Seroter's Daily Reading — #791 (May 26, 2026)
Seroter's Daily Reading·
Listen: https://blossom.nostr.xyz/6995c6d2a9781855477ec57ba30ec20af43a1692ac21c671b6bff455b772735e.mpga
Source: Seroter's Original Post
Episode 791 — May 26, 2026
Seroter opens this week's list with a thread that runs through a lot of what this moment in software engineering feels like: not just which AI tools to use, but how to work differently now that they're real. That framing shows up in almost everything here, so let's dig in.
Starting with the Carnegie Mellon Software Engineering Institute on Managing Architectural Risk During Agile Development. Seroter flags this as maybe feeling quaint in 2026, and that's fair, but the piece makes a strong case that quality attributes and architecture patterns haven't stopped mattering. The argument is that architecture issues discovered late in a system's life are often impossible to fix, not just expensive. They propose a process drawn from Agile Architecture Risk Management and Continuous Risk Management that gets design decisions evaluated continuously during sprints rather than treated as an upfront phase. The key artifact is a pattern and quality attribute tradeoff matrix that shows which design patterns support which system properties. For example, the observer or pub-sub pattern makes compatibility and modifiability easier to achieve but trades off on reliability. Getting teams to use this matrix early in development, even informally, helps catch where a pattern choice might work against what the system actually needs at runtime. It's not new thinking, but it's a useful reminder that "move fast and break things" doesn't absolve you of knowing what you're building toward.
From The New Stack, a piece on CI wasn't built for coding agents. Here's what comes next. The core insight is simple: agents iterate in seconds and can't wait fifteen or thirty minutes for a remote pipeline verdict. So they ship from the inner loop, and the inner loop only runs whatever validation it can mock up locally. The piece, from Signadot, proposes moving integration testing into the agent's session using what they call plans. A plan is a small, agent-authored end-to-end check that runs against a real ephemeral environment in seconds. The workflow looks like: agent makes a change, picks the right plan via a selection hint, runs it against a live cluster, gets a failure report if something breaks across a service boundary, and fixes it before opening a PR. The environment underneath is on-demand and isolated so it doesn't conflict with other work. This collapses the old split between an inner loop that's fast but synthetic and an outer loop that's rigorous but slow. The plan becomes the shared primitive that works in both places.
Google's Agent Executor is an open-source runtime for running AI agents in production. It's designed for long-running workflows that might span hours or days, with features for resuming after outages, reconnecting after client disconnects, and branching from checkpoints when exploring different execution paths. Security comes through sandboxed components with a default-deny network posture. Agent Executor supports the Agent2Agent protocol and can work with agents built in LangChain, LangGraph, or Google's own Agent Development Kit. There's also a companion project called Agent Substrate that adds a scheduling layer on top of Kubernetes tuned for agent workloads, which Google notes can involve millions of short tool calls rather than thousands of long-running services. It's early, but the industry clearly needs standard primitives for agent execution and resumption, and this is one to watch.
From Arielle Jackson at First Round on "AI-Powered Isn't a Position". The argument is that AI has become a feature, not a differentiator, and companies that still lead with it are increasingly indistinguishable from each other. She draws on bottled water as an example: Evian and Liquid Death are functionally identical products, yet they built completely different brands because they made clear, opinionated choices about who they were for and what they believed. The advice for founders is to start with a point of view that genuinely attracts some people and repels others, then let positioning and design flow from that foundation. She walks through Nike, Duolingo, and Anthropic as examples where distinctive beliefs showed up consistently across product choices and public actions, not just in marketing copy. Cursor gets a specific callout as a company that's had to keep repositioning as the AI tooling landscape moved fast, which Jackson frames as the job rather than a failure. The deeper point is that good positioning is a living thing you revisit every few months, not a tagline you lock in and leave.
Guillaume Laforge on the Google blog walks through Wiring ADK Kotlin agents in an Android application. He's explicit that he's not an Android or Kotlin expert, which makes the walkthrough especially useful as a signal of how approachable this has become. The steps cover adding dependencies, reading an API key from local properties, defining an agent with a search tool using the Gemini model, and hooking it into a ViewModel that streams responses back to the UI using SSE. The agent itself is processed at compile time via Kotlin Symbol Processing. It's a concrete, working example of what the tooling now makes straightforward to assemble.
Google's Threat Intelligence team on 2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services. Seroter says to respect the title, and you should. The post covers services like YY Lai Yu that now offer more than four hundred phishing templates targeting Japanese residents, including brand impersonation for Amazon, Apple, Nintendo, PayPay, and others, plus lures around loyalty points and cost-of-living补贴. The operators have developed anti-bot mechanisms that require a manual click before the actual phishing page loads, adding a layer that successfully blocks automated analysis. The panel lets customers blocklist specific card types by BIN number and manage phishing infrastructure at scale. The outlook is that these operators are refining tooling to maximize impact, and defenders need to move beyond user awareness training toward technical controls like FIDO2 and WebAuthn to make stolen credentials harder to weaponize.
