OAuth, or, The Elaborate Ceremony of Not Giving People Your Password
[Implicit Grant throws your key to you across a lobby full of interested parties. Proof of Code Key Exchange ensures that the one who requested the key gets it. Neither will solve impersonation attacks via social engineering.]
exploring how my cheap ULID's date portion changes by shifting the:
const date36 = e => new Date(e).valueOf().toString(36);
// year
[
date36('2026-01-01'), // mjuohs00
date36('2027-01-01'), // myc87pc0
];
// month
[
date36('2026-01-01'), // mjuohs00
date36('2026-02-01'), // ml2z56o0
];
// day
[
date36('2026-01-01'), // mjuohs00
date36('2026-01-02'), // mjw3xmo0
];
// hour
[
date36('2026-01-01 12:00'), // mjvc2jk0
date36('2026-01-01 13:00'), // mjve7pc0
];
// minute
[
date36('2026-01-01 12:00'), // mjvc2jk0
date36('2026-01-01 12:01'), // mjvc3tuo
];
// second
[
date36('2026-01-01 12:00:00'), // mjvc2jk0
date36('2026-01-01 12:00:01'), // mjvc2kbs
];
// microsecond
[
date36('2026-01-01 12:00:00.000'), // mjvc2jk0
date36('2026-01-01 12:00:00.001'), // mjvc2jk1
];
Tactical tornado is the new default
When it comes to implementing a quick feature, nobody gets it done faster than the tactical tornado. In some organizations, management treats tactical tornadoes as heroes. However, tactical tornadoes leave behind a wake of destruction. They are rarely considered heroes by the engineers who must work with their code in the future. Typically, other engineers must clean up the messes left behind by the tactical tornado, which makes it appear that those engineers (who are the real heroes) are making slower progress than the tactical tornado.
How StrongDM’s AI team build serious software without even looking at the code
[Describe tests as 'scenarios' that represent user stories, and 'satisfaction' to quantify that it's happening, then store it where agents can't see them.]
We built twins of Okta, Jira, Slack, Google Docs, Google Drive, and Google Sheets, replicating their APIs, edge cases, and observable behaviors.
I know local models will win. At some point frontier models will face diminishing returns, local models will catch up, and we will be done being beholden to frontier models. That will be a wonderful day, but until then, you will not know what models will be capable of unless you use the best. Pay through the nose for Opus or GPT-7.9-xhigh-with-cheese. Don't worry, it's only for a few years.
But I managed. People usually figure out I’m harmless within about 14 seconds of meeting me. I have developed, in my wizened old age, a curious ability to make people feel good, no matter who they are, with just a little conversation, making us both feel good in the process. (You probably have this ability too, and just don’t know how to use it yet.)
During Golden Ages, there is more work than people. And when they crash, it is because there are more people than work.
“I AM GOING DOWN TO GET A DONUT NOW,” they will say, and someone will yell from the nap couch, “GET ME A DONUT.” “I AM ALSO DELETING THE DATABASE.” “OK.”
A lot of engineers like to work in relative privacy, or even secrecy. They don’t want people to see all the false starts, struggles, etc. They just want people to see the finished product. It’s why we have git squash and send dignified PRs instead of streaming every compile error to our entire team.
The Settlers of Catan inventor Teuber famously built new games for his own family to playtest for years, before they finally found the formula for Catan through many iterations.
The center of the campfire is a living prototype. There is no waterfall. There is no spec. There is a prototype that simply evolves, via group sculpting, into the final product: something that finally feels right. You know it when you finally find it.
Anthropic’s Hive Mind is described by employees as “Yes, and…” style improvisational theater. Every idea is welcomed, examined, savored, and judged by the Hive Mind. It’s all based on vibes. There is no central decision-making authority. They are just trying everything, and when magic happens, they all just kind of realize it at once.
all companies are asking variations of just the same two questions. They bluster and bluff and try to act informed, but they are all terrified. When you cluster their questions, they break down into, “Will everything be OK?” and “Will we be here in five years?”
I didn’t ask for the role of a programmer to be reduced to that of a glorified TSA agent, reviewing code to make sure the AI didn’t smuggle something dangerous into production.
