📝 2026-07-07 07:06: First two chicks!
First two chicks! Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️ You can reply to this post by email , or leave a comment .
First two chicks! Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️ You can reply to this post by email , or leave a comment .
Every post I publish represents at least two things I’ve learned: the thing that prompted me to write the post, and the thing I learned in the course of writing it. If I don’t learn anything new while I’m writing, it’s not interesting enough to publish. Typically I learn way more than two things. For instance, in my o3 geoguessr post, I started out with the idea that most AI prompts probably don’t work, and I ended up learning that newer OpenAI models have lost o3’s ability to geolocate. That’s interesting! In my most recent post on C2PA , I started out with the idea that C2PA requires near-universal adoption, but I learned a ton of things about PKI, managing private keys on local devices, how C2PA actually works, and so on. In my post on the Luddites , I started out with the idea that the Luddite movement was fundamentally decentralized, but ended up fascinated by Luddite culture (which was far more elitist, misogynist, and violent than the pop-Luddism books describe). I could do this for every single post on the blog. I think the core reason this works is that every single one of my blog posts argues a point . I never publish a post that just gives some scattered thoughts on a topic, or a post that only says “yes, I agree with this other article”. If I write a draft that nobody sensible could disagree with, I scrap the draft. Making sure that everything I write is at least minimally controversial is a forcing function: it forces me to think about what the most interesting part of my position is, and it forces me to do enough research to defend it against the obvious criticisms. This is contrary to a lot of advice I read about blogging, which encourages the aspiring blogger to treat their posts as a form of unstructured self-expression. If unstructured self-expression is what you want to do, that’s cool. The point of having a blog is that you get to write what you want. However, this advice isn’t as helpful as it sounds. Before I was in tech, I was a philosophy grad student. But before that , I was a poet. One thing you learn when you try to write poetry is that it is way easier to write to a restrictive structure than it is to simply “write what you feel”. This should be obvious when you actually think about it. The task of a poet is to repeatedly choose the next word. Writing to a structure (typically rhyme or meter) narrows that choice to a small set of words, instead of the entire English language. It’s the same with blogging. Forcing yourself to write about specific, potentially-controversial points makes consistently writing easier, not harder. Writing is the best way to think clearly about a topic. It’s easy to believe you understand something when you’re just turning it over in your head. When you have to condense that down into words, you find out exactly how much you do or don’t understand. I am constantly having moments where I type something, stop myself, and think “wait, that can’t actually be right”, or “is that really true?” By the time I write my way to the end of the post, I’m usually thinking so much more clearly about the topic that my conclusion paragraph is way better than my introduction. In fact, I’ve picked up the habit of going back and immediately rewriting the first paragraph as part of my first-draft process, because I know I’m going to end up doing it anyway. I also change my mind a lot while I write. Here are a bunch of examples of posts where I began writing them with the opposite opinion to the one that eventually made it into the post. I think this is a good sign, and I hope I never stop doing it. You should be researching and thinking about every post you write, and that means you should frequently learn new things that change your mind. Because of all this, I deliberately choose to write blog posts about things I don’t yet quite understand but would like to, like LLM steering, Stripe’s Tempo blockchain, C2PA and watermarking , space cooling , interaction models , LLM inference internals , and so on. This is great for me, because I learn a lot. Is it great for my readers? I sometimes worry that I should only be writing about areas I already know very well, like tech company dynamics or working in large codebases , rather than presenting myself as an authority on fields I’m actually still learning. Should I let historians of the Luddites write about Luddism, Web3 engineers write about blockchains, and so on? I think this is acceptable for three reasons. First, it’s sometimes easier for a beginner to write an introduction to a field than for an expert. Experts routinely overestimate the knowledge of the general public, and have often internalized the reasons why their field is important so deeply that they struggle to express them. I think my explainer posts are valuable because I always spend the first chunk of the post talking about what the original problem is before I get into the technical solution. Second, sometimes the public consensus on a topic is just plain wrong, to the point where even a little bit of research is enough to demonstrate why. Many of my posts I’m proudest of have been along these lines: arguing that the “500ml per prompt” water usage figure for LLMs was ludicrous , or that the popular Apple “Illusion of Thinking” paper was tracking persistence, not reasoning , that GPUs live longer than three years and the AI companies have large profit margins on inference, and so on. Third, I try to make it clear on my blog who I am and what my credentials actually are. Even if it’s not explicitly described in the post, I have my real name and resume available on my /about page, so I don’t think a careful reader could be easily fooled into thinking I’m an expert on 19th-century England or space physics or LLM economics or anything like that. Even if nobody reads what you write, writing is still a good discipline for getting your thoughts in order. But another big reason why writing is a great learning tool is that you can get feedback . I think it’s obvious why this is useful, but I do want to make two points about feedback. First, if you do make your posts public, you need to have a pretty thick skin. People on the internet often fall over themselves to come up with the most cutting criticism or the harshest dunk. This goes double if you take my previous advice and try to write posts that make a clear, controversial point about a subject you’re learning. If you’re the kind of person whose whole day is ruined when a stranger is cruel to them, you might want to keep your blogging private or only share it among friends. Second, even if your blogging is private, you can get feedback from LLMs . Like humans, LLMs will often give junk feedback. In my experience, OpenAI models will always tell me to moderate my claims or add caveats and hedges until I’m not saying anything at all. Sometimes their criticism will be straight-up wrong. But — particularly about technical topics — LLMs are great at pointing out areas you’ve genuinely misunderstood, and they’re far kinder than the average Lobsters or Hacker News commenter. I’m pleased and grateful that people enjoy reading my posts, but even when nobody did, I still got a lot of value out of blogging. I write as a method of thinking more clearly, as an excuse to do research on topics I want to learn about, and as a way of getting feedback. If you’d like to try it yourself, I suggest watching for these two things. First, you should be changing your mind a lot as you write. If not, you probably aren’t doing enough research. Second, your first draft’s conclusion should be much tighter and more expressive than its introduction. If not, you probably haven’t learned anything from the writing process, which means the draft can be scrapped. I strongly recommend this practice to anyone with an interest in writing. You will see the benefits even if you don’t publish any of your writing on the internet, particularly now that you can get good technical feedback by pasting your post into a LLM 1 . For what it’s worth, I’ve fiddled with careful “review prompts” and it’s basically as good to just write “review, please:” and paste your article. For what it’s worth, I’ve fiddled with careful “review prompts” and it’s basically as good to just write “review, please:” and paste your article. ↩
Alternative titles: These are all about equivalent to the risk of one year of smoking. (Continue reading the full article on the web.) … earns you a high-risk pregnancy … earns you an ascent of Matterhorn … earns you 10,000 km on a motorcycle … earns you two BASE jumps … earns you a day on the frontline in Ukraine
Two of the eggs are starting to hatch and we can hear multiple chicks cheeping away. Exciting! 🐣 Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️ You can reply to this post by email , or leave a comment .
