Here is a list of recent updates the site. You can also get this information as an RSS feed and I announce new articles on Fediverse (Mastodon), Bluesky, LinkedIn, and X (Twitter) .
I use this page to list both new articles and additions to existing articles. Since I often publish articles in installments, many entries on this page will be new installments to recently published articles, such announcements are indented and don't show up in the recent changes sections of my home page.
Wed 04 Jun 2025 09:50 EDT
In the past few weeks, multiple “autonomous background coding agents” have been released. Birgitta Böckeler tried out giving a task to OpenAI Codex to see what she could learn. Here she describes one particular Codex run, to help us look behind the scenes, and make some observations about its contribution to our work.
Tue 03 Jun 2025 09:23 EDT
I set up Google Analytics on my site in 2010, and since then use it to track page views to my site. I only care about page views, which I find useful to figure out which pages get the most traffic. It’s interesting data, and sometimes rather useful. But Google collects much more information than just page views, and it’s tracking is more intrusive than I would like. But I had other things I’d rather spend to spend my time on, so doing anything about it never made it high enough up my todo list.
But last month I finally did something, having come across some information that did I thought did what I wanted. Essentially I want things set up so that I don’t need to bother with a cookie banner because I only track things that are trackable when someone says “deny all”. Based on some google documentation, I changed my google analytics fragment to:
<script async src="https://www.googletagmanager.com/gtag/js?id=G-6D51F4BDVF"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'default', {
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'ad_storage': 'denied',
'analytics_storage': 'denied',
'wait_for_update': 500,
});
gtag('js', new Date());
gtag('config', 'G-6D51F4BDVF');
</script>
As I understand the documentation, this should turn off the most problematic tracking, but still send a page view event. I took a look at it the following day, and everything seemed to be ok, but now, a couple of weeks later, page views reported by Google Analytics have dropped drastically. Not to zero, but to near zero.
I’ve spent a bit of time trying to figure out what’s happening. I used google tag assistant and it indicates the page view events are being sent correctly. But that doesn’t explain why I’m not seeing the page views in my Google data.
I’m not sure what to do next. I don’t want to spend too much time on this, after all I’d rather work on writing and editing. I did consider other services to do the tracking, but it looks we’re talking about $100s a month - and it’s just not worth that much to me. There are open source setups I could try an configure on my server, but again that’s effort I don’t really want to go into. Maybe I just live without analytics data.
Wed 28 May 2025 09:50 EDT
Here's one of the best tips I know for writers, which was told to me by Bruce Eckel.
Once you've got a reasonable draft, read it out loud. By doing this you'll find bits that don't sound right, and need to fix. Interestingly, you don't actually have to vocalize (thus making a noise) but your lips have to move. 1
This advice is for those who, like me, strive to get a conversational tone to their writings. A lot of people are taught to write in a different way than they speak, but I find prose much more engaging with this conversational tone. I imagine I'm sitting in pub, explaining the concepts to my companions. I've heard people say that when reading my work, they can hear me speaking it - which is exactly the effect I'm after.
Too often I read prose that feels flabby. Two kinds of flab stand out: corporate prose and academic prose. I often tell people that if they read their prose and it sounds like it could have come from Accenture 2 , then they are doing it wrong. And, of course, the passive voice is rarely preferred. Speaking makes this flab noticeable, so we can cut it out.
In my case I find I constantly (silently) speak the words as I'm writing.
1: I suspect what matters here is that you need to trigger the part of your brain that processes spoken word as opposed to written word - and that part is sensitive to blandness.
2: I pick on Accenture since they are a big consulting company, and thus do all the things needed to sound blandly corporate. The worst case I ran into was many years ago when some sparkling prose by a colleague of mine was turned by editors at Microsoft into a tasteless pudding. There is a perceptible corporate way of writing, often learned subconsciously, that is rife and ruinous.
Fri 23 May 2025 13:48 EDT
At goto copenhagen last year, my friend James Lewis interviewed me and Goto have just released the video. I talk about when I learned about iterative design from Kent Beck, the dangers of product owners interfering with business-developer communication, and writing the agile manifesto. During this he specifically asked about my essay Is Design Dead. There's also a some audience questions asking if pair programming is a bad thing for introverts like us (no), and (inevitably) the role of LLMs for programmers today.
Tue 20 May 2025 09:20 EDT
Threat modeling is a systems engineering practice where teams examine how data flows through systems to identify what can go wrong - a deceptively simple act that reveals security risks that automated tools cannot anticipate. Often this is done by security analysts as a separate or upfront activity, but Jim Gumbley wrote an article in 2020 explaining how it could be done by teams through small and regular work.
Now Gayathri Mohan has joined Jim to rewrite the article, incorporating what both have them learned about doing and teaching this practice in the last few years. In particular they have extended their approach to perform threat modeling with platform teams.
