319 entries from "Berlin"

How n8n Handles Vulnerability Disclosure - and Why We Do It This Way

[Closed-source security updates are hidden from attackers, which means the time they need to reverse-engineer a patch is a window for users to safely apply the update. Open-sources security patches are immediately visible and become a roadmap for attackers to target those who haven't updated yet.]

[We currently publish patches and advisories on the same day to minimize the exploitable window. We also develop fixes in private and merge into public only when it's announced.]

BidWix

BidWix is not a marketplace. It does not handle payments. It does not write contracts. It does not take a cut. It does one thing only: it helps two people land on a price, quickly, without stress, and with a result that feels balanced.

Instead of negotiating out loud, both parties enter a private limit price, once.

[Buyers enter their maximum offer, sellers enter their minimum ask. The numbers stay secret. There is no 'counter offer' or back-and-forth: it's one shot.]

[If a freelancer wouldn't accept less than 100 for a small task and a client could stretch to 900 if they had to, BidWix would suggest the geometric mean of 300, which is three times higher than the freelancer’s minimum, and three times lower than the client’s maximum. Both sides win by the same factor.]

Beyond Horseless Carriages: Building Communities for the Decentralized Era

[Fediverse: communities of 50–100 people, "a slightly bigger group chat". Bluesky: planet-scale network. What could go in between? Blacksky is 'Reddit-sized' or like a large forum at around 100–200k people.]

[Moderation can also be a form of "community care" that people actually enjoy and appreciate, rather than just a task to be done.]

[Contradictory when almost nobody in the community does moderation or understands the primitives, yet most seem to think it's decentralized. If the main provider goes away tomorrow, will you know how to keep the infrastructure running?]

[People are busy and have kids: they don't need to know what a PDS is.]

[Build what helps people find joy and feel good about themselves.You can't scare them into using decentralized tech "for their own good".]

Sustainable Open Source

newcomer’s contributions aren’t as complete or far-reaching than those of experienced contributors, so it is doubly important for you care about the people and their enthusiasm about your project more than that typo-fix they put on the website. We’ve turned someone who fixed a single typo on the website to a steady contributor and well respected community member that now helps out all over the project

How I Learned to Stop Caring and Love Open Source

For early stage projects, care is the only thing you can give them. But once you’ve shipped version 1.0.0 or even 2.0.0, once you wrote all the documentation, once people start using the project in production with success, once you’ve talked the 100th person through getting started on IRC or Slack, your priorities have to change.

iCloud's unpredictable sync means the engine is "trust Apple magic somehow"

"non-technical users" → "jargon-free people"

UI/UX Benefits and Trade-Offs of Local-First Apps

[Beware generic solutions: they don't know your needs.]

[Instead of directing users to "please resolve this conflict", the UI could say "Bob made a different suggestion"]

15 years of Local First: a best-of report from the field

[When humanity's achievements are tabulated a hundred years from now, the Ebola vaccine will be listed, and I'm proud that our work with CouchDB and offline-first software helped make it happen.]

[Documentation is a 10x multiplier for your development speed.]

noticing a reflexive relationship between publishing a website with tools, and then wanting tools to consume what was published as objects

LLMs have made me smarter because my distrust in them increasingly causes me to figure things out for myself

How do I count all commits in a git repository?

# count for in branch alfa
git rev-list --count alfa

# count across all branches
git rev-list --count --all

How to cherry-pick commits from another repository in Git

# add the other repository's commits
git remote add alfa ../bravo
git fetch alfa

# show commits from branch charlie
# (note/copy the ones you want to merge or the start and end)
git log alfa/charlie --oneline

# apply commit 789c05c
git cherry-pick 789c05c

# apply commits 789c05c to fd1b130
git cherry-pick 789c05c..fd1b130

clown core: Diarrhea Inferno Welfare Burrito

gradual voice-leading and suspensions with fast-paced drumming

clown core: existence

wild creepy sensory overload

always bet on text

Text is the most socially useful communication technology. It works well in 1:1, 1:N, and M:N modes. It can be indexed and searched efficiently, even by hand. It can be translated. It can be produced and consumed at variable speeds. It is asynchronous. It can be compared, diffed, clustered, corrected, summarized and filtered algorithmically. It permits multiparty editing. It permits branching conversations, lurking, annotation, quoting, reviewing, summarizing, structured responses, exegesis, even fan fic. The breadth, scale and depth of ways people use text is unmatched by anything. There is no equivalent in any other communication technology for the social, communicative, cognitive and reflective complexity of a library full of books or an internet full of postings. Nothing else comes close.

