Blog

Notes on software, AI tooling, and building real products.

Supply Chain Attacks in 2026: Axios 1.14.1, LiteLLM, and How to Protect Your Projects

Mar 31, 2026

Two major npm/PyPI packages were compromised within a week. A RAT in Axios, a credential stealer in LiteLLM. Here is what happened, who is behind it, and what you should do today.

Docker Best Practices Your AI Coding Assistant Won't Apply by Default

Mar 24, 2026

I audited 10 Dockerfiles across my projects. Most AI-generated ones miss non-root users, read-only filesystems, and proper signal handling. Here's what I found.

How I Built a Property Management Platform with AI Agents

Mar 21, 2026

From Google Sheets to a production system — 5 rewrites, 6 AI agents, and a lot of domain knowledge.