Replace multi-year forecasts with real-time discovery of operational friction. Instead of a five-year requirement for a “targeting system,” identify the bottleneck–like a three-hour targeting approval process. Set a goal–like reducing the approval process to 30 minutes. And empower a team to solve it. In this Kessel Run example, the requirement was an outcome, not a feature list." Bryon Kroger
🔗 Rapid software delivery is possible inside DoW — Software Factory 2.
Posts in "links"
Flood of security patches: Spring Framework ed.
Community security reports for Spring, by month. In April, utilizing new scanning capabilities, we received an unprecedented 482 new security reports across 65 scanned projects. Of those 482 new reports, 370 came from our internal scanning capabilities and 112 came from the community. This means that even without the new scanning, we would still have seen a doubling of community reports compared to our already high number in March.
Getting things done can be addictive. The joy you get from finally being empowered to do things you previously could not is a feedback loop that must be controlled for some of us.
I grew up spending a good deal of time with an older cousin of mine in Cullman, Alabama named Claude Basenburg. A hefty, hearty good ol’ boy in overalls, with a wad of tobacco in his cheek. So when I visit claude.ai I don’t think of an omniscient counselor, I just envision my cousin from Cullman. It helps…. But in the end the results are very clean and, to me, _extremely_satisfying.
That means each employee’s AI spending cap is ~11% of that median compensation package.
Last year, there were a few anecdotes about high growth tech companies spending $100,000/year per head on tokens. That seems like it’s coming to end.a
🔗 Uber Caps Usage of AI Tools Like Claude Code to Manage Costs
remote work reduces on-the-job training
According to the Fed’s analysis, youth unemployment has risen significantly since the coronavirus pandemic, and hasn’t receded in the same way that unemployment numbers for older, more experienced college graduates has in recent years. The analysis notes that the prevalence of remote work has increased since COVID-19, and it believes those two trends have more than just a correlation.
“Our analysis suggests that these trends are related, with remote work making it more difficult for managers to train and mentor new employees,” the Fed said of its data.
Defeating Conway's Law
Try using a platform to combat Conway’s Law and organizational friction caused by too many groups/silos.
This matters because it removes the structural excuse for fragmentation. When a single platform surfaces all the controls a unified team needs, there is no longer a technical reason to keep five separate teams in five separate rooms. The organisational argument for siloes collapses alongside the technical one.
Conway’s Law says that a system will be shaped - organization sub-divided - as a replica of the orgnonzatikn that built the system.
you can't measure productivity
The [Wells Fargo] CEO named auditing, testing, legal, contracts, patent filings, pitchbooks in investment banking and credit memos as a handful of areas across the company executives see room for AI to improve processes. “How much of that actually results in pure margin or return expansion is to be seen.” Scharf said, since competitors will be chasing similar AI goals, but it is “a net positive” for the company’s future expense base.
security over features
From what I can tell, every core part of the software stack is stopping what they’re doing and taking care of the flood of new, AI-driven security issues.
🔗 Java Maintenance Engineering Shifts Focus on Quarterly Critical Patch Stabilization
Why aren't all images super-secure, or hardned?
Here’s what I learned: container base images grew up as a developer convenience tool, not a security artifact. Installing extra packages from the command line is one of the first things any Docker tutorial teaches–Docker’s own Dockerfile guide includes apt-get install–and many of the most popular official images ship a full toolchain by default, with -slimand -alpine variants offered precisely because the defaults carry more than most workloads need, and changing them would have broken enough downstream workflows that it was never going to be a routine upstream decision.