Forem: Leanid Herasimau

Building Processes in Discovery in the Team

Leanid Herasimau — Wed, 15 Oct 2025 20:49:47 +0000

This guide provides a comprehensive checklist for establishing the essential processes for a new Product Discovery team. Discovery and Delivery teams can operate separately, but their workflows must be tightly integrated.

A typical Discovery team includes product leads, managers, analysts, and UX designers. For technical tasks, team leads and architects join the effort. The team's primary goal is to validate and refine initiatives before they land in the product backlog for the Delivery team to implement.

Discovery answers the questions, 'What should we build?' and 'Should we build it at all?'

Delivery answers, 'How should we build it?'

The Discovery Process Checklist

Team Setup and Roles

Appoint a Discovery Master: This role, which can be filled by a Product Manager, Analyst, or Designer, leads the discovery process.
Ensure Agile Proficiency: The Discovery Master should be well-versed in Agile principles by reading the Scrum Guide, completing foundational training, and passing the Scrum Open assessment with a score of 85% or higher.

Sprint Framework & Ceremonies

Structure Work in Sprints: Organize work into 1 or 2-week sprints to validate and refine initiatives.
Define a Sprint Goal: Start each sprint by defining a clear goal. Prioritize tasks that contribute to this goal first, and don't take on more work than the team's average velocity.
Dedicate Time for Research: Allocate at least 30% of each sprint to clarifying problem and solution hypotheses.
Run Key Meetings: Conduct regular Sprint Planning, Daily Standups, Sprint Reviews (Demos), and Retrospectives to maintain alignment and continuous improvement.

Definitions and Criteria

Definition of Ready (DoR): Establish clear criteria for when a task is ready to be taken into a sprint.
Definition of Done (DoD): Define and adhere to strict quality criteria for completed initiatives. This DoD must be synchronized with the Delivery team's DoR.
Acceptance Criteria: Every task in your project management tool must have specific acceptance criteria or a clear description of the expected outcome.

Backlog and Roadmap Management

Prioritize with a Scoring Model: Use a framework like RICE to assign a confidence level to each backlog item, iteratively validating and adjusting its priority.
Maintain a Forward-Looking Roadmap: Keep a Discovery roadmap planned for at least two sprints ahead to ensure the Delivery team has a steady stream of validated work.
Keep Organized Backlogs: Manage the Discovery backlog (problems and solutions), the sprint backlog, and a separate backlog for retrospective action items in your project management tool.

Customer-Centric Approach

Utilize All Feedback Channels: The team must be proficient in gathering insights from all customer channels, including support, sales, app store reviews, and UX research.
Centralize Insights: Create a single repository for storing all hypotheses, problems, and customer requests to identify recurring themes.
Prioritize the Voice of the Customer: This should be a guiding principle both before and after a product launch.
Assign a VoC Champion: Designate a rotating role within the team each sprint to be responsible for analyzing customer feedback.

Understanding Discovery Sprints

Discovery sprints run in parallel with development sprints, aiming to produce well-researched, validated initiatives for the product backlog. They follow standard Scrum events but stay at least two sprints ahead of development to prevent bottlenecks. The process is rooted in Design Thinking: moving from a symptom to a spectrum of problems, and then to a spectrum of solutions.

Problems Solved by This Approach

Fills the gap in the Scrum guide on how validated items get into the product backlog.
Ensures that only justified initiatives make it into the backlog.
Involves developers early, reducing the risk of poorly defined tasks.
Keeps designers, analysts, and product managers fully engaged in meaningful work.
Promotes systematic evaluation of alternative solutions instead of settling for the first idea.
Feeds the backlog with high-priority items regularly, not just what's available.

Potential Side Effects and Solutions

Problem: Developers feel disconnected. Solution: Maintain an open calendar of Discovery events and invite developers to participate.
Problem: Lack of transparency between teams. Solution: Align schedules. Hold Delivery demos and stand-ups just before the Discovery team's corresponding events.
Problem: Development is waiting for tasks. Solution: The Discovery team must stay 1-2 sprints ahead of the Delivery team.

Discovery Definition of Done (DoD)

The output of a discovery sprint is either a validated problem (to be analyzed further) or a validated solution (ready for the delivery team). Therefore, the DoD has two parts.

DoD for a Problem

What problem are we solving?
What is the root cause of the problem?
How do we know this problem exists (data, feedback)?
Who experiences this problem, and how many of them are there?
How critical is the problem for them (blocker, annoyance)?
How will we measure success if we solve it?
Which other teams or product areas are affected?

DoD for a Solution

What is the proposed solution?
What alternative solutions have been considered (including doing nothing)?
Why is this the best solution for the user and the business?
How will we test that the solution works (e.g., A/B test, user testing)?
What are the success and failure metrics for the test?
How does this solution fit into the overall user journey?
Is this an MVP or the final version? What does the ideal state look like?
How will we inform users about this change?

Useful Resources

#agile #scrum

Anduril Released the EagleEye Helmet That Allows Seeing Through Walls

Leanid Herasimau — Wed, 15 Oct 2025 11:57:22 +0000

Defense technology company Anduril has announced EagleEye, a groundbreaking AI-powered mixed reality helmet. Developed in partnership with Meta, this device is designed to give soldiers tactical advantages, including the ability to see through walls using a network of sensors, drones, and cameras.

Core Capabilities

Heads-up display for mission instructions and data overlays.
Spatial audio and radio frequency (RF) detection for heightened awareness.
Seamless control of drones and other robotic military systems.
Real-time mission rehearsal and coordination in a 3D environment.

Advanced Battlefield Integration

The helmet features both a transparent day mode and a digital night vision mode, along with precise tracking of teammates' locations. By connecting to Anduril's Lattice sensor network, it aggregates real-time data from across the battlefield, enabling soldiers to detect and track threats even when their direct line of sight is obstructed by terrain or buildings.

Protection and Awareness

Full ballistic protection and blast wave suppression.
Expanded field of view with integrated rear and side-view sensors.
Advanced threat detection to alert operators of hidden dangers.

We don't want to give warfighters a new tool—we are giving them a new teammate. The idea of an AI partner integrated into your display has been a concept for decades. EagleEye is the first time it has become a reality.

Anduril

A Strategic Partnership

This collaboration builds on Anduril's existing work, which includes producing border control systems and drones. The company already provides software for the army's current mixed-reality goggles based on Microsoft HoloLens hardware. In February, Anduril and Microsoft announced an expanded partnership, with Anduril taking over the manufacturing and future development of the HoloLens 2-based military program.

The partnership is further strengthened by Meta's increasing involvement in defense. This summer, Meta CTO Andrew Bosworth was one of four tech executives who became lieutenant colonels in the U.S. Army Reserve, leading a new unit called Detachment 201. Together, Anduril and Meta are now competing for a contract to create the next generation of army displays.

#news #anduril

Ghost 6.0: Distributed Publishing, Built-in Analytics, and $100 Million for Independent Authors

Leanid Herasimau — Tue, 14 Oct 2025 19:43:35 +0000

👻 Ghost is a popular open-source platform for blogging, newsletters, and media projects, launched in 2013 as an alternative to WordPress. It focuses on content-centric publishing free from advertising , featuring a minimalist editor, subscription support, and paid content options. The platform is fully open-source for self-hosting, while its commercial version, Ghost(Pro), provides managed cloud hosting and monetization tools.

Think of Ghost as a CMS with the philosophy of Substack. You're not just building a website; you're creating an independent media outlet where you own everything—from the database to your audience.

🚀 What's New in Ghost 6.0

The developers are calling this the "biggest release in the platform's history," introducing major features like networked publishing and native analytics , alongside a modernized infrastructure and numerous enhancements for creators and developers.

