration in my project so that both assitants can work properly.

    And just today I noticed that I’m doing commits for dual-Agent-Support … Hardly thinkable just half a year ago:

    - Add documentation references:
  * AGENTS.md: Add reference for AI coding assistants
  * README.md: Add reference in Further Reading section

- Enhance dual AI support:
  * Update AGENTS.md to reference both .github/skills/ (GitHub Copilot) and .vibe/skills/ (Mistral Vibe)
  * Clarify which skill directory each AI assistant should use

    So far I’m quite happy and impressed by the performance of the Coding assitants. However, it still makes sense to review the code every now and then. Even though the tools discover a lot of vulnerabilities themselfes which helpme to create a safer result, I had a couple of findinges myself the last days:

    For example: API Endpoints not being protected by login (well, I hadn’t instructed to do so), constructed URLs lacking Url-encoding, or Test being written but testing for an outcome that I didn’t want (e.g. I wanted a certain function to strip whitespaces, whereas the test assumed whitespaces should be retained).

    Anyways. My own commit about a multi-agent(vendor)-setup really showed me how much things have changed in the last months. And for sure, there’s more to come …

    Fediverse reactions

  • AI Can Write Code, But It Can’t Debug Without Context

    Large Language Models (LLMs) are often marketed as the ultimate productivity boost for developers: “Write code faster! Debug with AI! No more manual work!” After a recent experience, I can confirm that LLMs are incredibly useful for writing and even structuring code (I’ll write about this probably in a later blog post).

    But when it comes to debugging, one should make really sure that the tool has access to all the relevant context (and don’t disable your brain). But .. let’s see, what happened:

    Since a couple of days (uhm .. nights mostly, after work), I was writing a web application. The copilot-experience was very good and it really helped tremendously. I never really ran into a situation where I had to debug. And I was curious when (if?) I’d run into that – and how things turn out then.

    (more…)

  • I Stopped Manually Committing – Here’s Why

    I don’t code much in my day job anymore, but I still love building things. So last weekend, I finaly took the time to test GitHub Copilot’s Agents feature — specifically, a Commit Agent. I’ve seen agents.md and knew the theory, but I wanted the live experience: Could this actually improve my workflow, or was it just another layer of automation hype?

    Even when working alone, I sometimes need to revert—and that’s when I really appreciate clean, atomic commits. But let’s be honest: I’m not always disciplined enough to enforce that myself. So I figured, why not seek the help of an agent?

    (more…)

  • BuzzFeed’s AI Gamble Backfired – The pivot to AI isn’t going so great

    I just came across the article BuzzKill – BuzzFeed Nearing Bankruptcy After Disastrous Turn Toward AI and thought it might be worth sharing. Not because of schadenfreude but as a reminder that going all-in on a technology that you haven’t fully mastered is a gamble that risks the company’s existence.

    The article starts with …

    In January 2023, BuzzFeed CEO Jonah Peretti announced in a memo to staff […] a hard pivot to AI […]. two months after OpenAI unveiled […] ChatGPT

    “What could possibly go wrong” is literally the only thing that comes to my mind.

    It’s so insane because they didn’t just bet on AI. They bet against their own strengths: human creativity, editorial judgment, and the hard-won trust of an audience.

    They had a Pulitzer-winning investigative unit (!) and content machine that understood what people wanted. The issue might have been that Facebook changed the rules and BuzzFeed’s response wasn’t adaptation — it was surrender. Instead of doubling down on what made them unique (award winning journalism), they doubled down on what made them cheap. A desparate race to the bottom that you simply can’t win against a behemoth like Facebook.

    BuzzFeed’s story isn’t about AI failure. To me, it’s a testament about

    • mistaking hype for strategy
    • automation for innovation, and
    • desperation for disruption.

    The next time someone declares a ‘hard pivot’ to the latest flavor-of-the-month tech (keep in mind WHEN this pivot was decided!), let’s remember BuzzKill: Are they innovating — or just paying Silicon Valley to automate themselves into obsolescence.

    Read the article on futurism.com: https://futurism.com/artificial-intelligence/buzzfeed-disastrous-earnings-ai

    Fediverse reactions