Maxime

Partial failure starts the moment you have two writes

You write:

- DB row
- then send email
- then publish event
- then update search index

Any step can fail after earlier steps succeeded.

Without idempotency and reconciliation, you get “phantom states.”

The API contract you didn’t write becomes tribal law

If you don’t define:

- ordering
- null semantics
- pagination stability
- error shapes
- idempotency expectations

Every client invents rules.

Then you debug “random” behavior that is consistent with somebody’s assumptions.

The hidden cost of “flexible JSON columns”

It starts as “we’ll iterate faster.”

Then:

- queries become un-indexable
- filters move into application code
- analytics turns into a batch job
- every field needs runtime validation

You traded schema changes for permanent query complexity.

Most systems end up with both: no transaction and no repair. That’s when data issues become permanent.

DB transactions that web apps underuse

If you write to multiple tables and you aren’t using a transaction, you’re encoding “partial updates are acceptable”.

That might be fine, but then you need follow-up repair logic and metrics for it.

What breaks people: they only store “processed=true”, then retries can’t return the same response and clients keep looping.

Idempotency that actually works in a web stack

Bare minimum shape:

- client sends an idempotency key per user action

- server stores a record keyed by (tenant/user, key)

- record holds status + response payload (or a pointer)

- retry returns the stored payload

Quick test: record a trace of one page load and count dependency chains, not request count. Long chains are the problem.

Frontend request waterfalls: the pattern behind “it’s fast locally”

This shows up when data fetching is attached to components instead of routes.

You get: render → fetch → render → fetch.

The backend stays healthy. Users wait anyway.

Timeout incidents that look like “the backend is flaky”

Common sequence:
- client hits timeout at 2s
- server finishes at 2.3s and commits
- client retries
- second request commits again

Fix is: pick which operations can safely run twice, then wire idempotency for the rest.

AI-generated code is fast becoming the biggest enterprise security risk as teams struggle with the ‘illusion of correctness’ Security teams are scrambling to catch AI-generated flaws that appear correct before disaster strikes

Source: [https://www.itpro.com/software/development/ai-generated-code-is-fast-becoming-the-biggest-enterprise-security-risk-as-teams-struggle-with-the-illusion-of-correctness](www.itpro.com/software/dev...)

AI-written code looks confident even when it’s wrong.

One report claims AI-generated code is now a meaningful chunk of production code and tied to a worrying share of security incidents.

Treat it like a junior teammate: helpful, needs supervision.

Clunky tech is costing developers 20 working days a year – these are the leading ‘productivity drains’ impacting teams Developers are struggling with an array of issues, and no, AI isn’t making things easier

Source:

Devs are losing almost 20 workdays a year to tool breakage, downtime, bugs, and bad docs.

That’s a month of salary spent fighting the toolchain, not building the thing customers pay for.

2025: developers downloaded open-source components 9.8 TRILLION times.

Sonatype logged 454,648 malicious packages in one year, 1.23M total.

Log4Shell still got 42M downloads in 2025.

Your dependency tree is a threat model.

I trust messy code written by someone who can explain it.

I don’t trust clean code written by someone who can’t.

2025 published 48,185 CVEs, with the busiest day landing 793 in 24 hours.

There are 365 active CNAs now, so the firehose has more nozzles every year.

One breakdown shows 8,000+ of those were XSS, a bug class older than most modern stacks.

Stanford says dev employment for ages 22-25 is down nearly 20% from the late-2022 peak.

Surveys say 80%+ of devs already use or plan to use AI tools regularly.

Juniors are not competing with seniors but with chatbots.

In Dec 2025, only 3,862 Stack Overflow questions were posted.

That’s a 78% drop vs the year before.

Early 2014 was 200,000+ a month.

The public debugging trail is collapsing.

Sonar says 42% of committed code is AI-assisted.

96% of devs don't trust it.

Only 48% always review before commit.

That gap is your new backlog: verification debt.

BYOK Copilot keys, whatever.

If CI is green by accident, prod will teach you.

Every long-lived codebase has the same landmarks:

- A cron job no one dares to delete.
- A retry loop added after “that one incident.”
- A feature flag that’s been on for three years.

PRs avoid these areas on purpose.
Refactors stop one directory before them.

That’s how software ages.

The real skill didn’t change:

- Do you know what to build?
- Do you know what to delete?

The only scary part of AI coding is how quickly it turns “I don’t understand this” into “good enough to merge.”

Everyone’s acting like “AI dev” is a new job.

It’s not.

It’s the same job, with a new way to lie to yourself.

Before, you could ship spaghetti and still feel like an engineer because you personally typed it.

Now you can ship spaghetti faster and call it “leverage.”

Resumes reward novelty. Production rewards restraint.

Your anxiety lives in the gap between the two.

A surprising amount of tech anxiety comes from optimizing for the next job while doing the current one well.

Nothing screams "we’re mature now" like hiring your first SRE to translate vibes into incident reports.

If AI can replace the work you loved, either it was never very hard, or you stopped pushing it somewhere interesting.

Stability is what teams ask for.

Adaptability is what hiring loops test for.

Most careers get stretched thin trying to satisfy both.

Turns out “being useful to AI” isn’t a sustainable business model.