Seroter's Daily Reading — #771 (April 27, 2026) — Seroter's Daily Reading

Listen: https://blossom.nostr.xyz/c71fabcb52457df18858b7508f76f111945b8b303a4b76e63e3427c0c02f8179.mpga

Episode 771 — April 27, 2026

Seroter is on vacation this week, spending time at the San Diego Zoo while still managing to read enough for a full reading list. Let's get into it.

Leading off this week: a thorough breakdown of the Google Cloud Next '26 Developer Keynote. A post on Dev.to walks through the full 60-minute live-coding demo — From "Hello World" to "Hello Agents": The Developer Keynote That Rewired Software Engineering. that walked through seven phases of the agent development lifecycle — building, orchestrating, remembering, debugging, deploying, extending, and securing. The demo app was planning a Las Vegas marathon, which sounds like a gimmick but turns out to be a surprisingly honest technical blueprint. The Planner agent used natural language to describe behavior, clicked "Get Code," and the Agent Development Kit generated Python. The Evaluator ran as a sub-agent. The Simulator communicated via the Agent2Agent protocol with Agent Cards. The whole thing used managed MCP servers so the agents didn't have to manage API keys, rate limits, or authentication across dozens of tools. The keynote also showed that Google has fully embraced the two-protocol stack that the industry is coalescing around: MCP for tool access, A2A for agent-to-agent coordination. That's being called the TCP/IP of the agentic internet. One detail worth noting: the no-code Supply Chain agent was registered in the same Agent Registry as the full-code Planner agent, and the Planner called it via A2A without knowing or caring how it was built. That's a meaningful collapse of the wall between developer-built and business-built automation. The keynote ended with Wiz scanning the entire agent ecosystem and generating a security graph with attack paths, while a Red Agent probed for vulnerabilities and a Green Agent proposed fixes. Google's argument wasn't about any single feature. It was that the toolchain is ready — that agent development has left the hackathon phase.

A piece from Info-Tech Research Group digs into the strategic message underneath all the Next announcements — Google Cloud Next 2026: Pichai and Kurian on Why Cloud Is Now an Operating System, Not a Service. Shashi Bellamkonda points out that Sundar Pichai showed up with the demand metrics: $70 billion in annual revenue growing at 48 percent, a $240 billion backlog that's up 55 percent and more than double the prior year, existing customers spending 30 percent faster than contracted. Then Thomas Kurian showed up with the architecture to answer it. The argument is that the cloud market isn't competing on compute or models anymore. It's competing on who can build the control plane for an enterprise where agents run thousands of autonomous workflows. Kurian's answer was Agent Identity, Agent Gateway, Agent Observability, and Agent Anomaly Detection — a coherent governance stack. The data point that stood out: GE Appliances has 800 agents running in production across manufacturing, logistics, and supply chain. Macquarie Bank reclaimed 100,000 hours of employee time with automation. NASA is using agents for flight readiness checks on Artemis II. These aren't pilots. They're operational. The competitive question, according to the analysis, is whether your cloud provider can show you in real time whether an agent is operating within its authorization scope, before the action executes, not after. And whether you can migrate agents to a different cloud without rewriting your governance rules. Google is positioning itself as the platform built for that problem.

Moving on to something older but still sharp: a rundown of twenty software engineering laws — The 20 Software Engineering Laws. Most engineers learn these the hard way, and this piece covers the ones that keep showing up across decades of building software. Gall's Law: a complex system that works is always built from a simple system that worked first. Google Wave launched with chat, email, a forum, and a document editor all at once, and it was dead in fifteen months. Burbn had check-ins, gaming, and photo sharing until the founders cut everything except photo sharing and it became Instagram. KISS: Keep it Simple, Stupid. Anything beyond that is overhead. Then there's Conway's Law: organizations design systems that mirror their communication structure. The piece points out that many AI organizations split research from application engineering, and the output is a model that scores well and a product that doesn't work, because each side optimizes for its own communication boundary. Brooks's Law gets its own mention: adding people to a late software project makes it later. Hofstadter's Law: it always takes longer than you expect, even when you account for Hofstadter's Law. Price's Law: half the work is done by the square root of the people. In a group of a hundred, about ten people actually do half the work. The piece notes that when Musk took over Twitter, it cut staff roughly in half and the site kept running. Price's Law predicted that. What it didn't predict was the loss of depth in trust and safety and incident response — the glue work that keeps the lights on when the next hard problem hits. The piece is a good reminder that some of these laws are sixty years old and still apply because they're not really about software. They're about people building things under time pressure.

