Maxime
@digital-minds.bsky.social
Tech lead sharing stories at the edge of burnout, brilliance, and broken processes.
Longer writing -> https://loopofthought.substack.com/
Longer writing -> https://loopofthought.substack.com/
2025: developers downloaded open-source components 9.8 TRILLION times.
Sonatype logged 454,648 malicious packages in one year, 1.23M total.
Log4Shell still got 42M downloads in 2025.
Your dependency tree is a threat model.
Sonatype logged 454,648 malicious packages in one year, 1.23M total.
Log4Shell still got 42M downloads in 2025.
Your dependency tree is a threat model.
January 31, 2026 at 4:29 PM
2025: developers downloaded open-source components 9.8 TRILLION times.
Sonatype logged 454,648 malicious packages in one year, 1.23M total.
Log4Shell still got 42M downloads in 2025.
Your dependency tree is a threat model.
Sonatype logged 454,648 malicious packages in one year, 1.23M total.
Log4Shell still got 42M downloads in 2025.
Your dependency tree is a threat model.
I trust messy code written by someone who can explain it.
I don’t trust clean code written by someone who can’t.
I don’t trust clean code written by someone who can’t.
January 30, 2026 at 4:25 PM
I trust messy code written by someone who can explain it.
I don’t trust clean code written by someone who can’t.
I don’t trust clean code written by someone who can’t.
2025 published 48,185 CVEs, with the busiest day landing 793 in 24 hours.
There are 365 active CNAs now, so the firehose has more nozzles every year.
One breakdown shows 8,000+ of those were XSS, a bug class older than most modern stacks.
There are 365 active CNAs now, so the firehose has more nozzles every year.
One breakdown shows 8,000+ of those were XSS, a bug class older than most modern stacks.
January 28, 2026 at 12:13 PM
2025 published 48,185 CVEs, with the busiest day landing 793 in 24 hours.
There are 365 active CNAs now, so the firehose has more nozzles every year.
One breakdown shows 8,000+ of those were XSS, a bug class older than most modern stacks.
There are 365 active CNAs now, so the firehose has more nozzles every year.
One breakdown shows 8,000+ of those were XSS, a bug class older than most modern stacks.
Stanford says dev employment for ages 22-25 is down nearly 20% from the late-2022 peak.
Surveys say 80%+ of devs already use or plan to use AI tools regularly.
Juniors are not competing with seniors but with chatbots.
Surveys say 80%+ of devs already use or plan to use AI tools regularly.
Juniors are not competing with seniors but with chatbots.
January 23, 2026 at 12:49 PM
Stanford says dev employment for ages 22-25 is down nearly 20% from the late-2022 peak.
Surveys say 80%+ of devs already use or plan to use AI tools regularly.
Juniors are not competing with seniors but with chatbots.
Surveys say 80%+ of devs already use or plan to use AI tools regularly.
Juniors are not competing with seniors but with chatbots.
In Dec 2025, only 3,862 Stack Overflow questions were posted.
That’s a 78% drop vs the year before.
Early 2014 was 200,000+ a month.
The public debugging trail is collapsing.
That’s a 78% drop vs the year before.
Early 2014 was 200,000+ a month.
The public debugging trail is collapsing.
January 20, 2026 at 3:44 PM
In Dec 2025, only 3,862 Stack Overflow questions were posted.
That’s a 78% drop vs the year before.
Early 2014 was 200,000+ a month.
The public debugging trail is collapsing.
That’s a 78% drop vs the year before.
Early 2014 was 200,000+ a month.
The public debugging trail is collapsing.
Sonar says 42% of committed code is AI-assisted.
96% of devs don't trust it.
Only 48% always review before commit.
That gap is your new backlog: verification debt.
BYOK Copilot keys, whatever.
If CI is green by accident, prod will teach you.
96% of devs don't trust it.
Only 48% always review before commit.
That gap is your new backlog: verification debt.
BYOK Copilot keys, whatever.
If CI is green by accident, prod will teach you.
January 19, 2026 at 12:57 PM
Sonar says 42% of committed code is AI-assisted.
96% of devs don't trust it.