I have to admit that when a reader wrote to me and said… Every point release of BBEdit delights me. I live in BBEdit. It’s one of the few packages for which I read through the release notes every time (they often have spots of hilarity). …I got a bit concerned. One thing that I hate more than wasted release notes (“Bug fixes and performance improvements”) is perhaps funny release notes – the ones where instead of actually conveying what changed, the text field is used for something, erm, “creative.” (Perhaps most infamously, Medium had had a spell of “fun” release notes about 10 years ago, to a mix of amusement and blowback ). But I needn’t have worried. The release notes of BBEdit are just plain old solid good work, with only a sprinkle of humor: It’s been a while since we looked at release notes , and these are a great example of something that can help you understand not just what an application is, but what it will become . For example, I saw this fly by… …and even though I have never used BBEdit, I immediately started nodding. It made sense; greeking is helpful for letters, but I can see how it can do more damage than good for punctuation that has a pretty specific visual signature. BBEdit’s author knows what they’re doing. Another person (whom you might recognize ) chimed in to say : Nothing in BBEdit is “abandoned.” Everything is on the table for possible improvements. Also remember that this is an app that was originally written for classic Mac OS! This made me think about what separates apps that you’re excited to keep growing from the apps you’d rather see frozen in time . The release notes of BBEdit made me trust it so, so quickly. Not just the pace of change and clarity of communication, but also indeed this certain feeling that the product is “alive” in all the right ways. Even if I don’t know or use the features, I quickly get a sense that the changes are for me, or at least other people like me, rather than serving unspecified corporate needs, chasing fashionable trends, or pursuing unnecessary pivots. Hell, even the ratio of changes – new features vs. quality-of-life fixes vs. performance improvements – seems good. On top of all that, it’s fun to read good release notes, because you can learn something new. These, to me, were fascinating: Determinism ! #maintenance #release notes #software evolution #writing The “Zoom” command makes a triumphant return to the Window menu. Fixed crash which would occur when displaying completions from language servers which violate the published specification and provide something other than a string for the details field of a returned completion item. (glares at Solargraph) SNUCK IN A SPECIAL FEATURE FOR CRAIG NO NOT HIM THE OTHER ONE I HOPE HE LIKES IT Made a change in the minimap so that punctuation isn’t greeked, which helps improve visualization. “Entab” and “Detab” have had their names changed to “Convert Spaces to Tabs” and “Convert Tabs to Spaces”, respectively. This is more verbose but less abstruse. There is a new setting in the Keyboard preferences: “Enable macOS “Help” key”. This is off by default, so that pressing the “Insert” key which is present on some PC-style keyboards doesn’t open the in-application help. (This frequently happens accidentally.) If an FTP browser window is active and disconnected, “Open from FTP/SFTP Server” will start its connection sheet, rather than doing nothing.
Kev and Amit both talk about building software for themselves rather than for others. Solving their personal needs and making something that is exactly what they want. I love this, software should be personal and customized to the user. Building your own software brings out the “personal” in personal computing, and it’s how home computing started in the first place! In the days of the Commodore 64 or Atari 800, you were encouraged to write personal software. You turn on the Commodore and it gives you a blank canvas, ready for whatever BASIC program you can think of. If you built something you were especially proud of, you’d mail in the source code to “Compute!” or a similar publication to share with the world. The timing to bring back personal computing has never been better. In the age of subscriptions and enshittification, it’s never been easier to choose a different path. LLMs make building your own solutions more accessible. There’s nothing quite like building for yourself and iteratively improving it while you use it in your day-to-day.
