MoreRSS

site iconThe Practical DeveloperModify

A constructive and inclusive social network for software developers.
Please copy the RSS to your reader, or quickly subscribe to:

Inoreader Feedly Follow Feedbin Local Reader

Rss preview of Blog of The Practical Developer

Security news weekly round-up - 6th February 2026

2026-02-07 05:23:16

The world is ever evolving and attackers sometimes use tried and tested methods to breach their targets. With the popularity of Generative AI, both defenders and attackers have a new tool in their arsenal. Who is going to win? Time will tell. Also, are you stuck on social media for hours without knowing it? It's high time that you minimize your screen hours.

eScan Antivirus Delivers Malware in Supply Chain Attack

First, you are not reading the title wrong. Yes, you read that right; an antivirus delivered malware. Are we safe at all?

From the article:

Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally.

The affected users received a malicious ‘Reload.exe’ file, designed to kick off a multi-stage infection chain. The file modified the HOSTS file to block automatic updates, established persistence through scheduled tasks, and downloaded additional payloads.

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

Once upon a time, it was my favorite code editor. Now, it's suffered a supply-chain attack? No. Now, seriously. It turned out that some users were the target and not the entire users of Notepad++.

Here is what happened:

According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org.

The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled server malicious update manifests.

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign

There is nothing much to say about this. It's another misuse of Generative AI. Meanwhile, a key lesson that you should take away from the article is the following: be on the lookout for websites impersonating your brand and take action against them as fast as possible.

From the article:

The primary purpose of these clones appears to be a repeat victimization of subjects already victim to previous fraud. The lure is a cloned legal site offering to recover money already lost to prior fraud, noticeably stating that no payment will be required before the lost funds are recovered.

EU says TikTok faces large fine over "addictive design"

Doom scrolling, among other things, it's why TikTok is facing the fine. By reading this article, you should learn to limit your screen time and know that these platforms are now designed to take much of your attention without you even knowing. You'll think: I'll just check one post and before you know it, hours have gone by!

From the article:

"Social media addiction can have detrimental effects on the developing minds of children and teens, said EU tech commissioner Henna Virkkunen on Friday.

"The Digital Services Act makes platforms responsible for the effects they can have on their users. In Europe, we enforce our legislation to protect our children and our citizens online."

Credits

Cover photo by Debby Hudson on Unsplash.

That's it for this week, and I'll see you next time.

From Red CI to Green PR — Automatically, Safely, and with Evidence

2026-02-07 05:22:38

This is a submission for the GitHub Copilot CLI Challenge.

What I Built

I built copilot-ci-doctor, a CLI tool that diagnoses and fixes GitHub Actions CI failures using GitHub Copilot CLI as its core reasoning engine.

Instead of manually digging through noisy logs and guessing fixes, the tool turns a failed CI run into a structured, evidence-based workflow:

failure → evidence → reasoning → safe fix → green CI → Pull Request

Given a failed workflow, copilot-ci-doctor:

  • Collects a tagged Evidence Bundle (repo metadata, failed jobs, logs, workflow YAML)
  • Uses GitHub Copilot CLI to reason about the failure
  • Explains why the CI failed in plain English
  • Generates minimal, safe patch diffs with confidence scores
  • Iteratively applies fixes until CI passes
  • Automatically opens a Pull Request against main

This is not log summarization or autocomplete.
Copilot is used as a reasoning engine that must justify its conclusions using evidence.

Demo

40-second end-to-end demo (recommended viewing):

copilot-ci-doctor demo

One command → failing CI → Copilot reasoning → safe fixes → green CI → PR

npx copilot-ci-doctor demo

What the demo shows:

  1. A demo repository is created with a deliberately broken GitHub Actions workflow
  2. CI fails ❌
  3. copilot-ci-doctor enters an automated loop:
  • analyzes the failure
  • explains the root cause
  • proposes a minimal patch
  • applies and pushes the fix
  • waits for CI to re-run
    1. The process repeats (multiple iterations if needed)
    2. CI turns green ✅
    3. A Pull Request is automatically opened with the fix

The demo handles real GitHub latency and shows the full lifecycle, including:

  • multiple CI failures
  • diff previews
  • iteration scoreboard
  • final PR link

Source code and demo assets:
https://github.com/manojmallick/copilot-ci-doctor

npm package:
https://www.npmjs.com/package/copilot-ci-doctor

My Experience with GitHub Copilot CLI

This project fundamentally changed how I think about GitHub Copilot.