Only 48% always review before commit.
That gap is your new backlog: verification debt.
BYOK Copilot keys, whatever.
If CI is green by accident, prod will teach you.
96% of devs don't trust it.
Only 48% always review before commit.
That gap is your new backlog: verification debt.
BYOK Copilot keys, whatever.
If CI is green by accident, prod will teach you.
Every long-lived codebase has the same landmarks:
- A cron job no one dares to delete.
- A retry loop added after “that one incident.”
- A feature flag that’s been on for three years.
PRs avoid these areas on purpose.
Refactors stop one directory before them.
That’s how software ages.
- A cron job no one dares to delete.
- A retry loop added after “that one incident.”
- A feature flag that’s been on for three years.
PRs avoid these areas on purpose.
Refactors stop one directory before them.
That’s how software ages.
January 14, 2026 at 8:53 PM
Every long-lived codebase has the same landmarks:
- A cron job no one dares to delete.
- A retry loop added after “that one incident.”
- A feature flag that’s been on for three years.
PRs avoid these areas on purpose.
Refactors stop one directory before them.
That’s how software ages.
- A cron job no one dares to delete.
- A retry loop added after “that one incident.”
- A feature flag that’s been on for three years.
PRs avoid these areas on purpose.
Refactors stop one directory before them.
That’s how software ages.
Everyone’s acting like “AI dev” is a new job.
It’s not.
It’s the same job, with a new way to lie to yourself.
Before, you could ship spaghetti and still feel like an engineer because you personally typed it.
Now you can ship spaghetti faster and call it “leverage.”
It’s not.
It’s the same job, with a new way to lie to yourself.
Before, you could ship spaghetti and still feel like an engineer because you personally typed it.
Now you can ship spaghetti faster and call it “leverage.”
January 13, 2026 at 5:59 PM
Everyone’s acting like “AI dev” is a new job.
It’s not.
It’s the same job, with a new way to lie to yourself.
Before, you could ship spaghetti and still feel like an engineer because you personally typed it.
Now you can ship spaghetti faster and call it “leverage.”
It’s not.
It’s the same job, with a new way to lie to yourself.
Before, you could ship spaghetti and still feel like an engineer because you personally typed it.
Now you can ship spaghetti faster and call it “leverage.”
Resumes reward novelty. Production rewards restraint.
Your anxiety lives in the gap between the two.
Your anxiety lives in the gap between the two.
January 12, 2026 at 12:56 PM
Resumes reward novelty. Production rewards restraint.
Your anxiety lives in the gap between the two.
Your anxiety lives in the gap between the two.
A surprising amount of tech anxiety comes from optimizing for the next job while doing the current one well.
January 10, 2026 at 12:28 PM
A surprising amount of tech anxiety comes from optimizing for the next job while doing the current one well.
Nothing screams "we’re mature now" like hiring your first SRE to translate vibes into incident reports.
January 9, 2026 at 7:26 PM
Nothing screams "we’re mature now" like hiring your first SRE to translate vibes into incident reports.
If AI can replace the work you loved, either it was never very hard, or you stopped pushing it somewhere interesting.
January 9, 2026 at 10:37 AM
If AI can replace the work you loved, either it was never very hard, or you stopped pushing it somewhere interesting.
Stability is what teams ask for.
Adaptability is what hiring loops test for.
Most careers get stretched thin trying to satisfy both.
Adaptability is what hiring loops test for.
Most careers get stretched thin trying to satisfy both.
January 8, 2026 at 5:53 PM
Stability is what teams ask for.
Adaptability is what hiring loops test for.
Most careers get stretched thin trying to satisfy both.
Adaptability is what hiring loops test for.
Most careers get stretched thin trying to satisfy both.
Turns out “being useful to AI” isn’t a sustainable business model.
January 8, 2026 at 3:42 PM
Turns out “being useful to AI” isn’t a sustainable business model.
AI is great at answers.
Software engineering is mostly about knowing which questions you’re afraid to ask.
Software engineering is mostly about knowing which questions you’re afraid to ask.
January 8, 2026 at 11:44 AM
AI is great at answers.
Software engineering is mostly about knowing which questions you’re afraid to ask.
