Miguel Alho
LightNews LightNews
banner
miguelalho.pt
Miguel Alho
@miguelalho.pt
230 followers 890 following 100 posts
Principal SW Engineer, Platform Engineering;
DevOpsDays Portugal, DevOps Aveiro and DevOps Porto organization alumni; Torreira, Murtosa, Portugal
Posts Replies Media Videos
Reposted by Miguel Alho
securestep9.bsky.social
#NPM: #Nx platform packages compromised by #AI-assisted supply chain attack stealing and leaking over 2500+ credentials (GitHub, Cloud, and AI Credentials). Check your GitHub for: 's1ngularity-repository':
#SoftwareSupplyChainSecurity
👇
Nx build platform compromised by supply chain attack – How attackers collude with AI code assistants | Blog | Endor Labs
Nx supply chain attack: malicious npm versions of Nx exfiltrated SSH keys and tokens to GitHub—abusing AI code assistants. Learn how to detect and fix.
www.endorlabs.com
August 28, 2025 at 8:53 PM
miguelalho.pt
An absolutely thought provoking piece of writing, forecasting potential paths for AI development

ai-2027.com
AI 2027
A research-backed AI scenario forecast.
ai-2027.com
May 11, 2025 at 6:10 PM
Reposted by Miguel Alho
matthewskelton.com
I'm excited about the new phase for the Team Topologies mission - here's how to get involved: teamtopologies.com/news-blogs-n...

#TeamTopologies #FastFlow
Expanding and enhancing the Team Topologies mission - activating the ecosystem — Team Topologies - Organizing for fast flow of value
Team Topologies - the leading approach to organization dynamics for fast flow - is entering a new phase of operations to better support its core mission, opening the door to wider participation from…
teamtopologies.com
May 9, 2025 at 2:08 PM
miguelalho.pt
So... Which of the AIs turned off the lights?
April 28, 2025 at 9:35 PM
Reposted by Miguel Alho
malwarejake.bsky.social
If you work in DevOps read this post-mortem. If you don't work in DevOps, send this to your coworkers that do. Trust me, it's important they read this.
www.landh.tech/blog/2025021...
How We Hacked a Software Supply Chain for $50K - Lupin & Holmes
www.landh.tech
April 4, 2025 at 7:30 PM
Reposted by Miguel Alho
infosec.skyfleet.blue
Max severity RCE flaw discovered in widely used Apache Parquet
Max severity RCE flaw discovered in widely used Apache Parquet
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.
www.bleepingcomputer.com
April 3, 2025 at 9:38 PM
Reposted by Miguel Alho
ruimartins.bsky.social
cidadaospelaciberseguranca.com/2025/03/26/e...
Exfiltração de Dados na Worten: O Que Fazer para se Proteger e Medidas Necessárias por parte da empresa
A recente exfiltração de dados da Worten, alegadamente realizada pelo grupo Alcxtraze, representa um grave risco para milhares de clientes e para as centenas funcionários da empresa envolvidos. Nes…
cidadaospelaciberseguranca.com
March 26, 2025 at 8:00 AM
Reposted by Miguel Alho
iamgoncaloalves.bsky.social
Most people dont know this but Github copilot has a similar feature to the .cursorrules file
Adding repository custom instructions for GitHub Copilot - GitHub Docs
You can create a file in a repository that automatically adds information to all questions you ask Copilot Chat.
docs.github.com
March 13, 2025 at 6:55 PM
Reposted by Miguel Alho
amysiskind.com
😂😅
March 8, 2025 at 2:38 AM
Reposted by Miguel Alho
brunopedro.com
In another piece I wrote before, I covered the number of API operations from a different perspective: quality.

"(...) having a large number of features contributes to a decrease in the quality of the API and will see reflections in the business."

apichangelog.substack.com/p/the-impact...
March 6, 2025 at 4:46 PM
Reposted by Miguel Alho
migueldavid.eu
When I became an Engineering Manager, I didn’t inherit a playbook. No clear “do this, then that” roadmap. Sound familiar?

In my latest blog post, I share some practical steps for surviving when you no longer have a GPS.