🌐 Networked Publishing: Joining the Open Social Web

Ghost 6.0 integrates with decentralized social networks using the ActivityPub protocol. This means readers can now discover, like, comment on, and follow your posts directly from platforms like Mastodon, Threads, WordPress, Flipboard, and other compatible services.

📣 Essentially, every Ghost publication now acts as a 'social profile' visible across the entire federated web.

This marks a return to the spirit of the classic blogosphere , but with modern tools. It fosters direct interaction between creators and readers, free from algorithms, censorship, or hidden ranking.

📊 Native Analytics: No Third-Party Scripts Needed

Previously, creators had to rely on third-party solutions. Ghost now introduces its own native analytics platform that operates without cookies or external trackers , providing insights on:

Page views and traffic sources
Engagement metrics for different audience segments (visitors, free, and paid)
Real-time performance of newsletters and posts

The backend is powered by ClickHouse through a partnership with Tinybird. For self-hosted users, a free integration with the Tinybird API is available, while on Ghost(Pro), analytics is enabled by default.

💸 A $100 Million Milestone for Independent Creators

Ghost co-founder John O'Nolan announced that creators on the platform have collectively earned over $100 million. What began as a sustainable alternative to ad-based media has grown into a thriving ecosystem of independent publishers. Ghost remains managed by a non-profit foundation , ensuring all revenue is reinvested into the open-source platform.

💬 "We're proving that independent media isn't just surviving—it's thriving."

⚙️ Additional User Experience Upgrades

Custom Newsletters: Design custom layouts, preview emails, and even edit them after sending, with built-in anti-spam protection.
Expanded Localization: The interface now supports 60 languages with automatic translation.
Native Comments: Engage your community with built-in comments featuring moderation, sorting, and threaded replies.
Ghost Explore: A new discovery platform to showcase the best independent publications on Ghost.
Enhanced Payments: Accept payments in 135 currencies with support for Apple Pay, Google Pay, and one-time donations.
New Themes: Fresh designs tailored for news (Source), personal blogs (Solo), and podcasts (Episode).

💻 Developer-Focused Changes

Ghost 6.0 officially transitions to Docker Compose for installation. This major update simplifies deploying a multi-service infrastructure (main server, analytics, social gateway) for self-hosted users.

Additional updates include:

New Official Stack: Ubuntu 24, Node.js 22, and MySQL 8.
VS Code Extension: A new extension provides syntax highlighting and live previews.
Google AMP Deprecated: Support for Google AMP has been completely removed (RIP 🪦).
Theme Compatibility: The gscan tool now checks themes for compatibility with version 6.0.

The Bigger Picture: A Decentralized Future

Ghost 6.0 is more than just an update; it's a significant step toward a decentralized and sustainable internet where creators, not platforms, own their content. It signals a return to the open blogosphere, rebuilt on a modern tech stack with federated networks, native analytics, and a flexible architecture.

After 10 years of development and $100 million earned by creators, it's clear: this model works.

#ghost

I Wrote an HTTP Server in Assembly (and It Actually Works)

Leanid Herasimau — Sat, 04 Oct 2025 09:35:18 +0000

Today, we're doing just that. This is a wild, impractical, and incredibly fun experiment. Our mission: to build a functional HTTP server that serves a simple HTML page, using nothing but pure ARM64 assembly language on an Apple Silicon Mac. This isn't about replacing Nginx; it's about peeling back the layers of magic to understand what a web server really is.

But... Why Would Anyone Do This?

Let's be clear: you should not write your company's next microservice in assembly. This is an exercise in pure, unadulterated learning and curiosity. We're doing this to:

Demystify Networking: See firsthand that a web server is just a loop: accept a connection, write some text, close the connection.
Understand System Calls: Learn how a program asks the operating system to do things like open network ports and handle files.
Appreciate Abstractions: After this, you'll have a newfound respect for the frameworks that handle all this complexity for you.
Have Fun: Embrace the hacker spirit of getting as close to the metal as possible!

Step 1: The Blueprint - Setup and Constants

Every assembly program starts with some boilerplate. We need to declare our main function and tell the assembler which system functions we plan to use. On macOS, we don't use raw syscalls directly; instead, we call functions from the system library (libSystem), which is a more stable and portable approach.

// http_server_arm64_macos.s
.text
.globl _main

// We'll be calling these C functions from the macOS system library
.extern _socket
.extern _setsockopt
.extern _bind
.extern _listen
.extern _accept
.extern _write
.extern _close

Next, we define some constants. These are just human-readable names for numbers that the socket API expects. You can find these values in the system headers on your Mac (e.g., in /usr/include/sys/socket.h).

// Constants (BSD/macOS values)
.equ AF_INET, 2 // Address Family: IPv4
.equ SOCK_STREAM, 1 // Socket Type: TCP
.equ SOL_SOCKET, 0xffff // Socket Level for setsockopt
.equ SO_REUSEADDR, 0x0004 // Allow reusing local addresses

.equ RESP_LEN, 172 // Total bytes in our HTTP response
.equ ADDR_LEN, 16 // sizeof(struct sockaddr_in)
.equ BACKLOG, 16 // Max pending connections for listen()

Step 2: Opening a Line - Creating the Socket

The first real action is to ask the OS for a socket. A socket is like a file handle, but for network communication. According to the ARM64 calling convention on macOS, the first few arguments to a function are passed in registers x0, x1, x2, etc. The return value comes back in x0.

_main:
    // socket(AF_INET, SOCK_STREAM, 0)
    mov x0, #AF_INET // Argument 1: Domain (IPv4)
    mov x1, #SOCK_STREAM // Argument 2: Type (TCP)
    mov x2, #0 // Argument 3: Protocol (0 for default)
    bl _socket // Branch and Link (call the function)

    // The new socket's file descriptor is now in x0.
    // We save it in x19, a 'callee-saved' register, so it won't be overwritten.
    mov x19, x0

Step 3: Claiming Our Turf - Binding to a Port

Now that we have a socket, we need to tell the OS, "Hey, I want this socket to listen on port 8585 for any incoming traffic." This is called binding. To do this, we need to construct a special C struct in memory called sockaddr_in.

Here’s what that struct looks like in our data section. It's a precise sequence of bytes representing our desired address (0.0.0.0) and port (8585).

// This goes in the .data section at the end of the file
.data
.align 4

// sockaddr_in for 0.0.0.0:8585
addr:
    .byte 16 // sin_len (16 bytes total)
    .byte AF_INET // sin_family (IPv4)
    .hword 0x8921 // sin_port (8585 in network byte order)
    .word 0 // sin_addr (0.0.0.0 means INADDR_ANY)
    .quad 0 // sin_zero[8] (padding)

Notice the port: 8585 is 0x2189 in hex. We write it as 0x8921 because networks use 'big-endian' byte order, while our M1 Mac is 'little-endian'. We have to pre-swap the bytes!

With the struct defined, we can now call _bind.

    // bind(server_fd, &addr, sizeof(addr))
    mov x0, x19 // Arg 1: Our socket fd
    adrp x1, addr@PAGE // Get the high part of the address of 'addr'
    add x1, x1, addr@PAGEOFF // Add the low part to get the full address
    mov x2, #ADDR_LEN // Arg 3: The size of the struct
    bl _bind

Step 4: The Server Loop - Listen, Accept, Write, Close

This is the heart of any server. It's an infinite loop that waits for a client, serves them, and then waits for the next one.

    // listen(server_fd, BACKLOG)
    mov x0, x19
    mov x1, #BACKLOG
    bl _listen

// This label marks the start of our infinite loop
accept_loop:
    // accept(server_fd, NULL, NULL) -> This BLOCKS until a client connects!
    mov x0, x19
    mov x1, #0
    mov x2, #0
    bl _accept
    mov x20, x0 // Save the new client_fd in x20

    // write(client_fd, response, RESP_LEN)
    mov x0, x20 // Arg 1: The client's socket
    adrp x1, response@PAGE // Get the address of our HTML response
    add x1, x1, response@PAGEOFF
    mov x2, #RESP_LEN // Arg 3: How many bytes to write
    bl _write

    // close(client_fd)
    mov x0, x20
    bl _close

    b accept_loop // Unconditional branch: Go back and wait for another client

The final piece is the actual HTTP response we're sending. It's just a block of ASCII text in our data section, with all the required headers and our simple HTML.

