SoftwareEngineeringLinks

DIY AI rigs, local LLMs, and Redis-as-a-backbone point toward more control; fresh vulns, a self-spreading npm worm, and OAuth abuse remind us what that control costs. Tune Copilot to your style, build vector search from scratch, revive legacy drivers—and decide how far vibe coding should go; details below.

🛠️ Building an AI Server on a Budget ($1.3K)
💻 Experimenting with local LLMs on macOS
🤖 GitHub Copilot Custom Chat Modes: AI Personas that Match Your Needs
⚡ How In-Memory Caching Works in Redis
🔎 Implementing Vector Search from Scratch
🛡️ MCP vulnerability case study: SQL injection in the Postgres MCP server
🪱 Self-replicating worm hits 180+ npm packages in automated supply chain attack
🔐 Understanding OAuth application attacks and defenses
🧰 Using Claude Code to modernize a 25-year-old kernel driver
🎛️ You Vibe It, You Run It?

Own your stack; ship faster, with fewer surprises.

Have a great week!
FAUN.dev Team

Perl 5 has risen to 10th place in the TIOBE Index, increasing in popularity even though the exact reason is unknown. Perl 6, or Raku, lags behind Perl 5 in rankings and has not seen the same rise in attention. Other top languages like C and Java have experienced slight falls in rankings.

GitHub Copilot Chat just jot better in VS Code 1.101 with Custom Chat Modes. Devs can now drop Markdown files into their workspace to shape Copilot’s persona—tone, tools, constraints, the works.

Want an AI buddy for security audits? Or a test-writing machine with zero patience for flaky code? Dial it in.

A supply chain worm called Shai-hulud is loose in the npm wild. It's not just lurking—it’s replicating through npm packages, lifting developer tokens, and injecting tainted versions of real, maintained libraries.

Once in, it grabs GitHub secrets, flips private repos public, and piggybacks on GitHub Actions to spread wherever CI/CD pipelines let it.

A long-dead Linux kernel driver for QIC-80 tape drives just got dragged into the present—with help from Claude Code and a lot of tinkering. It now builds cleanly and runs as a standalone module on Linux 6.8, playing nice with modern setups like Xubuntu 24.04.

The bigger picture: Turns out, LLMs can hack it with old-school kernel code. They're already helping resuscitate crusty drivers for today’s APIs—which could change how devs tackle stubborn legacy hardware.

A developer rolled their own AI server for $1.3K—Ubuntu 24.04.2 LTS, an Nvidia RTX GPU, and a sharp eye on Tensor cores, VRAM, and resale value. The rig handles small models locally and punts big jobs to the cloud when needed. Local-first, cloud-when-it-counts.

Red Canary broke down a sneaky OAuth attack that slipped past credentials altogether. A rogue app quietly camped out in an Azure environment—thanks to Entra ID—and poked around for weeks. Then it struck, pushing an internal phishing campaign that dodged standard defense moves like password resets or session nukes.

“You Vibe It, You Run It?” explores the rise of Vibe Coding—writing software by prompting an LLM instead of programming. While impressive for prototyping, the article argues it’s not just “a higher abstraction” but a competitive cognitive artefact: it produces working code without helping developers build mental models. That creates risks around non-determinism, maintainability, resilience, and the slow erosion of engineering skill.

The takeaway: Vibe Coding has real value for rapid prototypes and experimentation, but relying on it for production systems without deep ownership (“you build it, you run it”) risks fragility and technical debt. The piece urges caution, comparing it to sat-nav dependency—powerful, but at the cost of losing your own map.

Redis isn’t just a cache anymore. Sure, it still owns the in-memory speed game—with key expiration, data persistence, and horizontal scaling via replication and clustering. But if you're only using it to stash a few keys, you're missing the point.

This thing handles streams, pub/sub, geospatial indexing, and all sorts of data types without blinking. It's built for hammer-time workloads and real-time everything.

System shift: Redis is quietly rewriting how modern apps scale—less bolt-on cache, more core data backbone.

Running open-weight LLMs locally on macOS? This post breaks it down clean.

It compares llama.cpp—great for tweaking things—to LM Studio, which trades control for simplicity. Covers what fits in memory, which quantized models to grab (hint: 4-bit GGUF), and what’s coming down the pipe: reasoning, tool use, and Mixture-of-Experts (MoE).

Bigger picture: Local runtimes with tool calling and MoE point to where AI’s headed: cheaper, private, and piecemeal—running right on your laptop.

Search is a fundamental problem in computing, and vector search aims to match meanings rather than exact words. By converting queries and documents into numerical vectors and calculating similarity, vector search retrieves contextually relevant results. In this tutorial, a vector search system is built from scratch in Python using a toy dataset and word embeddings, showcasing the core principles behind how vector search works.

A nasty SQL injection bug in Anthropic’s now-retired Postgres MCP server let attackers blow past read-only mode and run whatever SQL they wanted. The repo got archived back in May 2025—but it’s far from dead. The unpatched package still racks up 21,000 NPM installs and 1,000 Docker pulls every week.

System shift: This busted-but-popular MCP reference code sits at the core of a lot of AI agents. It's a quiet reminder: insecure scaffolding still shapes how these systems fetch and handle data.

Git Based Memory Storage for Conversational AI Agent

Language-agnostic AI auditor that autonomously builds and refines adaptive knowledge graphs for deep, iterative code reasoning.

 fully local, temporally aware natural language file search on your pc! even without a GPU. find relevant files using natural language in less than 1 second.

Tensorlake is a Document Ingestion API and a serverless platform for building data processing and orchestration APIs

Did you know Linux eBPF can jump between up to 33 small programs using tail calls? A PROG_ARRAY map decides which program runs next, and you can swap them without reloading everything. Since tail calls never return, you build flows like a chain, not a stack.

"Feature flags fix delivery and break reasoning. You traded a deployment problem for a state-space explosion. That swap is often worth it—and rarely measured."
— SenseiOne

This Week’s Human is Ben Sheppard, a 4x founder, Strategic Advisor & Business Coach, and co‑founder of Silta AI building sector‑specific tools for the infrastructure stack. He’s shipped AI due‑diligence and ESG workflows that cut review time by 60%+, including helping a multilateral bank compress a weeks‑long assessment to under two hours. He also advises institutions like the Asian Development Bank, USAID, and Bloomberg Philanthropies, pairing grounded judgment with execution across complex projects.