The Code Review That Cost $2 Million, CodeGood | VarBear

FAUN.dev's Programming Weekly Newsletter

🔗 View in your browser | ✍️ Publish on FAUN.dev | 🦄 Become a sponsor

VarBear

#SoftwareEngineering #Programming #DevTools

📝 The Opening Call

The TIME Person of the Year cover for 2025 has arrived, and it's a powerful tribute to the "Architects of AI."

The illustration features: Jensen Huang (Nvidia), Sam Altman (OpenAI), Lisa Su (AMD), Elon Musk (xAI), Mark Zuckerberg (Meta), Demis Hassabis (Google DeepMind), Dario Amodei (Anthropic), and Fei-Fei Li (Stanford/World Labs).

It's an iconic image, but we all know the hard truth behind the glamour: While these faces represent the vision and the capital, the real foundation is cobuilt by the developers and engineers working in the trenches. Most importantly, none of this would be possible without the Open Source contributors.

These people are the real architects!

ℹ️ I shared this same thought publicly. If it resonates with you, the discussion is happening on LinkedIn as well.

Have a great year ahead!
Aymen, @FAUN.dev()

🔍 Inside this Issue

Agents stopped being demos and started shipping; meanwhile the network is mutating - AI crawlers, PQ crypto, and state-backed outages leave fingerprints. From Google-grade lessons to Rustier errors and the real cost of code review, this batch is a field guide for building saner systems in 2025, details inside.

🔥 100 GitHub Projects That Defined 2025: A Community-Driven Ranking
🌐 2025 Internet Trends: Explosive AI Crawling Growth and the Rise of 30+ Tbps DDoS Attacks
🧭 21 Lessons From 14 Years at Google
🧠 Agentic AI, MCP, and spec-driven development: Top blog posts of 2025
🛠️ Build an AI-powered website assistant with Amazon Bedrock
🚦 Distinguishing yourself early in your career as a developer
🧩 Stop Forwarding Errors, Start Designing Them
💸 The Code Review That Cost $2 Million, CodeGood
📦 Year in Review: Lessons From 12 Projects Patreon Shipped in 2025

Ship with intent - let everything else time out.

Happy coding!
FAUN.dev() Team

⭐ Patrons

faun.dev

Cloud-Native Microservices With Kubernetes - 2nd Edition | A Comprehensive Guide to Building, Scaling, Deploying, Observing, and Managing Highly-Available Microservices in Kubernetes

This guide will take you on an exciting journey to reveal the nuances and potential of Kubernetes, the most popular container orchestration platform. You'll discover how Kubernetes can be leveraged to build a robust, scalable, and resilient microservices architecture.

"Cloud-Native Microservices With Kubernetes - 2nd Edition" is a comprehensive guide that will navigate you through the depths of Kubernetes and help you leverage its full potential. It is designed to cater to a wide audience, from beginners who are taking their first steps into Kubernetes to experienced professionals who wish to deepen their understanding of the platform.

This guide is designed for anyone eager to harness the power of Kubernetes and microservices architecture. Since it covers a wide range of topics in a progressive manner, it's suitable for beginners, intermediate users, and advanced practitioners alike.

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

ℹ️ News, Updates & Announcements

faun.dev

2025 Internet Trends: Explosive AI Crawling Growth and the Rise of 30+ Tbps DDoS Attacks ^✅

Cloudflare's 2025 Radar Review dropped a few spicy shifts in how the internet actually moves.

Post-quantum encryption now shields 52% of human web traffic. It’s not mainstream yet, but it’s past the tipping point. Meanwhile, AI bots cranked activity up 15×, with Googlebot leading the charge - no surprise there.

Starlink traffic doubled, thanks to a rollout across 20+ new countries. In automation land, Go-powered clients now push 20% of API calls. Quiet, fast, everywhere.

Nearly half of major internet outages? Government takedowns. And IPv6? Still crawling worldwide - except in India, where it’s flying.

What’s the big picture? Encryption's evolving, bots are colonizing, satellites are taking the backhaul. The shape of the network is shifting under our feet.

👉 Enjoyed this?Read more news on FAUN.dev/news

🐾 From FAUNers

faun.dev

100 GitHub Projects That Defined 2025: A Community-Driven Ranking ^✅

FAUN·dev() dropped its top 100 dev tools of 2025, ranked by signal from newsletters like DevOpsLinks, Kala, Kaptain, and VarBear. Clear trend: the AI toy phase is over. Real agents are landing.

Agentic systems - the kind that actually do things, not just pitch demos - are taking off. They're standardizing around the Model Context Protocol, which lets agents plug straight into real infra, tooling, and production.

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

⭐ Sponsors

bytevibe.co

Built for Builders. Made to Last.

From long coding sessions to cold mornings, our hoodies are designed for comfort, durability, and focus. Clean designs, heavy blends, and a mindset that doesn’t quit.

🎯 10% off all hoodies with code FAUNDEV10 (apply at checkout)
⏰ Offer ends Sunday, Jan 11 at midnight

👉 Check this out!