// Prebuilt HTTP/1.1 response (RESP_LEN must match total bytes here)
response:
    .ascii HTTP/1.1 200 OK\r\n
    .ascii Content-Type: text/html; charset=utf-8\r\n
    .ascii Content-Length: 74\r\n
    .ascii Connection: close\r\n
    .ascii \r\n
    .ascii <!doctype html><html><body><h1>Hello from Assembler :)</h1></body></html>\n

Putting It All Together: The Complete File

Here is the complete source code. Save it as http_server_arm64_macos.s.

// http_server_arm64_macos.s
// Minimal HTTP server on macOS ARM64 (Apple Silicon)
// Listens on port 8585 and replies with a tiny HTML page.

        .text
        .globl _main

        .extern _socket
        .extern _setsockopt
        .extern _bind
        .extern _listen
        .extern _accept
        .extern _write
        .extern _close

// ------------------------------------------------------------
// Constants (BSD/macOS values)
// ------------------------------------------------------------
        .equ AF_INET, 2
        .equ SOCK_STREAM, 1
        .equ SOL_SOCKET, 0xffff
        .equ SO_REUSEADDR, 0x0004

        .equ RESP_LEN, 172
        .equ ADDR_LEN, 16
        .equ BACKLOG, 16

// ------------------------------------------------------------
// main()
// ------------------------------------------------------------
_main:
        // socket(AF_INET, SOCK_STREAM, 0)
        mov x0, #AF_INET
        mov x1, #SOCK_STREAM
        mov x2, #0
        bl _socket
        mov x19, x0 // preserve server fd

        // setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &one, 4)
        mov x0, x19
        movz x1, #SOL_SOCKET
        mov x2, #SO_REUSEADDR
        adrp x3, one@PAGE
        add x3, x3, one@PAGEOFF
        mov x4, #4
        bl _setsockopt

        // bind(server_fd, &addr, sizeof(addr))
        mov x0, x19
        adrp x1, addr@PAGE
        add x1, x1, addr@PAGEOFF
        mov x2, #ADDR_LEN
        bl _bind

        // listen(server_fd, BACKLOG)
        mov x0, x19
        mov x1, #BACKLOG
        bl _listen

// Accept-Write-Close loop
accept_loop:
        // accept(server_fd, NULL, NULL)
        mov x0, x19
        mov x1, #0
        mov x2, #0
        bl _accept
        mov x20, x0 // client_fd

        // write(client_fd, response, RESP_LEN)
        mov x0, x20
        adrp x1, response@PAGE
        add x1, x1, response@PAGEOFF
        mov x2, #RESP_LEN
        bl _write

        // close(client_fd)
        mov x0, x20
        bl _close

        b accept_loop // handle next connection forever

// ------------------------------------------------------------
// Data
// ------------------------------------------------------------
        .data
        .align 4

// sockaddr_in for 0.0.0.0:8585
addr:
        .byte 16 // sin_len
        .byte AF_INET // sin_family
        .hword 0x8921 // sin_port (8585 in network byte order)
        .word 0 // sin_addr (0.0.0.0)
        .quad 0 // sin_zero[8]

// setsockopt value 1
one:
        .word 1

// Prebuilt HTTP/1.1 response
response:
        .ascii HTTP/1.1 200 OK\r\n
        .ascii Content-Type: text/html; charset=utf-8\r\n
        .ascii Content-Length: 74\r\n
        .ascii Connection: close\r\n
        .ascii \r\n
        .ascii <!doctype html><html><body><h1>Hello from Assembler :)</h1></body></html>\n

Build and Run Your Creation

Open your terminal, navigate to where you saved the file, and run these commands.

1. Build the Executable

clang -o http_asm http_server_arm64_macos.s

This command tells clang to assemble our .s file and link it against the necessary system libraries, creating an executable named http_asm.

2. Run the Server

./http_asm

Your terminal will now hang—that's a good thing! It's blocked on the accept call, waiting for a connection. macOS might pop up a security prompt asking to allow incoming network connections; you'll need to approve it.

3. Test It!

Open a new terminal window and use curl to connect to your server.

curl http://localhost:8585

You should see the glorious output: <!doctype html><html><body><h1>Hello from Assembler :)</h1></body></html>. You did it! You served a web page with pure assembly. To stop the server, go back to its terminal and press Ctrl+C.

Welcome Back to Reality

We've journeyed to the lowest levels of software to build something we use every day. While you won't be deploying this to production, you now have a much deeper appreciation for what's happening when you type app.listen(8585) in your favorite framework. You've seen the sockets, the binding, the endless loop—the fundamental mechanics of the internet, written in the language of the machine itself. For more details on the instructions, check out the ARMv8-A Instruction Set Architecture documentation.

#arm #assembler #fun #news

A quantum computer ran for 2 hours, and the reason why is a total game-changer

Leanid Herasimau — Fri, 03 Oct 2025 14:52:14 +0000

A group of physicists from Harvard and MIT just built a quantum computer that ran continuously for more than two hours. Although it doesn’t sound like much versus regular computers (like servers that run 24/7 for months, if not years), this is a huge breakthrough in quantum computing. As reported by The Harvard Crimson, most current quantum computers run for only a few milliseconds, with record-breaking machines only able to operate for a little over 10 seconds.

Although two hours is still a bit limited, researchers say that the concept behind this could allow future quantum computers to run for much longer, maybe even indefinitely.

There is still a way to go and scale from where we are now, but the roadmap is now clear based on the breakthrough experiments that we’ve done here at Harvard.

Tout T. Wang, Research Associate

The Challenge of Qubits

The main difference between “regular” and quantum computing is that the latter uses qubits, which are subatomic particles, to hold and process data. But unlike the former, which retain information even without power, quantum computers can lose these qubits in a process called “atom loss”. This results in information loss and eventually system failure.

Source: The Harvard Crimson

#news #quantum #harvard

Data Is More Valuable Than Money: JetBrains Changes Licenses on Code From Real Projects

Leanid Herasimau — Fri, 03 Oct 2025 13:47:37 +0000

Major players are increasingly understanding that the gold of the 21st century is not oil or subscriptions, but data. And JetBrains demonstrates this particularly clearly. The company is willing to forgo quick profits and give away licenses for free — just to gain access to the unique 'fuel' for its AI models.

Most LLMs are trained on public datasets that are far from real-world work scenarios. This leads to 'hallucinations' and errors on complex projects. JetBrains wants to fix this and collect real signals — code editing history, terminal commands, AI queries, and responses.

What they came up with:

Instead of almost $1000 for an annual corporate All Products Pack subscription (access to all IDEs), companies can get it for free.
The price: allow JetBrains to collect work data — code snippets, terminal commands, editing history, and AI queries.
This data will be used to train JetBrains' own language models.
The data collection also applies to academic and open-source licenses (with an option to opt out in the settings).
JetBrains promises that data will be stored in compliance with GDPR, with no third-party access.

In fact, JetBrains is giving away licenses for free today to have an advantage in the race for AI tools tomorrow.

#jetbrains #ai #news

Buying mattresses for office sleepovers: San Francisco AI startups are switching to the Chinese '996' schedule due to the...

Leanid Herasimau — Fri, 03 Oct 2025 12:56:50 +0000

This is a 9:00 AM to 9:00 PM schedule, six days a week, which the Supreme Court of China banned in 2021.