Instead of using Copilot to write code, I used GitHub Copilot CLI to reason about systems.

Copilot CLI is used to:

  • analyze CI evidence and form ranked hypotheses
  • explain failures in plain English (including why CI fails but local passes)
  • generate minimal unified diffs, not full rewrites
  • attach confidence scores and risk levels to each fix

To make this reliable:

  • Every Copilot response must follow a strict JSON contract
  • Every conclusion must reference evidence IDs (E1, E2, …)
  • Patch diffs are validated and normalized before being applied
  • A single-call mode combines analysis + explanation + patch to reduce token usage by ~60%

The result is a workflow where Copilot behaves less like an assistant and more like a careful, explainable CI engineer.

This challenge pushed me to think beyond autocomplete and explore how Copilot CLI can safely automate complex, real-world developer workflows.

The 2026 Developer's Guide to Free Google Cloud Credits (For AI & Side Projects)

2026-02-07 05:14:54

If you’re a beginner or developer who wants to pursue a career in AI in 2026, you can’t ignore the relationship between Large Language Models (LLMs) and cloud computing, because they’re inextricably linked.

This is not just about "saving money" on hosting. This is your perfect opportunity to learn enterprise-grade cloud architecture at zero cost.

The Logic is Simple:
Cloud providers (Google, AWS, Azure) are fighting for market share in the AI era. They are subsidizing developers like us to build on their platforms.

My Advice:
Don't get bogged down in the underlying complexity immediately. Your goal should be to take a product from 0 to 1. If you don't understand the infrastructure code, ask AI. But get your hands dirty.

If you seriously spend the ~$2,300 in credits outlined below, your practical experience with Vertex AI, Firebase, and Cloud Run will put you ahead of 99% of your peers.

A Note on Anxiety

Stop letting social media hustle-culture panic you.

I have a double master's in Statistics and Data Science. I've been working full-time in AI since 2020. And honestly? It took me until this year to really feel like I understood the full end-to-end stack.

If pros take years, you are allowed to take months.
You don't need to "master AI overnight." You need a plan.

The 2026 Micro-Plan

  1. Pick a Stack: Don't overthink it. (e.g., Next.js + Firebase + Vertex AI).
  2. Solve One Small Problem: Every week, fix one tiny issue in your project.
  3. Build for Yourself: Don't build to get rich. Build to learn. By the time summer hits, you'll have a portfolio piece while everyone else is still debating which framework is "dead."

Step 1: The $300 Free Trial (The Right Way)

Most people sign up, spin up a VM, forget about it, and let the credit expire. Don't do that.

This is your "sandbox." Use it to break things.

🚀 Critical Step: Activate "Tier 1"

This is the secret sauce most tutorials miss. When you sign up, you are often placed in a restricted "Free Trial" sandbox. You want to upgrade immediately.

How to do it:

  1. Go to the Google Cloud Console Billing page.
  2. Look for the banner that says "Activate" or "Upgrade".
  3. Confirm your payment method.

Why do this?

  • 🔓 Unlock Hardware: You gain access to GPUs and Windows Server instances.
  • 🚀 AI Rate Limits: It significantly increases your quotas (RPM/TPM) for Gemini and Vertex AI models.
  • 💰 It's Still Free: Upgrading does not wipe your $300 credit. Your usage still pulls from the free credit first. You are only charged if you burn through the $300 (or use services explicitly excluded from the trial).

Step 2: The Startup Program ($2,000+)

Once your 90 days are up, or you've built a Minimum Viable Product (MVP), you graduate to the Google for Startups Cloud Program.

  • The Tier: Bootstrap Tier.
  • The Offer: Up to $2,000 USD in credits.
  • Validity: Typically 1-2 years.
  • Link: cloud.google.com/startup

Requirements

To qualify for the Bootstrap tier, you generally need:

  1. An early-stage project (unfunded/bootstrapped is fine).
  2. A company website and a domain.
  3. A working demo or code repository.
  4. Tier 1 Activation: As mentioned above, your account must be linked to a valid payment instrument.

What to Spend It On?