Wed 14 May 2025 10:10 EDT
Tools that treat diagrams as code, such as PlantUML, are invaluable for communicating complex system behavior. But Unmesh Joshi often wished for an extension to walk through these diagrams step-by-step. Yet, extending established tools like PlantUML often involves significant initial setup - parsing hooks, build scripts, viewer code, packaging - enough “plumbing” to deter rapid prototyping.
He narrates now he used an LLM to build a small extension adding step-wise playback to PlantUML sequence diagrams. This illustrates how syntax design, parsing, SVG generation, build automation, and an HTML viewer were iteratively developed through a conversation with an LLM - turning tedious tasks into manageable steps.
Tue 13 May 2025 09:11 EDT
We have long recognized that developer environments represent a weak point in the software supply chain. Jim Gumbley and Lilly Ryan explore how agentic coding assistants expand the attack surface of software supply chains and what measures we need to do to safeguard security when using them.
Tue 06 May 2025 09:02 EDT
While LLMs excel at generating cogent text based on their training data, they may also need to interact with external systems. Kiran Prakash describes how we get them to construct external function calls to do this. The LLM does not execute these calls directly, instead it creates a data structure that describes the call, passing that to a separate program for execution and further processing. The LLM's prompt includes details about possible function calls and when they should be used.
Wed 30 Apr 2025 09:54 EDT
Creating a user interface that visualizes a real-world structure — like the Thirty Meter Telescope's mirror — might seem like a task that demands deep knowledge of geometry, D3.js, and SVG graphics. But with a Large Language Model (LLM) like Claude or ChatGPT, you don't need to know everything upfront. Unmesh Joshi describes how working with an LLM gave him a working prototype even when he's unfamiliar with the underlying tech.
Mon 21 Apr 2025 09:07 EDT
A couple of months ago, my colleague Shayan Mohanty published a technical overview of the series of papers describing the deepseek AI models. He's now gone through that article, adding more explanations to make it more digestible for those of us who don't have a background in building these kinds of models.
Thu 17 Apr 2025 09:39 EDT
AI editors like Cursor can generate code with remarkable speed using LLMs, handling boilerplate and providing functional snippets for various tasks. However, when building robust systems, functional correctness is only the starting point. Code must also be safe, predictable, maintainable, and free from subtle side effects. Unmesh Joshi demonstrates, through a dialogue between a developer and an LLM, how expert guidance is crucial to transform an initial, potentially unsafe code snippet into a robust, system-ready component.
Fri 04 Apr 2025 14:32 EDT
Some people asked about how many people clicked through the links on these social media posts. I've added some more to the article, partly to explain why I don't have that information, and partly to show overall source data for traffic to the site.
Thu 03 Apr 2025 09:41 EDT
A few years ago, whenever I published a new article here, I would just announce it on Twitter, but since the Muskover its importance has declined, and now I post updates to several services. To compare engagement on these services, I've looked at reposts, likes, and replies to two dozen of my recent posts.
Tue 01 Apr 2025 17:22 EDT
I've always enjoyed reading, and for most of my life I've particularly enjoyed reading history. I've head many great things about Robert Caro's books, but was deterred by their size. Finally, with his first book newly available as an ebook, I decided to dip my toes in. The books are too good for me to escape.
Tue 25 Mar 2025 10:39 EDT
As agentic coding assistants get more capable, Birgitta Böckeler is trying them to change existing codebases. This has led to some impressive collaboration sessions, but she's needed to intervene, correct and steer all the time. In her latest post, she describes examples of these interventions, giving ideas of the types of skills we currently need to correct the tools' missteps.
Wed 26 Feb 2025 11:49 EST
The new US administration has decided to eliminate the “X” option for gender/sex on passports. I have several non-binary friends, and I don’t see why they should have to select an option that makes no sense for them. I also don’t see how an “X” option on identity documents causes a material problem for anyone else. There’s not much I can do to object to this change, but one little thing is to add a comment on the Federal Register for such rule changes. There are three such pages:
DS-11 new passport application: (deadline 3/17/25) https://www.federalregister.gov/documents/2025/02/14/2025-02648/30-day-notice-of-proposed-information-collection-application-for-a-us-passport
DS-82 passport renewal: (deadline 3/20/25) https://www.federalregister.gov/documents/2025/02/18/2025-02697/30-day-notice-of-proposed-information-collection-us-passport-renewal-application-for-eligible
DS-5504 name change or data corrections: (deadline 3/20/25) https://www.federalregister.gov/documents/2025/02/18/2025-02696/30-day-notice-of-proposed-information-collection-application-for-a-us-passport-for-eligible
It didn’t take me more than a few minutes to make a brief comment (essentially the first three sentences of this post) on all three. Pretty inconsequential compared to the problems facing my non-binary friends.
Tue 25 Feb 2025 07:20 EST
While RAG is the most common way to focus a foundation model on material outside its training set, Bharani Subramaniam and I now finish our current batch of patterns by examining our experience with Fine Tuning where we learned to prioritize curating high-quality data.