Employees of the insurance AI startup Corgi, who work 'seven days a week,' collectively bought eight new mattresses, pillows, and sheets for the office.

Index Ventures partner Martin Mignot was one of the first to notice in the spring of 2025 that the 72-hour work week had 'quietly become the norm' in Silicon Valley. The founders and executives he spoke with tell candidates upfront that they will have to work a '996' schedule, adding: 'If you have hobbies that will get in the way, you are not a good fit for us.'
They explain that 'you can't let productivity drop at this pace' of neural network development, so as not to miss out on 'huge opportunities.'
Job postings for startups integrating neural networks into their products specify a schedule from Monday to Saturday or irregular hours—every day if necessary. The company Corgi, which automates insurance services, gifts new employees mattresses to sleep in the office. 'We work seven days a week and sometimes stay late,' writes its head of development, Josh Jung.
LifeX Ventures partner and founder of another insurance startup, CoverWallet, Iñaki Berenguer told Quartz that when the company started in 2016, only directors and a 'small circle of senior employees' might work on Sundays. Now, in 'many' AI startups in San Francisco, Sunday is a mandatory day for meetings and strategy discussions 'for all employees.'
Corporate bank card provider Ramp reported a rise in transactions for delivery and takeout food on Saturdays from January to August 2025, compared to the same periods in 2024 and 2023. According to the company, the 'surge' indirectly confirms that employees have started working from offices six days a week. However, the provided charts show only a minor increase of a fraction of a percent.

Source: Ramp

Berenguer believes the reason is the 'hyper-competitive' environment where dozens of startups are developing 'almost identical products.' The only advantage becomes speed and, as a consequence, a grueling schedule.
Meanwhile, easing employees' work with AI agents is expensive or technically difficult. As an MIT study from August 2025 showed, 95% of the companies in the sample failed to improve their financial results after implementing AI assistants.
Another factor is the reduction of jobs for junior specialists. According to data from the job search service Indeed for July 2025, the number of junior positions in the tech industry decreased by 36% from 2020 to 2025. Since 2024, the unemployment rate among young professionals (under 24) in this sector has risen by 7%.
Due to the smaller number of available vacancies, employees may agree to an irregular workday, writes Quartz.

#news #996

How to Get into ChatGPT, Perplexity, and Google AI Answers: A Practical Guide for GEO

Leanid Herasimau — Fri, 03 Oct 2025 11:57:17 +0000

Holding a top position in Google's organic search results used to be the ultimate goal for any business. It was a near-guarantee of visibility, clicks, and consistent traffic. That guarantee is now gone.

The rise of AI-powered search features, like Google's AI Overviews and conversational answers from platforms like ChatGPT and Perplexity, has fundamentally changed the search landscape. These systems don't just show a list of links; they synthesize information from multiple sources to provide a direct, comprehensive answer at the top of the page.

As a result, even websites with flawless technical SEO, expert-written content, and top rankings are experiencing significant traffic drops. They are becoming invisible, bypassed by AI that answers user questions before a user ever has a chance to click on a traditional search result.

The rules of the game have changed radically, and promotion strategies stuck in 2020 are no longer effective.

The number one position in organic search results loses 34.5% of clicks when an AI Overview is present above it.

Ahrefs Independent Analysis

Think about that number. A site can be in first place, but a third of its potential traffic evaporates. Simply because artificial intelligence answered the user's question before they could even get to the link.

The situation is even more serious than it first appears. According to a detailed analysis by Pew Research Center, users click on results only 8% of the time when an AI Overview is present, compared to 15% without it—a 46.7% drop in click-through rate. And data from Similarweb records an even more alarming trend: the growth of so-called zero-click searches from 56% to 69% between May 2024 and May 2025.

This is happening right now, as you read this article. Not in a year. Not sometime in the future. Today.

The question is no longer academic but critical for business survival: how do you get into these AI answers? How do you become the source that ChatGPT, Perplexity, Claude, and Google AI Overviews cite and recommend?

GEO: The New Optimization Discipline You Need to Know About

A new term has emerged that will change the digital marketing industry in the coming years— GEO, or Generative Engine Optimization. This is the practice of optimizing content specifically for generative artificial intelligence systems.

Let's break down the fundamental difference. Classic SEO works with algorithms that rank web pages and show you a list of ten blue links. GEO works fundamentally differently: it optimizes content for Large Language Models (LLMs), which don't just rank pages. They actively select three to five of the most authoritative sources, extract key information, synthesize it, and generate a single, coherent answer directly in the search interface.

The difference is not just technical—it's fundamental.

Google shows a list and leaves the final choice to you. ChatGPT or Perplexity make the decision for you based on their criteria of authoritativeness and relevance. They autonomously decide which three to five sites out of millions are reliable enough to be included. If you're not one of them, the user may never even know your site exists.

Researchers from Princeton University, Georgia Tech, and others published a foundational scientific paper titled "GEO: Generative Engine Optimization." Their rigorous analysis proved that proper GEO can increase content visibility in AI-generated answers by up to 40%.

The result of their work is unambiguous: only certain sites with proper optimization regularly appear in AI citations. The rest remain invisible to generative systems.

This isn't because the content is low quality or the site is slow. It's because the content is not structured in a way that Large Language Models can efficiently process, analyze, and extract key information in the fractions of a second they have to work.

How Large Language Models Choose Sources

Speed of information extraction is the first and most critical selection factor.

LLMs operate in real-time with strict constraints. When you ask a question, the system can't leisurely study every potential source. It gets a list of relevant pages and must decide whether to include or exclude each one in milliseconds.

Imagine two websites answering the same question:

Site A (The Slow Site): Information is buried in a 2,000-word wall of text. Key facts like price and features are hidden in long paragraphs. Headings are vague. To get answers, the LLM must read and parse the entire thing, a slow and resource-intensive process.
Site B (The Fast Site): The page has a clear, logical structure with descriptive headings like Price and Plans and Technical Specifications. Most importantly, it uses structured data from Schema.org in a JSON-LD format. The LLM sees this block, instantly parses the data, and gets all the critical information in milliseconds.

Which source will the system choose? The answer is obvious.

Structured data from Schema.org is a priority signal of source quality.

Schema Markup helps Microsoft's Large Language Models understand and interpret the content of web pages.

Fabrice Canel, Principal Product Manager at Microsoft Bing

This isn't just a small improvement. A benchmark study by Data World shows that LLMs using structured data achieve an answer accuracy level 300% higher than models working only with unstructured text. That's a threefold superiority.

This is why implementing Schema.org is moving from the 'nice to have' category to 'critically necessary for survival'. Yet, according to available data, a colossal 87.6% of all websites on the internet ignore structured data. Each of these sites is losing potential visibility in AI search every single day.

E-E-A-T signals of trust and authoritativeness in the age of AI.

AI systems are designed to avoid citing unreliable or misleading sources. That's why they rely on the concept of E-E-A-T , which stands for E xperience, E xpertise, A uthoritativeness, and T rustworthiness.

A site that clearly indicates its authors, their qualifications, and provides full company contact information gains a huge competitive advantage over anonymous content of unknown origin. It's a powerful signal that the information can be trusted.

Seven Key Factors for Getting into AI Answers

The detailed Princeton University study demonstrated that some GEO methods are far more effective than others. Here are seven factors that actually work.

