The Things I Read (Week 25)

A little later then usuals. Yesterday I was at the Dutch ComicCon, and I forgot to post. Here is my reading of last week.

The Real Impact of AI

I think we’re all wondering about the deeper effects of weaving AI into our daily lives. This week, I found a few articles that really made me stop and think. The first was a standout study from MIT that suggests using tools like ChatGPT for writing could lead to a kind of “cognitive debt.” They literally measured brain activity and found that relying on AI can cause the parts of our brain responsible for deep thinking to become under-engaged. It’s a fascinating and slightly worrying idea.

On a much darker note, I read a tragic story about a man’s mental health crisis that became dangerously entangled with his conversations with an AI. It’s a powerful reminder that we’re still grappling with the very human consequences of this technology.

My Reading List:

• Your Brain on ChatGPT: A must-read MIT study on how AI might be creating a ‘cognitive debt.’ The summary article from TIME is a bit quicker to get through.
• A Tragic Story (Content Warning): A heavy but important piece from Rolling Stone about the unforeseen human cost when AI and a mental health crisis collide.
• The AI Drawbridge is Going Up: A sharp argument that the AI world is becoming less open, much like the web did before it.
• How Llama 3.1 Remembers Harry Potter: A look at an AI’s massive recall ability and the major copyright questions it raises.
• Andrej Karpathy on the New Software: A short but thought-provoking piece from Y Combinator on how software development itself is changing.
• AI in Dutch Schools: For my Dutch readers, a look at how the educational system is thinking about AI in testing.
• Vibecoding & Google Translate: A weirdly interesting post on what translation can teach us about culture.

AI Security & Development: A Messy Frontier

This is where things get really interesting for me. The intersection of AI, development, and security is a wild west right now. Simon Willison perfectly captured the danger with what he calls the “lethal trifecta” for AI agents: giving an AI access to private data, letting it browse untrusted content (the internet), and allowing it to talk to the outside world. It’s a recipe for disaster.

This isn’t just theory, either. Another article reported that LLM agents are shockingly bad at tasks that require confidentiality, failing basic tests in a simulated CRM environment. And from the developer’s perspective, I saw two sides of the coin: Miguel Grinberg explained why these AI coding tools just aren’t working for him, while Simon Willison shared how an AI-generated library became his first open-source project.

My Reading List:

• The Lethal Trifecta for AI Agents: Simon Willison’s essential breakdown of the core security risk of today’s AI agents.
• How LLMs Could Be Insider Threats: Anthropic research on how an AI can be prompted to perform blackmail or espionage. Spooky stuff.
• LLM Agents Flunk Confidentiality Tests: A report from The Register on just how unreliable agents are with sensitive info.
• Hacking AI Agents: A practical guide from Joseph Thacker on finding and exploiting vulnerabilities in AI applications.
• Curl vs. AI: A great interview with the creator of Curl on dealing with the flood of low-quality, AI-generated bug reports.
• Why AI Coding Tools Don’t Work For Me: An honest take from Miguel Grinberg on the current limitations of AI coding assistants.
• My First AI-Generated Library: The fascinating counter-story from Simon Willison on building a complete library with AI help.
• Security Best Practices from Model Context Protocol & a look at its potential threats from CyberArk.
• Free Local AI Security Checks: A cool tool I found on Hacker News for checking AI-generated code in VSCode.
• Interviews with Tanya Janca: Two great posts from her, one an interview with Laura Bell Main and the other a collection of her fantastic conference talks.

Open Source News

It was a big week for open-source drama and discoveries. The headline was definitely the massive malware network found hiding on GitHub—a stark reminder to be careful out there. On a brighter note, I read about a new Linux phone being built with open-source hardware right here in the EU.

• Massive Malware Network on GitHub: The story of how Klarrio uncovered a huge, malicious network on the world’s biggest code platform.
• A New EU-Made Linux Phone: An interview with the folks at Liberux about their open-source hardware phone.
• Open Source Can’t Coordinate: A short but insightful post on the challenges of getting things done in open-source projects.

Dev Tools I’m Eyeing

I’m always on the lookout for tools that can make my workflow a little better. This week, a keyboard-centric setup for VSCode + Neovim caught my eye, along with a tool for smarter git squash commands.

• VSCode + Neovim Setup: A guide for anyone who wants a powerful, keyboard-first development environment.
• Git-Smart-Squash: A tool that looks like it could really clean up my git workflow.
• Harper Grammar Checker: A free, open-source, and privacy-focused alternative to other grammar tools.
• On Software Complexity: A meta-analysis of three different ways to think about what makes software “complex.”
• Also, I’ve just been keeping up with David Heinemeier Hansson’s blog. Always a good read.

And Finally, Something Completely Different…

To cleanse the palate after all that heavy reading on AI risk and malware, here’s a fantastic video on how to make Gözleme, the amazing Turkish flatbread snack. Enjoy!