218 entries under "article"

The Purpose of Protocols

[Email letting any server send to another with no authentication enabled universal messaging, spam, and becoming the defacto internet identity, for which its spec wasn't designed nor does it anticipate. HTTP model with servers authoritative for their resources enabled the web's openness and also consolidation into a few platforms. RSS gave publishers independant distribution but with no way to collectively curate, so algorithmic platforms filled the void. Google defeated XMPP simply by not federating when its own network had enough users so that protocol no longer served its interests.]

[Protocols can design the rules but not how the actors operate within them. Silence about purpose is a politics of non-interference that predictably benefits actors with resources to build wherever the protocols did not govern.]

if we define ATProto’s purpose by what it currently does, the answer is not “a decentralized social protocol with separated powers” but “a social protocol with architectural provisions for decentralization, currently operated as a near-centralized system.” Whether those architectural provisions will translate into actual distribution of power depends on economic and institutional developments that no amount of protocol design can guarantee.

The open protocol community has inherited two intellectual traditions, both inadequate to this problem: an engineering functionalism that treats protocols as neutral infrastructure whose political consequences are someone else’s concern, and a governance minimalism that treats any collective decision-making structure as a potential vector for the very centralization the protocols were designed to prevent. The result is a community that has developed exceptional sophistication about technical architecture and individual rights while remaining largely inarticulate about collective governance. Addressing this will require the protocol design community to draw on intellectual traditions it has not yet seriously engaged with, including Ostrom’s institutional analysis, Beer’s organizational cybernetics, and the broader literature on commons governance and cooperative design.

the same incentive structures that determine who can afford to operate at scale also determine what content those operators are rewarded for surfacing.

"Purpose not being defined gets captured by well-resourced actors" reminds me of Kyla Scan's "friction doesn't get removed, just shifted" and Rudy Fraser's "you can't design decentralized software without thinking about moderation". Purpose and consideration of the dynamics created by interfaces and systems perhaps should be part of the design process.

Cory LaChance shares his Claude story building TakeOffTrak

[With no coding experince (just Excel macros), I learned to use Claude Code and the terminal by asking Claude. When I don't know what to click, I take a screenshot and ask Claude.]

Don’t Mix Up Artifacts With Processes

predict how a person will react to all this stuff by figuring out how much of their life is spent inside of a bureaucracy. Work on your own? The bots are coming to ruin your life. Manage employee and constituent safety at a large group of harm-reduction-focused, state-funded addiction recovery clinics? “I use it for everything.”

A sufficiently detailed spec is code

Typically the reason we write specification documents before doing the work is to encourage viewing the project through a contemplative and critical lens, because once coding begins we switch gears and become driven with a bias to action.

There is no world where you input a document lacking clarity and detail and get a coding agent to reliably fill in that missing clarity and detail. Coding agents are not mind readers and even if they were there isn't much they can do if your own thoughts are confused

Ageless Linux — Software for Humans of Indeterminate Age

A law that the largest companies in the world already comply with, and that hundreds of small projects cannot comply with, is not a child safety law. It is a compliance moat. It raises the regulatory cost of providing an operating system just enough that only well-resourced corporations can afford to do it.

Why Slight Failed: A Slight Post-Mortem

When someone asked “how do we get started?”, we had a technical answer (“connect your database, write some queries, data for all!”) but no story about which team should champion it first, or which problem to solve first. Data teams? Product teams? Analysts? We had some answers, but not the answer. We had pitches for individual teams that worked well, but we never nailed down the way companies should adopt Slight.

I made the stupid mistake of just working harder and harder to on-board companies. Instead, we should have sat down and mapped out ways to properly experiment with our approach. Maybe simplifying to a single clear use-case, or finding a completely different initial wedge, or focusing on specific verticals.

My 'Rules' for Running My Membership Program

[Have clear and specific goals – all membership activities must support them.]

[Frame the program as for those goals, not its members (who will benefit because the goals should benefit them).]

[Building a community is part of this, but managing community can easily distract from the goals.]

Boy I was wrong about the Fediverse

Of course search was broken because all OSS social tools must have one glaring lack of functionality. In a nightmare world full of constant change it’s good to have a few constants to hold on to.

Billions of dollars at their disposal and Meta made a hot new social media network with the appeal of junk mail.

Intuitive Understanding of Sine Waves

Sine is a natural sway, the epitome of smoothness: it makes circles "circular" in the same way lines make squares "square".

Spoonbill (2016—2023)

I woke up every single day for the next two months after signing those deals, convinced that I had somehow broken the law and I would find in my inbox an email saying "no, sorry, this has all been a misunderstanding, you must return to us all of that money." The process of sending an invoice of that size was surreal in a way that few things since have quite been, and more than the actual financial gain it was a deeply useful lesson in understanding that the numbers which look big to a twenty-four-year-old look like rounding errors to a sophisticated company.

It's painfully rare for a piece of software to have a true sense of narrative closure: either it succeeds, and is immortal, or it is killed: killed by shifting priorities and shrunken budgets and changing macroeconomic headwinds and more exciting ideas.

The case for gatekeeping, or: why medieval guilds had it figured out

We need a verified not-shit-person badge. Some mechanism, ideally decentralized, ideally reputation-based, that lets maintainers distinguish between "human who has demonstrated basic competence and good faith" and "entity or bot submitting or causing to be submitted auto-generated changes to mass repositories for credential farming."

Practical Decentralization

[The more people contribute to a shared network, the less appropriate "personal computing" metaphors becomes. It becomes inevitable to index aggregate data on their behalf, and these are shared resources that require governance. Pure p2p fails here because it has no solutions for shared governance.]