Comprehensive structured data from Schema.org. This is the language you use to communicate directly with AI. Use Product Schema for products, Service Schema for services, Article Schema for articles, and FAQPage Schema for Q&A sections. Correct implementation can lead to significant increases in visibility and click-through rates.
Systematic citation of authoritative sources. The Princeton study found that linking to authoritative studies, official documents, and recognized experts led to an impressive 115.1% increase in visibility for some sites. LLMs are programmed to trust content that backs up its claims.
Structuring content in a question-and-answer format. Adding FAQ sections with real user questions and concise answers significantly increases the likelihood of being cited. Start article sections with the specific questions your audience is asking.
Saturating content with specific statistics. LLMs love specific numbers and measurable data. Instead of many companies use this, write according to a 2024 Gartner study, 47% of B2B companies have implemented this. Be precise.
Including direct quotes from recognized experts. Adding quotes from verified industry experts, with their names and titles, signals that your content is based on expert opinion, not just a random retelling of information.
Explicitly demonstrating timeliness through dates. Always indicate the publication and update dates of your content. Use the datePublished and dateModified fields in Article Schema. AI systems prioritize fresh, current information.
Flawless technical accessibility and performance. Core Web Vitals, page load speed, and mobile optimization all matter. A slow or buggy site might simply be skipped by an AI system due to a timeout.

Step-by-Step GEO Implementation Checklist

Week One: Audit and Prioritization

Identify your 20-30 most critical pages (based on traffic and conversions).
Check if these pages appear in AI Overviews for your target queries. You can do this manually or with tools like seoClarity.
Analyze your top competitors. What structured data are they using?
Use the Google Rich Results Test and the Schema Markup Validator to check for errors.

Week Two: Critical Markup Implementation

Focus on the highest-impact schema for your most important pages. For e-commerce, this is Product Schema. For B2B, it's Service Schema. For content, it's Article Schema and FAQ Schema. Use the JSON-LD format exclusively—this is Google's official recommendation.

Week Three: Strengthen E-E-A-T Signals

Create detailed author biographies and mark them up with Person Schema. Include photos, titles, experience, and links to professional profiles. In parallel, expand your Organization Schema with your company's history, address, contact info, awards, and social media links.

Week Four: Monitor and Scale

Systematically track your pages' appearance in AI Overviews and check for mentions in ChatGPT, Perplexity, and Claude. If you see a positive trend after a month, it's a signal to scale your GEO efforts across the entire site, using programmatic generation for large projects.

Critical Risks and Honest Limitations

Risk One: Manual Penalties. Google is crystal clear: any discrepancy between your structured data and the visible content on the page is considered manipulation. Marking up a fake 5-star rating or an incorrect price is a guaranteed path to a penalty.

Risk Two: No Absolute Guarantees. GEO significantly increases the probability of being cited, but it's not a 100% guarantee. AI systems use dozens of factors, and structured data is just one piece of the puzzle.

Risk Three: Visibility Doesn't Always Equal Clicks. This is a critical point. Many users will get their answer from the AI Overview and never click through to your site. Your brand gets mentioned, but it may not generate direct traffic.

Only 1% of users actually click on the links provided within an AI Overview as sources of information.

Pew Research Center

Finally, remember the trade-off. Implementing high-quality structured markup is a significant investment of time and resources. The alternative, however, is a gradual and steady loss of visibility in an AI-driven world.

Conclusion: The Investment in Future Visibility Begins Today

The world of digital marketing has changed irrevocably. The way we search for information has changed fundamentally.

According to current data from Xponent21, Google's AI Overviews now appear in more than 50% of all search queries —double the rate from just eight months ago. This trend will only intensify.

The question is no longer whether to adapt. The real question is: will you implement GEO before your competitors do? Because AI answers typically cite only three to five sources. The spots on this exclusive list are limited.

If the task seems daunting, start small. Choose your ten most important pages. Implement basic, correct markup. Track your metrics. See the results for yourself.

GEO is not a magic bullet. It is a technically sound and strategic way to communicate with machines in their native language of structured data. In a world where AI is the main intermediary between your content and your audience, mastering this language is no longer an option—it's a basic requirement for survival.

#news #seo #geo

Red Hat confirmed a breach of its internal GitLab server

Leanid Herasimau — Fri, 03 Oct 2025 08:13:47 +0000

Red Hat announced a breach of the company's internal GitLab server. The ransomware group Crimson Collective claims to have stolen nearly 570 GB of data from 28,000 internal development repositories.

This data allegedly includes about 800 customer engagement reports (CERs), which may contain sensitive information, including infrastructure details, configuration data, authentication tokens, etc., that could be used to breach customer networks.

Initially, Red Hat stated it had encountered a security incident related to its consulting business. They noted that there was no reason to believe that this security issue affected any other services or products.

The company has now confirmed that the security incident was related to a data leak from a GitLab instance used exclusively for Red Hat Consulting projects.

The hackers themselves told BleepingComputer that they carried out the attack about two weeks ago. They allegedly found authentication tokens, full database URIs, and other sensitive information in Red Hat's code and CERs to gain access to customer infrastructure. The hacker group also published a full list of allegedly stolen GitLab repositories and a list of CERs from 2020 to 2025 on Telegram. It includes organizations and agencies such as Bank of America, T-Mobile, AT&T, Fidelity, Kaiser, Mayo Clinic, Walmart, Costco, the U.S. Naval Surface Warfare Center, the Federal Aviation Administration, the House of Representatives, and many others.

The hackers stated that they tried to contact Red Hat but received no response other than a request to submit a vulnerability report to the security team. According to them, the created ticket was repeatedly forwarded to other individuals, including employees from the legal and security departments of the company.

The company told BleepingComputer: 'Upon discovering the leak, we immediately launched a thorough investigation, revoked the unauthorized party's access, isolated the instance, and contacted the relevant authorities. Our ongoing investigation has shown that an unauthorized third party accessed and copied some data from this instance. We have implemented additional security measures designed to prevent further access and contain the issue.'

Red Hat confirmed that the incident involved CER reports but noted that the documents generally do not contain personal information. The company is currently contacting the affected customers.

GitLab reported that the platform or user accounts were not compromised, emphasizing that the incident only affected a self-managed Community Edition instance, and customers are responsible for the security of these installations.

Previously, Red Hat introduced the Red Hat Enterprise Linux for Business Developers initiative for the free use of the Red Hat Enterprise Linux 10 distribution in enterprises for the purpose of developing and testing applications. Each participant in the Red Hat Developer program is given the opportunity to run up to 25 instances of the distribution in test environments for free.

#news #security #databreach

OpenSSL 3.6.0 Released

Leanid Herasimau — Fri, 03 Oct 2025 05:43:34 +0000

On October 1, 2025, the open-source project OpenSSL 3.6.0 was released. The cryptographic library supports new encryption and key management algorithms, works with SSL/TLS protocols at the Linux client kernel level, has an updated FIPS module, and has been integrated with the Certificate Management Protocol (CMP).

The project's source code is written in C and Perl and is distributed under the Apache 2.0 license. The release of OpenSSL 3.0.0 took place in September 2021. OpenSSL 3.4.0 was released at the end of 2024. OpenSSL 3.5.0 was introduced in April 2025.

The OpenSSL 3.6 release is classified as a standard support build, with updates released for 13 months. The OpenSSL 3.5.0 release is classified as a Long-Term Support (LTS) release, for which updates will be released for 5 years (until April 2030). Support for previous branches OpenSSL 3.3, 3.2 and 3.0 LTS will last until April 2026, November 2025, and September 2026, respectively.

