Building fast systems, secure pipelines and maintainable AI-driven engineering
🎯 Featured Article
🛑 axios Compromised on npm — Malicious Versions Drop Remote Access Trojan
A major supply chain attack highlights how a single compromised maintainer account can inject malware into widely used libraries.
⬢ Exposes how transitive dependencies can silently introduce critical vulnerabilities
⬢ Emphasizes the need for stricter package verification and runtime monitoring
⏩ TL;DR (Quick Recap)
⬢ Prioritize supply chain security as attacks increasingly target package ecosystems
⬢ Balance performance and scalability with real capacity planning, not shortcuts
⬢ Treat AI-assisted development as engineering discipline, not blind acceleration
⬢ Evolve beyond defaults (Spring Boot, REST) to modern architectures and tooling
☕ JVM Corner
📊 The State of Java 2025
A comprehensive snapshot of how Java developers work, tools they use, and how AI is reshaping the ecosystem.
⬢ Highlights steady Java evolution while maintaining backward compatibility
⬢ Shows increasing adoption of AI-assisted development workflows
🔗 GraphQL for Java Developers
An introduction to GraphQL as a solution to REST inefficiencies in modern APIs.
⬢ Reduces over-fetching and excessive API calls in frontend-heavy apps
⬢ Simplifies API evolution with schema-driven design
🧱 JEP 500: Prepare to Make Final Mean Final in JDK 26
Java moves toward stricter immutability guarantees by limiting reflection hacks.
⬢ Introduces warnings for mutating final fields via reflection
🍃 Spring Updates
🚀 If You Only Know Spring Boot, You’re Already Behind — 13 Java Frameworks to Learn Next
A push to explore modern frameworks optimized for cloud-native performance.
⬢ Encourages diversification beyond traditional Spring Boot stacks
⬢ Highlights frameworks focused on startup time and memory efficiency
📬 Deep Dive into Kafka Offset Commit with Spring Boot
A detailed look at how Spring Kafka manages message consumption and offsets.
⬢ Explains batch processing and default consumer behavior
⬢ Shows how offset strategies impact reliability and throughput
🤖 Spring, Build Me a Coding Agent
Building autonomous AI agents directly into Spring applications.
⬢ Demonstrates agent loops with reasoning and tool selection
🏗️ Spring Boot Done Right: Lessons From a 400-Module Codebase
Real-world lessons from a massive, production-grade Spring Boot system.
⬢ Shows modular architecture at extreme scale
⬢ Emphasizes extensibility and long-term maintainability
🧩 Using Spring Data JPA with Kotlin
Explores how Kotlin integrates with JPA despite Java-centric origins.
⬢ Addresses interoperability challenges and best practices
🔍 Extra Reads
Architecture & Scalability
⚖️ Queueing Requests Queues Your Capacity Problems, Too — Queues hide scaling issues instead of solving them.
📐 7 More Common Mistakes in Architecture Diagrams — Avoid clarity and communication pitfalls in system diagrams.
🌐 From Custom to Open: Scalable Network Probing and HTTP/3 Readiness with Prometheus — Slack’s journey toward better observability for modern protocols.
📡 One tip for successful OpenTelemetry projects — Adoption succeeds with minimal disruption.
AI Engineering & LLM Systems
🧠 Anatomy of the .claude/ Folder — Breaks down structure behind modern AI coding setups.
📚 From zero to a RAG system: successes and failures — Lessons learned building large-scale retrieval systems.
🧩 Encoding Team Standards — Treat prompts and AI rules as versioned engineering assets.
⚙️ The plumbing behind Claude Code — Reveals practical design patterns behind AI tools.
AI Culture & Development Practices
⚠️ Slop Is Not Necessarily The Future — Argues quality will outcompete low-effort AI code.
🧭 Vibe Coding Got Us Here. Can Spec-Driven Development Save Us? — Advocates structured engineering over AI-driven improvisation.
🛠️ It’s a Poor Craftsman Who Blames His Tools — Reflects on responsibility in AI-assisted creation.
🤖 Gemma 4 — Introduces new efficient open models optimized for performance-per-parameter.
Originally posted on marconak-matej.medium.com.