Provisional Guidance for Users of LLM-Based Code Generators

I’m sure there will be links like “Court Rules AI Art Can’t Be Copyrighted” aplenty. They will be wrong. The court didn’t rule that AI art can’t be copyrighted. It ruled that copyright requires human authorship, surprising approximately zero copyright lawyers…or people who have read the Wikipedia page.

If you’re looking for a “simple legal rule” so that you can game it, nitpick its terms, or run right up to its line, you’re looking for trouble. Don’t blame me when you find it. But if you’re a realistic player just looking for a sense of odds so you can place wiser bets, the amount of output you accept from an LLM into your codebase at once, and the extent to which it makes what look like implementation choices, rather than simply invoking APIs or established boilerplate, probably represents your best intuitive heuristic. Your working sense of whether it looks like code completion, template-based code generation, or what coders used to have to unavoidably think through and type for themselves, before Copilot and the like came around, can serve as first-pass proxy for legal peril.

If it’s what everybody else checks in to use the same APIs, that’s unlikely creative expression that anyone can claim to own and see infringed. The more specific, creative routines that go within that boilerplate? Yes, potentially. The rigging, patterns, and boilerplate everybody else is filling in, too? Not so much.

the newer a novel, commercially relevant phenomenon, the less specifically-worded, algorithm-like rules determine outcomes at law, and the more important the purposes behind more generally worded rules become. Lawyers call abstractly stated, syllogism-like rules “black letter law” and the more generalized purposes “policies”. When how to apply black letter law isn’t clear, we cite and fight about policies in arguing how to read in context.

When you prompt and take big chunks of code from LLMs that rate high on the intuitive completion-generation-authorship scale, document your code input state, prompts, and further edits. Create a written record of your innocent use of LLMs.

If you were going to code a key part of a project ten years ago, and worried you’d be accusing of plagiarism, the natural advice would’ve been to document your process. Don’t just phone it in with an “Implemented $foo” commit message. Write a nice long one, and maybe blog work in progress or keep a “lab notebook”, too.

How Indian students end up exploited in Germany

[Indian students come to Germany sold on a vision of prosperity by expensive private university marketing, then find themselves unable to leave and forced into delivery work.]

[Delivery companies like Uber Eats and Wolt rely on 3rd party agencies to recruit and hire drivers as 4th party contractors. These agencies interact anonymously through WhatsApp numbers, make arrangements to pay in cash at sketchy locations (often less than anticipates), and regularly declare bankruptcy before starting the scheme again avoid paying taxes and social security.]

Running out of narratives

Crypto is here to stay and it’s big! But it’s mostly a financial asset class built on narratives, self-referential applications, and a side order of niche use cases. The killer use case is stablecoins. That’s pretty boring.

Bitcoin is not a viable high-volume payment system. It’s not a safe haven. It’s not a hedge against a weak USD or inflation. It was a risky asset. But then it didn’t rally when every other risky asset in the world exploded higher. It was digital gold. Then gold and silver doubled and tripled and bitcoin stood still, looking on with jealous awe.

So my view is that crypto is maturing into a small but meaningful asset class with some important but kinda niche use cases. That’s about it. Like video games, or 3D printing, or VR. Exciting, useful, and important industries. But not the internet. Not railroads. Not AI. There is no coming wave of innovation that will take it to the promised land. Crypto has arrived. It’s maturing. It’s not early. What you see is what you get.