The Things I Read (Week 27 and 28)

This week’s reading was a deep dive into the world of AI-assisted development, its security implications, and the evolving role of the human developer. I also explored significant topics in hardware, software supply chain security, and some fascinating findings from the world of science.

AI in the Trenches: Development and Security

The intersection of AI, software development, and security was the dominant theme this week. A major focus was on moving beyond simple “vibe coding” toward more structured, secure, and effective methods. This includes “Vibe Speccing” to create structured workflows and using rules files to secure AI coding tools. The concept of “Context Engineering” was presented as the crucial new skill, emphasizing that providing the right information to the model is more important than prompt crafting alone.

On the security front, new tools and research highlighted the fragility of current systems. I read about Prompt-Security, a tool designed to prevent sensitive data from leaking to LLMs, and the BaxBench benchmark, which revealed that even the most advanced models struggle to generate functionally correct and secure backend applications. It also turns out that simple inputs can sometimes break model guardrails.

The human element was also a key topic, with articles exploring what a developer’s role becomes when AI can code and a look at research measuring the actual productivity impact of AI on experienced open-source developers.

• Vibe Specs: Vibe Coding That Actually Works by Luke Bechtel. This post explains how writing specifications first can transform AI-assisted development from chaotic code generation into a structured, resumable workflow.
• The New Skill in AI Is Not Prompting, It’s Context Engineering by Philipp Schmid. Argues that the key to effective AI use is context engineering: providing the model with the right information and tools at the right time.
• Taming Agentic Engineering - Prompts Are Code, .Json/.Md Files Are State. Discusses treating LLMs as computers that are programmed with natural language, where prompts are code and files provide state.
• BaxBench: Can LLMs Generate Correct and Secure Backends? by Mark Vero, et al. This paper introduces a new benchmark that shows current LLMs have significant limitations in generating correct and secure backend applications.
• Secure AI Vibe Coding with Rules Files | Wiz Blog. Learn how to use open-source rules files to improve the security of AI-powered coding tools like Copilot and Claude.
• happytaoer/Prompt-Security by happytaoer. A Go tool that automatically detects and filters sensitive data from your clipboard to prevent leaks to LLMs.
• When AI Codes, What’s Left for Me? by Adam Gordon Bell. A podcast episode exploring the changing identity of developers in an age of AI coding agents.
• Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity by METR Blog.
• This Wasn’t a Joke Btw. It Works. You’d Be Surprised How Much Uwu Breaks Guardrail Implementations. by Nick Frichette. A post noting that seemingly innocuous inputs can be surprisingly effective at breaking AI guardrail implementations.

The Broader AI Industry

The AI industry itself is facing turmoil and controversy. I read about OpenAI hitting a “panic button” as it struggles with staff departures to competitors like Meta. There’s also growing concern about the ethics of AI in academia, with a report highlighting how researchers are embedding hidden prompts like “Positive review only” in scientific papers. Finally, AI’s integration into existing platforms is causing friction, as seen with Kobo’s new terms of service raising concerns among authors.

• OpenAI Hits the Panic Button by Luc Olinga. The company behind ChatGPT is reportedly preaching its mission over money as it faces an exodus of staff.
• ‘Positive Review Only’: Researchers Hide AI Prompts in Papers by Shogo Sugiyama and Ryosuke Eguchi. A report on how instructions meant for AI were found embedded in preprints from 14 universities, highlighting the controversy around using AI in the peer-review process.
• AI Might Undermine One of the Better Alternatives to the Kindle. New mentions of AI in Kobo’s terms of service are raising concerns for a platform that has traditionally maintained a friendly relationship with indie authors.
• Didactief | AI Is Trein Die Niet Meer Stopt. An article titled “AI is a train that no longer stops.”

Software, Hardware, and Security

Beyond AI, I read several important pieces on engineering and security. One standout was a deep dive into eliminating an industry-wide supply chain vulnerability, emphasizing the need to “Burn It With Fire.” I also looked into a major vulnerability in Supabase’s MCP implementation that could lead to database leaks.

On the hardware front, I read about the unsustainability of Moore’s Law, the exciting news of Commodore’s acquisition by figures from the retro community, a potential “cheap” MacBook using an iPhone chip for unprecedented battery life, and a technical look at the hidden JTAG port in Qualcomm devices.

• Burn It With Fire: How to Eliminate an Industry-Wide Supply Chain Vulnerability by Jonathan Leitschuh. The story of a supply chain bug that couldn’t be ignored.
• Supabase MCP Can Leak Your Entire SQL Database | General Analysis.
• Revisiting Knuth’s “Premature Optimization” Paper.
• The Unsustainability of Moore’s Law by Charles Rosenbauer. An essay on how the doubling of transistor density every two years is becoming unsustainable.
• Commodore Acquired for a ‘Low Seven Figure’ Price — New (Acting) CEO Comes from the Retro Community by Mark Tyson.
• The Hidden JTAG in Your Qualcomm/Snapdragon Device’s USB Port | Blog | Linaro. A post explaining JTAG and the Emergency Download Mode (EDL) in Qualcomm chips.
• A ‘Cheap’ MacBook With an iPhone Chip Could Bring Battery Life Like We’ve Never Seen Before by Raymond Wong.

Science & Human Interest

Finally, some fascinating and eclectic stories. I read about a stunning amber fossil revealing a “Last of Us”-type parasitic fungus from the age of the dinosaurs and a satellite study showing rising salinity and declining ice in the Southern Ocean. On a lighter note, tying into my recent 3D printing hobby, I discovered the Gridfinity :: Unofficial Wiki, a modular, open-source storage system.

• Stunning Amber Fossil Reveals ‘Last of Us’-Type Fungus Likely Lived alongside Dinosaurs by Katie Hunt. Paleontologists discovered 99-million-year-old insects with parasitic fungi bursting from their bodies.
• Rising Surface Salinity and Declining Sea Ice: A New Southern Ocean State Revealed by Satellites by Alessandro Silvano, et al. A study revealing that a marked increase in surface salinity across the Southern Ocean since 2015 has coincided with a dramatic decline in sea ice.
• European Summers Are Getting Brutally Hot. So Why Is Air Conditioning so Rare? by Mitchell McCluskey and Laura Paddison.
• ‘I Was Shocked’: Melbourne Man’s ‘unbelievable’ Find after Buying House. A man who loved trains as a child discovered an extensive hobby train network in the house he bought.
• Touching the Back Wall of the Apple Store. A short story about a game played in an Apple store.