This week
- OpenAI's dev day was today. While I wrote up a short summary of what was announced on bluesky, one of the major announcements was the AppSDK for ChatGPT. It looks like OpenAI plans to position ChatGPT as a platform for the future not unlike the Google Play and...
Two weeks ago
- Contents Lies by Any Other Name Great Artists Steal Dear Tech Reporters: Access Is Not A Beat This blog is failing on several levels. First, September 2025 is putting the “frequent” in “infrequently”, much to my chagrin. Second, my professional mission is to make a web that's...
- There was a time when I could ask, “Did you see the latest NPM attack?” And your answer would be either “Yes” or “No”. But now if I ask, “Did you see the latest NPM attack?” You’ll probably answer with a question of your own: “Which one?” In this post, I’m talking about the Qix...
About a month ago
- In the wake of the largest supply-chain attack in history, the JavaScript community could have a moment of reckoning and decide: never again. As the panic and shame subsides, after compromised developers finish re-provisioning their workstations and rotating their keys, the...
- Defaults matter...
- Part of me is always unnerved when I see people running claude --dangerously-skip-permissions or codex --yolo to give them unfettered ability to run commands on their machine. Admittedly, I do usually hit approve when I’m asked about a specific command, so I certainly understand...
about 1 month ago
- TL;DR: Market competition underlies the enterprise of standards. It creates the only functional test of designs and lets standards-based ecosystems route around single-vendor damage. Without competition, standards bodies have no purpose, and neither they, nor the ecosystems they...
- I recently read You do not need “analytics” for your blog because you are neither a military surveillance unit nor a commodity trading company by Leon Paternoster. It’s a well-argued piece, and I agree with the general thrust… but I also won’t be removing analytics from my site...
about 2 months ago
- Photo by Claudia Raya Apple vs. Facebook is, and always was, kayfabe. In reality, Apple is Facebook's chauffeur; holding Zuck's coat while Facebook1 wantonly surveils iPhones owners.2 Facebook's gross profit over time. Facebook and Apple mugged convincingly for the cameras as...
- Stay safe out there folks!...
2 months ago
- Last week, Armin and I worked together on the latest release of Himitsu, a “secret storage manager” for Linux. I haven’t blogged about Himitsu since I announced it three years ago, and I thought it would be nice to give you a closer look at the latest release, both for users...
- I was thinking this morning about how once you understand that your technology choices have security, performance, and accessibility considerations you become a much more boring developer. Acknowledging those obligations can sort of strips the fun out of programming, but we’re...
- Over the past few days, Bluesky has had accelerated user growth. This happened at the same time as UK’s Online Safety Act came into effect. I don’t know exactly why this is the case, but I have some ideas. First, I want to start with a quick aside. I think that efforts like the...
3 months ago
- Adding an Spurious Phrase Makes Models Fail 3x More Often One of the ways contexts fail is context confusion, “when superfluous content in the context is used by the model to generate a low-quality response.” In the context fails post, we illustrated this by showing how too many...
- Today, we’re looking at two case studies in how to respond when reactionaries appear in your free software community. Exhibit A It is a technical decision. The technical reason is that the security team does not have the bandwidth to provide lifecycle maintenance for multiple X...
4 months ago
- Did you know your favorite website can detect when you're browsing it in public transport or when you scroll it in your bed? Moreover, this info sometimes helps them to fight bots....
- In today’s edition of “don’t trust LLMs”, we learn that despite what AI tells you, AWS Backup doesn’t support Cross-Account and Cross-Region backups. It supports Cross-Account copying and Cross-Region copying, but apparently not together. As part of Masset’s Data Protection and...
- Cycling Art, Energy, and Locomotion, 1889, Robert Pittis Scott I wanted to collect the thoughts that have been swirling in my brain about AI. Not to add another think piece to the pile, but to record them so I can understand where my head was at on the topic. Kind of a future...
5 months ago
- On April 21st, the Bluesky team announced a new account verification system. In my opinion, one of the best bits about Bluesky was the ability to verify yourself using a domain name. This new system goes a step further, and I was curious about how it worked. This lead to me...
- Threat modeling is a systems engineering practice where teams examine how data flows through systems to identify what can go wrong - a deceptively simple act that reveals security risks that automated tools cannot anticipate. Often this is done by security analysts as a separate...
- Adventures in Symbolic Algebra with Model Context Protocol I spent last weekend playing with this new MCP protocol all the kids are talking about, using it to make language models talk to symbolic computer algebra systems. The idea was simple: LLMs are great at understanding...
Rows per page