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

🔗 Stories, Tutorials & Articles

codegood.co

The Code Review That Cost $2 Million, CodeGood

New data shows only 15% of code review comments catch real bugs. The rest? Nitpicks on style, naming, or formatting - stuff linters and AI were made to handle.

Human reviews burn through $3.6M a year in larger orgs and still miss the tough stuff: threading issues, system integration bugs, rare edge cases. You know, the stuff that sets off expensive fires.

patreon.com

Year in Review: Lessons From 12 Projects Patreon Shipped in 2025

Patreon engineers made massive bets in 2025, shipping code across all areas of the system and enabling impactful features like Autopilot's growth tools suite. Expanding Autopilot's scope, reach, and effectiveness was a challenge, especially guaranteeing recipient redemption after email delivery in a distributed worker system. Designing explicit metrics for projects is crucial to avoid moving in the wrong direction, as seen in Autopilot's tradeoffs between channel burn, raw conversions, and revenue.

notes.eatonphil.com

Distinguishing yourself early in your career as a developer

A seasoned dev maps the job market into three tiers: local/public companies, VC-backed/startups, and Big Tech/finance. Each step up brings more money, more competition, and a steeper climb.

Category 3 (Big Tech/finance): Highest salaries. Broadest interview access. Brutal prep required.
Category 2 (startups): Harder to stand out. Needs sharper signals to get noticed.
Category 1 (local/public): Lower pay. Easier in if you're solid.

aws.amazon.com

Build an AI-powered website assistant with Amazon Bedrock

AWS spun up a serverless RAG-based support assistant using Amazon Bedrock and Bedrock Knowledge Bases. It pulls in docs via a web crawler and S3, then stuffs embeddings into Amazon OpenSearch Serverless. Access is role-aware, locked down with Cognito. Everything spins up clean with AWS CDK.

addyosmani.com

21 Lessons From 14 Years at Google

A seasoned Google engineer drops 21 sharp principles for scaling engineering beyond just writing code. Think: clarity beats cleverness, users over egos, alignment over being “right.” The core message? Build systems humans can work with - especially under stress.

Favorites: kill pointless work, treat process like risk insurance, and see abstractions as liabilities when stuff breaks.

github.blog

Agentic AI, MCP, and spec-driven development: Top blog posts of 2025

AI speeds up dev - but it’s a double-edged keyboard. It sneaks in subtle bugs and brittle logic that break under pressure.

To keep things sane, teams are fighting back with guardrail patterns, AI-aware linters, and test suites hardened for hallucinated code.

fast.github.io

Stop Forwarding Errors, Start Designing Them

A fresh take on Rust error handling just dropped - and it's calling out the usual suspects.

Forget blindly forwarding errors with anyhow or smearing context around with Provider. This approach pushes for structured, intent-driven error types - errors that say what to do next (like "retry this") instead of just where things broke.

Libraries like Apache OpenDAL and the lean exn crate show how it's done. Think: flat enums for ErrorKind, plus tree-based context frames that stack clean logs with logic developers can actually use.

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

⚙️ Tools, Apps & Software

github.com

HexmosTech/FreeDevTools

A collection of free 1,25,000+ dev resources including tools, icons, emojis, cheat sheets, and TLDRs. No login, unlimited downloads.

github.com

stoolap/stoolap

A Modern Embedded SQL Database written in Rust

github.com

NullPxl/banrays

Glasses to detect smart-glasses that have cameras. Ray-BANNED

github.com

corazawaf/coraza

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

🤔 Did you know?

Did you know that modern Go runtimes auto-tune CPU parallelism inside containers? On Linux, the runtime reads cgroup quotas and sets GOMAXPROCS to match the CPU limit you give a container, so a 500m quota means GOMAXPROCS=1 without any code change. Go also added GOMEMLIMIT in 1.19 to let you soft-limit memory for the garbage collector. Explicitly setting GOMAXPROCS and GOMEMLIMIT gives more stable scheduling and GC behavior across upgrades and environments.

🤖 Once, SenseiOne Said

"We make invalid states unrepresentable, then accept them back through JSON. The type system won't save you from the text you parse. Test the boundaries more than the core."
— SenseiOne

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

⚡Growth Notes

Pick one hard part of the system and learn it end to end, from cache to UI, well enough to explain it on a whiteboard without notes. Each quarter, write a short internal tech note on a real bottleneck you solved, backed by logs, metrics, or traces, and end with one reusable rule the team can apply. Over time, this makes you the default person for that area. Stay factual and modest. Do this a few times a year and you quietly move from solid executor to trusted technical voice.

Each week, we share a practical move to grow faster and work smarter

👤 This Week's Human

This Week’s Human is Katheline Jean-Pierre, a career coach who has coached over 15,000 women through a program at Google that still runs today. She helps women in Tech and ambitious professionals execute career pivots, build sought-after skills, navigate corporate systems, and grow side businesses.

💡 Engage with FAUN.dev on LinkedIn — like, comment on, or share any of our posts on LinkedIn — you might be our next “This Week’s Human”!

❤️ Thanks for reading

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.

VarBear #510: The Code Review That Cost $2 Million, CodeGood
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.