A truly fascinating 17-minute video where Chris Siebert at 100th Coin ventures out to play Super Mario in a way where every single byte of code and every single byte of graphics are used, and then shows his work: = 2x) and (width >= 700px)" srcset="https://unsung.aresluna.org/_media/if-you-never-saw-the-words-game-over-did-you-really-do-it-all/yt1-play.2096w.avif" type="image/avif"> = 3x) or (width >= 700px)" srcset="https://unsung.aresluna.org/_media/if-you-never-saw-the-words-game-over-did-you-really-do-it-all/yt1-play.1600w.avif" type="image/avif"> There was something about seeing the visualization of the entirety of the code being “used” that made me sit up: It reminded me of IBM 1401 , the 1959 business computer I saw a lot at the Computer History Museum. It takes up a big chunk of the room… = 2x) and (width >= 700px)" srcset="https://unsung.aresluna.org/_media/if-you-never-saw-the-words-game-over-did-you-really-do-it-all/2.2096w.avif" type="image/avif"> = 3x) or (width >= 700px)" srcset="https://unsung.aresluna.org/_media/if-you-never-saw-the-words-game-over-did-you-really-do-it-all/2.1600w.avif" type="image/avif"> …but is still so simple that you can watch its console and understand exactly what is going on in its little huge electronic brain: There’s something very powerful about this and made me imagine a version of it for my code, my CSS, my blog. Even the web lost a lot of its visited link vs. unvisited link fog of war kind of feeling of exploring the space and understanding how it is shaped. The video gets into the coding weeds in between 2:25 and 13:35 – by the way, isn’t it scary to imagine your code pored over decades later, bugs and hacks and all? – but if you skip this part, make sure to come back at 13:35 for the verdict, and then for the graphics. Spoiler alert: Some bits of code are never used, but the reasons are fascinating. All the untouched bytes are remnants of shameful mistakes, abandoned decisions, head fakes, and twin protections so strong that their first layer never gets penetrated – each one of them a tiny afterimage of other possible versions of Mario we’ve never gotten. #games #super mario bros #youtube
1984, Minority Report, Black Mirror — bedtime stories compared to the horrors the UK Government publish, am I right? I’m led to believe “Watch this space” is the latest propaganda piece from His Majesty’s Nanny State . I haven’t read past the title but according to gaming site Dexerto, YouTube lawyers read it and YouTube ain’t happy. Poor little YouTube. The government is consulting on options, considering whether to make public service news easier to discover on sites like YouTube and TikTok, with greater prominence and with more visibility during periods of major public importance. It also seeks to discuss misinformation and online viewing habits. YouTube urges creators to fight proposed UK algorithm changes - Matthew Benson, Dexerto I glossed over the Dexerto article too. This whole thing is something about kids being hooked on Skibidi and not paying their racketeering license fee . Minecraft Let’s Plays will be spliced with a BBC impartiality report on what some fascist gammon thinks. Should the proposal become law, of course. This is somewhat of a dilemma for a guy like me. If there’s one thing I hate more than a meddling GOV.UK, that might just be Big Tech . The thought of Google et al being ruffled warms my heart like a hot cup of tea on the summer solstice. That was too many words on something I never read so I’ll get to the lede. I’m about to reveal the secret sauce that Big Tech has tried to suppress. The one true algorithm, which ironically might be their saviour. Only one parameter is required in the perfect algorithm: who I choose to follow. I’m literally providing the exact data needed to curate my feed. I know what defenders of the deceptive arts are thinking: but algorithms are proven to increase engagement! — I know, Sherlock. Do you enjoy your doomscrolling misery? Not every metric needs to be min-maxed at the expense of human health. Modern apps sucks. Modern media sucks. Stick your “algorithm”. † It’s been decades since I studied SQL and database normalisation so please have mercy. Thanks for reading! Follow me on Mastodon and Bluesky . Subscribe to my Blog and Notes or Combined feeds.
Soundtrack: Ozzy Osbourne — Mr. Crowley A lot of people have been making a lot of fun of the SoftBank 46th annual shareholder meeting and Masayoshi Son’s (to quote Bryce Elder of the Financial Times) Untethered Goose Game , specifically referring to slides that, well, looked like this: As funny and silly as these slides might be, they’re actually very indicative of the mindset behind SoftBank. Each one of those golden eggs refers to a trillion yen (about $6.15 billion) in the Net Asset Value (NAV) of SoftBank’s holdings, with the minus referring to its debt. It’s actually very simple, especially if you know anything about geese. SoftBank is the goose. Masayoshi Son is the gander. Masayoshi Son mounts and impregnates SoftBank — by which I mean invests money in companies using SoftBank’s funds — at which point the goose (SoftBank) becomes pregnant (the portfolio company grows larger) and then lays the egg (the portfolio company goes public). Basically, SoftBank is a company that invests in companies that then go public and make SoftBank money, at least in theory. To continue mounting the geese , SoftBank takes on a constant flow of debt either by raising it via the bond market, taking margin loans out using its shares in successful investments like ARM or Alibaba as collateral, or (in times of trouble) outright selling shares in companies like T-Mobile or NVIDIA . Softbank has around $50.5 billion worth of outstanding notes as of writing this sentence, not including other forms of debt, like commercial paper and traditional loans. Including those brings the total to an astonishing $76.431 billion. And, again, this is just the Softbank Group – and not any of the other affiliated entities, who have their own balance sheets and separate reporting. When Masayoshi Son protests that the “goose was not valued,” he’s saying that SoftBank isn’t given its dues for “laying golden eggs,” because the NAV of the company does not give any value to the goose that lays the golden eggs, largely because net asset value refers to the holdings of a fucking company Masayoshi, what are you talking about? Masayoshi Son’s desperate plea that “what matters is not the eggs, but the goose itself, and its power to keep laying eggs” exists to try and distract from the fact that he’s been pretty bad at fucking the goose for the last decade or so. The vast majority of SoftBank’s Net Asset