The Great Realtime Collaboration Misdirection
the need for realtime editing in applications is greatly exaggerated. Think about how rare it is to:
get two people to be in the same place at the same time
have a task where more than one person makes changes at a time
want other people peering over their shoulder while they work
Permissioned Data Diary 1: To Encrypt or Not to Encrypt
[End-to-end encryption may have become the baseline for messages, but not everything needs that. Nobody expects a large group forum or Patreon-style membership area to deal with secret keys.]
this inherent complexity isn’t something that the protocol team at Bluesky can just handle - it gets pushed out to every dev trying to build a client that works with encrypted data.
People who end up in positions of power are often not there because they’re particular profound, or strong, or even nefarious, but rather because they’re trauma-ridden vessels who offer the least resistance to the inhuman forces of our economic system, and who are therefore, almost evolutionarily, ‘selected’ by it.
Before You "Build a Community," Decide: Library or Coffee Shop?
[Popular communities can be categorized as either "libraries" (where visitors look for an answer, then leave without ever signing up), and "cafes" (where people of shared interests come to have open-ended discussions). Each requires different approaches to be successful.]
Löwenzahn: Peter hat viel Zeit
a million ways to tell time without batteries, plus a battery from fruit
i have an impression that ai-assisted coding is so far most enjoyed by either people who can't debug anything, or, people who can debug absolutely everything
X : All your talk about reasoning make you seem very anti the AI era.
When an entire culture decides that producing outputs matters more than understanding mechanisms, it works fine right up until the environment shifts and nobody remembers how to reason from first principles.
A spoiler for the future - Bitcoin
Austerity measures will have taken the route of unprecedented and radical decimation of the state - everything from state provided healthcare to coastguards to income support to education will be practically gone replaced with numerous forms of bitcoin based insurance. If you can't afford it then you won't be able to gain access to it. There will be no state help as the state can neither fund universal care nor determine whether you deserve support.
Is there a better word for 'hackathon'?
[Common hackathon activities like coding are not a good use of my time for an in-person event. I need quiet focus time and good ergonomics to do programming. Better to use these rare encounters with colleagues to chat, brainstorm, do exploratory design work for instance. I already start hacky prototypes on a whim anyway and don’t need an event do to it.]
I don't think it's the changeover itself that hurts. It's the speed. We all feel this transition. It creates a kind of thin corridor where many so-called shortcuts are currently being taken that are not really shortcuts at all. Outcomes and effects will simply be different. Efficiency is increasingly confused with impact.
i hope more people hear the call to be thoughtful in how they approach these new possibilities. with great speed, many are adopting something on shaky ground, ready to lock themselves in and throw away the key.
every question I ask is turned into a thesis, the counter is created (antithesis). Two agents then take on those roles and the case is argued through several rounds (minimum of three, maximum of ten). A group of 12 agents then vote (with public reasoning) after each round - the first three rounds are merely indicative and there's also a zero round vote on the quality of the thesis / antithesis.
A judging agent then decides at the end of each vote whether the arguments are materially different and if there has been a successful conclusion. Without a successful conclusion then the game continues (again there must be at least 3 rounds). Both the arguing agents have access to the argument, the counters, the voters comments and votes. Each round they present a refined argument. A court recorder summaries the thesis, antithesis, the main arguments presented and which argument eventually wins (if any does).
The entire global monetary system explained in under 15 minutes
[The monarch gives them tokens in exchange for labour, then demands it back in the form of taxes.]
Decentralized Social Media: What is it, how does it work?
In ActivityPub you get a bit more resilience in that other people's instances might go down, but once they're up again you'll resume synchronizing with them. Your main issue is that once your instance goes down, you personally can't participate anymore unless you make an account somewhere else.
AT protocol is a bit more complicated in that you have several different points of failure. If the firehose goes down none of the app views will see new posts but should have their existing ones. If an app view goes down others will still work and you'd still be able to pull from people's PDSs. If your PDS goes down you can't post but if someone else's goes down you can still see everything else.h
Nostr has the most resilient model in that you can use as many relays as you want and if some of them go down you'd be fine so long as you can find more.