-
Continue reading →: Optimise Your Async Processing with Thread Pools: A Cost-Effective ApproachTL;DR: Creating a new thread for every task is inefficient and unsustainable. Thread pools and asynchronous processing let you handle more work with fewer resources by reusing threads and avoiding blocking operations. When you’re building high-performance applications, especially in environments like web servers or backend APIs, how you handle concurrency…
-
Continue reading →: Optimising Database Performance: The Cost of Opening Connections & SolutionsTL;DR: Opening a new database connection for every request is slow and resource-intensive. Connection pooling fixes this by reusing existing connections, dramatically improving performance and scalability. Tools like HikariCP make it easy to implement and tune for optimal results. Why Connection Pooling Matters Every time your application interacts with a…
-
Continue reading →: Tech Hiring Trends in 2025: Who’s Leading the Pack?TL;DR: The Big Tech hiring freeze is officially over, but the recovery is uneven. Apple and Meta are leading the rebound, while IBM is quietly staging a comeback. The hiring focus has shifted toward senior engineers with AI expertise, and the market is more competitive—and concentrated—than ever. After two years…
-
Continue reading →: Revamping npm: Addressing Flaws and Proposing Solutions for a Better EcosystemTL;DR: The npm ecosystem is dangerously fragile. The September 2025 attack exposed deep, systemic flaws in how we manage and secure open source packages. Fixing this requires more than patching vulnerabilities—we need structural reforms, from governance to cryptographic safeguards. The npm package registry is the beating heart of modern software…
-
Continue reading →: Effective Supply Chain Security Strategies Beyond npm AuditTL;DR: Traditional tools like npm audit aren’t enough to stop modern supply chain attacks. Real-world security demands layered defenses, proactive planning, and a shift in how teams think about package trust and developer workflows. Supply chain attacks have moved from theoretical to inevitable. The recent npm incident involving malicious versions…
-
Continue reading →: Supply Chain Attack: Impact on Global Enterprises’ Emergency Response CostsTL;DR: A recent npm supply chain attack caused minimal direct financial theft but triggered millions in emergency response costs across global enterprises. The incident underscores how the real damage lies in the organizational fallout, not the attacker’s payout. What Happens When a $1,000 Hack Costs Millions? In early September 2025,…
-
Continue reading →: Beyond 2FA: Why the most sophisticated phishing attack targeted NPM maintainers and what it teaches us about human vulnerabilityTL;DR: Even the most security-conscious developers can fall victim to social engineering. The recent phishing attack on NPM maintainer Josh Junon reveals how human psychology, not just technical flaws, can be exploited to compromise critical infrastructure. It’s time to rethink how we secure open source ecosystems. When 2FA Isn’t Enough:…
-
Continue reading →: Power of Open Source Security: Community Response HeroesTL;DR: The recent NPM supply chain attack could have been catastrophic, but within minutes, the open source security community rallied to detect, analyze, and contain the threat. Their fast, transparent, and collaborative response turned a potential disaster into a success story of community-driven cybersecurity. When we talk about cybersecurity, the…
-
Continue reading →: Decoding Cryptocurrency Malware Attack of September 2025TL;DR: A recent supply chain attack compromised 20 NPM packages, including popular ones like chalk and debug, with highly sophisticated malware designed to steal cryptocurrency from browser environments. This wasn’t your average crypto-miner—it was a stealthy, technically advanced operation that cleverly avoided detection while targeting Web3 users. When news broke…
-
Continue reading →: September 2025 NPM Debug Package Attack: Developer Impact ExplainedTL;DR: On September 8, 2025, attackers compromised the widely used NPM debug package and 19 others in a lightning-fast supply chain attack. While the scope was massive—impacting nearly every cloud environment—the open-source community’s rapid response kept financial losses under $1,000. This event highlights both our ecosystem’s fragility and its strength…
-