Google Labs open-sourced the DESIGN.md format used in Stitch — Stitch's DESIGN.md format is now open-source. This is a spec that lets you define design rules — colors, typography, spacing, accessibility standards — in a machine-readable format. The idea is that AI agents can understand what a color is actually for, not just what its hex value is, and can validate their choices against WCAG rules automatically. It's the kind of interoperability spec that design tools have needed for a while.

On agent memory: a paper from Google Research introduces ReasoningBank — ReasoningBank: Enabling agents to learn from experience, a framework for letting agents learn from both their successes and their failures. Existing approaches generally either record exhaustive action trajectories or only document workflows from successful attempts. ReasoningBank distills useful insights from both. The paper shows gains in both effectiveness and efficiency on web browsing and software engineering benchmarks. The insight is that failures are a primary source of learning that most agent memory systems ignore entirely.

A post from Forrester makes the case that the era of rigid annual roadmaps is over — Roadmaps: Preparing To Self-Destruct In Three, Two, One …. Joe Schiavone argues that tech leaders need to architect modular roadmaps — groups of initiatives with dependencies, where each bucket has an assigned value, so that if one bucket stops, the rest can be evaluated for impact. The argument is built on a real story: a global manufacturing firm planning a full infrastructure refresh across more than thirty locations. Six weeks in, some IP leaked, and security became the only funded initiative. Dependencies cascaded. The planned AP density wasn't sufficient for the new camera loads. Storage calculations were off. Cloud meant latency, so they needed local VMS solutions. The lesson: build in flexibility. The point isn't to abandon roadmaps — it's to design them so that a priority change doesn't make the whole plan obsolete overnight. The CIO's evolving role, in this framing, is less about defining direction and more about enabling change at speed.

A Fast Company piece covers Sundar Pichai's statement — Google CEO Sundar Pichai says 75% of the company's code is AI-generated. that 75 percent of Google's code is now AI-generated and approved by engineers. Seroter is quoted in the piece along with Pichai. The context for this list is the broader Google Cloud Next narrative, but the number itself is worth sitting with. Not that AI is writing code — we've known that — but that it's being written and approved and shipping.

A post from Augment Code digs into what makes an AGENTS.md file actually useful versus actively harmful — A good AGENTS.md is a model upgrade. A bad one is worse than no docs at all. The findings are based on running tasks with and without the file across their internal benchmarks. The best AGENTS.md files produced quality improvements equivalent to upgrading from Haiku to Opus. The worst ones made output worse than having no file at all. The same file could help one task by 25 percent and hurt another by 30 percent in the same module. What works: progressive disclosure over comprehensive coverage — keep the main file to a hundred to a hundred fifty lines and push details into reference files the agent loads on demand. Procedural workflows for multi-step tasks, which moved agents from failing to finishing correctly on first try. Decision tables that force the choice between reasonable approaches up front. Examples from actual production code. And pairing every "don't" with a "do" — warning-only docs consistently underperformed. What doesn't work: too much architecture overview, which pulls the agent into reading dozens of documentation files trying to understand the system before touching code, even on a two-line config change. Excessive warnings without matching alternatives, which makes the agent check each rule for relevance and explore code it doesn't need to touch. The key discovery about how agents find docs: AGENTS.md files are automatically discovered in 100 percent of cases. Reference files out of AGENTS.md get loaded on demand and read in over 90 percent of sessions. Directory READMEs get read in about 80 percent of sessions when the agent works in that directory. Anything nested in subdirectories the agent isn't currently in gets discovered only about 40 percent of the time. Orphan docs in folders nothing references get read in under 10 percent of sessions. AGENTS.md is the only reliable documentation location.

