Skip to main content Arjen Wiersma

The Things I Read This Week (24)

Software Engineering

In my feed the opening talk by DHH at Rails World 2024 popped up, most notably due his stance on the reduction of complexity in running an online business. He promotes running your own (virtual) hardware, reducing build pipelines and not using Platform as a Service providers (#nopaas). Watch it below.

It really interested me, for my hobby projects I don’t have a lot of time and I would like the experience to be as smooth as butter. Years ago I wrote Rails based web applications, so the release of Rails 8 with this introduction made me curious how Rails development is nowadays. Spent a weekend working on a small project and it is pretty darn good I must say.

AI Stuff

Threats and stupidity

Tim Bray talked about AI Angst [2], how the world seems to struggle with using AI and feel threatened by it. At the same time we are full into the time of AI Agents with cool projects to track their effectiveness. As it is still possible to leak private data using AI agents (echoleak) [25] and AI agents are wiping your computer when stuff becomes too hard [6], it seems we are still some ways off the safe application of AI agents. Most AI applications seem to be some type of “fraud” as well, such as calory counting apps [7]. Just because you stick AI into it, doesn’t make it better.

I highly recommend reading Neil Madden’s review of the AI code written by Cloudflare for their new OAuth library [12]. The process they used is well documented, so we can see exactly where the AI stopped being able to generate the required code and needed human interaction. Most interesting point of this review is that Neil is into security, and this is a security library and, shocker, the AI failed at safe application of security. Luckily the humans of Cloudflare are excellent coders and know their stuff!

There are good applications as well of course, such as Honeycomb finding that computers can work faster then humans [16]. Or having experience developers use AI to do something new, such as build an iOS app [14].

Apple, in the meantime, dropped a major paper “Shojaee, Mirzadeh & Alizadeh et al. (2025) The Illusion of Thinking: Understanding the Strengths and Limitations of Reasoning Models via the Lens of Problem Complexity, arXiv.org.” [11], which identifies that current reasoning models are using patterns from the past to build up thoughts and are not really reasoning. This resulted in a lot of discussion [13], but the paper seems to hold.

A new repository was launched, vibesec, which holds AI rules for various programming languages/models.

Closing

I really should get a better workflow going. Currently my reading goes into Zotero and then on sunday I just categorize the items correctly. Perhaps I can make something that will build this post during the week, as I read it… how do you do it?

