Martin Fowler and Kent Beck have joined forces to examine the AI disruption — and they're in agreement: this one is categorically different from Agile and OOP in magnitude and speed. When the two architects who helped define modern software engineering land on the same page, you slow down and read it.
The vibe coding debate found its sharpest edges this week. DHH has abandoned keyboard-first coding for a dual-AI tmux setup and barely writes code by hand anymore — with no quality regression reported. Bram Cohen has some thoughts: fully delegating code to AI without reading the output isn't a philosophy, it's a technical debt subscription with deferred payment terms. Both positions are defensible — which is the most unsettling thing about it.
Drew Breunig dissected the accidental Claude Code source leak to map exactly which context components are always vs conditionally included in its system prompt — the most revealing look at professional context engineering from inside a major AI tool that anyone outside Anthropic has published. Martin Fowler wrote the practical companion piece: how to encode your team's conventions into CLAUDE.md, linters, and CI so agents generate code that already passes review without constant correction.
Also in this issue: Konrad Piechowski's five git commands that map a codebase's health, bug clusters, and shipping confidence before you open a single file — an immediately adoptable pre-reading ritual.
Security this week deserves two reads: Dani Akash makes the case for a single package manager config change that blocks fast-moving supply chain attacks before they propagate, and socket.dev documents active social engineering campaigns specifically targeting high-value npm maintainers. Every package publisher should know these techniques before becoming the next target.
Tools this week: dryrun feeds AI agents a Postgres schema snapshot instead of a live database connection, Caveman strips filler words to cut Claude Code token usage by 65%, Boneyard auto-generates pixel-perfect skeleton screens straight from your DOM, and Little Snitch finally comes to Linux.
Enjoy!
Signup here for the newsletter to get the weekly digest right into your inbox.
Find the 12 highlighted links of weeklyfoo #132:
by Gergely Orosz
DHH switched from typing all his code to running two AI models in tmux — now he barely writes any code by hand, while his quality standards haven't budged
🚀 Read it!, ai, engineering
Cycles of Disruption in the Tech Industry
by Gergely Orosz
Martin Fowler and Kent Beck compare the AI shift to Agile and OOP — and explain why this time it's different in magnitude and speed
📰 Good to know, ai, engineering
Minimum Release Age is an Underrated Supply Chain Defense
by Dani Akash
A single package manager config change that can block fast-moving supply chain attacks before they reach your project
📰 Good to know, security, npm
The Cult of Vibe Coding Is Insane
by Bram Cohen
Fully delegating code to AI without reading the output is not a development philosophy, it's a debt factory — AI is only effective when humans actively review and guide it
📰 Good to know, ai, engineering
by Martin Fowler
Practical patterns for putting your team's conventions into CLAUDE.md, linters, and CI so AI agents generate code that passes review without constant correction
📰 Good to know, ai, engineering
How Claude Code Builds a System Prompt
by Drew Breunig
The accidental source code leak reveals how Claude Code assembles its context — some components always included, others conditional — showing just how complex context engineering has become
📰 Good to know, ai, engineering
The Git Commands I Run Before Reading Any Code
by Konrad Piechowski
Five git commands that reveal a codebase's story before you open a single file — who built it, where bugs cluster, whether a team ships with confidence or tiptoes around landmines
📰 Good to know, git, engineering
Attackers Hunting High-Impact Node.js Maintainers
by socket.dev
Ongoing social engineering campaigns targeting npm package maintainers — know these techniques before you become a target
📰 Good to know, security, nodejs
by Radim Marek
Offline-first Postgres MCP server — lets AI agents access what they need from your database using a JSON snapshot, never a live connection
🧰 Tools, postgres, mcp, ai
by Julius Brussee
Claude Code skill and Codex plugin that compresses LLM communication by stripping filler words while maintaining technical accuracy — cuts token usage by an average of 65%
🧰 Tools, ai, claude, tools
by Objective Development
The beloved macOS network monitor finally comes to Linux — see every hidden app network connection, block unwanted traffic, manage blocklists, write custom rules, and view detailed traffic history
🧰 Tools, linux, security
by 0xGF
Snapshots your DOM and auto-generates pixel-perfect skeleton screens — no manual placeholders, supports React, Vue, Svelte, and Angular
🧰 Tools, react, ui
Want to read more? Check out the full article here.
To sign up for the weekly newsletter, visit weeklyfoo.com.
Top comments (0)