-
Continue reading →: Bulkhead Pattern and Service Isolation: Prevent Failures from Sinking Your SystemTL;DR: The bulkhead pattern in software design isolates system components to prevent cascading failures, much like watertight barriers on a ship. By separating resources and services, you ensure one failure doesn’t sink the entire system. I’ve always been fascinated by the story of the Titanic: water flooded compartment after compartment…
-
Continue reading →: Caching Strategies: Boost Performance with Smart Memory UseTL;DR: Caching is a powerful way to speed up applications by storing frequently accessed data in fast memory, but it must be used wisely to avoid stale data issues. Let’s explore why memory is your best friend when paired with the right caching strategy. Picture this: you’re running an app,…
-
Continue reading →: Circuit Breakers: Why You Should Stop Overusing a Failing ServiceTL;DR: Circuit breakers in software are a lifesaving pattern that stop your application from hammering a failing service, preventing cascading failures and giving systems time to recover. Think of them as a safety switch for your app, just like in electrical systems. Imagine you’re trying to call a friend whose…
-
Continue reading →: Load shedding In Software SystemsTL;DR: Load shedding is a last-resort strategy for keeping systems alive under extreme stress. When your system is overwhelmed, it’s better to serve fewer users well than to crash trying to serve everyone. When your software system starts to sink under heavy load, what do you do? Just like sailors…
-
Continue reading →: Using Backpressure and Rate Limiting for Optimal System PerformanceTL;DR: Backpressure and rate limiting are essential tools for building resilient systems. They help your application stay responsive under load by slowing things down before things break. When systems get overwhelmed, bad things happen—timeouts, crashes, angry users. Imagine a highway where cars are entering faster than they can exit. Eventually,…
-
Continue reading →: Optimise Your Async Processing with Thread Pools: A Cost-Effective ApproachTL;DR: Creating a new thread for every task is inefficient and unsustainable. Thread pools and asynchronous processing let you handle more work with fewer resources by reusing threads and avoiding blocking operations. When you’re building high-performance applications, especially in environments like web servers or backend APIs, how you handle concurrency…
-
Continue reading →: Optimising Database Performance: The Cost of Opening Connections & SolutionsTL;DR: Opening a new database connection for every request is slow and resource-intensive. Connection pooling fixes this by reusing existing connections, dramatically improving performance and scalability. Tools like HikariCP make it easy to implement and tune for optimal results. Why Connection Pooling Matters Every time your application interacts with a…
-
Continue reading →: Tech Hiring Trends in 2025: Who’s Leading the Pack?TL;DR: The Big Tech hiring freeze is officially over, but the recovery is uneven. Apple and Meta are leading the rebound, while IBM is quietly staging a comeback. The hiring focus has shifted toward senior engineers with AI expertise, and the market is more competitive—and concentrated—than ever. After two years…
-
Continue reading →: Revamping npm: Addressing Flaws and Proposing Solutions for a Better EcosystemTL;DR: The npm ecosystem is dangerously fragile. The September 2025 attack exposed deep, systemic flaws in how we manage and secure open source packages. Fixing this requires more than patching vulnerabilities—we need structural reforms, from governance to cryptographic safeguards. The npm package registry is the beating heart of modern software…
-
Continue reading →: Effective Supply Chain Security Strategies Beyond npm AuditTL;DR: Traditional tools like npm audit aren’t enough to stop modern supply chain attacks. Real-world security demands layered defenses, proactive planning, and a shift in how teams think about package trust and developer workflows. Supply chain attacks have moved from theoretical to inevitable. The recent npm incident involving malicious versions…
-
Continue reading →: Supply Chain Attack: Impact on Global Enterprises’ Emergency Response CostsTL;DR: A recent npm supply chain attack caused minimal direct financial theft but triggered millions in emergency response costs across global enterprises. The incident underscores how the real damage lies in the organizational fallout, not the attacker’s payout. What Happens When a $1,000 Hack Costs Millions? In early September 2025,…