Don't just buy VMs. Use the managed services that save you time:

  1. Firebase: The cheat code for shipping apps fast (Auth, Database, Hosting all-in-one).
  2. Vertex AI: Access Gemini Pro and Imagen directly via API without managing servers.
  3. Cloud Run: Serverless container deployment.
  4. Google Maps: You get a separate ~$200/month recurring credit for Maps Platform usage.

Summary

The era of "renting intelligence" is here. You have access to the same tools as billion-dollar companies.

  1. Grab the $300.
  2. Upgrade to unlock the real tools.
  3. Build a prototype.
  4. Apply for the $2,000 startup tier.

Start today. In six months, you'll be glad you did.

2024-2025 Retrospective

2026-02-07 05:12:17

I'm writing this from my home office, our new puppy Theo zooming around like a maniac in the background. It's been almost two years since I wrote about burnout and breaking into tech, and yeah yeah, I probably should've posted an update sooner. But here we are.

Spoiler: I'm still in tech, still occasionally burned out, and I've switched jobs twice. Let's get into it.

Wins

2024

  • 2 years of being married to my wonderful supportive wife, Leah (she's been my biggest cheerleader through all of this)
  • I gave my first conference talk at THAT Conference (RIP). Terrifying and exhilarating in equal measure
  • Met some amazing new people
  • Landed my first job in Software Development at This Dot Labs 🎉

I GOT THE JOB!!!

2025

  • 3 years of being married to my wonderful supportive wife, Leah
  • Leah and I got our first puppy, Theo 🐶
  • Landed my second job in Software Development at Commerce 🎉
  • Attended Render ATL
  • Attended my first conference as a sponsor running a booth at Commit Your Code in Dallas, TX.
  • Built some fun legos
  • Traveled to one of my dream destinations I've been wanting to visit, Banff Canada 🇨🇦

Our new puppy Theo

Let's Talk About Jobs

Who would have thought breaking into tech would lead to switching jobs twice in the same year!? Like, what!?

I'm not going to get into all the details, but here's the honest version: I was genuinely happy at This Dot Labs. Great team, interesting work, and definitely wasn't looking to leave. But then Commerce reached out with an opportunity that checked boxes I didn't even know I had. More hands-on coding and a chance to get into Developer Experience work.

Making that decision was harder than I expected. Leaving a good thing for something potentially better is scary. But I took the leap, and so far? No regrets.

The lesson here: sometimes opportunities find you when you're not looking. Stay open.

Burnout (Again, But Different)

A few years ago, I was burned out from the endless apply-reject-repeat cycle. This time? It was different.

I pulled back from posting on social media. Obviously, no blog posts happened. I wasn't showing up in the tech community like I used to. But here's the thing: I gave myself permission to do that.

After fighting so hard to break into tech, I needed to actually be in tech. To focus on my new roles, learn the ropes, and not feel guilty about going quiet. That break wasn't failure; it was necessary.

But now I'm back. Rested-ish. Ready to write, post, and reconnect with the community that helped me get here.

The Future

I'm beyond stoked for what's to come in 2026. I'm ready to get back to writing more technical posts, and would love to make a video or two. I want to dive more into my creative side along with software development. So I'm stoked to explore all of that!

Goals for 2026:

  • Write more blog posts
  • Start a monthly newsletter
  • Make a video or two and post to YouTube
  • Speak at more conferences
  • Go to at least one conference
  • Build more side projects
  • Learn as much as I can about AI, LLMs, and the craziness that is happening in the tech world

Final Thoughts

If you're in that quiet season right now — the one where you're not posting, not building side projects, maybe just surviving — that's okay. Sometimes progress looks like showing up to your job and doing your best. That counts.

Catch you in the next post.

Moments From the Journey

2024

Leah & Chris

That Conference Talk

That Conference TX

Lee Rob at Render ATL

Jason & Chris at Render ATL

2025

Render ATL with the Bros

Render ATL with James

Commit Your Code

Legos

Banff Canada

Day 6 of #100DaysOfCode — Introduction to TypeScript

2026-02-07 05:05:28

If you're building modern JavaScript applications — especially with React, TypeScript has probably shown up everywhere. Today was my Day 6 of #100DaysOfCode, and I focused entirely on understanding TypeScript Basics.

What Exactly Is TypeScript?

TypeScript is a typed superset of JavaScript created by Microsoft.
It adds static type checking on top of regular JavaScript, meaning you can catch errors before your code even runs.