[Servers simplify operational challenges that come with p2p, like reliable uptime, device sync, and key management.]

A shared data space enables modularity, separating powers away from the popular hosts.

How n8n Handles Vulnerability Disclosure - and Why We Do It This Way

[Closed-source security updates are hidden from attackers, which means the time they need to reverse-engineer a patch is a window for users to safely apply the update. Open-sources security patches are immediately visible and become a roadmap for attackers to target those who haven't updated yet.]

[We currently publish patches and advisories on the same day to minimize the exploitable window. We also develop fixes in private and merge into public only when it's announced.]

Sustainable Open Source

newcomer’s contributions aren’t as complete or far-reaching than those of experienced contributors, so it is doubly important for you care about the people and their enthusiasm about your project more than that typo-fix they put on the website. We’ve turned someone who fixed a single typo on the website to a steady contributor and well respected community member that now helps out all over the project

How I Learned to Stop Caring and Love Open Source

For early stage projects, care is the only thing you can give them. But once you’ve shipped version 1.0.0 or even 2.0.0, once you wrote all the documentation, once people start using the project in production with success, once you’ve talked the 100th person through getting started on IRC or Slack, your priorities have to change.

always bet on text

Text is the most socially useful communication technology. It works well in 1:1, 1:N, and M:N modes. It can be indexed and searched efficiently, even by hand. It can be translated. It can be produced and consumed at variable speeds. It is asynchronous. It can be compared, diffed, clustered, corrected, summarized and filtered algorithmically. It permits multiparty editing. It permits branching conversations, lurking, annotation, quoting, reviewing, summarizing, structured responses, exegesis, even fan fic. The breadth, scale and depth of ways people use text is unmatched by anything. There is no equivalent in any other communication technology for the social, communicative, cognitive and reflective complexity of a library full of books or an internet full of postings. Nothing else comes close.

Provisional Guidance for Users of LLM-Based Code Generators

I’m sure there will be links like “Court Rules AI Art Can’t Be Copyrighted” aplenty. They will be wrong. The court didn’t rule that AI art can’t be copyrighted. It ruled that copyright requires human authorship, surprising approximately zero copyright lawyers…or people who have read the Wikipedia page.

If you’re looking for a “simple legal rule” so that you can game it, nitpick its terms, or run right up to its line, you’re looking for trouble. Don’t blame me when you find it. But if you’re a realistic player just looking for a sense of odds so you can place wiser bets, the amount of output you accept from an LLM into your codebase at once, and the extent to which it makes what look like implementation choices, rather than simply invoking APIs or established boilerplate, probably represents your best intuitive heuristic. Your working sense of whether it looks like code completion, template-based code generation, or what coders used to have to unavoidably think through and type for themselves, before Copilot and the like came around, can serve as first-pass proxy for legal peril.

If it’s what everybody else checks in to use the same APIs, that’s unlikely creative expression that anyone can claim to own and see infringed. The more specific, creative routines that go within that boilerplate? Yes, potentially. The rigging, patterns, and boilerplate everybody else is filling in, too? Not so much.

the newer a novel, commercially relevant phenomenon, the less specifically-worded, algorithm-like rules determine outcomes at law, and the more important the purposes behind more generally worded rules become. Lawyers call abstractly stated, syllogism-like rules “black letter law” and the more generalized purposes “policies”. When how to apply black letter law isn’t clear, we cite and fight about policies in arguing how to read in context.

When you prompt and take big chunks of code from LLMs that rate high on the intuitive completion-generation-authorship scale, document your code input state, prompts, and further edits. Create a written record of your innocent use of LLMs.

If you were going to code a key part of a project ten years ago, and worried you’d be accusing of plagiarism, the natural advice would’ve been to document your process. Don’t just phone it in with an “Implemented $foo” commit message. Write a nice long one, and maybe blog work in progress or keep a “lab notebook”, too.

Running out of narratives

Crypto is here to stay and it’s big! But it’s mostly a financial asset class built on narratives, self-referential applications, and a side order of niche use cases. The killer use case is stablecoins. That’s pretty boring.

Bitcoin is not a viable high-volume payment system. It’s not a safe haven. It’s not a hedge against a weak USD or inflation. It was a risky asset. But then it didn’t rally when every other risky asset in the world exploded higher. It was digital gold. Then gold and silver doubled and tripled and bitcoin stood still, looking on with jealous awe.

So my view is that crypto is maturing into a small but meaningful asset class with some important but kinda niche use cases. That’s about it. Like video games, or 3D printing, or VR. Exciting, useful, and important industries. But not the internet. Not railroads. Not AI. There is no coming wave of innovation that will take it to the promised land. Crypto has arrived. It’s maturing. It’s not early. What you see is what you get.

OAuth, or, The Elaborate Ceremony of Not Giving People Your Password

[Implicit Grant throws your key to you across a lobby full of interested parties. Proof of Code Key Exchange ensures that the one who requested the key gets it. Neither will solve impersonation attacks via social engineering.]

Tactical tornado is the new default

When it comes to implementing a quick feature, nobody gets it done faster than the tactical tornado. In some organizations, management treats tactical tornadoes as heroes. However, tactical tornadoes leave behind a wake of destruction. They are rarely considered heroes by the engineers who must work with their code in the future. Typically, other engineers must clean up the messes left behind by the tactical tornado, which makes it appear that those engineers (who are the real heroes) are making slower progress than the tactical tornado.