Continue reading →: Exploring the Rise of Cryptocurrency Applications in Web3: Implications for Blockchain SecurityTL;DR: A recent wave of supply chain attacks specifically targeted Web3 and cryptocurrency applications, exploiting centralized package managers like NPM to compromise decentralized finance platforms. This marks a shift toward financially motivated, precision-engineered malware that traditional security tools aren’t equipped to detect. Web3 is supposed to be the future of…
-
Continue reading →: Why I Cancelled My Cursor Subscription & What’s Next (Claude Code)TL;DR: I paused my Cursor subscription after switching to Claude Code and haven’t looked back. Claude’s terminal-first, IDE-agnostic approach fits my workflow better, especially for Java development in IntelliJ. While Cursor remains a powerful tool, Claude Code offers more flexibility and better value through a single subscription. When I first…
-
Continue reading →: Top Mistakes in Legacy Software Modernization: Real Experiences RevealedTL;DR: Modernizing legacy software is essential but fraught with risk. Common pitfalls include underestimating costs, ignoring undocumented dependencies, and failing to align with business needs. A thoughtful, incremental approach with stakeholder buy-in and solid documentation can make all the difference. Legacy software is the backbone of many businesses—reliable, familiar, but…
-
Continue reading →: Quick Refresher on Dockerfiles: Creating Efficient Container ImagesTL;DR: A Dockerfile is a simple yet powerful script that defines how to build a Docker image. By using a series of instructions, it ensures consistent, automated, and reproducible builds—making it a cornerstone of modern DevOps workflows. Why Dockerfiles Matter If you’ve ever deployed an app and thought, “It worked…
-
Continue reading →: The Cool Container Management Tool PodmanTL;DR: Podman is a secure, daemonless container engine that’s compatible with Docker and ideal for Kubernetes users who want to prototype locally. With rootless mode, native pod support, and Kubernetes YAML integration, Podman offers a streamlined container workflow—especially for Linux users. Containers have become the backbone of modern application development,…
-
Continue reading →: Unlocking Secure AI Integration in Enterprise with MCP ServerTL;DR: MCP servers, built on the Model Context Protocol, offer a secure, standardized way for AI models to interact with enterprise tools and data. By acting as intelligent gateways, they enable scalable, compliant AI integration—without costly custom development or data exposure risks. When it comes to integrating AI into enterprise…
-
Continue reading →: My Top Kubernetes Logging Extensions: SternTL;DR: If you work with Kubernetes and love the terminal, Stern is a must-have tool. Its ability to tail logs from multiple pods using regex filters makes it more powerful and efficient than other Kubernetes logging extensions like K9s or the IntelliJ Kubernetes plugin. Why Kubernetes Logging Needs a Better…
-
Continue reading →: Boost Productivity: Coding on a Treadmill with a Standing DeskTL;DR: Coding while walking is not only possible, it’s a surprisingly effective way to stay active during long workdays. With a standing desk and treadmill combo, you can boost your daily step count, maintain cognitive focus, and reduce the health risks of a sedentary lifestyle—just be ready to adapt your…
-
Continue reading →: Logitech G815 Keyboard Review: 6-Year Journey of a Software EngineerTL;DR: After six years with the Logitech G815 mechanical keyboard, I’m still not looking to upgrade. Its premium build, low-profile mechanical switches, and productivity-boosting features make it an ideal companion for software engineering, not just gaming. When I first picked up the Logitech G815 back in 2019, I thought I…
-
Continue reading →: NVIDIA Jetson: Features, Benefits, and Home Project InspirationTL;DR: NVIDIA Jetson is a compact, power-efficient AI computer that brings GPU-accelerated processing to edge devices. It’s perfect for hobbyists and developers looking to build real-time AI projects at home, from smart cameras to robotic companions. Whether you’re building a robot that follows you around or a camera that knows…
Hello,
I’m Sean
Welcome to the Scalable Human blog. Just a software engineer writing about algo trading, AI, and books. I learn in public, use AI tools extensively, and share what works. Educational purposes only – not financial advice.
Let’s connect
Join the mailing list
Stay updated with latest posts.
Scalable Human Blog 