📰 Dev.to · Gabriel Anhaia

The 10 subtle Go bugs that pass go vet, pass tests, and ship to production. Updated for Go 1.26: no loop-variable retreads, no nil-map filler, just the mistakes

Generics shipped in Go 1.18. Four years later, the Go team has quietly written the best style guide that exists: the standard library itself. Here's what they g

A ctx parameter your function never reads from is worse than no ctx at all. The five context mistakes that pass code review, and what correct usage looks like i

Go 1.26 shipped a built-in goroutine leak profile almost nobody's talking about. Here's how it works, the 4 structural patterns that cause most leaks, and which

CPU, heap, mutex, and the new goroutine leak profile in Go 1.26. How to capture them, how to read them, and the three profile shapes you'll actually see in prod

When your service needs to save an order AND reserve inventory atomically, reaching for *sql.Tx breaks everything. Here's the Go-native alternative.

If your domain package imports database/sql, your architecture has a hole. Here's the one rule that holds hexagonal architecture together — and how to enforce i

Three layers, three strategies. Domain tests with no infrastructure. Adapter tests with httptest. Integration tests for wiring. Here's the playbook.

In Java you need a DI framework to decouple layers. In Go, implicit interfaces do it for you — if you know where to define them.

Most Go services start clean and rot within a year. Hexagonal architecture fixes that — and Go's implicit interfaces make it feel native, not bolted on.

Between March 19-27, 2026, attackers compromised Trivy, KICS, LiteLLM, and Telnyx with the SANDCLOCK credential stealer. The security tools meant to protect pip

Brian Armstrong's one-week AI ultimatum ended careers. The 33% AI code metric hides more than it reveals. And every engineering org should be paying attention t

A startup mandated AI coding tools, a junior shipped what the tools produced, and leadership handed him a termination letter. Reddit lost its mind. The real fai

Cursor 3 shipped agent mode with a silent code revert bug, runaway billing, and undisclosed model sourcing. A breakdown of what's broken, what it costs, and how

On March 31, 2026, a state-sponsored attacker pushed malware through axios — npm's most popular HTTP client. Here's the full technical breakdown, the exact comp

GitHub flipped a default-on switch that feeds Copilot interaction data from Free, Pro, and Pro+ users into AI training. The deadline to opt out is April 24, 202

HBR confirmed what engineers suspected: companies are firing developers for AI's potential, not performance. Here's the data they're ignoring and the code AI st

LibreOffice purges developers, Euro-Office triggers AGPL lawsuits, HashiCorp sics IBM's lawyers on OpenTofu, Redis goes through three license changes. The open-

The engagement patterns you ship every sprint, infinite scroll, autoplay, notification timing, just became legal liability. A look at what 'addictive by design'

Two caching bugs and zero transparency turned a $200/month plan into a 48-hour experiment. Here's what broke and what it means for AI billing.

A developer said 'clean this up.' The AI agent heard 'DELETE FROM everything.' Real incidents, real code, and the defensive patterns that might save your data.

CodeRabbit's data confirms AI code ships more defects. But the numbers alone don't tell the story. The code examples do.

Apple quietly started rejecting Replit, Vibecode, and other AI coding apps. The official excuse is Guideline 2.5.2. The actual reason is money.

Developers accept 40-60% of AI suggestions without thinking. Debugging skills are rotting. Junior devs never build foundations. Here's the data.