Authored by Mark Seemann, a software architect and consultant, this blog focuses on software design, object-oriented programming, and functional programming principles. Readers can explore articles and discussions on topics such as dependency injection, domain-driven design, and test-driven development. Additionally, they can learn about architectural patterns, design patterns, and best practices for building robust, maintainable software systems.

ploeh blog

A speculative scenario exploring the security risks of AI-based coding agents. The economics of current AI companies are unsustainable — they run massive deficits — meaning prices will eventually rise, creating an opening for adversarial state actors to offer subsidized, cheaper LLM coding services through shell companies. Such services could passively spy on codebases or actively inject backdoors and malware. The author draws parallels to the xz utils backdoor and TikTok's ownership structure. Even 'trusted' American AI companies may have opaque investor chains. The recommended countermeasure: treat all LLM-generated code like untrusted drive-by pull requests from strangers, applying rigorous code review. Human review capacity — not code generation speed — remains the real bottleneck.

Secret agentic AI