May 2026 – A Quiet Milestone

My blog turned 16 this month. I didn’t throw a party, but I did manage to ship a few tiny tools, push a modest update to my open‑source project Helmet, and spend a lot of time clicking through articles that wrestle with the ethical side of our industry.

---

The Four Little Tools I Released

Tool	What it does	Why it matters
ZIP Shrinker	A web app that recompresses ZIP archives to achieve higher compression ratios.	Saves bandwidth for static‑site deployments and makes sharing large bundles a bit easier.
Offline Translator (CLI)	A command‑line utility that runs a language model locally to translate text without sending data to the cloud.	Gives developers a privacy‑first alternative for quick translations in CI pipelines or scripts.
Open Link in Unloaded Tab (Firefox extension)	Opens a link in a new tab without triggering network requests until the user interacts with it.	Reduces unwanted pre‑fetching, helps users avoid tracking pixels, and can speed up browsing on slow connections.
png‑cmp (CLI)	Compares two PNG files pixel‑by‑pixel and reports differences, optionally generating a diff image.	Useful for visual regression testing when you don’t want to rely on heavyweight image‑diff libraries.

Each of these tools is intentionally narrow in scope, but together they illustrate a pattern many of us follow: spot a tiny friction point in our workflow, write a script, and share it publicly. The community tends to appreciate the “just‑enough” approach because it’s easy to adopt and fork.

---

Helmet 8.2.0 – Small Features, Big Documentation Move

After a year of quiet maintenance, Helmet (my open‑source security‑header middleware) got a new patch release, v8.2.0. The changes are modest:

• Added a crossOriginOpenerPolicy helper that mirrors the new COOP header values introduced in Chrome 111.
• Updated the contentSecurityPolicy builder to accept an array of directives for better readability.
• Fixed a handful of TypeScript definition quirks that showed up in strict‑mode projects.
• Refreshed the README and added a Getting Started guide that walks users through a minimal Express setup.

The most visible shift, however, is the migration of the documentation site from a raw GitHub URL to a dedicated domain: helmet.js.org. The move is part of a longer‑term plan to reduce reliance on GitHub Pages and give the docs a more stable home. For contributors, the source still lives in the repo, but the build pipeline now pushes static files to a Netlify bucket.

Why developers should care

• Clarity – The new guide reduces the “search‑and‑replace” friction that many newcomers face when integrating Helmet for the first time.
• Future‑proofing – By decoupling docs from GitHub, the project can adopt a custom theme, add versioned docs, and potentially integrate community‑authored tutorials without fighting the constraints of the GitHub UI.
• Security hygiene – The added crossOriginOpenerPolicy helper aligns Helmet with the latest browser expectations, helping apps avoid mixed‑content warnings.

---

The Articles That Stuck With Me

May was also a month of heavy reading. Below are the pieces that resonated, along with a quick take on why they matter for us as developers.

1. “The vast majority of tech workers … want to see it serve the public good.”

Excerpt: “The vast majority of tech workers, at least those who I have encountered in my many years of reporting, are not vampiric Silicon Valley tech bro caricatures … They both like working with tech and ultimately want to see it serve the public good.”

Why it matters – The quote reminds us that the narrative of “evil engineers” is a myth. Most of us are motivated by curiosity and a desire to build tools that improve lives. Recognizing this can shift how we frame internal discussions about ethics: instead of blaming individuals, we can focus on systemic incentives.

2. “They just formed the biggest tech worker union in the US.”

Excerpt: “They plan to rein in AI and curb layoffs.”

Why it matters – Unionization is gaining traction in software shops that have historically been non‑union. Collective bargaining could become a lever for negotiating AI‑usage policies, data‑privacy safeguards, and transparent layoff processes. For developers, this signals a future where employment contracts might include clauses about AI‑generated code reviews or automated performance monitoring.

3. “Love letter to Gnutella” – a look at the early P2P protocol.

Excerpt: “This ‘love letter to Gnutella’ is both an introduction to a P2P protocol and a celebration of the culture around it.”

Why it matters – Gnutella’s decentralized design pre‑figured many modern concepts: content‑addressable routing, swarm‑based discovery, and resilience against single‑point failures. Revisiting it helps us understand the trade‑offs we face when building today’s distributed systems, whether it’s IPFS, libp2p, or serverless edge networks.

4. “Affordances for me, but not for thee” – AI’s uneven impact.

Excerpt: “One of the oddest parts of the AI shift is that people are much more willing to do things for LLMs that they should have been doing for human beings all along.”

Why it matters – The piece argues that AI affordances tend to amplify power differentials. Accessibility features (screen‑reader support, captioning) empower marginalized users, while AI‑driven productivity tools often benefit those who already hold decision‑making authority. As engineers, we need to ask: Are we building shortcuts that only the privileged can exploit? and How can we embed equitable guardrails into our APIs?

5. “Your AI Slop Bores Me” – a human‑powered chatbot.

Excerpt: “It looks like an LLM chatbot, but it’s entirely powered by humans.”

Why it matters – The project is a playful reminder that conversational interfaces don’t have to be neural nets. Human‑in‑the‑loop designs can provide higher factual accuracy and nuanced empathy, albeit at higher cost. It’s a useful mental model when we consider hybrid systems that blend AI speed with human verification.

6. “Tech companies ignoring California data‑control law” – a research roundup.

Excerpt: “Google, Facebook and Microsoft are ignoring data controls mandated under California law, researchers say.”

Why it matters – Non‑compliance isn’t just a legal risk; it erodes user trust. For developers building SaaS products that serve California residents, the CCPA/CPRA requirements now include explicit data‑access logs and opt‑out mechanisms. Ignoring them can lead to costly audits and, more importantly, a loss of credibility in the marketplace.

---

A Bit of Personal Reflection

I’m still fascinated (and a little nervous) by the idea of being labeled an “anti‑tech extremist” for questioning AI hype. Watching a Jira ticket automatically calculate 2 + 3 felt both impressive and a little absurd—automation is great until it starts solving problems we never asked it to.

The “AI Resist List” asks a timeless question: What can I do to resist AI? The answer, for most of us, is to stay informed, contribute to open‑source alternatives, and push for policy that protects workers and users alike.

---

Looking Ahead

May ends with a mix of small wins (four tools, a Helmet patch) and big‑picture concerns (AI affordances, labor organizing, data‑law compliance). My hope for June is to:

1. Iterate on the offline translator – add language packs and benchmark latency against cloud APIs.
2. Write a tutorial on integrating Helmet 8.2 with a serverless function, showing how to keep security headers consistent across edge runtimes.
3. Participate in the new tech workers union – attend a virtual town hall and share what open‑source maintainers need from collective bargaining.
4. Keep reading – especially pieces that challenge the status quo and force us to think about the societal impact of the code we ship.

If you’re reading this, thanks for stopping by. Here’s to another month of building, questioning, and (hopefully) improving the tech we love.