This is exactly what I keep going on about. Some great tips in there, especially for those of us waiting for LLMs to stabilize.
Obviously not aligned on every detail, but a lot of this is just how you build software when you don't have dump trucks of investor cash to set ablaze. A skill that seems increasingly rare these days thanks to scale fever. My favourite part was reading the comments. Not everyone there is beyond hope, but I sure lost mine trying to read through those.
He's up front. You won't learn anything from this talk. It's one of those great art of the rant style talks. If anything, maybe it'll help those who haven't seen the silver bullet syndrome in action learn before they end up propagating this mistake.
I think I remember once reading that part of the reason for expanding the student loan program was to provide leverage to demand changes to the curriculums of universities. Specifically to get classes on politics, history, and civic participation curtailed by noting contemptuously that schools were indoctrinating students with classes on how to protest (reminds me of recent remarks about basket weaving). I can't find the source so I'm pretty sure it's either a lie or I'm misremembering something. That said, more people could use an education on protesting. Too many people think protests themselves change things. Let's all get together in front of a government building for an afternoon of sign holding.
Without a long term coordinated effort to change policy behind a protest, a protest is meaningless. Protests in and of themselves don't do anything. They're a tool of political action. You have to know how to properly use such a tool. This is an introduction to what that tool is and how it works. My thanks to Dr. Devereaux for all his work on his blog. It really is a modern example of what the old web's blogs were all about. Something I hope I'm helping carry forward in my own little way.
One of the keys to picking the right architecture is first understanding what the machines you're running on are actually capable of. A typical server in 2026 is an absolute behemoth. Many small to medium sized tech companies could run their entire SaaS app on a single 42U rack of hardware if they stopped fad chasing and started writing moderately performance aware software focused on optimizing their COGS.
I've not got much to add here. I guess I should point out, it's not just the United States of America like the title claims, but I assume that's fairly obvious. Welcome the next big tech hype after generative AI.
You may have already watched this video given its view count and featuring in the Summer of Math Exposition from 3Blue1Brown. If you haven't, it's definitely worth the watch.
While you can't calculate the distance along the bézier in closed form, you can at least calculate the roots as I do in my bézier visualizer using Cardano's Method. Just an extra tidbit I found hard to locate when I was doing my research for that project.
Great rundown on the problem and a number of tools to help you solve it.
We're definitely at a tipping point as an industry. Security vulnerabilities are now being routinely exploited within hours of a patch being made available. Supply chain attacks are punishing those too eager to update. We're being squeezed on both sides.
Your best defence is to narrow and shorten your supply chains. You need fewer dependencies. We just saw the axios supply chain attack. Maybe you dodged the bullet because you pinned dependencies and waited a few days. Something is going to sneak through. How much longer until something as brutal as the XZ backdoor slips through without someone managing to catch it early enough to save you?
Fewer dependencies make every other countermeasure more effective. If you think scanning is the answer, there is still a false negative rate to worry about. If this scanning is centralized at the public repository level, attackers can easily keep probing until they find something that slips through in throw away accounts before launching their attack. If there are vendor solutions, those can also be tested VirusTotal style. If you're instead focused on manually reviewing and signing off on updates, good luck having your team manually review tens or hundreds of updates a week. Every countermeasure is harder at scale. You're going to have to descale.
That said, if you've got a better idea than manual or automated review, there could be a million-dollar idea in there. For now I'm building a little tool that feeds the diff of package updates to an LLM to try and flag suspicious code for manual review. A hybrid approach run locally. It's not a great solution, but I'm also sure it's only a matter of time until the antivirus vendors catch on and offer basically the same thing but with much better classifiers and heuristics.
The problem is that every source code dependency has effectively complete and unrestricted access. I'd love it if my execution runtime could come with something like pledge(2) at the module level so I could create a list of just the allowed permissions each package is allowed to use. Then a module can only call other modules that have a subset of its own privileges. I'd even use this for my own code like I do already at the process level. Start by getting an inventory and then strictly watch that new additions are appropriate. The hard part is doing it without requiring a whole new programming language or dependency ecosystem.
In any case, a little duplication is better than a little dependency.
As someone who spends easily over 85% of my time in a terminal, it's rare for me to learn something new from one of these sorts of articles, especially those starting with simple concepts. I did not know about Ctrl-Y.
Kudos to the author here. This is the exact sort of list of everyday things I use too, so it's likely from the top of their head and not just regurgitating the Zsh manual at you. Not everything noted is a daily mainstay for me (I've never needed pushd/popd), but it's got a lot of the things I use constantly and very little else I don't use.
Here is one bonus tip: they cover cd - but didn't mention just running cd without an argument. That takes you to your home directory.
Wow that's telling. Now I really want to know how this happened. What changed internally to mess it up this badly. I just want to learn from this car crash.
The divide between technologist and artist is frustrating, but it shouldn't be. Too many techies look down on the humanities, arguing, "Their problems can't be objectively answered. If there are no right answers, it's all meaningless."