A post on async agent patterns argues that the transport most agents are built on — All your agents are going async. — HTTP request-response — breaks fundamentally when agents start running in the background. The problem: a chatbot streams tokens back on a single open HTTP connection. That connection has to stay open for the response to arrive. But agents are getting crons, webhooks, scheduled tasks, routines. They're running while you work, not while you're watching. HTTP can't handle it. Four scenarios the current transport can't handle cleanly: when the agent outlives the caller, when the agent wants to push unprompted, when the caller changes devices mid-task, and when multiple humans need to be in one session. The post lays out that the problem splits into two halves: durable state — where the agent's context lives so it can resume — and durable transport — how the response gets from the agent to the human across disconnections and device switches. Solutions from Anthropic and Cloudflare mostly solve the state half. Nobody's solved the transport half yet. The post is from someone at Ably, which is building a real-time messaging-based transport for AI agents, but the analysis of the problem is sharp regardless.

A piece on writing improvement pulls together advice from Steven Pinker, Andrew Kevin Walker, David Mamet, Stephen King, and Steven Pressfield — This Is How To Improve Your Writing: 6 Expert Insights. The core insight: your reader is always a flight risk. They don't owe you anything. You earn their attention sentence by sentence. Good writing is clear and conversational. Don't say "perambulate" when you can say "walk." Don't bury the lede. Beware the curse of knowledge — when you know something but forget that everyone else doesn't. Ask whether your writing would make sense to your mom. And the most important question before you start: why should anyone care about this? Not "what do I feel?" but "what will this do in someone else's mind?" Writing is communication, not self-expression. Finished writing is a liar — it hides its labor. Revision is where you admit the joke is funny but belongs in a different essay. Keep cutting. The reader doesn't know what you cut.

Google's Threat Intelligence team published findings from a broad sweep of the public web looking for indirect prompt injection patterns — AI threats in the wild: The current state of prompt injections on the web. Indirect prompt injection is when a website or document contains hidden instructions that an AI system processes silently, potentially following the attacker's commands instead of the user's intent. The scan used Common Crawl — about two to three billion pages per month — with a coarse-to-fine filtering approach: pattern matching for common injection signatures, then Gemini to classify intent, then human validation. Most detections were benign: research papers, educational blog posts, security articles discussing the topic. The categories of real-world abuse they found: harmless pranks, helpful guidance, SEO manipulation, deterrence, and malicious attempts at data exfiltration and destruction. Most were low sophistication. But the trend line is worth watching: a 32 percent relative increase in malicious detections between November 2025 and February 2026. Google expects both scale and sophistication to grow as AI systems become more capable and as threat actors start automating their operations with agentic AI.

AWS announced that WorkMail will be shut down next March and that App Runner is moving to maintenance mode — AWS Ends WorkMail and Moves App Runner to Maintenance Mode. and won't accept new customers after April 30th. Several other less-popular services are also entering maintenance or sunset phases. The community reaction has been mixed. WorkMail was a loss leader that made the broader AWS ecosystem more sticky and convenient — not a revenue driver, but a retention tool. App Runner's deprecation is drawing particular attention because Reddit threads on alternatives are pointing people to Google Cloud Run, with one user noting that Cloud Run is head and shoulders above any container offering on AWS. Corey Quinn called out the announcement as a bold move: fourteen services and features getting deprecated in one blog post. Someone owes him three hundred dollars for a WorkSpaces Thin Client.

Finally, Google Cloud published a list of ten highlighted codelabs from Next '26 covering the new features — Next '26 Hands-On: 10 Codelabs to Build Featured Tech. and services announced at the conference. The list includes building rich agent experiences with ADK and A2UI, multi-agent orchestration, natural language to SQL with AlloyDB, fraud detection with Spanner and BigQuery Graph, securing agents with Model Armor and IAM, grounding agents with Google Maps, deploying and scaling agents on Agent Engine, the Cloud Run zero-to-production guide, building agents with skills, and AI-powered forecasting. There are more than seventy-five total codelabs tagged for the conference on the Google Developers Codelabs site.

That's episode 771 for April 27, 2026. Big theme this week: the agentic infrastructure story at Google is real and it's moving fast, but the governance and security questions underneath it are where the actual competitive differentiation is going to be won or lost. Catch you next time.

Sources