Software engineering is mostly about knowing which questions you’re afraid to ask.
Most “AI replaced my job” stories are really “I was doing glue work and didn’t realize it”.
If your value was stitching libraries together, the stitching got cheaper.
If your value was stitching libraries together, the stitching got cheaper.
January 7, 2026 at 9:41 PM
Most “AI replaced my job” stories are really “I was doing glue work and didn’t realize it”.
If your value was stitching libraries together, the stitching got cheaper.
If your value was stitching libraries together, the stitching got cheaper.
If you’re worried AI will replace you, look at what you do all day.
If it’s tickets with copy-paste patterns, yeah. If it’s ownership, reliability, and decision-making, you’re probably still underpaid.
If it’s tickets with copy-paste patterns, yeah. If it’s ownership, reliability, and decision-making, you’re probably still underpaid.
January 7, 2026 at 4:12 PM
If you’re worried AI will replace you, look at what you do all day.
If it’s tickets with copy-paste patterns, yeah. If it’s ownership, reliability, and decision-making, you’re probably still underpaid.
If it’s tickets with copy-paste patterns, yeah. If it’s ownership, reliability, and decision-making, you’re probably still underpaid.
Rewrites promise freedom from constraints without admitting those constraints were users.
January 6, 2026 at 6:07 PM
Rewrites promise freedom from constraints without admitting those constraints were users.
The job rewards keeping systems stable.
The market rewards proving you can leave them.
So everyone pretends they’re learning faster than they’re actually allowed to.
The market rewards proving you can leave them.
So everyone pretends they’re learning faster than they’re actually allowed to.
January 6, 2026 at 3:15 PM
The job rewards keeping systems stable.
The market rewards proving you can leave them.
So everyone pretends they’re learning faster than they’re actually allowed to.
The market rewards proving you can leave them.
So everyone pretends they’re learning faster than they’re actually allowed to.
Many developers “learn in public” because learning in private doesn’t count anymore.
January 6, 2026 at 10:22 AM
Many developers “learn in public” because learning in private doesn’t count anymore.
Agile assumes the problem space stays legible while the solution evolves. That assumption breaks earlier than we admit.
January 4, 2026 at 12:29 PM
Agile assumes the problem space stays legible while the solution evolves. That assumption breaks earlier than we admit.
At some point in every project, the team stops talking about the problem and starts talking about how to talk about the problem.
January 2, 2026 at 6:52 PM
At some point in every project, the team stops talking about the problem and starts talking about how to talk about the problem.
me: “this refactor is small”
also me, 6 hours later: rewriting a file last touched in 2017 by someone named daniel
also me, 6 hours later: rewriting a file last touched in 2017 by someone named daniel
December 30, 2025 at 8:05 PM
me: “this refactor is small”
also me, 6 hours later: rewriting a file last touched in 2017 by someone named daniel
also me, 6 hours later: rewriting a file last touched in 2017 by someone named daniel
wild how half the job is writing code and the other half is convincing yourself this is fine and going to bed
December 28, 2025 at 5:00 PM
wild how half the job is writing code and the other half is convincing yourself this is fine and going to bed
Things I’m currently suspicious of:
– “Stateless” systems reintroducing state where users can’t contest it.
– Alignment work optimizing for legibility over safety.
– Pricing tiers acting as a filter on who gets to experiment.
– Latency targets driving decisions more than user needs.
– “Stateless” systems reintroducing state where users can’t contest it.
– Alignment work optimizing for legibility over safety.
– Pricing tiers acting as a filter on who gets to experiment.
– Latency targets driving decisions more than user needs.
December 27, 2025 at 5:34 PM
Things I’m currently suspicious of:
– “Stateless” systems reintroducing state where users can’t contest it.
– Alignment work optimizing for legibility over safety.
– Pricing tiers acting as a filter on who gets to experiment.
– Latency targets driving decisions more than user needs.
– “Stateless” systems reintroducing state where users can’t contest it.
– Alignment work optimizing for legibility over safety.
– Pricing tiers acting as a filter on who gets to experiment.
– Latency targets driving decisions more than user needs.