This mindset is a legacy of multiple choice questions and standardized testing. Any question having a single objectively correct answer is nonsense, outside of borderline fantasy levels of abstraction (spherical cows in a frictionless vacuum and all that).
But the art of engineering is often just as subjective as painting. You can talk about, "thinking like an artist," but frankly, that's just old-school hacker culture. They're the same thing; making things do something nobody thought it could because you can. Technology used to be cool because it rewarded those who could build something nobody thought possible. Those who made dreams real. I'd argue that's still what makes technology cool, but being profitable has sucked all the air out of the room.
Yet, the problem of keeping our digital artifacts running is fascinating. Theory says digital media lasts forever; reality says otherwise. While a film reel can last a few decades and a good book can last a century, most digital formats only survive a couple of years.
Even just looking at raw device lifetimes, you rarely hit the decade mark with the hardware. Factor in the digital services—the gatekeepers of media delivery—and the average lifespan drops to mere years. Web links rot at a rate of roughly 1-3% per year.
It's not just historians that need this. One of the biggest problems with our current media landscape is echo chambers. Hopefully, you're aware that what you experience online is mostly whatever happily passes through your cognitive filter. If you agree, the loop is reinforced. If you disagree, the confrontation is avoided. Over time, you curate an information diet that pre-filters for your existing beliefs. Algorithms amplify this because platforms want to maximize time on site.
The best way to break out of this loop is to engage with "slow media." Media you can take a break from and ponder on. Read the work of people steeped in a world before the recent wars, before the industrial expansion, or even mercantile trade. Reading a work a hundred years old forces you to encounter values vastly different from your own, allowing you to see the world through eyes that don't share your assumptions.
However, there is a darker risk. Popular works still generate profit, so they get copied and updated, re-encoded and given the occasional touch-up. But common works and periodicals go missing because there's no financial incentive to update them. If you've been online since the early 2000s or before, ask yourself: how much of that internet actually survives?
I once heard someone muse about a possible second dark age. A dark age is not about barbarism as many people think, though we can leave discussions of our current political climate for another time. No, a dark age refers to a period of history where not many works survive to inform historical understanding. When history becomes dark, we are left to infer the era by looking through the trash (archaeology).
I'd argue we're neither in nor entering a modern dark age, but I'd be over stating it if I didn't acknowledge that conditions are ripening. We are entering a period where the future isn't strongly considered. As a designer, engineer, or creator, ask yourself: What are you leaving behind?
We have an ugly narrative forming, one that assumes climate change, war, or disease will cause a complete global collapse. We tell ourselves there is no future, that we should only live for today. I mean, I do have 100% certainty you're going to die. Mortality is still the undefeated champion of life. There will even be destruction, loss, and disasters. But assuming every human will vanish or that you can prepare for such a fate is delusional. It's a coping mechanism for fear. Why not consider trying to improve the lives of those who will come after?
Are you planting metaphorical trees for them to sit under? Or, are you busy tearing down the past to justify your present? Spending your time criticizing those who came before so that those who came after can criticize you? Why leave the future an orphaned people without hope or heritage?
Many people talk about how the internet used to be fun. It still is! You just have to ignore the thousand-pound corporate gorillas. It's not that the internet changed; it's that you did. What used to be your counterculture is now the dominant culture.
So go make a subculture, go make a new counterculture. To me that means making and sharing things in your own space, with your own friends. Build real communities of real people in the real world who collaborate online.
If everyone's in a big platform with anonymous posters, be a small group with identity and trust.
If people are sharing screenshots, only share artworks.
If posts are ephemeral, focus on elevating each others' works to permanent notoriety to try and outdo each other.
This is the only way to avoid the dark age. We need to leave something behind, not just consume what is given. Yes, it's hard work. Anything worth doing is. But boredom is the key. If you keep satiating it with online content, you pacify the desire to self-actualize.
Your phone is not a slot machine. It's a to-do list that writes itself.
They're describing basically the same trick the consumer goods industry played blaming you for plastic waste. It's not their fault they package everything in single use plastics. It's your fault for not recycling hard enough. Sure, most of that recycled plastic just goes into landfills, but that's governments' fault for not spending all your money subsidising it.
If recycling worked, they'd pay you to do it because those materials would be valuable. They're not.
Unfortunately, this article claims to not want to tell you personal action is the answer, but instead implicitly tells you that you should vote with your wallet. Vote in an election where the fattest wallets get the most votes.
Sure, there's a method to the madness. I don't buy phones that don't have a 3.5mm headphone jack. My 2011 car complete with all the knobs and buttons has an AUX port that plays FLAC albums in excellent quality. My TV has never experienced the internet for itself, cursed to live vicariously though a connected PC complete with ad blocking web browser and a hard drive stuffed with DRM free video games. But this is a strategy to cope, not a solution.
Welcome to the atomized society. A place where our answer to all abuse, from consumer fraud to sexual assault is the same. If you don't like it, make better choices, buy better things. There is no alternative. There are only individuals and families.
This isn't going to change until we stop thinking memes and internet points count as political action. Physical action counts, everything else is intellectual masturbation.
