The Aspiring Nerd

Welcome to Curated Finds: a handpicked collection of the most interesting, insightful, and inspiring links I've come across.Dive in and explore what captured my interest.

I know you’re not supposed to anthropomorphize LLMs, but it’s hard not to when you treat them like your weird, overconfident intern or a junior developer. I’ve always felt like each model has its own personality or vibe, but I never managed to describe it properly. Here’s a pretty accurate attempt by Vincent Schmalbach:

  • GPT-3.5: The Chatterbox
  • GPT-4: The Nerdy Older Sibling
  • Claude Sonnet 3.5: The Lovable Nerd
  • Claude 3.7 & 4.0: The Show-offs
  • Claude Opus 4: The Stern Adult
  • Grok: The Wild Card
  • Gemini 2.5 Pro: The Lovable Goofball

I’m glad I found this post by John. His approach with Claude Code, MCP, and agents is sort of similar (though way more advanced) to how I’ve been using AI in my coding projects (just so you know, I’m not a developer).

Here’s what works best for me: I have a reasoning model generate a task plan based on my requirements. Then, I tweak it (or have the model in Cursor update it) as I go. When bugs pop up, I have the model update the list. This approach keeps the AI from getting lost or confused in a huge context. It also stops it from ignoring bugs or requirements. This has been the most efficient way for me so far.

I keep several claude code windows open, each on its own git-worktree. o3 and sonnet 4 create plans, sonnet 3.7 or sonnet 4 execute the plan, and o3 checks the results against the original ask. Any issues found are fed back into the plan template and the code is regenerated. The factory improves itself.

Source: john-rush.com

There’s a lot of talk about how MCP isn’t secure, but I think most people don’t realize just how easy it is to trick LLMs. Simon Willison gives a solid overview of the main risks, which he calls the “lethal trifecta”.

The lethal trifecta of capabilities is:

  • Access to your private data — one of the most common purposes of tools in the first place!
  • Exposure to untrusted content — any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM
  • The ability to externally communicate in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)

The core issue is that LLMs are great at following instructions, but they don’t distinguish between legit ones and malicious ones.

LLMs follow instructions in content. This is what makes them so useful: we can feed them instructions written in human language and they will follow those instructions and do our bidding.

The problem is that they don’t just follow our instructions. They will happily follow any instructions that make it to the model, whether or not they came from their operator or from some other source.

He digs into MCP specifically:

The problem with Model Context Protocol—MCP—is that it encourages users to mix and match tools from different sources that can do different things.

Many of those tools provide access to your private data. Many more of them—often the same tools in fact—provide access to places that might host malicious instructions.

And yeah, there’s no easy fix.

Here’s the really bad news: we still don’t know how to 100% reliably prevent this from happening.

Plenty of vendors will sell you “guardrail” products that claim to be able to detect and prevent these attacks. I am deeply suspicious of these: If you look closely they’ll almost always carry confident claims that they capture “95% of attacks” or similar… but in web application security 95% is very much a failing grade.

Quoting Devansh:

Fine-tuning advanced LLMs isn’t knowledge injection — it’s destructive overwriting. Neurons in trained language models aren’t blank slates; they’re densely interconnected and already encode crucial, nuanced information. When you fine-tune, you risk erasing valuable existing patterns, leading to unexpected and problematic downstream effects. Instead, use modular methods like retrieval-augmented generation, adapters, or prompt-engineering — these techniques inject new information without damaging the underlying model’s carefully built ecosystem.

Source: codinginterviewsmadesimple.substack.com

Debugging can be a confusing and emotionally unpleasant process. Writing code involves building neat mental models and fitting them together in satisfying ways. Everything is nicely labeled and accounted for. When something goes wrong, it doesn’t just break your code - it also breaks this comforting illusion of control and understanding.

Source: seangoedecke.com

I’ve always been pretty careful about what I put on the internet, especially photos, and definitely pictures of my kids. I’ve made a point to keep where I live and hang out under wraps to protect my privacy. If I were famous (or had anything serious to hide) I’d be seriously worried about how good models are getting these days.

Watching OpenAI’s new o3 model guess where a photo was taken is one of those moments where decades of science fiction suddenly come to life. (…)

It’s also deeply dystopian. Technology can identify locations from photographs now. It’s vitally important that people understand how easy this is—if you have any reason at all to be concerned about your safety, you need to know that any photo you share—even a photo as bland as my example above—could be used to identify your location.

As is frequently the case with modern AI, the fact that this technology is openly available to almost anyone has negative and positive implications. As with image generation, it’s important that people can see what this stuff can do first hand. Seeing this in action is a visceral lesson in what’s now possible.

Source: simonwillison.net

I’ve had this convo at work a bunch—LLMs are becoming a commodity, getting easier and cheaper by the day. But I never really thought about the flip side. What if coding is becoming the commodity instead? 🤯

 “The first generation of AI-powered products (often called “AI Wrapper” apps, because they “just” are wrapped around an LLM API) were quickly brought to market by small teams of engineers, picking off the low-hanging problems. But today, I’m seeing teams of domain experts wading into the field, hiring a programmer or two to handle the implementation, while the experts themselves provide the prompts, data labeling, and evaluations. For these companies, the coding is commodified but the domain expertise is the differentiator.”

Source: Drew Breunig - dbreunig.com

Really excited about the possibilities with MCP—but is it actually ready for safe use in production? Not so sure. Elena Cross put together a great summary of the potential security issues.

“MCP is not secure by default. And if you’ve plugged your agents into arbitrary servers without reading the fine print — congrats, you may have just opened a side-channel into your shell, secrets, or infrastructure.”

Source: elenacross7.medium.com

I’ve always liked the idea of owning my own little patch of grass on the internet. From my first homepage full of animated GIFs in the late ’90s to this very blog, I’ve always treasured having a space that’s free of corporate influence and greed. Hardly anyone reads it—but at least it’s mine.

Matt Webb, Interview for People and Blogs:

Blogging is small-p political again, today. It’s come back round. It’s a statement to put your words in a place where they are not subject to someone else’s algorithm telling you what success looks like; when you blog, your words are not a vote for the values of someone else’s platform.

Source: manuelmoreale.com (via Simon Willison)