Signal online
Antonio Frignani / software / product / writing
This is my blog about software, AI, hardware, and product decisions that matter in practice, not just in theory.
I write when I have something worth clarifying: a tool that changes the workflow, a technical bet that deserves a closer look, or a product choice that reveals how careful engineering actually gets done.
What I write about
AI tools, developer workflows, browser and hardware experiments, and the messy product tradeoffs behind real technical work.
How I write
I prefer concrete examples, implementation details, and clear opinions over generic summaries or trend-chasing.
Why it exists
Part notebook, part filter: a place to keep the interesting signals and turn them into something more useful than a bookmark.
Where to start
Latest thinking
Start with the newest post if you want the closest view of what I have been testing, building, or paying attention to recently.
Follow a thread
If you are here for one theme, use the categories and tags to stay inside AI, software, hardware, or the specific tools behind each post.
What you will get
Some posts are short and tactical. Others go longer when a system, a workflow, or a product decision is worth unpacking properly.
Blog.feed
Recent writing, notes, and experiments. Read the latest post or follow the topics that brought you here.
/ Software
The recent Packagist and Composer security update matters because it moves the PHP ecosystem away from best-effort trust and toward stronger release controls, malware filtering, and immutable versions.
More posts
/ Software
TrapDoor stood out because it was not tied to one package registry. It spread across npm, PyPI, and crates.io while targeting crypto developers, AI tooling, and developer workstations.
/ Software
The Laravel-Lang compromise showed how dangerous mutable tags and Composer autoload execution can become when attackers gain push access to a package namespace.
/ Software
Megalodon showed that software supply chain attacks do not need a poisoned package when attackers can backdoor CI workflows across thousands of repositories instead.
/ Software
The AntV wave showed how Mini Shai-Hulud evolved from a high-profile compromise into a mass npm credential-harvesting campaign across hundreds of packages.
/ Software
The poisoned Nx Console release and the resulting GitHub employee-device compromise showed how a developer extension can become a platform-level supply chain problem.
/ Software
The Shai Hulud campaign showed how quickly modern package ecosystems can turn a compromised maintainer or CI path into broad install-time credential theft.
/ Software
The LiteLLM and Telnyx incidents showed how stolen publishing credentials can turn trusted PyPI packages into fast-moving credential harvesters.
/ Software
Laravel Paper lets you use Eloquent against Markdown and JSON files, keeping the familiar Laravel model workflow without reaching for a database first.
/ Ai
Large models can be intimidating to customize: heavy frameworks, complex training loops, and expensive compute all get in the way.
/ Software
Superpowers is an open-source collection of AI-assisted coding utilities that aim to streamline developer workflows.
/ Hardware
WithDiode provides a fast path from idea to working circuit without wrestling with toolchains, bench wiring, or messy breadboards.
/ Ai
Voice synthesis has moved quickly from laboratory demos to production-grade tools. Voicebox aims to put cutting-edge voice cloning into a local-first desktop application.
/ Software
Laravel Introspect turns parts of your Laravel application into something you can query with a fluent API: views, routes, classes, and Eloquent models.