Wed 19 Feb 2025 07:02
Gen AI systems are gullible, and can easily be tricked into responding in ways that are contrary to an enterprise's policies or leak confidential information. Bharani Subramaniam and I describe how we can counter this by adding guardrails at the boundaries of the request/response flow. We also conclude our discussion of RAG with an overview of how all the RAG component patterns fit together.
Tue 18 Feb 2025 07:02
Recent LLM models have provided “reasoning” capabilities. Birgitta Böckeler asks what role these play with coding tasks. She doesn't have an answer, but does have questions and thoughts - and has not found such capabilities worthwhile so far.
Thu 13 Feb 2025 21:16
LLMs struggle with large amounts of context. Bharani Subramaniam and I explain how to mitigate this common RAG problem with a Reranker which takes the document fragments from the retriever, and ranks them according to their usefulness.
Wed 12 Feb 2025 07:58
Users often have difficulty writing the most effective queries. Bharani Subramaniam and I explain Query Rewriting: getting an LLM to formulate alternative queries to send to a RAG's retriever.
Thu 06 Feb 2025 09:17 EST
The appearance of DeepSeek Large-Language Models has caused a lot of discussion and angst since their latest versions appeared at the beginning of 2025. But much of the value of DeepSeek's work comes from the papers they have published over the last year. Shayan Mohanty provides an overview of these papers, highlighting three main arcs in this research: a focus on improving cost and memory efficiency, the use of HPC Co-Design to train large models on limited hardware, and the development of emergent reasoning from large-scale reinforcement learning
Wed 05 Feb 2025 10:03 EST
Today Bharani Subramaniam and I outline four limitations to the simple RAG from yesterday, and the pattern that addresses the first of these: Hybrid Retriever. This tackles the inefficiencies of embeddings-based search by combining it with other search techniques.
Tue 04 Feb 2025 10:23 EST
was on a panel at goto Copenhagen last September with Holly Cummings, Trisha Gee, Dave Farley, and Daniel Terhorst-North. We discussed the current state of software development and where it was heading. Given the timing, there was much discussion about the role AI would play in our profession's future.
Tue 04 Feb 2025 09:57 EST
A pre-trained GenAI model lacks recent and specific information about a domain. Bharani Subramaniam and I explain how Retrieval Augmented Generation (RAG) can fill that gap.
Thu 30 Jan 2025 00:00 EST
The Forest and the Desert is a metaphor for thinking about software development processes, developed by Beth Andres-Beck and hir father Kent Beck. It posits that two communities of software developers have great difficulty communicating to each other because they live in very different contexts, so advice that applies to one sounds like nonsense to the other.
The desert is the common world of software development, where bugs are plentiful, skill isn't cultivated, and communications with users is difficult. The forest is the world of a well-run team that uses something like Extreme Programming, where developers swiftly put changes into production, protected by their tests, code is invested in to keep it healthy, and there is regular contact with The Customer.
Clearly Beth and Kent prefer The Forest (as do I). But the metaphor is more about how description of The Forest and the advice for how to work there often sounds nonsensical to those whose only experience is The Desert. It reminds us that any lessons we draw about software development practice, or architectural patterns, are governed by the context that we experienced them. It is possible to change Desert into Forest, but it's difficult - often requiring people to do things that are both hard and counter-intuitive. (It seems sadly easier for The Forest to submit to desertification.)
In this framing I'm definitely a Forest Dweller, and seek with Thoughtworks to cultivate a healthy forest for us and our clients. I work to explain The Forest to Desert Dwellers, and help my fellow Forest Dwellers to make their forest even more plentiful.
The best short summary from Beth and Kent is on Kent's Substack. For more depth, take a look at their keynote at Øredev.
Kent Beck supplied the image, which he may have painstakingly drew pixel by pixel. Or not.
Wed 29 Jan 2025 10:55 EST
GenAI systems, like many modern AI approaches, have to handle vast quantities of data, and find similarities between elements in an image or chunk of words. Bharani Subramaniam and I describe a key tool to do this - Embeddings - transforming large data blocks into numeric vectors so that embeddings near each other represent related concepts
Tue 28 Jan 2025 07:43 EST
Everyone is fascinated about using generative AI these days, and my colleagues are no exception. Some of them have had the opportunity to put these system into practice, both as proof-of-concept, and more importantly as production system. I've known Bharani Subramaniam for many years as a technology leader in India, he's been assembling the lessons we've learned and I've worked with him to describe them as patterns.
In this first installment, we look the limits of the base case of Direct Prompting, and how we might assess the capability of a system using Evals.
Fri 24 Jan 2025 13:01 EST
Luca Rossi hosts a podcast (and newsletter) called Refactoring, so it's obvious that we have some interests in common. The tile comes from me leaning heavily on Beth Anders-Beck and Kent Beck's metaphor of The Forest and The Desert. We talk about the impact of AI on software development, the metaphor of technical debt, and the current state of agile software development.
Wed 22 Jan 2025 10:54 EST
Juntao Qiu finishes his description of codemods by looking at some other approaches outside the JavaScript world such as JavaParser and OpenRewrite.