An index of posts published at blog.raed.dev.
- April — Claude Code doesn't trust Claude with permissions — How Claude Code enforces permissions with deterministic code, not model inference. The one LLM-based path is internal-only, fail-closed, and gated behind a feature flag.
#ai #security #architecture - April — Claude Code is a vibe-coded mess. Some of it is actually good. — Ideas worth stealing from the leaked Claude Code source: deferred tool loading, diminishing returns detection, cache-aware context compaction, coalesced background extraction.
#ai #architecture - March — Two wheels, a few tradeoffs, and gas prices — Motorcycles burn half the fuel, take up a third of the space, and will absolutely kill you if you're not careful. I ride one anyway.
#life - March — LangGraph's HITL Has a Double Execution Problem — Checkpoint side effects that silently double-execute tools, plus positional rather than explicit approval binding.
#ai #agents #langgraph - March — Stop Using Chat History As Your Agent's State Store — The flat message model is a presentation-layer format. Using it as a backend execution environment is why your agents drift.
#ai #agents #architecture - March — The Human-in-the-Loop Approval Step in Most Agentic Workflows Is Broken — Servers trusting clients about which tool was approved. Exploitable, and the pattern every SDK tutorial teaches.
#ai #agents #security - March — Security vulnerabilities I found in high school — Stories from school days in Tunisia (2004–2010). Some involve computers, most don't.
#security #life
- January — Framework Fatigue: The Real Reason Developers Get Angry About New Tech — Framework outrage is about employability, not technical merit.
#javascript #career
- October — Scrum doesn't have to suck — A subjective review of what works in scrum and what doesn't, after working with half a dozen teams claiming to be agile.
#process #career - February — The day I canceled my Spotify subscription — From going to extraordinary lengths to access Spotify, to cancelling my subscription years later.
#life
- 2023 (month unverified) — Predictions for the year 2023 — Annual predictions, with the understanding they'll look ridiculous in 365 days.
#meta
- October — The Elephant in the Room of Mastodon Moderation — Joining Mastodon after a decade on Twitter, and the moderation problem nobody was talking about.
#fediverse #moderation - October — Bitwise Operations for the Average Developer — Where shifting and XOR'ing bits actually shows up in CRUD app database models.
#javascript #fundamentals
- August 2018 — Buying a Laptop Online is a Broken Experience — Why it took 8 months to buy a new laptop.
#life - October 2016 — IoT Networks: SigFox vs. LoRa — A comparison of two LPWAN IoT networking standards. SigFox has since ceased operations.
#iot - Myths Developers Believe About Hiring — Seven myths developers hold about how hiring actually works.
#career - Dear recruiters, here is why developers don't respond to your messages](https://blog.raed.dev/posts/recruiters_developers) — On generic recruiter spam and what would make developers actually reply.
#career - 5 Reasons Why Clickbaiting Is Killing You — On clickbait titles and the criticism that comes with them.
#meta - Is Cryptography a lost fight — Post-Snowden thoughts on whether end-to-end privacy is achievable for an average user.
#security #cryptography
#ai · #agents · #langgraph · #architecture · #security · #cryptography · #javascript · #fundamentals · #career · #process · #life · #meta · #iot · #fediverse · #moderation