Advancing Engineering

Static Application Security Testing (SAST)

Thu, 15 Jan 2026 00:00:00 +0000

SAST tools analyse source code to surface security vulnerabilities before deployment. This empirical analysis shows it decreases CVEs by 8.2%.

Supply Chain Security: the second coming of signing provenance

Wed, 20 May 2026 08:54:21 +0100

The first wave of software signing asked a simple question: who signed this artifact? The next wave asks a harder one: can you prove where it came from, how it was built, and whether it ever left the trusted path? That shift, from signing files to signing provenance, is where supply chain security is heading.

Don't Read Every Line. Raise Every Standard

Sat, 16 May 2026 20:14:33 +0100

Ship by guardrail, not gut feel. In agentic development, the job is no longer to stare at every diff and hope quality emerges. The job is to build pipelines and controls so strong that weak changes never survive commit, merge, or deploy.

Justfiles Are a Joy to Use

Tue, 12 May 2026 13:08:46 +0100

Every project eventually grows its own mythology. “How do you run the tests?” becomes a question answered with a message, a README with outdated instructions, or — if you’re truly cursed — a tribal elder who just left the company.

just ends this. It’s a command runner that stores your project’s commands in a justfile, right next to your code, where they belong.

The Anti-Pattern: One Language Inside Another

Fri, 08 May 2026 10:54:36 +0100

Placing one language inside another is one of those anti-patterns that seems harmless until you’re trying to lint it, test it, or ask an LLM to reason about it. The moment you embed a language inside a string in another language, its entire toolchain disappears.

We contain multitudes. Our code should be singular, not polyglot.

The Standards Skill: Applying Engineering Standards with AI

Fri, 01 May 2026 00:00:00 +0000

Encoding engineering standards as an AI skill means they get applied consistently, automatically, and can be measured against.

Pre-commit Hooks: Enforcing Quality at the Source

Wed, 01 Apr 2026 00:00:00 +0000

Pre-commit hooks catch issues before they reach CI — shifting quality checks as far left as possible.

In an AI-assisted workflow this matters more than ever. LLM-generated commits are faster and more numerous; human review bandwidth is the same. Pre-commit hooks are how you define “done” in a form the machine can check — and the LLM can iterate on.

LLM Wiki: The Knowledge Base That Maintains Itself

Tue, 10 Mar 2026 00:00:00 +0000

Of course you’ve got document stores. But be honest, how much ongoing love do they all have? Is every one of your onboarding guides on point, and how many of the “current architecture” diagrams show databases that were deprecated before you joined?

LLM Permissions: speed and safety in Practice

Tue, 10 Feb 2026 00:00:00 +0000

93% of LLM permission requests are approved. That number should make you uncomfortable. Not because approving is wrong — most of those approvals are fine — but because a 93% approval rate is a signal that you haven’t designed your permission model. You’ve just been clicking through dialogs.

There’s also the opposite problem: leaving an agent to work autonomously, then coming back to find it paused, waiting for you to confirm that yes, it can grep a file it’s been reading all session. Both failures have the same root cause: permissions set by default, not design.

The question worth sitting with is whether you can move faster and sleep better. The answer is yes, but it requires deliberate thought about what your LLM actually needs to do its job.

Profile

Mon, 01 Jan 0001 00:00:00 +0000

Ben Newton Link to heading

Engineering Manager. Builder of teams, and things that matter. Occasional menace.

I live electrified by both the process of developement and applied AI — crafting capable engineers into exceptional ones. I lead teams, shape culture, and build systems designed for quality.

The obsession: raise the craft of engineering, one deliberate decision at a time.

I wake up thinking about Link to heading

Craft over cargo-cult — readable, honest, maintainable code that future-you will actually thank you for
AI as real leverage — LLMs aren’t magic, but in the right hands, they’re close enough
Developer experience — the compounding investment that quietly separates great engineering orgs from the rest
Architecture — systems built to scale, designed to last, understood by the people who run them
Culture — because the best code comes from the best teams, and great teams don’t happen by accident

I go to sleep thinking about Link to heading

Family — the reason, nothing brings me more joy than helping them bloom
Charity — board member of The Roughley Trust, a charity doing quiet, meaningful work for those who need it most
Sport — Rugby coaching to give back to a game that’s returned more than I bargained for
Running & riding — competitive, but only for fun. The medals justify the trainers, the bikes, the early starts, all in the name of a good time and a healthy lifestyle
Music — Digital DDJ’s with old school vinyl energy. The vibe is always right