Value — which is ¥48.2 trillion rather than ¥74 trillion yen, by the way! — comes from its shares in chip company ARM (¥19.15), SoftBank Vision Fund 1, (¥3.38) and SoftBank Vision Fund 2 (¥17.19). These are two venture capital funds: one very successful (VF1 includes big hits like DoorDash and ByteDance ), and one tremendously awful (VF2 includes massive losses on WeWork and Karterra ). His one saving grace, at least on paper, is his early investments in OpenAI, turning around $64 billion (assuming it completes all $30 billion of its 2026 commitments) into a theoretical $100 billion or more, at least if OpenAI goes public, which is almost certain to- Wait, what was that? OpenAI is leaning toward IPOing in 2027 ? It hasn’t even held pre-IPO investor meetings or set a timeline ? That’s not good at all! The SoftBank Goose Engine only functions if the goose — which was not valued by the way! — continues to lay golden eggs, and in this case, the golden egg is OpenAI, and said egg is still in SoftBank’s ovary ! The problem here is that while SoftBank’s OpenAI stock is “worth $100 billion,” private stock is valued very, very differently to a public stock that you could dump on the market. This is in part because the valuations of private companies are continually overinflated by over-eager investors who, just throwing it out there, might have valued the company based on a belief that they were put on this Earth to create superintelligence rather than whether it was a good business that would continue to grow. Per the New York Times , OpenAI’s hesitancy to go public came from a concern that it wouldn’t get a value of a trillion dollars — a worrying bit of information considering its was last valued at $765 billion, meaning that advisers were unable to make a convincing case for a listing at a meager 30% premium. This is likely why SoftBank was unable to get a $6 billion margin loan with the entirety of its OpenAI holdings as collateral . Apparently a 6% loan-to-value was too adventurous when it came to stock in what is meant to be the world’s most important company, unless, of course, it isn’t, it won’t be, and its stock is worth fuck all. Renewed talks for a $10 billion OpenAI-backed margin loan include a guaranteed repayment of the loan if the collateral isn’t able to replace the lost funds, the kind of thing you have to say when the underlying stock ain’t worth nothin’. OpenAI is Masayoshi Son’s final gambit, as the rest of his endless gambles have gone tits-up at an historic pace. While early bets — like his $20 million investment (around $39 million in today’s money) in Alibaba turning into holdings of over $100 billion ( with all of its stock now sold ) — have floated the company for years and helped SoftBank recover from the horrors of its dot com bubble collapse, SoftBank is now horrendously overleveraged across the board, with 85% of its ARM shares and 70% of its SoftBank Corporation tied up in loans, its entire stakes in Alibaba, T-Mobile and NVIDIA liquidated, and the vast majority of its NAV sitting in the deteriorating value of its Vision Fund 1 and its non-OpenAI Vision Fund 2 holdings. You see, SoftBank is a holding company. It does not have “revenues” or “cashflows” in the traditional sense outside of when it’s able to either sell the things it has or raise debt. As Kakashii put it , Masayoshi Son is a perpetual gambler living in an eternal boom-and-bust cycle, going from losing 96% of his paper wealth after the dot-com bubble burst to sitting at the top of a company with a $200 billion market cap and with golden eggs that are worth, on paper, hundreds of billions of dollars more. And he’s never, ever gambled more than he has on OpenAI and the greater AI bubble. While SoftBank’s WeWork washout lost it $16 billion , SoftBank has committed or invested over $60 billion in OpenAI, as well as billions more in related counterprojects like a still-pending 75 billion Euro investment in data centers , its $4 billion acquisition of data center firm DigitalBridge , its $1 billion investment in subsidiary SB Energy to build out more data centers , and its planned $3 billion investment in overhauling a Foxconn plant in Lordstown Ohio . The future of SoftBank relies on both OpenAI’s ability to go public and maintain a high stock price, as any public offering will likely lead to SoftBank immediately looking for a margin loan. To make matters worse, SoftBank’s other bets hinge upon the continued success of the AI industry, which hinge both on the continued success of OpenAI and there being such incredible demand for AI services (in the hundreds of billions of dollars annually). And while the geese might have been a clue, SoftBank is a very, very weird company, and the only thing weirder than SoftBank is Masayoshi Son himself. Yet as goofy and whimsical as this all might seem, SoftBank is also one of the largest companies on the Japanese stock market , valued entirely based on the value of all those golden eggs, and no matter how much value Masayoshi Son might claim his “egg factory” might have, SoftBank’s continued existence relies on its ability to increase its NAV and acquire more debt. My concerns around SoftBank were well-summarized by The Economist back in May : It’s unclear what the future looks like for SoftBank. While death is unlikely given its near-systemic presence in the Japanese economy, its continued existence at its current scale is only made possible as long as the world’s most well-funded gambler can keep his seat at the table. While it’s seen boom and bust cycles in the past, SoftBank has never been this levered, and never gambled so hard on a single entity’s success . While this is technically a company , SoftBank exists and operates at the whim of a man with questionable idols, insane ideas, and fantastical thinking. At one point during the Dot Com Bubble, Masayoshi Son’s net worth was higher than Bill Gates ’, rising by more than $10 billion a week, before the majority of his net worth in the space of a year and sending SoftBank’s share price crashing by 93%. Yet even when adjusted for inflation, SoftBank only invested around $2.93 billion ($1.5 billion at the time) in the heights of Dot Com mania , and spread those investments out over multiple startups. Today I’m bringing you a guide to one of the silliest companies ever founded, helmed by one of the goofiest men alive, run in a constant state of brittle leverage. SoftBank only avoided the void in 2023 by dumping its Alibaba shares , and this time around, Masayoshi Son may have gambled too much, putting all of his eggs in one Altman-shaped basket. Welcome to the Hater’s Guide To SoftBank, or Is Masayoshi Son’s Goose Cooked?