🔗 Dive into the full post here:
How to Survive Without a Playbook as an Engineering Manager - The writing outlet
The Unexpected “Perks” of LeadershipBecoming a leader has “perks”, but they aren’t the ones you’re thinking… Power is meaningless without trust. Money comes with a higher risk of getting fired,...
buff.ly
March 3, 2025 at 4:05 PM
Reposted by Miguel Alho
mccricardo.bsky.social
"Best Simple System for Now" by Dan North
Best Simple System for Now
You can have your cake and eat it, as long as you bake it carefully. ‘We can do this the quick way and pay later, or the thorough way and pay now.’ This seems to be a fundamental dichotomy in…
buff.ly
February 21, 2025 at 5:01 PM
miguelalho.pt
I feel exposed
February 21, 2025 at 11:09 PM
miguelalho.pt
A "must listen to" : youtu.be/WufjP_WRnPM?...
Developer productivity with Nicole Forsgren (the creator of DORA)
YouTube video by The Pragmatic Engineer
youtu.be
February 19, 2025 at 10:50 PM
miguelalho.pt
Feels like Python and I.
iamgoncaloalves.bsky.social Gonçalo Alves @iamgoncaloalves.bsky.social · Feb 19
We've all been there
February 19, 2025 at 8:13 PM
Reposted by Miguel Alho
iamgoncaloalves.bsky.social
We've all been there
February 19, 2025 at 6:18 PM
Reposted by Miguel Alho
ruimascarenhas.bsky.social
This is brilliant! @zezvaz.bsky.social muito bem! Extraordinário!
mweinstock.bsky.social mweinstock.bsky.social @mweinstock.bsky.social · Feb 15
Portuguese editorial cartoonist Zez Vaz reaches back to Tiananmen Square to call on American defiance.
February 15, 2025 at 7:34 PM
Reposted by Miguel Alho
mccricardo.bsky.social
Schrödinger documentation:

Everyone complains when documentation is poor or non-existent. Simultaneously, no one wants to create and maintain it.
February 7, 2025 at 4:40 PM
Reposted by Miguel Alho
swardley.bsky.social
Chapters 1-3 of Rewilding Software Engineering and how to deal with legacy environments. More to come, as we find time.

Chapter 1: Introduction
medium.com/feenk/rewild...

Chapter 2: How we make decisions
medium.com/feenk/rewild...

Chapter 3: Questions and Answers
medium.com/feenk/rewild...
Medium
medium.com
February 6, 2025 at 2:36 PM
miguelalho.pt
Say you have a 1000+ repos on GitHub (or any other similar platform)... What are you doing in terms of governance to help keep things with decent levels of quality, standardization and/or compliance across the board?
January 26, 2025 at 4:35 PM
miguelalho.pt
Am I missing something or is no one using this for memes?
January 25, 2025 at 4:42 PM
miguelalho.pt
I'm guessing we'll at some point be asking questions to Reddit trained AIs, then...
gergely.pragmaticengineer.com Gergely Orosz @gergely.pragmaticengineer.com · Jan 21
The slow, then sudden decline of Stack Overflow.

Full article: blog.pragmaticengineer.com/are-llms-mak...
January 21, 2025 at 9:32 PM
Reposted by Miguel Alho
tekiegirl.bsky.social
Latest additions to the #software conferences #StarterPack:
- @mixitconf.org next in Lyon, France, Apr 2025
- @leanagilescot.bsky.social next in Edinburgh, UK, Sep 2025

Which software conferences are missing?

go.bsky.app/S5QVsCy

#softwareDesign #softwareArchitecture #softwareDevelopment
January 21, 2025 at 2:18 PM
miguelalho.pt
Are there any simple sources of CVE listings related to NuGet packages (or easily limited to that scope) that can be easily looked up (without a remote call)?

Something to compare a few hundred packages against
January 17, 2025 at 7:30 PM
Reposted by Miguel Alho
justingarrison.com
repo.new and gist.new are two URLs I use frequently that I still don't think people know about
January 14, 2025 at 12:19 AM