I want to wish all of you a Happy 2026! I thought about writing a recap of 2025 but … naah :-D There are so many ideas waiting.
I wish you all the best.
-
The Malicious (Coding) Agent …
I just watched Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents from Johann Rehberger on the #39c3. He shows quite impressive how the future threat model looks like, the more AI Agents are deployed.
In his talk he demoes a couple of attacks that were applied by using agents. I don’t want to summarize the talk here (you might want to read the heise online article instead), but it is ways beyond “simple prompt injection”!
But my most “aha”-moment was the statement to treat an Agent as a Malicous Internal. Which is probably the worst scenario you want to deal with. Usually you would like to trust your co-workers and not treat them as if they could stab you in the back while smilig at you.
Anyways, I’m pretty sure the technology will evolve into more secure ways. But it will also stay as a new way of attack in the future. I’d recommend checking it out!
https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents
PS: I’d embed it here, but this obviously requires some CSS / WordPressTheme-magic …
Related links:
- 39C3: Power Cycles – media.ccc.de (all videos)
Fediverse reactions
-
The 39C3 has ended and lot’s of Talks are waiting
The 39C3: Power Cycles, the 39th Congress of the Chaos Computer Club has finished. I followed the congress via the #39C3 Hashtag on Mastodon which was quite interesting. I’ve never been there myself but at least I got some impressions via the posts.
(more…) -
You Don’t Need to be the Boss to Influence
I just read Influence Without Authority: How to Get People to Listen Without Being the Boss from Bri Chapman.
Most people think influence comes from a title. From being the person who approves budgets, signs off on decisions, or sits at the top of an org chart.
But that’s not how it actually works.
Bri ChapmanAnd I can pretty much second what she writes there! Not just the quote but also the stepts she’s mentioning there. I was often in a same position: not being the boss but making things work.
Og course it doesn’t work always. But I am surprised how often it just worked in the past. I’d recommend reading it! https://www.brichapman.com/p/how-to-build-influence-without-authority
-
Blogs Have Become to Me What LinkedIn Should Be
To me, LinkedIn was supposed to be the professional network — a place for thoughtful discussion about work related stuff and genuine connection. Yet, over the years, it feels that the content and tone has shifted for engagement (“what do you think?”, “how do you do it?”), self glorification (“especially after quitting a company and highlighting all the successes” srsly, if it was so cool, why did they quit?) and provocative extremes. Everything for the reach.
(more…) -
Reproducible Vibe Coding | It’s all About Context
Actually I wanted to try a bit GithubCopilot with
Agents.md. Yet .. I think during the project I totally forgot to test the influence of the Agents file but tried “vibeCoding” in a reproducible way.I had a very little project in mind that authenticates to Mastodon, fetches some data, saves into a database and displays some metrics on a web page in basic charts. Nothing overly fancy, but also some stuff that would simply take some time when coding “alone”. Like proper OAUTH flow, paging through mastodon apis, rate limiting, database writing, database setup script and cleanup. Some Javascript for the chart, etc.
But I thought it might be nice to try with GithubCopilot (GHC). But I’m also a big fan of reproducible results. So … step by step, what did I do.
(more…) -
Recommended read: What Actually Makes You Senior
On Mastodon, I just found a link to the Terrible Software Blog. (Definitely a blog to follow, I just added it to my RSS reader).
I found this article pretty good: What Actually Makes You Senior.
But if you strip away the title, the salary, and the years of experience, there’s one core skill that separates senior+ engineers from everyone else: reducing ambiguity. Everything else flows from that.
Matheus LimaIt’s about the ability to handly fuzzyness and derisking projects. I really like the “they first make the problem clear. Then, and only then, they go to solve it.”
Check it out: https://terriblesoftware.org/2025/11/25/what-actually-makes-you-senior/
-
I Changed the Fediverse Handler to @fgraf
When I started the Fediverse integration of the blog, I just made a default handler for the full blog and called it
@blog@www.locked.de. Yet, the more I use the blog for the fediverse, the less this made sense to me as it felt too impersonal.While I could switch the setting to allow profiles for both, users and the blog itself — which would introduce a completely new user … I also could stop overthinking it.
TL;DR: this profile is renamed to @fgraf.
The IT Blog@blog@www.locked.deIT, Tech, Data, …
248 posts53 followersAnd if you are not yet on the Fediverse, I would recommend giving it a try. ;-)
-
How to write great agents.md(s) – A recommendation from GitHub
GitHub’s new guide, How to write a great agents.md: Lessons from over 2,500 repositories, pulls lessons from over 2,500 repositories to show how to document AI agents effectively. It’s not just about clarity but also about making collaboration, reproducibility, and scalability possible.
The guide breaks down how to structure
agents.mdfiles for real-world utility. It highlights common mistakes and explains why solid documentation is the backbone of any successful AI project. Whether you’re a developer, DevOps engineer, or just curious about AI tooling, this is a practical roadmap.For anyone serious about AI development, this is a resource worth keeping: https://github.blog/ai-and-ml/github-copilot/how-to-write-a-great-agents-md-lessons-from-over-2500-repositories/
-
Recommended Read about a Microservices Reality Check
Docker’s recent article “Do You Really Need Microservices?” delivers a good dose of pragmatism with regards to Microservices. The article doesn’t dismiss microservices outright— it acknowledges their value at massive scale — but it also hightlights an uncomfortable truth: most teams simply don’t operate at that scale.
What I particularly like are the warnings about hidden costs, the kind that reveal themselves after committing to the architecture and having to operati it over years and through a lot of releases. Operational overhead, debugging “fun” and the complexity of managing distributed systems aren’t just footnotes — they’re a true burden for teams without the resources to handle them properly.
Check it out: You Want Microservices—But Do You Need Them? | Docker
Fediverse reactions
-
