Supply chain attacks aren’t theoretical. Attackers are actively compromising package ecosystems like npm, PyPI, and RubyGems right now. Here’s what you can do about it today, without new tools or downtime.
In May 2024, AWS announced it would start charging for machine-to-machine (M2M) authentication in Cognito. In June 2025, we wrote about it when the bills started landing in The AWS Cognito Bill Has Come Due: What You Need to Know. In November 2025, AWS quietly walked the most painful part back. Here’s the complete story —
Companies adopting AI hardest are somehow more swamped than before. Here’s what’s actually happening — and what to do about it.
Growing companies with Windows infrastructure typically start with simple Active Directory access control—one group for development environments, another for production. This approach works initially but creates significant security and operational problems as organizations expand across products and environments. The solution is implementing proper Group Policy Management with Organizational Unit structure that automatically enforces access controls
In Part One, we explored how AI is subsuming mid-tier software engineering work—the reliable translation of specifications into code that once formed the backbone of the profession. We examined the statelessness problem that prevents AI from operating effectively on idiosyncratic codebases, and why standardization is the path forward. But standardization alone doesn’t solve the deeper
In the beginning (of compute), the machine programmer and operator were one and the same, literally patching cables and toggling switches, holding the entire computation in their head because there was nowhere else for it to exist. The programmer was the computer’s nervous system, the missing layer between intent and electricity. This was somewhat limiting
This will be my sixth in-person re:Invent, and I’m still learning new tricks every year. Last year’s guide was one of our most popular posts, so I wanted to update it with fresh insights—both from my own experiences and from the incredible AWS community that continues to share their wisdom. If you’re heading to Vegas
Every managed services provider promises the same thing: immediate coverage, seamless transition, peace of mind starting day one. It’s an attractive pitch—who wants to wait 90 days to be fully covered? In reality, immediate coverage is theater. Monitoring gets set up for the things you remember to tell the MSP about. Alerts get configured for
Halloween is the last calm night your retail IT team will have until January. You know this. You’ve been here before. Your infrastructure is faster than it’s ever been. You’ve optimized checkout flows, implemented CDNs, right-sized your instances. On a normal Tuesday in October, everything hums along beautifully. But here’s what I see when I
Companies are rushing to implement AI compliance tools, expecting them to solve problems that good strategy and proper infrastructure should have addressed years ago. They’re setting themselves up for expensive disappointment. The organizations that will dominate with AI compliance aren’t the ones buying the fanciest tools. They’re the ones who already figured out how to
