Weekly Thing 313 / Agentic, Shadows, WireMock
A mix of engineering, leadership, security, and the future of digital communities — plus a little Apple Intelligence drama for good measure.
A mix of engineering, leadership, security, and the future of digital communities — plus a little Apple Intelligence drama for good measure.
Good mostly, sort-of morning? ☕️
This week has been filled with amazing and unusually warm March days, moving clocks around for daylight savings time, and me coming down with strep throat. That last bit is a great reminder of how thankful we should be for antibiotics.
The article about Reddit this week, you'll find it below, warmed my heart again to Reddit so I spruced up the r/WeeklyThing subreddit. This had some incorrect settings which I've fixed and each week's issue should automatically get shared there. If you enjoy Reddit give it a look. 🤞
I’m going to keep this brief and hit send on Saturday. Hope you are doing well! 👋
Life of Pi marquee at the Orpheum.
March 09, 2025
Minneapolis, MN
Notable
Secret Weblog • Succinct data structures
Loved this read and taking a moment to think hard about memory space and what we are doing with all the bits in these amazing devices we have today. Most of the time programmers today rarely even think about memory. It is just there and we can use it without thought. However, when you need to scan and iterate over data the mere size of the data can impact performance in a huge way. Here, bit operators become so much more effective.
This is kind of like quantum mechanics, where at very small scales, all the rules change.
Career Development: What It Really Means to be a Manager, Director, or VP - Kellblog
Good overview of the differences in accountability between different levels of roles. This mostly focuses on the VP level and how a leader at that level needs to think about their ownership responsibilities.
The VP’s job is to get the right answer. They are the functional expert. No one on the team knows their function better than they do. And even if someone did, they are still playing the VP of function role and it’s their job – and no one else’s — to get the right answer.
I also love the line about directors. " I love strong directors. They get shit done." I'd upvote that comment all day long!
Undocumented commands found in Bluetooth chip used by a billion devices
This article caught my eye because of the security threat. However, when I saw the company name Espressif, I knew I had seen it before. Looking in my UniFi console I see I have one of these devices on my network!
You know how in movies they always have these scenes where the tech person plugs a little dongle into a computer and in 5 seconds has control of the entire thing. Or they even just stand by it and do that? This is when technologists roll their eyes and mutter "it doesn't work like that" under their breath.
Except this backdoor shows maybe it could, or does.
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.
The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.
Testing chips to see if they do what they say they do is straightforward. Testing chips to see if they do anything else? That is ridiculously hard if not impossible.
Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs.
None of this is even possible to exploit via the operating systems themselves.
Building an Agentic System
It is a big leap from using LLMs to perform functions inside a system or product to getting to Agentic features.
This guide dissects a working agentic system architecture with a focus on:
- Responsive Interactions - How to build systems that stream partial results instead of making users wait for complete responses
- Parallel Execution - Techniques for running operations concurrently without sacrificing safety
- Permission Systems - Implementing guardrails that prevent agents from taking unauthorized actions
- Tool Architecture - Creating extensible frameworks for agents to interact with the environment
I've deliberately focused on concrete engineering patterns rather than theoretical ML concepts. You'll find diagrams, code explanations, and architectural insights that apply regardless of which LLM you're using.
This is focused on coding tasks but I would expect patterns that could be applied to different Agentic paradigms.
The Fundamental Humanity of Reddit - The Atlantic
This is a bit of a love letter to Reddit, the site that I've never gone that deep in, but always think I should give it a deeper look.
Giving users this much control over a major social platform is basically unheard-of anymore. It’s a throwback to the early web, when people had to tend to the sites they wanted to be a part of, and it’s a stark contrast to the way other social-media sites have evolved.
The structure of Reddit definitely got more things right than wrong. If you dig Reddit, check out r/WeeklyThing. And if the Reddits you join say something about you, one of my favorites is r/candlemaking. 😊
Here’s how I use LLMs to help me write code
Willison dove deep into LLM usage early on and has focused squarely on it for a couple of years now. This post is a great recap of what he has learned about using an LLM to help him write code.
