Programmer Weekly (Issue 260 July 3 2025)

Welcome to issue 260 of Programmer Weekly. Let's get straight to the links this week.

Not All AI Notetakers Are Secure. Here’s the Checklist to Prove It.

You wouldn’t let an unknown vendor record your executive meetings, so why trust just any AI?

Most AI notetakers offer convenience. Very few offer true security.

This free checklist from Fellow breaks down the key criteria CEOs, IT teams, and privacy-conscious leaders should consider before rolling out AI meeting tools across their org.


Quote of the Week

“Software gets slower faster than hardware gets faster.” - Wirth’s Law


Reading List

The article explains how to read all data, including biometrics, from an NFC passport chip on Linux using the pypassport tool, detailing the process of reconstructing the required MRZ (Machine Readable Zone) password from passport details and providing Python code for both MRZ generation and chip reading.

Government agencies like NSA and CISA are promoting memory safe languages (MSLs) to reduce software vulnerabilities and improve national cybersecurity. MSLs shift safety responsibilities from developers to the language itself, but adoption requires thoughtful evaluation, tooling, and investment.

The blog details how to trick a Windows virtual machine into believing it has a CPU fan by modifying SMBIOS data, a technique useful for bypassing malware that detects VMs by checking for hardware like fans. After overcoming several technical hurdles—such as properly defining both the cooling device and its associated temperature probe—the author successfully emulates a CPU fan in both Xen and QEMU/KVM environments.

The post details how the author scanned all of GitHub’s "Oops Commits"—commits deleted via force-push but still retained in GitHub’s archives—for leaked secrets, uncovering credentials worth $25,000 in bug bounties. They introduce a new open-source Force Push Scanner tool that automates finding and scanning these dangling commits, highlighting how deleted commits remain accessible and can pose ongoing security risks for organizations

The article describes the UK passport application process as a whimsically complex "adventure puzzle game," emphasizing the recursive, document-driven logic and bureaucratic side-quests that require proofs of Britishness through generations, with a playful coding twist. It then details an attempt to model this process in Haskell using logic programming, highlighting the challenges of encoding British nationality rules and the need for interactive, proof-based document gathering.

The article explores the challenges of tokenization in language models, drawing parallels to the "bitter lesson" that emphasizes the importance of scale and computation over handcrafted solutions. It highlights how tokenization choices can influence model performance and argues for simple, scalable approaches as ultimately more effective in advancing AI.

The author shares a positive first experience with the Gleam programming language, praising its strong type system, clear error messages, and smooth integration with the Erlang ecosystem. They note that while Gleam is still maturing and has some missing features, it offers a delightful developer experience and is promising for building reliable backend systems.

This article is a deep‑dive into Google's TPUs explores how their design—centered on high-efficiency systolic arrays, large on-chip memory, and XLA compiler co-design—delivers exceptional throughput compared to GPUs. It breaks down TPUv4 architecture, explains how systolic arrays work, and highlights the hardware-software synergy that enables scalable, energy-efficient ML acceleration.


Watch, Listen

The video provides a reality check on how software engineers at AI startups and Big Tech companies are actually using AI coding tools in 2025, contrasting executive hype with on-the-ground experiences. It finds that while AI-assisted development is increasingly integrated and useful, especially at companies like Google and Amazon, the tools still face significant limitations and their impact varies widely across organizations and teams.

Andrej Karpathy’s keynote argues that we are entering the “Software 3.0” era, where programming is done in natural language and large language models (LLMs) act as a new kind of computer, fundamentally changing how software is built and who can build it. He draws analogies between LLMs and utilities, fabs, and operating systems, emphasizing that we’re in the early days of this paradigm shift and that building for AI agents and human-AI collaboration will define the next wave of software innovation

The talk features a discussion with backend engineer Tai Groot comparing Rust, Go, and TypeScript for backend development, focusing on their trade-offs between performance and developer experience. It also covers practical advice on running open source projects, mentoring junior developers, and why learning foundational tools like Arch Linux can benefit backend engineers.


Interesting Projects, Tools and Libraries

AI-powered Postgres Client.

Autumn is an open-source pricing & billing platform.

A modular, extensible CPU emulator written in Java, featuring a custom-designed instruction set and memory architecture.

An open source "Rust ↦ WASM, k-Means Color Quantization" crate for Image-to-Pixel-Art conversions in the browser.

Oasis is a fully open-source, mostly 3d-printed smart terrarium. It provides the ideal environment for humidity-loving plants like mosses, ferns, orchids, and many others.

Create realistic datasets for demos, learning, and dashboards.

Connecting AI agents through shared memory and collaborative intelligence.

Make beautiful isometric infrastructure diagrams.

Your fully private, open-source, on-device AI assistant.


Our Other Newsletters

Python Weekly - A free weekly newsletter featuring the best hand curated news, articles, tools and libraries, new releases, jobs etc related to Python.


Founder Weekly - A free weekly newsletter for entrepreneurs featuring best curated content, must read articles, how to guides, tips and tricks, resources, events and more.