The complete list

[1]
Adding Sign Up to the Rails 8 Authentication Generator. https://robrace.dev/blog/rails-8-authentication-sign-up/, 2024. Accessed: Jun. 13, 2025. [Online]. Available: https://robrace.dev/blog/rails-8-authentication-sign-up/
[2]
AI Angst. https://www.tbray.org/ongoing/When/202x/2025/06/06/My-AI-Angst. Accessed: Jun. 10, 2025. [Online]. Available: https://www.tbray.org/ongoing/When/202x/2025/06/06/My-AI-Angst
[3]
AI Coding Agents. https://aavetis.github.io/ai-pr-watcher/. Accessed: Jun. 09, 2025. [Online]. Available: https://aavetis.github.io/ai-pr-watcher/
[4]
J. Arinze, Why Senior Developers Google Basic Syntax. https://faun.pub/why-senior-developers-google-basic-syntax-fa56445e355f, 2025. Accessed: Jun. 10, 2025. [Online]. Available: https://faun.pub/why-senior-developers-google-basic-syntax-fa56445e355f
[5]
Marco M. Beurer-Kellner, GitHub MCP Exploited: Accessing Private Repositories via MCP. https://invariantlabs.ai/blog/mcp-github-vulnerability, 2025. Accessed: Jun. 05, 2025. [Online]. Available: https://invariantlabs.ai/blog/mcp-github-vulnerability
[6]
Cursor YOLO Deleted Everything in My Computer - Bug Reports. https://forum.cursor.com/t/cursor-yolo-deleted-everything-in-my-computer/103131, 2025. Accessed: Jun. 14, 2025. [Online]. Available: https://forum.cursor.com/t/cursor-yolo-deleted-everything-in-my-computer/103131
[7]
M. Dietz, I Used AI-Powered Calorie Counting Apps, and They Were Even Worse Than I Expected. https://lifehacker.com/health/ai-powered-calorie-counting-apps-worse-than-expected, 2025. Accessed: Jun. 10, 2025. [Online]. Available: https://lifehacker.com/health/ai-powered-calorie-counting-apps-worse-than-expected
[8]
The Gentle Singularity. https://blog.samaltman.com/the-gentle-singularity. Accessed: Jun. 12, 2025. [Online]. Available: https://blog.samaltman.com/the-gentle-singularity
[9]
GitHub - Gbrayhan/Hexagonal-Architecture-Clojure: DDD Hexagonal Architecture Using Clojure. https://github.com/gbrayhan/hexagonal-architecture-clojure/tree/main. Accessed: Jun. 08, 2025. [Online]. Available: https://github.com/gbrayhan/hexagonal-architecture-clojure/tree/main
[10]
J. G. Herrero, “Localhost Tracking” Explained. It Could Cost Meta 32 Billion. https://www.zeropartydata.es/p/localhost-tracking-explained-it-could, 2025. Accessed: Jun. 11, 2025. [Online]. Available: https://www.zeropartydata.es/p/localhost-tracking-explained-it-could
[11]
P. Shojaee, I. Mirzadeh, K. Alizadeh, M. Horton, S. Bengio, and M. Farajtabar, The Illusion of Thinking: Understanding the Strengths and Limitations of Reasoning Models via the Lens of Problem Complexity. https://arxiv.org/abs/2506.06941v1, 2025. Accessed: Jun. 15, 2025. [Online]. Available: https://arxiv.org/abs/2506.06941v1
[12]
A Look at CloudFlare’s AI-coded OAuth Library. 2025.
[13]
G. Marcus, Seven Replies to the Viral Apple Reasoning Paper – and Why They Fall Short. 2025.
[14]
My First Attempt at iOS App Development. https://mgx.me/my-first-attempt-at-ios-app-development, 2025. Accessed: Jun. 09, 2025. [Online]. Available: https://mgx.me/my-first-attempt-at-ios-app-development
[15]
Network and Information Systems Directive 2 (NIS2) | ENISA. https://www.enisa.europa.eu/topics/awareness-and-cyber-hygiene/raising-awareness-campaigns/network-and-information-systems-directive-2-nis2. Accessed: Jun. 13, 2025. [Online]. Available: https://www.enisa.europa.eu/topics/awareness-and-cyber-hygiene/raising-awareness-campaigns/network-and-information-systems-directive-2-nis2
[16]
A. Parker, It’s The End Of Observability As We Know It (And I Feel Fine). 2025.
[17]
Ruby on Rails, Rails World 2024 Opening Keynote - David Heinemeier Hansson. 2024.
[18]
J. Searls, Why Agents Are Bad Pair Programmers. https://justin.searls.co/posts/why-agents-are-bad-pair-programmers/, 2025. Accessed: Jun. 10, 2025. [Online]. Available: https://justin.searls.co/posts/why-agents-are-bad-pair-programmers/
[19]
Self-Host & Tech Independence: The Joy of Building Your Own. https://www.ssp.sh/blog/self-host-self-independence/, 2025. Accessed: Jun. 08, 2025. [Online]. Available: https://www.ssp.sh/blog/self-host-self-independence/
[20]
N. Sobo, The Case for Software Craftsmanship in the Era of Vibes - Zed Blog. https://zed.dev/blog/software-craftsmanship-in-the-era-of-vibes, 2025. Accessed: Jun. 13, 2025. [Online]. Available: https://zed.dev/blog/software-craftsmanship-in-the-era-of-vibes
[21]
Software Is About Promises. https://www.bramadams.dev/software-is-about-promises/, 2025. Accessed: Jun. 10, 2025. [Online]. Available: https://www.bramadams.dev/software-is-about-promises/
[22]
N. C. Team, NIS2 Cyber | Comprehensive Guide to EU Cybersecurity Directive. https://www.nis2-cyber.com/. Accessed: Jun. 13, 2025. [Online]. Available: https://www.nis2-cyber.com/
[23]
U. Theory, Untamed-Theory/Vibesec. 2025.
[24]
J. Westenberg, Smart People Don’t Chase Goals; They Create Limits. https://www.joanwestenberg.com/smart-people-dont-chase-goals-they-create-limits/, 2025. Accessed: Jun. 10, 2025. [Online]. Available: https://www.joanwestenberg.com/smart-people-dont-chase-goals-they-create-limits/
[25]
S. Willison, Breaking down `EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot. https://simonwillison.net/2025/Jun/11/echoleak/. Accessed: Jun. 12, 2025. [Online]. Available: https://simonwillison.net/2025/Jun/11/echoleak/
[26]
S. Willison, Design Patterns for Securing LLM Agents against Prompt Injections. https://simonwillison.net/2025/Jun/13/prompt-injection-design-patterns/. Accessed: Jun. 13, 2025. [Online]. Available: https://simonwillison.net/2025/Jun/13/prompt-injection-design-patterns/