According to OpenNET, the main refinements and #openssl-3.6" rel="noopener noreferrer nofollow">improvements in OpenSSL 3.6.0 are:

Added support for the EVP_SKEY (Symmetric KEY) structure to represent symmetric keys as opaque objects. Unlike raw keys, which are represented by a byte array, the key structure in EVP_SKEY is abstracted and contains additional metadata. EVP_SKEY can be used in encryption, key exchange, and key derivation (KDF) functions. The functions EVP_KDF_CTX_set_SKEY(), EVP_KDF_derive_SKEY(), and EVP_PKEY_derive_SKEY() have been added to work with EVP_SKEY keys;
Added support for verifying digital signatures based on the LMS (Leighton-Micali Signatures) scheme, which uses hash functions and tree-based hashing in the form of a Merkle Tree (each branch verifies all underlying branches and nodes). LMS digital signatures are resistant to quantum computer attacks and are designed to ensure the integrity of firmware and applications;
Added support for NIST security categories for PKEY object parameters (public and private keys). The security category is set via the security-category setting. The EVP_PKEY_get_security_category() function has been added to check the security level. The security level reflects resistance to quantum computer attacks and can take integer values from 0 to 5: 0 - implementation not resistant to quantum computer attacks; 1/3/5 - implementation does not preclude a quantum computer search for a key in a block cipher with a 128/192/256-bit key; 2/4 - implementation does not preclude a quantum computer search for a collision in a 256/384-bit hash).
0 - implementation not resistant to quantum computer attacks;
1/3/5 - implementation does not preclude a quantum computer search for a key in a block cipher with a 128/192/256-bit key;
2/4 - implementation does not preclude a quantum computer search for a collision in a 256/384-bit hash).
Added the openssl configutl command to process configuration files. The utility allows generating a consolidated file with all settings from a multi-file configuration with include directives;
Added support for deterministic ECDSA digital signature generation to the FIPS crypto provider (the same signature is generated for the same input data), in accordance with the FIPS 186-5 standard requirements;
Increased build environment requirements. A toolchain with ANSI-C support is no longer sufficient to build OpenSSL; a C-99 compliant compiler is now required;
Functions related to the EVP_PKEY_ASN1_METHOD structure have been deprecated;
Support for the VxWorks platform has been discontinued.

The new version of the project fixes the following vulnerabilities:

CVE-2025-9230 — a vulnerability in the decryption code for CMS messages encrypted with a password (PWRI). The vulnerability can lead to an out-of-bounds write and read, allowing an attacker to cause a crash or memory corruption in an application that uses OpenSSL to process CMS messages. Exploitation for code execution is not ruled out, but the severity of the issue is reduced by the fact that password-based encryption of CMS messages is very rarely used in practice. In addition to OpenSSL 3.6.0, the vulnerability is fixed in OpenSSL releases 3.5.4, 3.4.3, 3.3.5, 3.2.6, and 3.0.18. The issue has also been fixed in updates to LibreSSL 4.0.1 and 4.1.1, developed by the OpenBSD project;
CVE-2025-9231 — the implementation of the SM2 algorithm is vulnerable to a side-channel attack that allows an attacker on systems with 64-bit ARM CPUs to reconstruct the private key by analyzing timing variations of specific computations. The attack could potentially be carried out remotely. The severity of the attack is reduced by the fact that OpenSSL does not directly support the use of certificates with SM2 keys in TLS;
CVE-2025-9232 — a vulnerability in the built-in HTTP client implementation that leads to an out-of-bounds read when processing a specially crafted URL in HTTP Client functions. The issue only manifests when the no_proxy environment variable is set and can lead to an application crash.

#openssl #news

Modern Node.js Patterns (2025)

Leanid Herasimau — Thu, 02 Oct 2025 20:38:55 +0000

Node.js has undergone an impressive transformation since its inception. If you've been writing Node.js for several years, you've likely witnessed this evolution yourself - from the era of callbacks and the widespread use of CommonJS to a modern, clean, and standardized approach to development.

The changes have affected more than just the appearance - it's a fundamental shift in the very approach to server-side JavaScript development. Modern Node.js relies on web standards, reduces dependency on external libraries, and offers a more understandable and pleasant experience for developers.

Let's explore what these changes are and why they are important for your applications in 2025.

1. Module System: ESM - The New Standard

The module system is perhaps the most noticeable area of change. CommonJS served us faithfully for a long time, but now ES Modules (ESM) have become the clear winner, offering better tooling support and compliance with web standards.

The Old Way (CommonJS)

Previously, we organized modules like this. This approach required explicit exports and synchronous imports:

// math.js
function add(a, b) {
  return a + b;
}
module.exports = { add };

// app.js
const { add } = require('./math');
console.log(add(2, 3));

This worked well enough, but it had its limitations: there was no support for static analysis, tree-shaking (removing unused code), and this approach did not align with browser standards.

The Modern Approach (ES Modules with the Node: Prefix)

Modern Node.js development relies on ES modules with an important addition - the node: prefix for built-in modules. This explicit declaration helps avoid confusion and makes dependencies crystal clear:

// math.js
export function add(a, b) {
  return a + b;
}

// app.js
import { add } from './math.js';
import { readFile } from 'node:fs/promises'; // Modern node: prefix
import { createServer } from 'node:http';

console.log(add(2, 3));

The node: prefix is not just a convention. It's an explicit signal to both developers and tools that you are importing built-in Node.js modules, not packages from npm.

This helps avoid potential conflicts and makes code dependencies more transparent.

Top-Level Await: Simplifying Initialization

One of the most revolutionary features is await at the top level of a module.

You no longer need to wrap your entire application in an async function just to use await at the start:

// app.js - Clean initialization without wrapper functions
import { readFile } from 'node:fs/promises';

const config = JSON.parse(await readFile('config.json', 'utf8'));
const server = createServer(/* ... */);

console.log('App started with config:', config.appName);

This eliminates the common pattern of immediately-invoked async function expressions (IIFE) that was once ubiquitous. Now, your code becomes more linear and understandable.

2. Built-in Web APIs: Fewer External Dependencies

Node.js has seriously embraced web standards, integrating APIs familiar to web developers into its runtime. This means fewer external dependencies and more consistency between execution environments.

Fetch API: No More Third-Party Libraries for HTTP Requests

Remember the days when every project required axios, node-fetch, or similar libraries for HTTP handling? Those days are over. Node.js now includes the Fetch API by default:

// Old way - external dependencies required
const axios = require('axios');
const response = await axios.get('https://api.example.com/data');

// Modern way - built-in fetch with enhanced features
const response = await fetch('https://api.example.com/data');
const data = await response.json();

But the modern approach is not just about replacing your HTTP library. You also get built-in support for timeouts and request cancellation:

async function fetchData(url) {
  try {
    const response = await fetch(url, {
      signal: AbortSignal.timeout(5000) // Built-in timeout support
    });

    if (!response.ok) {
      throw new Error(`HTTP ${response.status}: ${response.statusText}`);
    }

    return await response.json();
  } catch (error) {
    if (error.name === 'TimeoutError') {
      throw new Error('Request timed out');
    }
    throw error;
  }
}

This approach eliminates the need for third-party libraries for timeouts and provides a single, predictable error handling mechanism. The AbortSignal.timeout() method is particularly elegant - it creates a signal that automatically aborts an operation after a specified time.

AbortController: Graceful Operation Cancellation

Modern applications must be able to handle operation cancellations gracefully - whether initiated by the user or due to a timeout. AbortController provides a standardized way to cancel operations:

// Cancel long-running operations cleanly
const controller = new AbortController();

// Set up automatic cancellation
setTimeout(() => controller.abort(), 10000);

try {
  const data = await fetch('https://slow-api.com/data', {
    signal: controller.signal
  });
  console.log('Data received:', data);
} catch (error) {
  if (error.name === 'AbortError') {
    console.log('Request was cancelled - this is expected behavior');
  } else {
    console.error('Unexpected error:', error);
  }
}

This approach works across many Node.js APIs, not just with fetch. You can use the same AbortController for file operations, database queries, and any other asynchronous operations that support cancellation.

3. Built-in Testing: A Professional Approach Without External Dependencies

Previously, testing meant choosing between Jest, Mocha, Ava, and other frameworks. Now, Node.js has a full-featured built-in testing environment, or test runner, that covers most needs without additional dependencies.

