Peter's Griddle

Here is how I AI-coded a fully functional Tic-Tac-Toe web game without looking at a single line of code or manually identifying a GUI or logic error. I ran Claude Code (Pro) in VS Code without any other IDE/AI tooling. But it takes some effort and discipline to get there. The core idea is to be very specific and use an opinionated environment that includes extensive automated testing. The Agentic AI way Many people are researching this, all with slightly different approaches. There are a variety of ways to do more or less the same thing. Here are some of the interesting approaches I found. Interestingly, they all popped up in the first half of 2025. ...

The approach People call LLMs statistical completion engines and that they therefore cannot write computer code. While the first may be true, the conclusion not necessarily follows. My answer to this question: let’s try this out! Inspired by modern discoveries in, for example, context engineering and swarm coding (references to come) I decided to give AI assisted coding a shot. I had a little used SaaS application (an LMS) that was nevertheless costing serious money. Yet, completely killing it was not an option. It was relatively easy to extract the Gigabytes of content in there, also through a bit of AI assistance. So I decided to rebuild the app, or at least a minimal version of it. Of many options, I selected Claude as my coding assistant. ...

My AI-supported risk analysis assistant mirrors a common pitfall in risk management: focusing on irrelevant controls rather than genuine threats. I have created a risk analyst AI based on industry best practices, or so I assume. This is part of a quest toward more compliance automation, because as an industry we are falling behind in security. I am running through a simple example of a chatbot that answers questions over a nonsensitive dataset. The analyst dives deep into questions on all kinds of controls that, in my view, are quite irrelevant to the risk at the business level. ...

What is the problem with the image that Zero Trust based information security brings along? Once you understand the principles, and they are not really difficult, it is obvious that only ZT can lead us to a more secure cyber future. So, what is holding us back? Here are some of the misconceptions: “It is a boatload of work, so let’s not start.” Truth: yes, fully securing your IT with all its technical debt is a boatload of work. That is exactly the reason why you need ZT, so that you know where you can get started quickly, and be more secure before the last hole is plugged. ...

This is the dawn of a new age. I have been observing software development for more than fifty years, ever since I wrote my first computer program. In that entire time, I have never witnessed a development that has changed the profession deeper, faster, or more pervasively than now. AI-assisted coding has escaped from the lab, and is impacting the work of every software developer. In the communities I track I hear stories of software engineers regret taking a single week of vacation because of the innovations that they now have to catch up to. ...

If you build software for a living, generative AI may be a scary development, as it has the potential to take over a lot of software creation. But I think it depends on what you see as the job of creating software. A coder in the world of IT is somebody who writes code in some programming language. More typically they modify code instead of writing it from scratch. This is in response to bugs, feature requests, and so on. In the age of AI, a lot of coding can be automated. We have seen many examples of AI generating lots of code based on fairly compact specifications. ...

Here is the story of how I started to use AI to help with running and securing my home network. I call it vibe ops, in analogy to vibe programming. This post is going to be obsolete very soon, even though it is already the second version … My home network plays an additional role as a nice lab, and in the process of better securing it, preferably with Zero Trust Architectures, I am doing some experiments. ...

‘But where do we start?’ The question hung in the air of my training session, asked by many of the attendants. Mind you, these are experienced people with many years of cyber security experience. But turning Zero Trust from an abstract concept into concrete action? That’s where everyone gets stuck. I know that feeling well. Years ago, I joined my first Zero Trust working group, swimming in a sea of frameworks, agency guidelines, and vendor whitepapers. I even had the privilege of attending sessions with John Kindervag, the father of Zero Trust himself. Yet the gap between theory and implementation remained stubbornly wide. ...

The security of your SaaS cloud solutions starts with the review of three major areas. Practically all companies are using SaaS providers in one way or another. SaaS includes Services such as Trello for project management, Microsoft 365, and e.g. specialized solutions for marketing intelligence services. The sky is the limit. Most companies using are using hundreds of SaaS solutions. Here are 3 tips to start with. Maturity match The first thing to worry about is if the maturity of the provider matches your risk appetite. Are they good enough for your use case? If you are working with a mission-critical SaaS solution, you want to make sure that the provider is mature. You can start finding out if that is the case is by looking at their certifications. An example could be the ISO 27000 series certification for IT risk management, or similar. Most mature cloud providers have dozens of certifications. On the other end of the spectrum, you may want to work with a provider that is not so mature, but that is delivering a very innovative solution of great business benefit to your company. That benefit, that competitive edge, may warrant a greater risk appetite. So start with that maturity match first. ...

“Project Zero Trust” is a business novel by George Finney. It talks about an emerging approach to IT and Cybersecurity that attempts to reduce cyberrisk in a more fundamental way. Zero Trust is a bit of a hype in IT these days, and both product companies and knowledge agencies are dropping lots of papers on this. But this book is in another game. What I like about it is that it paints a reasonably realistic picture of a modern enterprise, including the information technology choices that it makes. This serves as a good backdrop to a variety of Zero Trust initiatives, which are described in a bit of detail. As an instructor I find that most of the vendor neutral training material out there lacks specific examples. This makes it hard for students to anchor the abstract concepts that they are fed to a realistic environment with some resemblance to their job situation. ...