Using LLMs to write code is difficult and unintuitive. It takes significant effort to figure out the sharp and soft edges of using them in this way, and there's precious little guidance to help people figure out how best to apply them.
If someone tells you that coding with LLMs is easy they are (probably unintentionally) misleading you. They may well have stumbled on to patterns that work, but those patterns do not come naturally to everyone.
Willison’s comment near the end is great.
I'm certain it would have taken me significantly longer without LLM assistance--to the point that I probably wouldn't have bothered to build it at all.
This is why I care so much about the productivity boost I get from LLMs so much: it's not about getting work done faster, it's about being able to ship projects that I wouldn't have been able to justify spending time on at all.
We still have a lot of folks saying that computers are just going to code themselves with LLMs. Informed opinions are more aligned with Willison's. This is yet another huge boost in what developers can create. More layers of abstraction and power to create more things.
Kill your Feeds - Stop letting algorithms dictate how you think - usher.dev
As I've shared before it is not possible to write an algorithm to filter, sort, and show you information without the algorithm having a goal. There are only two truly neutral ways to do that — sorting by date and time or randomizing. This post highlights the greater concern I have over us giving an algorithm control over what we read.
With the power to shape what we see comes the power to shape what we believe. Whether through deliberate manipulation or the slow creep of algorithmic recommendations, engagement is fueled by outrage, and outrage breeds extremism. The result is a feedback loop that isolates users, reinforces beliefs, and deprioritises opposing viewpoints.
I wish I had a simple way to convince people to step out of these algorithms. The challenge is that the mental rewards circuits work so very well. Something I've been noodling on recently is assessing the value of our attention. It is interesting to me that when we exchange money for a product we tend to be at least a bit considerate of the trade-off. Sure marketing can sway us, but we are at least aware that we are giving $10 in return for a thing.
We need to do the same thing with our attention. You are giving this finite resource away, and what are you getting back? And do you want that?
In effect this is happening today and we know the tradeoff. Many are giving their attention to the algorithm at Instagram and they are getting back a vibe that they like. And that is probably fine for a little bit of your attention. But there should be a budget right? And the attention that you are giving to X, is that the vibe you like? Or is it something else?
What is the return you are getting on the attention you give algorithms? Do you have a budget?
Apple AI’s Platform Pivot Potential – Stratechery by Ben Thompson
As usual Thompson has a very well thought out assessment of Apple's miss announcing that Apple Intelligence's powerful Siri rebuild is going to be pushed probably a year. He pulls from Simon Willison with a guess on what is proving so hard.
We intuitively get why code injections are bad news; LLMs expand the attack surface to text generally; Apple Intelligence, by being deeply interwoven into the system, expands the attack surface to your entire device, and all of that precious content it has unique access to.
He juxtaposes that, though, with this week’s Apple Silicon announcement, which is incredibly impressive.
What that means in practical terms is that Apple just shipped the best consumer-grade AI computer ever. A Mac Studio with an M3 Ultra chip and 512GB RAM can run a 4-bit quantized version of DeepSeek R1 -- a state-of-the-art open-source reasoning model -- right on your desktop.
The hardware is there but the software isn't. David Heinemeier Hansson suggests that Apple is making the mistake Microsoft did with the Internet. It is possible. Siri is such a sore spot for Apple and they haven't done enough to address it. Now the intersection of Apple Intelligence delays and the incredible amount of marketing they put in front of this is frankly embarrassing for them.
What Really Happened With the DDoS Attacks That Took Down X | WIRED
I’m positive X is attacked every day.
independent security researcher Kevin Beaumont and other analysts see evidence that some X origin servers, which respond to web requests, weren't properly secured behind the company's Cloudflare DDoS protection and were publicly visible. As a result, attackers could target them directly. X has since secured the servers.
Less of a ‘massive’ attack and more of an unprotected flank.
The future of the internet is likely smaller communities, with a focus on curated experiences | The Verge
The future is a guessing game but this read from the Verge is interesting.
Our research makes one thing clear: power is shifting back to the consumer (the fediverse signals this). Consumers crave community, but on their own terms -- seeking deeper, more meaningful connections with those who truly matter (something we identified in 2014). Authenticity is at the heart of it all, supported by a foundation of safety and security. The future of community is personal, intentional, and built on trust.