Modern Testing with the Built-in Node.js Test Runner

The built-in test runner offers a clean and clear API that feels modern and is fully functional:

// test/math.test.js
import { test, describe } from 'node:test';
import assert from 'node:assert';
import { add, multiply } from '../math.js';

describe('Math functions', () => {
  test('adds numbers correctly', () => {
    assert.strictEqual(add(2, 3), 5);
  });

  test('handles async operations', async () => {
    const result = await multiply(2, 3);
    assert.strictEqual(result, 6);
  });

  test('throws on invalid input', () => {
    assert.throws(() => add('a', 'b'), /Invalid input/);
  });
});

What makes this tool particularly powerful is its seamless integration with the Node.js development process:

# Run all tests with built-in runner
node --test

# Watch mode for development
node --test --watch

# Coverage reporting (Node.js 20+)
node --test --experimental-test-coverage

Watch mode is especially valuable during development - tests automatically restart when code changes, providing instant feedback without additional setup.

4. Advanced Asynchronous Patterns

Although async/await is not new, its usage patterns have evolved significantly. Modern Node.js development effectively uses these patterns, combining them with new APIs.

Async/Await with Enhanced Error Handling

The modern approach to error handling combines async/await with flexible recovery and parallel execution strategies:

import { readFile, writeFile } from 'node:fs/promises';

async function processData() {
  try {
    // Parallel execution of independent operations
    const [config, userData] = await Promise.all([
      readFile('config.json', 'utf8'),
      fetch('/api/user').then(r => r.json())
    ]);

    const processed = processUserData(userData, JSON.parse(config));
    await writeFile('output.json', JSON.stringify(processed, null, 2));

    return processed;
  } catch (error) {
    // Structured error logging with context
    console.error('Processing failed:', {
      error: error.message,
      stack: error.stack,
      timestamp: new Date().toISOString()
    });
    throw error;
  }
}

This pattern combines parallel execution for improved performance with centralized and detailed error handling. Promise.all() ensures independent operations run simultaneously, while try/catch allows you to handle all possible errors in one place with full context.

Modern Event Handling with AsyncIterator

Event-driven programming has moved beyond simple handlers (on, addListener). AsyncIterator provides a more powerful way to process event streams:

import { EventEmitter, once } from 'node:events';

class DataProcessor extends EventEmitter {
  async *processStream() {
    for (let i = 0; i < 10; i++) {
      this.emit('data', `chunk-${i}`);
      yield `processed-${i}`;
      // Simulate async processing time
      await new Promise(resolve => setTimeout(resolve, 100));
    }
    this.emit('end');
  }
}

// Consume events as an async iterator
const processor = new DataProcessor();
for await (const result of processor.processStream()) {
  console.log('Processed:', result);
}

This approach is particularly powerful because it combines the flexibility of events with a controlled execution flow through asynchronous iteration. You can process events sequentially, naturally handle backpressure, and cleanly break the processing loop when needed.

5. Advanced Streams with Web Standards Integration

Streams remain one of the most powerful features of Node.js,

but they have now evolved to support web standards and improve compatibility with other environments.

import { Readable, Transform } from 'node:stream';
import { pipeline } from 'node:stream/promises';
import { createReadStream, createWriteStream } from 'node:fs';

// Create transform streams with clean, focused logic
const upperCaseTransform = new Transform({
  objectMode: true,
  transform(chunk, encoding, callback) {
    this.push(chunk.toString().toUpperCase());
    callback();
  }
});

// Process files with robust error handling
async function processFile(inputFile, outputFile) {
  try {
    await pipeline(
      createReadStream(inputFile),
      upperCaseTransform,
      createWriteStream(outputFile)
    );
    console.log('File processed successfully');
  } catch (error) {
    console.error('Pipeline failed:', error);
    throw error;
  }
}

The pipeline function with promise support ensures automatic resource cleanup and error handling, eliminating many of the traditional complexities of working with streams.

Compatibility with Web Streams

Modern Node.js can work seamlessly with Web Streams, providing better compatibility with browser code and edge runtimes.

// Create a Web Stream (compatible with browsers)
const webReadable = new ReadableStream({
  start(controller) {
    controller.enqueue('Hello ');
    controller.enqueue('World!');
    controller.close();
  }
});

// Convert between Web Streams and Node.js streams
const nodeStream = Readable.fromWeb(webReadable);
const backToWeb = Readable.toWeb(nodeStream);

This compatibility is especially important for applications that need to run in different execution environments or share code between the server and the client.

6. Worker Threads: True Parallelism for CPU-Intensive Tasks

The single-threaded nature of JavaScript is not always suitable - especially when it comes to heavy CPU computations. Worker threads allow you to efficiently use multiple processor cores while maintaining the simplicity of JavaScript.

Non-Blocking Background Processing

Worker threads are ideal for CPU-intensive tasks that would otherwise block the main event loop:

// worker.js - Isolated computation environment
import { parentPort, workerData } from 'node:worker_threads';

function fibonacci(n) {
  if (n < 2) return n;
  return fibonacci(n - 1) + fibonacci(n - 2);
}

const result = fibonacci(workerData.number);
parentPort.postMessage(result);

The main application can now delegate heavy computations without blocking other operations:

// main.js - Non-blocking delegation
import { Worker } from 'node:worker_threads';
import { fileURLToPath } from 'node:url';

async function calculateFibonacci(number) {
  return new Promise((resolve, reject) => {
    const worker = new Worker(
      fileURLToPath(new URL('./worker.js', import.meta.url)),
      { workerData: { number } }
    );

    worker.on('message', resolve);
    worker.on('error', reject);
    worker.on('exit', (code) => {
      if (code !== 0) {
        reject(new Error(`Worker stopped with exit code ${code}`));
      }
    });
  });
}

// Your main application remains responsive
console.log('Starting calculation...');
const result = await calculateFibonacci(40);
console.log('Fibonacci result:', result);
console.log('Application remained responsive throughout!');

This approach allows your application to use multiple processor cores

while preserving the familiar programming model with async/await.

7. Improved Developer Experience

Modern Node.js prioritizes developer convenience by offering built-in tools that previously required external packages or complex setup.

Watch Mode and Environment Variable Management

The development workflow has become much simpler thanks to the built-in watch mode and support for .env files:

{
  name: modern-node-app,
  type: module,
  engines: {
    node: >=20.0.0
  },
  scripts: {
    dev: node --watch --env-file=.env app.js,
    test: node --test --watch,
    start: node app.js
  }
}

The --watch flag eliminates the need for nodemon, and --env-file gets rid of the dependency on dotenv.

As a result, your development environment becomes simpler and faster:

// .env file automatically loaded with --env-file
// DATABASE_URL=postgres://localhost:5432/mydb
// API_KEY=secret123

// app.js - Environment variables available immediately
console.log('Connecting to:', process.env.DATABASE_URL);
console.log('API Key loaded:', process.env.API_KEY ? 'Yes' : 'No');

These features make development more comfortable by reducing configuration overhead and eliminating the need for constant restarts.

8. Modern Security and Performance Monitoring

Security and performance are now first-class citizens in Node.js, with built-in tools for monitoring and managing application behavior.

Permission Model for Enhanced Security

The experimental permission model allows you to restrict an application's access to various resources, following the principle of least privilege:

# Run with restricted file system access
node --experimental-permission --allow-fs-read=./data --allow-fs-write=./logs app.js

# Network restrictions
node --experimental-permission --allow-net=api.example.com app.js

This is especially important for applications that handle untrusted code

or must comply with information security requirements.