From Bakadesuyo, an interview with David Epstein on his book Inside the Box on The Counterintuitive Way To Get Better At Anything. The most useful single constraint is monotasking, and Epstein notes that after years of trained task-switching, people often experience intrusive thoughts when they try to focus on one thing, which is their nervous system maintaining its usual pattern of interruption. The remedy is to write those thoughts down and push them off, what he calls cognitive outsourcing. Another underused constraint is satisficing from Herbert Simon: proactively define what good enough looks like for a given decision and stop when you hit it, rather than maximizing across every option. Teams are advised to replace brainstorming with brainwriting, where everyone writes ideas separately before sharing as a group. Research from Carnegie Mellon, MIT, and Google's own internal studies shows that equal conversational turn-taking is a hallmark of the most intelligent teams, and the brainstorming format structurally favors whoever is least inhibited.
What we've learned building cloud agents from Cursor. They lead with a key lesson: the development environment is the product. Cloud agents need a full development environment rebuilt from scratch in the cloud, and it turns out that subtle degradation in output quality usually traces back to an environment that isn't quite complete. They moved their agent loop onto Temporal for durable execution, which handles retries, scheduling across machines, and recovery from node failures. Today more than forty percent of Cursor's own PRs come from cloud agents, and Temporal processes more than fifty million actions per day across seven million workflows. They've also decoupled the agent loop, machine state, and conversation state so each can be managed independently. The harness philosophy has shifted over time from double-checking every agent action to getting out of the way and trusting the agent to use tools, because models got good enough to make the hand-holding counterproductive.
Announcing Dart 3.12 from the Dart team includes private named parameters for constructor syntax and an experimental preview of primary constructors that lets you declare a class and its fields in a single line. There's a Genkit Dart preview for building AI-powered agentic apps with support for multiple model providers, and a Cloud Functions for Firebase announcement bringing Dart to serverless backends. Agentic Hot Reload lets coding agents connected via the Dart MCP server automatically hot reload Flutter apps without manual configuration. The Dart Tooling Daemon exposes connection details through a CLI command the MCP server can discover, so the whole flow from prompt to running code to live reload happens autonomously.
From JetBrains, a Practical Guide to Profiling in Go. The standard library includes pprof, which samples call stacks to help identify CPU bottlenecks, memory issues, and concurrency problems. The guide covers CPU profiling, heap and allocs profiles, block profiling for goroutine synchronization, and mutex profiling for lock contention. A useful clarification: heap shows currently allocated memory by default while allocs shows cumulative allocations since process start, and you can switch between inuse and alloc sampling types in both. The guide also shows how GoLand 2026.1.2 integrates profiling into the IDE with one-click capture for CPU, heap, allocs, goroutine, block, and mutex profiles.
From Google's Cloud team on How we evolved Google's global and data center networks for the AI era. They describe a campus as a computer philosophy that decouples the network into scale-up connectivity within pods, a dedicated east-west fabric for training traffic, and a Jupiter frontend for north-south access. They introduced Virgo Network as a scale-out data center fabric using high-radix switches with a flat two-layer non-blocking topology to minimize latency by reducing network tiers. The design allows domains to evolve independently and can expand across multiple data centers. AI training jobs are uniquely sensitive to tail latency and synchronized bursts of traffic, so the predictability requirements drove architectural changes that separate these concerns rather than trying to handle everything in one network.
Finally, Nolan Lawson on Using AI to write better code more slowly. He pushes back against the assumption that the point of AI coding is to ship slop fast. His approach uses multiple agents from different providers reviewing PRs for bugs, because research shows that the more different models you apply, the lower the false positive rate. He runs Claude sub-agents, Codex, and Cursor Bugbot against each PR, sorts findings by severity, and works through criticals and highs before anything else. He describes how the review process often surfaces pre-existing bugs that predate the current PR, which turns into productive side quests improving overall codebase health. The technique is slower than vibe coding but he finds it deeply satisfying because it's a supercharged version of the careful, quality-focused work he was already trying to do before LLMs.
That's episode 791. Seven articles, eight if you count Dart and Dart's ecosystem updates as separate. Two weeks of deep reading from Seroter's list, and the thread that runs through most of it is the shift from thinking about AI as a tool to think about as a fundamentally new way of working. Whether that's moving validation inside the agent loop, building agent runtimes that run for days, training yourself to monotask so you can work alongside agents, or deliberately slowing down to write higher quality code with AI assistance. The common theme is that the tools have arrived. The interesting question now is how you organize everything around them.
- Managing Architectural Risk During Agile Development — SEI Blog
- CI wasn't built for coding agents. Here's what comes next. — The New Stack
- Google open-sources Agent Executor to run AI agents in production — Developer Tech
- "AI-Powered" Isn't a Position — First Round Review
- Wiring ADK Kotlin agents in an Android application — Glaforge
- 2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services — Google Threat Intelligence
- The Counterintuitive Way To Get Better At Anything — Bakadesuyo
- AI Studio unlocks full-stack vibe coding with Cloud Run, Firebase, and Cloud SQL — Google Cloud
- The 10 Go Error Handling Commandments — Preslav.me
- What we've learned building cloud agents — Cursor
- Announcing Dart 3.12 — Dart Blog
- A Practical Guide to Profiling in Go — JetBrains
- How we evolved Google's global and data center networks for the AI era — Google Cloud
- Using AI to write better code more slowly — Nolan Lawson