by Amit Gawande Amit talks about what motivated him to build his custom blogging platform, Jot. It's an interesting read that resonated with me as it aligns with why I created Pure Blog. Read post ➡ A month ago, this website moved to a custom engine that I built myself, one I call Jot. Why did I create it? Because I got tired of almost. Almost the right editor. Almost the right publishing flow. Almost the right feature set. -- Amit Gawande This is exactly why I started building Pure Blog , but the difference here is that I decided to publish it for everyone to use. Before doing so, I considered many of the same questions that Amit talks about in his post - I was concerned that the project would morph into a product for everyone , not just me. Ironically, it's been exactly 5 months since I introduced Pure Blog and since then I've done a shit tonne of work to it. But that wasn't driven by the people who use it. It was driven, almost exclusively, by me. Lots of people have contributed to Pure Blog, but there's hasn't been a single feature I've added that I won't get use from. Actually, that's a lie. The only feature I've added that I wouldn't have if I'd kept Pure Blog private is translations . But I think that's fine, as it's the community who contribute those translations. Anyway, I digress. I'm happy to see other bloggers forging their own path - I'd love to get a look at Jot to see what it does differently to Pure Blog, and if there's anything I could copy improve upon. Maybe one day Amit will release the source code for us to look at, but if he doesn't, I don't blame him. As for my use of Pure Blog - it's by far the best thing I ever did from a blogging perspective. Everything is just how I want it, and in a place that makes sense to me. If others get use from it too ( and they do ) then all the better. But I'll keep developing Pure Blog in a way that makes sense to me. Congrats, Amit. Welcome to the club. Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️ You can reply to this post by email , or leave a comment .
Now that I’ve been working on Spinel Cooperative for a full year already, I have finally managed to write the very first post I meant to write about the entire situation: What is Spinel? Who is Spinel? Why is Spinel? Read on to finally receive the answers to all these and questions and more. Head over to the Spinel Cooperative blog to read Meet Spinel .
I found myself wondering the other day whether I was still interested in, let alone excited by, technology. I think that this is partly down to “AI”, and the breathless hyperbole about how it is Going To Change Everything. In my spare time, I’m a lawyer, and there’s a non-stop feed of slop about how all lawyers need to “adopt AI or be left behind”, and I’m finding this kind of nonsense draining. The ongoing regulatory narratives, particularly around identity verification simply to go online, are as exhausting as they are unnecessary. So it is little surprise that I am feeling a bit glum. I suspect that many people are. But anyway. The positives. Yes , I am still excited by some technologies. I jumped up and down a bit when, for the first time, we were running our home from a battery charged by the sun. I’m not a solar nerd, but I am certainly optimistic about the potential for making better use of solar power. I do want to see more being done to ensure that everyone can get the benefit of solar power, not just people who can afford their own homes and to pay for panels to be installed, and I am hopeful that plug-in solar / balcony solar will have a role here. But as panels become more effective, and if we can find better, cheaper ways of storing the energy that we generate, happy days. I love it that I can charge my electric bike from the sun, for instance. That’s just cool . It still makes me smile that my entire online presence is thanks to a few small computers, running at home. I am sure that “the cloud” is great for some things, but for me, I get a kind of joy from hosting my websites - work and personal - on a tiny Raspberry Pi, sipping tiny amounts of power. I am - as I said at the beginning - concerned about the impact of various regulations around the world on people trying to host their own services, but for now, none is hitting me, personally, too hard. Sure, the fact that the price of all computers - including small computers - has increased because of unnecessary pressures on chip fabrication, and market forces, is unwelcome. But hopefully this too will pass. While I like self-hosting stuff, self-hosting is not for everyone . I am excited for the future - or resurgence, I am not sure - of “community hosting”: groups of people working together to host their infrastructure and services, for the benefit of small groups. Not everyone has the skills, time, or money to self-host - the privilege - to self-host, yet nor should everyone be driven towards commercial, privacy-intrusive, options for lack of a better choice. Community or cooperative hosting has a role to play here, I think, and I love it when I see a new co-op announcing itself in the fediverse. Of course, we need to ensure that people who are without that kind of friendship group are not left out. I don’t have particular thoughts about how to do that though. I’ve enjoyed experimenting with postmarketOS and Ubuntu Touch recently. Even using GrapheneOS, I am not sure that I see a future for Android for me, and I don’t want to use iOS. I also think that we need more than two operating systems for mobile devices. It would also be amazing if we could do something more to tackle the growing pile of ewaste, bringing life back (for various tasks; not everything will be suited as a primary computing device) to older, but still capable, mobile hardware. I’m not under any misapprehensions about large companies trying to persuade people that they must have the latest and greatest phone, sadly. But I do like the idea of using a device which has broken free of the more mainstream OS, running a Free operating system. postmarketOS looks like the most likely contender for me. I know that SailfishOS is appealing to some, but the inclusion of non-Free software in SailfishOS likely means that it is not for me. I am sure that, if I took the time to think about it, that this list would be even longer. But, for me, this has served its purpose: I have not stopped enjoying technology, I can needed to re-ground myself a bit, looking beyond the hype and nonsense of some of the current sales cycles.
