Posts

You can’t scroll through a tech feed these days without bumping into a hot take on AI and coding. Depending on who you ask, it’s either the greatest productivity boost in history or a security dumpster fire waiting to happen. Opinions are cheap, which is why I prefer to stick to the data from actual research. That way, the information is verifiable, and you can trust the analysis because you can check the sources for yourself. This style of writing I call Research Driven Blogging .

This week’s reading was a deep dive into the world of AI-assisted development, its security implications, and the evolving role of the human developer. I also explored significant topics in hardware, software supply chain security, and some fascinating findings from the world of science.

AI in the Trenches: Development and Security

The intersection of AI, software development, and security was the dominant theme this week. A major focus was on moving beyond simple “vibe coding” toward more structured, secure, and effective methods. This includes “Vibe Speccing” to create structured workflows and using rules files to secure AI coding tools. The concept of “Context Engineering” was presented as the crucial new skill, emphasizing that providing the right information to the model is more important than prompt crafting alone.

I’ve talked about AI mistakes and outside attackers. But what if the AI itself becomes the problem? What if it learns to be deceptive?

It is extremely hot here. I am still pushing the newsletter out, even though I just want to sit in an air-conditioned room playing video games. But here it is!

Hey everyone, welcome to Week 2!

My reading list is a bit shorter this week, mostly because I’ve fallen down a deep, deep 3D printing rabbit hole. (My desk is now covered in very handy 3d printed tools for the printer itself and one glorious OctoRocktopus).

Still, between prints, I managed to find some absolute gems. This week’s theme seems to be the practical, sometimes harsh reality of AI adoption, mixed with some fascinating policy decisions in the open-source world.

Last time , we learned that AI agents are like smart assistants that can think, remember, and most importantly, do things on their own.

Hey everyone, let’s keep going!

So far, I’ve covered the basics of AI security and some specific problems like Prompt Injection. Today, I’m talking about the next big thing: AI Agents.

Alright, welcome back to our chat about AI security!

Welcome to Day 1 of my guide to the important topic of Generative AI (GenAI) and Large Language Model (LLM) security.

A little later then usuals. Yesterday I was at the Dutch ComicCon, and I forgot to post. Here is my reading of last week.

The Real Impact of AI

I think we’re all wondering about the deeper effects of weaving AI into our daily lives. This week, I found a few articles that really made me stop and think. The first was a standout study from MIT that suggests using tools like ChatGPT for writing could lead to a kind of “cognitive debt.” They literally measured brain activity and found that relying on AI can cause the parts of our brain responsible for deep thinking to become under-engaged. It’s a fascinating and slightly worrying idea.

Hey everyone,

Let’s be honest. This new wave of generative AI is moving incredibly fast. One minute we’re asking it to write a poem, and the next, AI “agents” are being built to act on their own.

Software Engineering

In my feed the opening talk by DHH at Rails World 2024 popped up, most notably due his stance on the reduction of complexity in running an online business. He promotes running your own (virtual) hardware, reducing build pipelines and not using Platform as a Service providers (#nopaas). Watch it below.

Tech in general

I learned that most of the layoffs in the US are not so much about AI taking jobs. Sure, there are bound to be a bunch of people that are no longer employed because their jobs was easily replaced by a system, but there is more then meets the eye. In “The hidden time bomb in the tax code that’s fueling mass tech layoffs” explores the tax rule that was changed under Trump-I, section 174, which basically no longer allows companies to write-off R&D effort in the current fiscal year.

How Vibe Coding Fails

Now, take a look at the following video. If you don’t know any Dutch, Tom is using bolt.new to create an AI chatbot that simulates a difficult HR conversation. How this relates to education isn’t relevant here; the point is that he wants to demonstrate the use of a model with a frontend.

Will software development change? Yes, of course. Will we stop making software? No, we’ll still be creating software, just not in the same way as before.

For the last few months, a lingering question in our industry has been: is there still room for developers in this AI-driven world? My answer is yes, but we won’t be developing in the same way we have for the past 30 years.

My career dates back to my first professional coding job in 1996. Back then, we created software that had to be physically shipped to customers on some form of media. My most ambitious project was the work I did when the Dutch ISP Freeler was created . We wrote software and then put it on a CD-ROM to ship to customers. Later, the delivery medium became the web, which transformed all our distribution challenges. Programming languages evolved too, shifting from those focused on single platforms and distribution methods to more web-friendly languages.

I am leaving NOVI. Yes, I know, it is sad news. For almost 6 years I have been building and maintaining an organisation that provides the best cybersecurity and software development (Bachelor) education in The Netherlands. In that time I have done amazing things:

• Created a short course format for people that want to switch careers. With some back of the napkin calculations I have seen over 2500 students pass through one of the programs.
• I lead a team of quality assurance, educational development, EduTech developers and teachers to build an awesome EduTech tool and provide top-notch education.
• Started and hosted the Hack The Box NL meetups for 4 years.
• I became part of the management team and helped the organisation through an M&A proces

It has been a wild ride, but like all things that begin, it must end.

When I tell people that I like to code in Clojure the common response is “wut?”. Clojure is not known as a programming language in which you create big systems. As all Clojure people know, this is not true. There are many systems written in Clojure. Let me show you some that are very actively maintained.

First there is Lipas, a Finnish platform that shows you information about sports clubs. The structure and techniques used in this code base I use as a reference implementation for my own ClojureScript + Clojure systems. A screenshot of the application is shown here:

Observability in cloud-native applications is crucial for managing complex systems and ensuring reliability (Chakraborty & Kundan, 2021; Kosińska et al., 2023). It enables continuous generation of actionable insights based on system signals, helping teams deliver excellent customer experiences despite underlying complexities (Hausenblas, 2023; Chakraborty & Kundan, 2021). In essence, adding proper observability to your system allows you to find and diagnose issues without having to dig through tons of unstructured log files.

While following the book Zero2Prod you will learn how to deploy a Rust application to digital ocean through a Continuous Deployment pipeline. This is hardly anything new for me, I even teach a course in DevOps, but to not stray from the path of the book I followed its instructions.