Bolding is my addition. I’m not sure the Fediverse signals much, but Reddit might better illustrate these trends. As do the dozens of group chats you have on your phone right now.
I'd like to think that authenticity is what blogging does best. Personal, intentional, and built on trust is Web 1.0!
Daring Fireball: Something Is Rotten in the State of Cupertino
I've read Gruber for a long time and he is an Apple fan, but that also means when he tears into them it cuts deep. This writeup on the Apple Intelligence blunders in what they promised is tough, and totally valid.
The fiasco here is not that Apple is late on AI. It's also not that they had to announce an embarrassing delay on promised features last week. Those are problems, not fiascos, and problems happen. They're inevitable. Leaders prove their mettle and create their legacies not by how they deal with successes but by how they deal with -- how they acknowledge, understand, adapt, and solve -- problems. The fiasco is that Apple pitched a story that wasn't true, one that some people within the company surely understood wasn't true, and they set a course based on that.
At the end he calls back to Steve Jobs, the savior figure of Apple, interrogating (that is the right term) the engineers that built MobileMe (which was bad!):
Steve Jobs doesn't tolerate duds. Shortly after the launch event, he summoned the MobileMe team, gathering them in the Town Hall auditorium in Building 4 of Apple's campus, the venue the company uses for intimate product unveilings for journalists. According to a participant in the meeting, Jobs walked in, clad in his trademark black mock turtleneck and blue jeans, clasped his hands together, and asked a simple question:
"Can anyone tell me what MobileMe is supposed to do?" Having received a satisfactory answer, he continued, "So why the fuck doesn't it do that?"
For the next half-hour Jobs berated the group. "You've tarnished Apple's reputation," he told them. "You should hate each other for having let each other down." The public humiliation particularly infuriated Jobs. Walt Mossberg, the influential Wall Street Journal gadget columnist, had panned MobileMe. "Mossberg, our friend, is no longer writing good things about us," Jobs said. On the spot, Jobs named a new executive to run the group.
Tim Cook should have already held a meeting like that to address and rectify this Siri and Apple Intelligence debacle. If such a meeting hasn't yet occurred or doesn't happen soon, then, I fear, that's all she wrote. The ride is over.
It is time for the often joked about Siri issues to get addressed.
Pokémon Go developer Niantic to sell gaming business to Saudi group | The Verge
$3.5 billion for Pokémon Go is impressive. It will be curious to see how this works and also interesting to see what Niantic does with the cash. Niantic was probably the only company at the time that could make Pokémon Go, as they had learned what they needed from their earlier game, Ingress. It is also worth noting that neither of these companies own any of the intellectual property for Pokémon itself. On the flip side, all that location and profile data that has been built up over the last decade now changes hands. And Scopely seems to have more history with in-app purchases and this may be the beginning of the enshittification of Pokémon Go into a toll booth to drive more revenue at the expense of the game experience.
Journal
Took my first 0.25 mg dose of semaglutide. Hoping for minimal side effects. Got it from Fairview Compounding. No injector so had to do the shot on my own which was easy once I did it. 💉
Arrived at the cabin tonight and were greeted with a two-foot-high snow plow line to shovel through. Cleared enough to barrel through.
View from the upper seat in the Urban Wing sauna while the fire is getting started. The translucent walls make it very bright and warm inside -- it was 70 °F from the sun before I started the fire. Added a hygrometer, a second sand timer, and trying Eucalyptus Sauna Scent for the first time.
My cousin Josh recently shared a cappella renditions of Wild Mountain Thyme and Red is the Rose -- both beautiful songs that I could listen to over and over again. 🎶
How I Use AI in the Weekly Thing
Mar 9, 2025 at 10:04 AM
See the full blog post for all the prompts.
I’ve been working with AI for a while now, and as I feel with all new technologies, the best way to learn them is to play with them. I’ve started to bring AI into my workflow for the Weekly Thing and thought it would be good to share specifically where and how I'm using it.
