Programmer Weekly (Issue 256 May 29 2025)

Author

Rahul Chaudhary
May 29, 2025

Welcome to issue 256 of Programmer Weekly. Let's get straight to the links this week.

Start learning AI in 2025

Keeping up with AI is hard – we get it!

That’s why over 1M professionals read Superhuman AI to stay ahead.

  • Get daily AI news, tools, and tutorials

  • Learn new AI skills you can use at work in 3 mins a day

  • Become 10X more productive


Quote of the Week

“Comments are often lies waiting to happen. Code should speak for itself whenever possible.” — Michael Toppa


News
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft

A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses. GitLab patched the issue, and we’ll walk you through the full attack chain — which demonstrates five vulnerabilities from the 2025 OWASP Top 10 for LLMs.

Microsoft has announced a public preview of a new PostgreSQL extension for Visual Studio Code, offering integrated database management, AI-powered query assistance via GitHub Copilot, and seamless Azure integration—all within the code editor. Key features include schema visualization, context-aware IntelliSense, Entra ID authentication, and a database-aware Copilot agent to streamline and enhance PostgreSQL development workflows.


Reading List

The blog post details how to use Anthropic’s Claude AI, via the open-source Model-Context Protocol (MCP), to build a trading assistant that can check portfolios and place trades through SnapTrade’s API. The author shares practical tips and code examples, noting that Gemini outperformed Claude in generating a working MCP server, and highlights the integration process, requirements, and potential caveats of automating financial actions with AI tools.

The article presents a step-by-step framework for “evaluation-driven development” of agentic (LLM-based) systems, emphasizing the importance of defining clear business goals, rigorous evaluation metrics, and continuous feedback loops throughout the AI product lifecycle. By integrating observability, rapid prototyping, and iterative improvement, developers can systematically build, monitor, and evolve robust AI agents that align with real-world business needs.

Instacart describes how it built a modern, scalable search infrastructure using PostgreSQL to power fast and relevant search results for millions of grocery items. The post covers their architectural decisions, performance optimizations, and how leveraging Postgres enabled flexibility and rapid iteration for their engineering team.

Open table formats like Apache Iceberg are revolutionizing data architecture by enabling database-like features—such as ACID transactions, time travel, and flexible SQL queries—directly on affordable, distributed object storage, breaking the traditional lock-in of proprietary data warehouses. This shift, embodied by the ICE Stack (Interoperable, Composable, Efficient), allows organizations to mix and match storage, compute, and catalog solutions, driving down costs and fostering true data independence and interoperability across platforms.

Robust Database Backup Recovery at Uber

Uber details its strategy for robust database backup and recovery, focusing on ensuring data integrity and minimizing downtime across its global operations. The post explains how Uber uses automated, scalable backup systems and regular recovery drills to safeguard against data loss and enable rapid restoration in case of failures.

Mistral AI has launched its new Agents API, enabling developers to build advanced AI agents that can perform actions, maintain persistent memory, and orchestrate complex workflows using built-in connectors for code execution, web search, image generation, and more. The API is designed for enterprise-grade applications, allowing multiple agents to collaborate, manage stateful conversations, and integrate with external systems for practical, real-world problem-solving.

This post details the journey of building Aurora DSQL, a next-generation, serverless, cloud-native SQL database designed for seamless scaling, high availability, and minimal operational overhead. The story highlights how the team transitioned from JVM-based components to Rust for performance and memory safety, and engineered novel architectural solutions—like the Crossbar and modular Postgres extensions—to overcome fundamental challenges in distributed systems and database scalability.


Watch, Listen

Janvi Kalra, an AI Engineer at OpenAI, shares her journey from interning at Google and Microsoft to breaking into AI engineering by building side projects, joining hackathons, and proactively learning new skills. She offers practical advice for aspiring AI engineers, discusses how to evaluate AI companies, and highlights the importance of being product-minded, adaptable, and continuously learning in the fast-evolving AI field.

Wes and Scott talk with VC Dan Levine about how developers can raise venture capital, what investors look for in early-stage startups, the realities of bootstrapping vs. fundraising, and why great ideas often start as simple side projects.

The talk details Instagram’s journey from managing a handful of manually monitored AI models to scaling and automating the deployment, monitoring, and health assessment of over a thousand models powering its recommendation systems. By building a unified model registry, streamlining launch processes, and introducing standardized model health metrics, Instagram dramatically improved reliability, observability, and iteration speed for its machine learning infrastructure.

Microsoft’s TypeScript team is porting the TypeScript compiler to native code using Go, resulting in up to a 10x speed-up in compile times and project operations. In this Microsoft Build 2025 session, Anders Hejlsberg explains the motivations, technical journey, and future roadmap for this major performance upgrade.

This Developer Voices episode features JVM expert Josh Long discussing how Java and the JVM have rapidly modernized, with innovations like new threading models, value objects (Project Valhalla), and better native interop (Project Panama) making Java competitive for high-performance and AI workloads. The conversation highlights Java’s evolution from stagnation to a vibrant ecosystem, emphasizing improvements in performance, developer experience, and suitability for modern programming challenges.


Interesting Projects, Tools and Libraries

Self-Hosted Plaform for Secure Execution of Untrusted User/AI Code.

A blazingly fast, simple and beautiful terminal-based to-do manager.

An emulation based tool for learning and debugging assembly.

F2 is a cross-platform command-line tool for batch renaming files and directories quickly and safely.

SpendSmart is an open-source iOS app that uses AI to make receipt management effortless. Just snap a photo of one or more receipts, and SpendSmart automatically extracts all the key details: store name, location, items, totals, payment method, and more.

A high-performance distributed file system designed to address the challenges of AI training and inference workloads.

Extract the main content from web pages.

stagewise is a browser toolbar that connects your frontend UI to your code ai agents in your code editor.

Open source auth infrastructure for B2B SaaS.

An Open-Source MailServer, NewsLetter, Email Marketing Solution for Smarter Campaigns.


Our Other Newsletters

Python Weekly - A free weekly newsletter featuring the best hand curated news, articles, tools and libraries, new releases, jobs etc related to Python.


Founder Weekly - A free weekly newsletter for entrepreneurs featuring best curated content, must read articles, how to guides, tips and tricks, resources, events and more.