“Zero Trust” entered the security lexicon around 2010 with John Kindervag’s research at Forrester, became a NIST standard in 2020, and a government mandate in 2021. By 2023 it was so over-hyped that saying “we’re implementing Zero Trust” communicated approximately nothing about what you were actually doing.

Continue reading

React 20 shipped in early 2026 with something that’s been in development since 2021: a stable compiler that automatically optimizes React applications. If you’ve been following the React ecosystem, you’ve heard about “React Forget” — the project that was supposed to eliminate the need for useMemo, useCallback, and React.memo. It’s here, it’s stable, and it works.

Continue reading

Platform engineering has become the dominant framing for infrastructure teams over the last two years. Virtually every mid-to-large engineering org now has a “platform team” or is building one. And yet, the pattern I see repeatedly: teams build sophisticated internal developer platforms (IDPs) that developers quietly ignore in favor of doing things manually or finding workarounds.

Continue reading

WebAssembly was introduced to the world as “a fast, safe, portable low-level bytecode for the web.” That framing aged poorly — in the best possible way. In 2026, WASM runs in serverless functions at Cloudflare and Fastly, powers plugin systems in databases, executes untrusted code inside AI applications, and runs on microcontrollers. The browser is just one of its habitats now.

Continue reading

AI agents have graduated from research projects to production workloads. In 2025, the narrative was “agents are almost ready.” In 2026, the conversation has shifted to “how do we make them reliable, observable, and cost-effective at scale?” Having worked through several agent deployments — from customer support automation to code review pipelines — I want to share the patterns that hold up and the pitfalls that will wreck your on-call rotation.

Continue reading