Before I get into the specifics, I want to make one thing clear: AI does not create the content of the Weekly Thing. I don’t use it to summarize articles or generate any of the comments I make on them. It is critically important to me that I use my voice and that what I share is my voice. I am using AI as an assistant rather than a creator. If I had someone else helping me assemble the Weekly Thing as an assistant, where would that be helpful? Where would that assistant do a better job than me? Or where might it be desirable to have “another voice” in the mix?
Right now I'm doing all this with a ChatGPT subscription using the 4o models. It is great that the ChatGPT app supports Shortcuts so I can do all of this in a largely or completely automated way. I could easily swap Claude in if I wish as it also supports Shortcuts automation.
With that in mind, here is where I'm using LLM capabilities now. You’ll note that in many of these cases I'm asking my “assistant” to generate options and then I'm doing the final selection and modifications. I think this is a good model.
Subject
The subject follows a simple structure of “Weekly Thing «Number» / «Word», «Word», «Word»”. These three words are selected from the titles of the links in each issue. I try to select triples that are interesting and engaging. The challenge is avoiding words from the website's name, which appear inconsistently in article titles.
The prompt requests valid JSON output. I extract the JSON and use the “Get Dictionary from Input” method to create a structured data object. This allows me to put the LLM completely behind the scenes.
Fortune
The fortune first showed up in Weekly Thing 53 and has been the last thing in the emails for a while. I got the inspiration for this from the fortune command in Unix. The text files that serve as the “database” for fortune are easy enough to find, and building a Shortcut around them was simple. I randomly select fortunes until I find one I like.
But with an LLM, I thought -- why not make the fortune relevant to each issue's content?
This also returns a list of options. They are impressively good and it does a great job pulling in themes from the links in each issue.
Byline
The “byline” is the first sentence in the email. Over time, its role has evolved. Initially, it was a reminder of why you’re receiving the email. Then I used a template to mechanically describe what was in the email. I’ve always desired this to be an “intro” to the links in the issue but it is difficult to do that. It is also a rare place in the email where I want it to be a “different voice”. Ideally this is more of a second person voice describing what is included.
To generate a meaningful byline, I provide more than just article titles -- I also include my commentary. I focus only on featured links, skipping the "briefly" section.
This one still requires a bit more editing from me before I'm ready to use it, and I think that will always be the case. So rather than returning JSON I just get it to put the options in text and then I present it in the Shortcut for editing and refinement to finalize it.
Supporting Members
The newest section where I'm using AI, and a new section to the email itself is in the Supporting Members segment. This is a new thing where we raise funds for digital non-profits as a community. This is the section where I rely on AI the most, without requesting multiple versions. I'm okay, and actually kind of prefer, this to be in a different voice than mine.
To generate this section, I pull data from Buttondown and Stripe and do some quick calendar math to provide the LLM with context. This is then embedded into to two different prompts that generate the two “versions” of this section.
This is a new addition, but early tests look promising. This is also interesting because the LLM knows what Creative Commons is and can infer some additional context for the messaging. It is different with each run which will keep the messaging fresh.
Overall Editing
The most recent AI addition to my workflow is final editing. Here I take the draft generated through my automation and I send it for review. I do a brief review of each email but honestly I never review it that much. Most of the time, what I send is my first draft -- straight from the keyboard. As a result, typos get through or simple grammar issues that I wish were caught. I've considered Grammarly before, but it's too thorough and over-edits my work. I want a very specific kind of review.
This works okay but it unfortunately is at the very end of my workflow. The challenge is that fixing errors requires updating two places: the email draft and the original blog post or Pinboard entry. That isn’t ideal but it is better than nothing and hopefully will reduce the number of silly errors that get all the way through.
I ran this on my draft of Weekly Thing 312 as a test and it found 16 edits. 🤦♂️
I asked my Weekly Thing GPT a simple question “Which issue did the Fortune first appear in?”. Seems easy enough. It came back with Weekly Thing 212 in 2022. I knew that was not right. The right answer? Weekly Thing 53 in 2018. Another example where LLMs are not great at specific and exact requests. 🤨
Tried the new Yonsei at Lake & Irving for the first time. It was so pretty on the plate I decided to capture it. This is Japanese fried rice with Ginger Scalion Tofu and Ahi katsu.