Built-in Performance Monitoring

Performance monitoring is now built directly into the platform, eliminating the need for external tools to monitor processes:

import { PerformanceObserver, performance } from 'node:perf_hooks';

// Set up automatic performance monitoring
const obs = new PerformanceObserver((list) => {
  for (const entry of list.getEntries()) {
    if (entry.duration > 100) { // Log slow operations
      console.log(`Slow operation detected: ${entry.name} took ${entry.duration}ms`);
    }
  }
});
obs.observe({ entryTypes: ['function', 'http', 'dns'] });

// Instrument your own operations
async function processLargeDataset(data) {
  performance.mark('processing-start');

  const result = await heavyProcessing(data);

  performance.mark('processing-end');
  performance.measure('data-processing', 'processing-start', 'processing-end');

  return result;
}

This allows you to track application performance without external dependencies, helping to identify bottlenecks early in the development process.

9. Application Distribution and Deployment

Modern Node.js simplifies the application distribution process

thanks to features like single executable application builds and improved packaging.

Single Executable Applications

You can now bundle a Node.js application into a single executable file, which simplifies deployment and distribution:

# Create a self-contained executable
node --experimental-sea-config sea-config.json

The configuration file defines how to build your application:

{
  main: app.js,
  output: my-app-bundle.blob,
  disableExperimentalSEAWarning: true
}

This is particularly useful for CLI tools, desktop applications, or any case

where you want to distribute your application without requiring a separate Node.js installation.

10. Modern Error Handling and Diagnostics

Error handling has evolved beyond simple try/catch blocks to include structured handling and advanced diagnostic tools.

Structured Error Handling

Modern applications benefit from contextual and structured error handling, which provides better insight and debugging for problems:

class AppError extends Error {
  constructor(message, code, statusCode = 500, context = {}) {
    super(message);
    this.name = 'AppError';
    this.code = code;
    this.statusCode = statusCode;
    this.context = context;
    this.timestamp = new Date().toISOString();
  }

  toJSON() {
    return {
      name: this.name,
      message: this.message,
      code: this.code,
      statusCode: this.statusCode,
      context: this.context,
      timestamp: this.timestamp,
      stack: this.stack
    };
  }
}

// Usage with rich context
throw new AppError(
  'Database connection failed',
  'DB_CONNECTION_ERROR',
  503,
  { host: 'localhost', port: 5432, retryAttempt: 3 }
);

This approach provides much more detailed error information for debugging and monitoring while maintaining a consistent error handling interface throughout the application.

Advanced Diagnostics

Node.js includes advanced diagnostic tools that allow you to understand what is happening inside your application:

import diagnostics_channel from 'node:diagnostics_channel';

// Create custom diagnostic channels
const dbChannel = diagnostics_channel.channel('app:database');
const httpChannel = diagnostics_channel.channel('app:http');

// Subscribe to diagnostic events
dbChannel.subscribe((message) => {
  console.log('Database operation:', {
    operation: message.operation,
    duration: message.duration,
    query: message.query
  });
});

// Publish diagnostic information
async function queryDatabase(sql, params) {
  const start = performance.now();

  try {
    const result = await db.query(sql, params);

    dbChannel.publish({
      operation: 'query',
      sql,
      params,
      duration: performance.now() - start,
      success: true
    });

    return result;
  } catch (error) {
    dbChannel.publish({
      operation: 'query',
      sql,
      params,
      duration: performance.now() - start,
      success: false,
      error: error.message
    });
    throw error;
  }
}

This diagnostic data can be sent to monitoring systems, saved in logs for analysis, or used for automated responses to issues.

11. Modern Package Management and Module Resolution

Dependency management and module resolution have become more flexible and advanced,

with improved support for monorepos, internal packages, and a flexible import scheme.

Import Maps and Internal Module Resolution

Modern Node.js supports import maps, allowing you to create clean and understandable references to internal modules:

{
  imports: {
    #config: ./src/config/index.js,
    #utils/*: ./src/utils/*.js,
    #db: ./src/database/connection.js
  }
}

This creates a clean and stable interface for internal modules.

// Clean internal imports that don't break when you reorganize
import config from '#config';
import { logger, validator } from '#utils/common';
import db from '#db';

Such internal imports simplify refactoring and allow for a clear distinction between internal and external dependencies.

Dynamic Imports for Flexible Loading

Dynamic imports allow for the implementation of complex loading patterns, including conditional loading and code splitting:

// Load features based on configuration or environment
async function loadDatabaseAdapter() {
  const dbType = process.env.DATABASE_TYPE || 'sqlite';

  try {
    const adapter = await import(`#db/adapters/${dbType}`);
    return adapter.default;
  } catch (error) {
    console.warn(`Database adapter ${dbType} not available, falling back to sqlite`);
    const fallback = await import('#db/adapters/sqlite');
    return fallback.default;
  }
}

// Conditional feature loading
async function loadOptionalFeatures() {
  const features = [];

  if (process.env.ENABLE_ANALYTICS === 'true') {
    const analytics = await import('#features/analytics');
    features.push(analytics.default);
  }

  if (process.env.ENABLE_MONITORING === 'true') {
    const monitoring = await import('#features/monitoring');
    features.push(monitoring.default);
  }

  return features;
}

This approach allows you to create applications that adapt to their runtime environment and load only the code that is truly necessary.

Forward to the Future: Key Ideas of Modern Node.js (2025)

Looking at the current state of Node.js development, we can identify several key principles:

Focus on web standards: use node: prefixes, fetch, AbortController, and Web Streams for better compatibility and fewer dependencies
Use built-in tools: the test runner, watch mode, and .env file support reduce reliance on third-party packages and simplify configuration
Think in terms of modern async patterns: top-level await, structured error handling, and async iterators make code cleaner and easier to maintain
Strategically apply worker threads: for CPU-intensive tasks, worker threads provide true parallelism without blocking the main thread
Use the platform's progressive features: permission models, diagnostic channels, and built-in monitoring help create reliable and observable applications
Optimize the developer experience: watch mode, built-in testing, and import maps make the development process more enjoyable
Prepare for distribution: building single executable files and modern packaging simplify deployment

The transformation of Node.js - from a simple JavaScript runtime to a full-fledged development platform - is impressive. By using modern approaches, you are not just writing 'trendy' code; you are building maintainable, performant, and JavaScript ecosystem-compatible applications.

The beauty of modern Node.js is that it evolves while maintaining backward compatibility. These patterns can be adopted gradually, and they work perfectly alongside existing code. Whether it's a new project or modernizing an old one, you get a clear path to more reliable and modern Node.js development.

As we move through 2025, Node.js continues to evolve, but the patterns discussed here already provide a solid foundation for building modern and resilient applications for years to come.

#nodejs

Granite 4: IBM introduces a line of small but fast LLMs

Leanid Herasimau — Thu, 02 Oct 2025 19:22:05 +0000

While OpenAI, Anthropic, and Meta are competing with billions of parameters, IBM has suddenly decided to play a different game by introducing Granite-4.0 — a set of small but nimble LLMs.

Instead of giants with hundreds of billions of parameters, IBM has rolled out:

Micro (3B) — an ultra-lightweight version that can easily run on a laptop.
Tiny (7B/1B active) — a compact MoE that saves memory and tokens.
Small (32B/9B active) — the largest in the series, but still a small one compared to top-tier LLMs.

The key feature of this model series is the hybrid Mamba architecture: the model deactivates unnecessary blocks and runs faster, while maintaining a long context (up to 128K).

Perhaps this "reverse move" by IBM will become the new trend: fewer parameters, but more practical utility?

Granite-4.0 H-Small and Micro surprisingly outperform giants like Llama-3.3-70B and Qwen3-8B in Retrieval-Augmented Generation (73 and 72 versus 61 and 55).

H-Micro and H-Tiny occupy the top part of the efficiency chart: they maintain an accuracy above 70% with very modest VRAM requirements.

Granite-4.0 H-Small with a score of 0.86 on IF-Eval is approaching top models like Llama 4 Maverick and Kimi K2, while Micro holds a solid position in the middle of the table alongside Mistral and OLMo. For models of this size, this is a very serious statement.

By the way, these models are already available in Continue. The models are on Hugging Face.

#news #ibm