Amazon has been accused several times for ripping off merchants on its platform. And every single time they denied any wrongdoing. A merchant, or anyone really, can create a product (or source it from China), then resell it on amazon. Amazon is the service provider, and hosts all the metrics concerning the products. If Amazon themselves were in the business of creating and selling products, then that creates a potential of conflict of interest. Because they have the data of all products that sell and sell well. They could replicate that success without doing any further research since the merchant has already confirmed the existence of demand. It's not surprising that Amazon Basics quickly became the best selling "private-label brand" on Amazon. They already know what sells because they have access to the data. Yet they continued to deny it, and state that they only ever use publicly available data from sellers . An Amazon spokesperson said the company believes the allegations are "factually incorrect and unsubstantiated," adding that Amazon strictly prohibits the "use or sharing of non-public, seller-specific data for the benefit of any seller, including sellers of private brands." Yet the results are right there for all to see . If you sell any product through Amazon, you are exposing your company's operations to them. If you want to keep that information to yourself, then you don't get to reach your customers, which in reality are Amazon's customers . If you want to buy something online, and get it shipped as quickly as possible, then Amazon is a blessing. Most often than not, you are not buying the product directly from Amazon. An independent store or vendor with a presence on Amazon will fulfill your order. The seller only has minor identifying characteristics on the platform. On the search result page, the space designated to the seller is small and insignificant. The customer has very few reminders that products are offered by anyone but Amazon. (Although if you want to dispute a sale, you are starkly reminded that the item is from a 3rd party vendor.) So there is no surprise when companies embrace AI internally, they are putting themselves at the risk of sharing their product with their competitors. Maybe the most obvious example is when Antropic came up with Claude Design. A tool to help users generate designs, wireframes, etc. Kinda like Figma. That's not a problem on its own, but when Antropic's chief product officer sits on Figma's board of directors, you can't say that there isn't a conflict of interest there. In fact, the chief product officer resigned from the board merely days before Claude Design was announced. He basically extracted all value from Figma then resigned. Figma's AI features are built on top of Claude. So Anthropic literally pulled an Amazon Basic on Figma . When companies force their own employees to use AI to do their day to day work, they are basically asking employees to upload company data to a 3rd party that may become a competitor. Sure something in the contract clause says that the AI company won't train on enterprise customer data, but nothing stops them from peaking at successful product data. Whenever someone tells me that they used AI to build an app and boast of its values or uniqueness, I want to remind them that if you can just prompt-create a product, so can the AI provider. In fact, they might have better resources to create a competing product if it displays any sign of success (see Figma). While it looks like plenty of people are benefitting from AI today, all this information is being shared with AI providers. We are giving them full access to our thought process. When you include them in your workflow, you are basically providing them with a step by step approach on how to do your job. Don’t be surprised when you see a native Antropic/OpenAi project management application suite. Or a CRM, or any software that is trying to integrate with AI and may experience success. A few years back, when I worked in Customer Service Automation, we discovered that most companies used Zendesk to manage their customer service. Since customers mainly contacted support via email, an intentional database had been built that tracked users through their shopping experience throughout the web. While so much could be done with that data, like identifying “problematic” customers, or recommending products based on their history, we ended up finding something more helpful. We could easily detect a pattern of issues for certain shipping carriers. We could see when UPS was having delays in certain cities, or when Fedex was having technical issues when updating the last mile status. None of these things were features designed or provided by anyone. However, having access to businesses’ data gave us insight where we had none before. That became a feature for us, only because we were not competitors to all these online retailers. When you expose your company's internal data to a potential competitor, don’t be surprised when they build a competing business to rival you.
Hi folks, it's Takuya here, the solo developer of Inkdrop . I'd like to report a status update on the Inkdrop project here. About a year and a half ago, I published the roadmap of Inkdrop vol.6 . And I'm happy to announce that every planned feature and improvement on that roadmap is now done! 🥳 They all shipped as part of the v6 canary series — 21 canary releases so far, built and tested together with the community. When I wrote the roadmap, I honestly wasn't sure how long it would take. I would have been surprised if the me of that time had seen this result. Thank you so much for all your feedback along the way — I couldn't have done it without you. Even beyond the roadmap, I've added so many new features and improvements. So, I'm confident you'll enjoy it if you're coming from v5. Let's dive into what I accomplished along the roadmap, what came out of it beyond the plan, and what's next. What made the development slow down was the huge technical debt, as I mentioned in the past post . Inkdrop was originally built on the Atom editor's framework, and when Atom was sunsetted in 2022, many of the modules it depended on were no longer maintained. I had to replace them one by one while keeping the app stable — the hardest and least visible part of this journey. With v6, that debt is finally paid off. Here's a quick before & after: None of these are shiny features on their own. But they're exactly what allowed me to ship everything you'll see below, and they make Inkdrop much faster to develop going forward. The codebase is now modern, healthy — and honestly, fun to work on again. I'm an indie developer, and Inkdrop is a one-person project — so manpower has always been the bottleneck. Paying off the tech debt was a particularly big headache: some of the inherited modules were so large that it originally took the whole Atom team to maintain them. But thanks to the recent advancements in coding agents, that burden finally feels manageable — and even enjoyable to tackle. AI didn't just speed up the coding; it changed how I work: These new workflows have opened up possibilities that simply didn't exist for solo developers before. A refactoring of this scale used to be unthinkable for one person — now I can maintain