We joined friends Joe & Lisa for Life of Pi at the Orpheum tonight. We had seen it on Broadway in 2023 and were excited to see it again. It was a great performance. Recommended!
Fun #TeamSPS hockey game -- Minnesota Wild v Colorado Avalanche! 🏒
More than 60 years of SPS tenure between the four of us!
Wild win in 2-0 shootout! 🏒
Woke up barely able to swallow after having a sore throat for couple days.
Went to MinuteClinic right away and tested positive for strep throat.
Penicillin prescribed and lots of Honey Ricolla cough drops today.
The Weekly Thing has 17 incredible Supporting Members, and together, we’ve raised $512.13 for Creative Commons—a powerhouse for open knowledge and a better web! With just 9 weeks left before we send off this year’s contribution, now’s the perfect time to join in. Every dollar raised goes straight to the cause, so if you’ve been enjoying The Weekly Thing, why not turn that good feeling into action? Let’s see how much more we can give together! 🚀
| $4 monthly | $40 yearly |
Briefly
Carter is pro-crypto and this is in a crypto focused publication. What crypto does need is clear rules of the road. The government needs to do its job here. I would agree with Carter on a crypto reserve. It makes no sense to me beyond being a grift for crypto venture lobbying. → 8 Reasons a Strategic Crypto Reserve Is a Bad Idea - Nic Carter
Tons of depth on the Lisp ecosystem. → Church Of Turing - The Landscape of Lisp
Super interesting continued research into the mechanisms that make GLP-1 drugs effective and alternative or superior ways to get the same benefit. This one used AI to explore options much faster. → Naturally occurring molecule rivals Ozempic in weight loss, sidesteps side effects
What would it take for an LLM to be revolutionary and not just hold existing knowledge but challenge it. That challenging is often what drives real innovation. → 🔭 The Einstein AI model
Never stop learning! 🧠 → Age and cognitive skills: Use it or lose it | Science Advances
A great read ostensibly about the gift of pencils and a developing artist, from Weekly Thing reader! → Yessica's Pencils | David O'Hara
Handy service to create mock endpoints to build software around. → WireMock - flexible, open source API mocking
Intriguing way to map the world using a multi-layered hexagonal grid. Developed by Uber. Alternative to longitude and latitude? → H3
YouTube is so hard for me to classify. Is it a social platform? Yeah. Is it Internet infrastructure? Yeah. Is it archiving all video for the future? Yeah. Is it radicalizing people? Yeah. I’m left with it is a platform, and an incredibly powerful one used in many ways. → The hidden world beneath the shadows of YouTube's algorithm
This is a great service at a super pay-for-what-you-use price. They even support dead man checks. I’m using this to monitor my websites now. → updown.io – Website monitoring, simple and inexpensive
The punchline here is AI delivering 10-30% productivity improvement, which is nothing to sneeze at. That is a big win. But it is a far cry from what some are selling. → How Much Are LLMs Actually Boosting Real-World Programmer Productivity? — LessWrong
Curious database optimized for building systems that have a full history of events over time. → SpacetimeDB
I haven't had time to play with Claude Code but several friends have and say it is amazing. I like how it directly works at the command line. → Claude Code - Anthropic
I can’t wait to watch this with my Vision Pro! It is great to see exclusive content that really uses the platform. → Apple unveils immersive concert experience with Metallica for Apple Vision Pro - Apple
Simple and free service for forward a domain to another. → ForwardDomain.net
Fortune
Here is your fortune…
Small communities, big ideas—curation is the new algorithm. 🎨
Would you like to discuss the topics in the Weekly Thing further? Check out the Weekly Thing Forum or r/WeeklyThing on Reddit!
Want to share this issue with others? The link is…
👨💻
This work by Jamie Thingelstad is licensed under CC BY-SA 4.0.
My opinions are my own and not those of any affiliates. The content is non-malicious and ad-free, posted at my discretion. Source attribution is omitted due to potential errors. Your privacy is respected; no tracking is in place.