I feel talks by Ted Nelson are a lot like Alan Kay. Full of thoughts and ideas to really expand your conception of what a computer can be, but always best taken in moderation.
Every time I revisit this set of lectures I find more things that click. It's full of wisdom and I hope you too get something useful to help you rethink what you "know" about technology.
Surely not every trick in the book, but a good look under the hood. Just sharing because I only had a theoretical understanding before this. This article is fairly detailed and specific. Great work!
Really interesting idea about how this moves the best attacks into hardware. Could be a really cool project to design an FPGA based memory proxy. The applications are actually really interesting.
It comes back to selling your work. That said, the example paragraphs they wrote for selling your work building simple solutions are atrocious. It's not that they're wrong about their thesis, just that the examples provided to help the audience isn't going to be of much help. That's because getting recognition for your work is a performance. You have to learn how to sell your work effectively, not just at all.
Never just list features you built, nor the ones you considered. Instead, always talk about your work in the broader context of the impact to the business and its customers. I've deleted a few dozen lines of code that saved a company a 6 figure sum. Sure 99% of the work was being completely sure those lines weren't load bearing. You think I sell it by saying I deleted a little bit of code? No! I talk about how I just saved us all a small yacht's worth of cash.
Making more money requires people thinking you're too valuable to not pay for. Meritocracies are a utopian myth. If they really existed, companies wouldn't be spending trillions on advertising. Your skills and abilities are as valuable as people think they are. Part of that is genuine demonstrated ability. But people pay more for Coca-Cola over the store brand because it gives them a good feeling. Blind taste tests show store brands and home made soda tastes better. I'd link a study here, but there's hundreds of them and to my limited knowledge, no good meta analysis. Just go search around.
Think about it like balancing the five P's of marketing: product, price, place, people, and promotion. You want your price to go up, and let's assume you're working as hard as you already can on your product, that is, doing your best work. You can still impact place, people, and especially promotion (because so few engineers are thinking about it). Place here is where you spend your time. Are you working on the problems your company cares about? If not, you have to then spend extra time to convince them that the work you're doing even matters. Why fight an uphill battle into a fierce headwind? People is about soft skills. Knowing your audience, presenting yourself professionally, and having great customer service; that is being attentive, friendly, and communicative. Lastly is promotion, and that's a big part of building the feeling people have about the work you do.
That feeling matters. In all but the most Byzantine systems, promotions happen way before any promotion package or formal process. Even in large companies, people know roughly who they can count on to get things done well. You're basically playing dodge ball in gym class again and managers are picking team members. They know the kid who can run fastest isn't always the best at the game. But that kid's at least got a reputation. The weird kid that keeps to themselves is an enigma though. Especially if they mostly just stand there and maybe walk back and forth a bit. They may be a secret martial arts master able to dodge anything, but it's not obvious if they're downplaying it.
One of the missing pieces in this discussion is how much harder simple solutions are to make. This is going to hurt your perceived velocity. What's most likely to hold you back is if you're spending your time simplifying everyone else's projects. You need things you can take credit for. If you're actively leading projects and able to deliver working solutions under budget—in both time and money—then it becomes easier and easier to demonstrate a track record.
My strategy here is have long term goals for the business and your customers. Push for the time to action on the things that would lead to demonstrable improvements in business value terms. Not all of your ideas will be tractable. Some of the simplifications I've been pushing for, I'm still pushing for over five years later. Many of the simplifications I wanted have already been done. Doing those and demonstrating the value gave people confidence in me to go work on bigger projects. Past performance inspires confidence in future results but people only know about your performance if you talk about it. If you can deliver concrete value, you'll be trusted with the power to do more.
I don't have a lot to add here, only to say that I keep coming across geometric algebra and it keeps seeming like something I need to really dig into and learn. I've started going through a bunch of the resources from bivector.net. Lots of things to unpack in this. Not fully sure if this is a better basis for a 3D renderer than quaternions, but it's definitely worth playing with given how much more intuitive the math notation seems to be.
If you're also going to look into studying this, another term you want to know is Clifford Algebra.
Signal boosting this. Always manage user data transforms for safe encoding on output, never input. Your input code shouldn't know how the data's going to be used. Maybe it'll be put in an email, maybe it's going on a webpage, maybe you're printing it. Each of those have very different sanitization requirements. Your input code should not be trying to account for all the different ways it'll be displayed.
Data given to the system should be treated like your handling explosives. There are ways to safely move it, ways to safely store it, but you don't go messing with it prematurely. Definitely don't trust, touch, look, or lick it unless you absolutely have to.
I know I missed posting my usual Lecture Friday, so I come bearing great gifts. Today I was reading Dave Gauer's book review on The Art of Doing Science and Engineering, and he opened by talking about Bret Victor's forward and noted that his site has an amazing collection of all the best research papers in computing. Upon reading that I wondered, "Huh, what's Bret up to these days." I then proceeded to fall head first into Dynamicland. I'm still not sure what to make of it all but I'm really excited by everything I'm seeing.
