#backporting

#backporting

Akismet launched in 2005 as a web service to classify user-generated content as spam or not, quickly gaining popularity among bloggers facing spam issues.

A global survey of 2,039 Java developers published today finds 63% reporting that dead and unused code adversely affects their team's productivity, with 22% describing the impact of that technical debt as being severe. Conducted by Dimensional Research on behalf of Azul, a provider of a distribution of OpenJDK, the survey also finds that more than half (56%) now deal with a Common Vulnerability and Exposure (CVE) involving Java on a daily or weekly basis.

Dependabot sounded the alarm on a large scale. Thousands of repositories automatically received pull requests and warnings, including a high vulnerability score and signals about possible compatibility issues. According to Valsorda, this shows that the tool mainly checks whether a dependency is present, without analyzing whether the vulnerable code is actually accessible within a project.

This extends to the software development community, which is seeing a near-ubiquitous presence of AI-coding assistants as teams face pressures to generate more output in less time. While the huge spike in efficiencies greatly helps them, these teams too often fail to incorporate adequate safety controls and practices into AI deployments. The resulting risks leave their organizations exposed, and developers will struggle to backtrack in tracing and identifying where - and how - a security gap occurred.

GitHub engineers recently traced user reports of unexpected "Too Many Requests" errors to abuse-mitigation rules that had accidentally remained active long after the incidents that prompted them. According to GitHub, the affected users were not generating high-volume traffic; they were "making a handful of normal requests" that still tripped protections. The investigation found that older incident rules were based on traffic patterns that were strongly associated with abuse at the time, but later began matching some legitimate, logged-out requests.

The real cost of poor observability isn't just downtime; it's lost trust, wasted engineering hours, and the strain of constant firefighting. But most teams are still working across fragmented monitoring tools, juggling endless alerts, dashboards, and escalation systems that barely talk to one another, which acts like chaos disguised as control. The result is alert storms without context, slow incident response times, and engineers burned out from reacting instead of improving.

We build production platforms with AI every day, and we work with teams doing the same with their own stack -Cursor, Claude Code, Copilot. The difference shows up fast. By day two, some codebases are already harder to change than they were yesterday. Others keep getting easier. The difference is never the model. It's what the code lands in. The teams we work with that hit a wall? It's always the same story.

Your coding apprentice can build, at your direction, pretty much anything now. The task becomes more like conducting an orchestra than playing in it. Not all members of the orchestra want to conduct, but given that is where things are headed, I think we all need to consider it at least.

Central to the GA release is Agentic Chat. This functionality builds on the previously introduced Duo Chat but goes a step further by leveraging context from virtually every part of GitLab. Think of issues, merge requests, CI/CD pipelines, and security findings. Agentic Chat can not only advise, but also actually perform actions on behalf of developers, depending on the rights and approvals that have been set.

Industry professionals are realizing what's coming next, and it's well captured in a recent LinkedIn thread that says AI is moving on from being just a helper to a full-fledged co-developer - generating code, automating testing, managing whole workflows and even taking charge of every part of the CI/CD pipeline. Put simply, AI is transforming DevOps into a living ecosystem, one driven by close collaboration between human judgment and machine intelligence.