-
Continue reading →: Beyond 2FA: Why the most sophisticated phishing attack targeted NPM maintainers and what it teaches us about human vulnerabilityTL;DR: Even the most security-conscious developers can fall victim to social engineering. The recent phishing attack on NPM maintainer Josh Junon reveals how human psychology, not just technical flaws, can be exploited to compromise critical infrastructure. It’s time to rethink how we secure open source ecosystems. When 2FA Isn’t Enough:…
-
Continue reading →: Power of Open Source Security: Community Response HeroesTL;DR: The recent NPM supply chain attack could have been catastrophic, but within minutes, the open source security community rallied to detect, analyze, and contain the threat. Their fast, transparent, and collaborative response turned a potential disaster into a success story of community-driven cybersecurity. When we talk about cybersecurity, the…
-
Continue reading →: Decoding Cryptocurrency Malware Attack of September 2025TL;DR: A recent supply chain attack compromised 20 NPM packages, including popular ones like chalk and debug, with highly sophisticated malware designed to steal cryptocurrency from browser environments. This wasn’t your average crypto-miner—it was a stealthy, technically advanced operation that cleverly avoided detection while targeting Web3 users. When news broke…
-
Continue reading →: September 2025 NPM Debug Package Attack: Developer Impact ExplainedTL;DR: On September 8, 2025, attackers compromised the widely used NPM debug package and 19 others in a lightning-fast supply chain attack. While the scope was massive—impacting nearly every cloud environment—the open-source community’s rapid response kept financial losses under $1,000. This event highlights both our ecosystem’s fragility and its strength…
-
Continue reading →: Exploring the Rise of Cryptocurrency Applications in Web3: Implications for Blockchain SecurityTL;DR: A recent wave of supply chain attacks specifically targeted Web3 and cryptocurrency applications, exploiting centralized package managers like NPM to compromise decentralized finance platforms. This marks a shift toward financially motivated, precision-engineered malware that traditional security tools aren’t equipped to detect. Web3 is supposed to be the future of…
-
Continue reading →: Why I Cancelled My Cursor Subscription & What’s Next (Claude Code)TL;DR: I paused my Cursor subscription after switching to Claude Code and haven’t looked back. Claude’s terminal-first, IDE-agnostic approach fits my workflow better, especially for Java development in IntelliJ. While Cursor remains a powerful tool, Claude Code offers more flexibility and better value through a single subscription. When I first…
-
Continue reading →: Top Mistakes in Legacy Software Modernization: Real Experiences RevealedTL;DR: Modernizing legacy software is essential but fraught with risk. Common pitfalls include underestimating costs, ignoring undocumented dependencies, and failing to align with business needs. A thoughtful, incremental approach with stakeholder buy-in and solid documentation can make all the difference. Legacy software is the backbone of many businesses—reliable, familiar, but…
-
Continue reading →: Quick Refresher on Dockerfiles: Creating Efficient Container ImagesTL;DR: A Dockerfile is a simple yet powerful script that defines how to build a Docker image. By using a series of instructions, it ensures consistent, automated, and reproducible builds—making it a cornerstone of modern DevOps workflows. Why Dockerfiles Matter If you’ve ever deployed an app and thought, “It worked…
-
Continue reading →: The Cool Container Management Tool PodmanTL;DR: Podman is a secure, daemonless container engine that’s compatible with Docker and ideal for Kubernetes users who want to prototype locally. With rootless mode, native pod support, and Kubernetes YAML integration, Podman offers a streamlined container workflow—especially for Linux users. Containers have become the backbone of modern application development,…
Hello,
I’m Sean
Welcome to the Scalable Human blog. Just a software engineer writing about algo trading, AI, and books. I learn in public, use AI tools extensively, and share what works. Educational purposes only – not financial advice.
Let’s connect
Join the mailing list
Stay updated with latest posts.
Scalable Human Blog 