At its core, TypeScript:

✔ Compiles down to plain JavaScript
✔ Helps prevent runtime bugs
✔ Improves developer experience through IntelliSense, auto-suggestions, and compile-time feedback

If JavaScript is flexible clay, TypeScript is that same clay — but with strict parents watching to make sure you don’t create a monstrosity.

🤔 Why Even Use TypeScript When We Already Have JavaScript?

JavaScript is great — but it’s forgiving… like “sure buddy, do whatever you want” forgiving.
Typos, wrong data shapes, missing properties, and incorrect function arguments often only show up at runtime to say "Surprise", or even worse, in production to ruin your weekend 😫.

TypeScript helps by:

  • Catching errors during development
  • Making code easier to document and maintain
  • Providing better tooling (autocomplete, hints, refactoring safety)
  • Helping large teams scale codebases without chaos

In short: TypeScript prevents bugs and boosts productivity.

TypeScript Basics

1. Annotating Variables

Typing variables is one of the first steps in learning TypeScript.

let username: string = "John";
let age: number = 25;
let isLoggedIn: boolean = true;

You explicitly define each variable's type so TypeScript can enforce it.

2. Typing Arrays

TypeScript allows you to specify that an array contains only certain types.

let scores: number[] = [80, 90, 100];
let fruits: string[] = ["apple", "banana", "mango"];

Or using generics:

let ids: Array<number> = [1, 2, 3];

3. Typing Objects

Object typing ensures the shape of your object stays consistent.

let user: { name: string; age: number } = {
  name: "Alice",
  age: 30
};

4. Union Types

Union types allow variables to accept multiple possible types.

let status: "success" | "error" | "loading";
status = "success";

Or:

let id: number | string;
id = 101;
id = "ABC123";

5. Function Types

Typing function arguments and return values leads to safer code.

function greet(name: string): string {
  return `Hello, ${name}!`;
}

Arrow functions work the same way:

const add = (a: number, b: number): number => {
  return a + b;
};

6. Type vs Interface (Basics)

Both type and interface help you describe object shapes.
They’re similar but have key differences:

  • interface → extensible, great for object structures
  • type → more flexible (can combine unions, primitives, tuples, etc.)

Example using type:

type Car = {
  brand: string;
  year: number;
};

let myCar: Car = { brand: "Toyota", year: 2022 };

Example using interface:

interface Person {
  name: string;
  age: number;
}

const employee: Person = { name: "Sara", age: 28 };

Note:
👉 Use interface for objects, type for unions — but both work fine.

TypeScript in React

TypeScript fits naturally into the React ecosystem.
It improves component reliability, catches prop mistakes early, and boosts autocompletion in large apps.

Let’s look at two essential concepts.

1. Typing Props in React

Create a props type or interface, then pass it to your component:

type ButtonProps = {
  label: string;
  disabled?: boolean; // optional
};

const Button: React.FC<ButtonProps> = ({ label, disabled }) => {
  return <button disabled={disabled}>{label}</button>;
};

Now your component is safer:

  • label must be a string
  • disabled is optional but must be boolean if provided

2. React Type Inference

TS can infer types automatically based on usage.

const counter = 0; // inferred as number

const handleClick = () => {
  console.log("Clicked!");
}; // inferred as () => void

React hooks also infer types:

const count = 0; // inferred as number

function Counter() {
  const [value, setValue] = React.useState(0); 
  // inferred: value = number, setValue expects number

  return (
    <button onClick={() => setValue(value + 1)}>
      Count: {value}
    </button>
  );
}

You only need to manually specify types when state is complex.

Final Thoughts

Learning TypeScript feels intimidating at first, but once you understand the basics — variables, types, functions, arrays, objects, unions, and React props, everything starts becoming clean and predictable.
TypeScript's verbosity may seem like it is slowing you down.
But in reality, it guides you, protects you, and helps you to build scalable, bug-free apps.

Day 6 is officially done — onwards to Day 7!

Introducing ShypChat — A Simple, Fast, Modern Omegle Alternative

2026-02-07 05:01:00


Do you miss minimalist random chat apps but want something built with modern web technology? I’ve just launched ShypChat — a free, privacy-focused Omegle-style chat solution that lets you connect with strangers instantly, without accounts or ads.

👉 Try it now: click Here