a codebase that once took a team, and spend the saved energy on what matters most: the product itself and my users. Here's the roadmap vol.6, item by item, with what actually shipped: The roadmap was only half the story. While working through it, I ended up rebuilding a huge part of the app and shipping a lot of features that weren't planned. Here are the highlights, grouped by area: And on top of all that, hundreds of bug fixes reported by canary testers. The community has also been building amazing plugins on the new APIs — note-tabs (browser-like note tabs), code-runner (run JS/Python code blocks in notes), constellation (an interactive note graph), copy-as-jira , kanso-ink (theme), and more. Existing plugins are getting v6 support too, like hitahint , link-compact , thumbnail-list , and editor-utils . My goal remains the same as I wrote in the roadmap: keep improving the core user experience without bloating the app, so you can stay focused on taking notes. I believe v6 embodies exactly that. You can download the binary here: Please create a topic on the “ Issues > Canary ” category. This is the most preferred way for me because I can manage which issue has been resolved or not. We have our Discord server , where you can casually discuss and talk with other users. With the roadmap completed, I've shifted gears to preparing for the official release of v6 . That means polishing the details, stabilizing the canary builds, updating the documentation and the website, and helping plugin and theme authors migrate. Especially, building a new landing page is gonna be fun! I'm also going to work on the mobile app as well. The official v6 release is getting close. Stay tuned! 💪 I manage implementation plans as Inkdrop notes and let the agents work through them. Watch: Note-driven agentic coding workflow using Claude Code and Inkdrop I built and published a tool to manage multiple Claude Code sessions on tmux . While building the AI features, I had an agent explore Zed's source code and save the report to Inkdrop , to learn how it implements similar functionality. ✅ Share target & share extension — You can quickly stock web pages into Inkdrop from other apps on mobile. ( v5.5.0 ) ✅ Command palette — It became Telescope , a versatile Spotlight-like search bar (the name is borrowed from telescope.nvim, haha). It fuzzy-searches commands, notebooks, tags, and the table of contents of the current note, with scope prefixes like for commands and for notebooks. It's extensible, so plugins can add custom sources. ( canary.1 ) ✅ Migrate to CodeMirror 6 — The biggest one. The whole editor was rebuilt on CodeMirror 6, and it enabled a bunch of new editing features: a floating toolbar, slash commands, GitHub Alerts syntax support, emoji autocompletion, autocompletion inside code blocks, and quick note-link insertion with . ( canary.1 ) ✅ Outline view — Powered by Telescope. Click the button in the editor header (or run ) to jump between sections. It highlights the current section based on your cursor or scroll position, and even lists task items. It's provided as a plugin ( telescope-toc ), which doubles as a reference implementation for custom Telescope sources. (Thanks Basyura-san for the original sidetoc plugin!) ( canary.6 ) ✅ Preview pane improvements — Copy buttons for code blocks landed in both the preview and the editor, and double-clicking an image opens it in an image viewer. As a bonus, find-in-preview finally works — it highlights matches even across DOM elements, which is essential for finding text in code blocks. (Thanks q1701 and Basyura for the original plugins!) ( canary.2 , canary.4 ) ✅ Two-factor authentication — OTP-based 2FA is available for your account. ( v5.11.0 ) ✅ Prepare for ARM64 & other platforms — This required repaying a lot of technical debt. I replaced the deprecated LevelDB backing store with SQLite , stopped bundling (which used to bundle all of Node.js and npm!), and rebuilt it as a lightweight standalone CLI ( @inkdropapp/ipm-cli ). As a result, Inkdrop now supports ARM64 on Windows and Linux , plus Flatpak and AppImage packages for modern Linux distros. ( canary.1 , canary.4 , canary.5 ) ✅ Improve image upload speed — Attachments are now uploaded in parallel via signed URLs, so syncing image-heavy notes is significantly faster. ( canary.12 ) ✅ Diff view for revision history on desktop — The diff view I loved on mobile is now on desktop, too. ✅ Notebook icons — You can assign custom icons to notebooks from a picker with 1,500+ icons from the Lucide icon set, with category tabs and search. Icons show up everywhere — the sidebar, Telescope, and notebook selectors. ( canary.9 ) ✅ Visualize your progress and achievements — The activity stats view shows how many notes you created and tasks you worked on over the past 52 weeks, along with your current and longest streaks. Note-taking is a contribution to your work, after all! ( canary.14 ) ✅ AI integrations — Shipped as an opt-in, bring-your-own-API-key design, so you stay in control of your data. The inline AI assistant transforms selected text in place with built-in prompt presets (proofread, summarize, Mermaid diagrams, Markdown tables, and your own custom prompts). Next Edit Suggestions predicts your next edit like GitHub Copilot — set to manual trigger by default so it doesn't distract you — and it can even draw context from your linked notes and backlinks. ( canary.16 , canary.18 , canary.20 ) Reading highlights — Select text and hit the highlight button to wrap it in a tag, rendered beautifully in the preview. Perfect for emphasizing what resonates in your reading notes. ( canary.3 ) Native spellcheck support — The editor now uses the OS-native spellchecker. ( canary.10 ) Smarter link pasting — Pasting a URL now suggests link formats inline through the autocompletion menu instead of a dialog, and the page title is fetched in the background so nothing interrupts your flow. ( canary.15 ) Create a note from autocomplete — Start typing a title after , choose "Create new note," and it's created, linked, and opened in one step. ( canary.16 ) Little things that add up — ToDo item strikethrough, link-open tooltips, commands (Thanks Lukas and TheRabidOstrich !), View menu toggles for line numbers / line wrapping / readable line length, and a refurbished editor header with navigation back/forward, view mode buttons, and a native action menu (Cmd/Ctrl+J). ( canary.2 , canary.3 , canary.12 , canary.18 ) Embed GitHub code snippets by pasting a link — Paste a GitHub source URL and the code is fetched and inserted as a syntax-highlighted snippet with line numbers and a link back to the source. Connect your GitHub account via OAuth and it works with private repos too, including rich link titles for repos, issues, and PRs. ( canary.6 , canary.11 ) Advanced code blocks — Language icons, line numbers, and meta info rendering, plus GFM highlighting inside fenced code blocks — nested code blocks and YAML frontmatter included. ( canary.6 , canary.9 , canary.20 ) Mermaid got a serious upgrade — A pan & zoom toolbar with a full-screen viewer, and diagrams are now themed entirely through CSS variables, so they automatically match your theme in light and dark mode. (Thanks @inkwadra for the original pan/zoom PR!) ( canary.21 ) Manual notebook ordering — Drag and drop notebooks in the sidebar into your preferred order; it syncs across devices. ( canary.9 ) Fuzzy matching everywhere — Telescope, the notebook and tag list menus, and the tag input all use the same fuzzy-matching algorithm, so you find things fast without spelling them right. ( canary.15 ) Quicker navigation — Filter buttons for notebooks and tags in the sidebar, a search bar in the notebook picker, context menus on the workspace and note-list headers, and a sort-order button that shows the current order as a label. ( canary.6 , canary.15 , canary.16 ) Keep running in the system tray (Windows & Linux) — Handy if you use the local HTTP API, and it makes reopening the app instant. (Thanks Kyoichiro-san and Micha for the request!) ( canary.21 ) Plus a custom-built tooltip UI, a macOS "Look Up Selection" context menu, and an account usage stats tab. ( canary.14 , canary.16 ) A new CSS-variable-based theming system — Themes are now a thin layer of variables over the base styles instead of a full Semantic UI stylesheet, which makes them far easier to build and maintain. ( canary.18 ) One theme package instead of three — The UI / syntax / preview theme types inherited from Atom have been merged into a single unified package that styles the whole app. ( canary.21 ) Live theme previews — The Themes preferences show preview cards rendered live from each theme's color palette, and is uploaded to the plugin registry to power previews before you install. ( canary.20 , canary.21 ) New official themes — Kanagawa ( Wave / Dragon / Lotus ), Solarized ( Light / Dark ), and Nord ( Dark / Light ), plus a default syntax theme overhaul built on modern CSS like . ( canary.18 , canary.20 , canary.21 ) Dropped Electron's module — I replaced it with type-safe IPC bridges in a massive architectural overhaul. Database access from plugins became roughly 13x faster , and the app is more secure because only intended methods are exposed. ( canary.11 ) SQLite as the backing store — Replacing the long-deprecated LevelDB unblocked ARM64 support and repaid one of the oldest debts from the Atom era. ( canary.4 ) Modern build pipeline — Migrated from Webpack + Grunt to electron-vite (Vite + Rolldown), which made production builds 10x faster and the dev build launch almost instant. I also converted all Less stylesheets to plain CSS, moved drag & drop from the unmaintained to , and kept Electron riding the latest releases throughout the canary series. ( canary.14 , canary.18 ) Security hardening — Access keys moved to the system keyring, and the login flow is protected with Cloudflare Turnstile against credential-stuffing bots. ( canary.16 , Security Update ) A brand-new CLI — No more bundled Node.js and npm. It publishes tarballs directly like npm (no more committing compiled files to GitHub), and scaffolds a new plugin or theme in seconds with TypeScript all wired up. ( canary.5 , canary.18 ) Official TypeScript definitions — @inkdropapp/types gives plugin authors full type safety without exposing the app's internals. ( canary.14 ) Auto-installed essential plugins — mermaid, math, and markdown-emoji are installed and kept up to date automatically, and you can disable them anytime. ( canary.14 ) Vim plugin improvements — Relative line numbers (Thanks @p1n9_d3v !) and an option to keep Vim registers separate from the system clipboard (Thanks @birtles !). ( canary.11 ) Updated docs — The plugin migration guide and theme development guide are refreshed for v6, along with new component and module references. https://my.inkdrop.app/download/canary Inkdrop Website: https://www.inkdrop.app/ Send feedback: https://forum.inkdrop.app/ Join the Discord server: https://docs.inkdrop.app/start-guide/join-discord-server 𝕏: https://x.com/inkdrop_app 🦋: https://bsky.app/profile/devaslife.bsky.social
(This is one of the meta posts about this very blog . If that’s not interesting to you, skip to the next one!) Here are some improvements I’ve made to Unsung in recent months. Always curious of your feedback or pointers to places that do these things better! Weekly emails. I made it so clicking on every (non-YouTube) video or image takes you to the equivalent of the weekly email you’re looking at, but on the web, where you can watch the videos in their natural habitat. It’s scrolled to the right position, so you can just continue reading there. I’m sorry, I know it isn’t great to shove people outside of their mailbox, but I don’t think there is any way for videos to work well inside emails, and a lot of Unsung is about precise videos. (The only thing allowed is GIFs, and they are really not up to the task.) Video playback. On that note, I improved the handling and controls of video playback. On mobile, you can tap to play/pause and swipe left and right to move. On desktop, you can drag the handle, or also swipe left/right. You can also use ← → keys to advance frame by frame. My goals are to have video controls that are both minimalistic (for example, never covering the contents) and precise, to match how videos are used here. (But if you tab to the video, it still shows “classic” controls for accessibility.) Blink comparators. You might have noticed that I added some blink comparators in a few posts where they seemed to be useful ( one , two , three , four ). Is that fun? Does it work for you? Because I have more ideas for light interactivity on Unsung. = 2x) and (width >= 700px)" srcset="https://unsung.aresluna.org/_media/about-unsung-recent-improvements/2.2096w.avif" type="image/avif"> = 3x) or (width >= 700px)" srcset="https://unsung.aresluna.org/_media/about-unsung-recent-improvements/2.1600w.avif" type="image/avif"> = 2x) and (width >= 700px)" srcset="https://unsung.aresluna.org/_media/about-unsung-recent-improvements/3.2096w.avif" type="image/avif"> = 3x) or (width >= 700px)" srcset="https://unsung.aresluna.org/_media/about-unsung-recent-improvements/3.1600w.avif" type="image/avif"> Technical details. Some people asked technical details about specific things on this blog, so I added a technical details page with answers. Dashboard. If you are interested in that kind of stuff, I added some more charts and stats to Unsung’s internal dashboard (and deprecated sentiment, which wasn’t really working). #about unsung
The European Union AI Act is Europe’s attempt to comprehensively regulate AI usage. A big part of that is the requirement that AI-generated content be identifiable: either tagged with a watermark or with what the Act calls “digitally signed metadata” 1 . Since all this becomes enforceable in a month, it’s worth figuring out if it makes any sense. I recently discussed AI watermarking at length in Text AI watermarks will always be trivial to remove . What about digitally signed metadata? The most well-known implementation of digitally signed metadata is C2PA Content Credentials, which incorrectly 2 claims to be the technology that the AI Act gives as an example of how to do signed metadata properly. The idea here is that every single image file should contain unspoofable authorship metadata . Here’s my position on it: Lots to unpack. Let’s start by considering images, since that’s the easiest case. When an AI tool generates an image, that tool should include a “made by ChatGPT” disclaimer in that image’s metadata. Likewise, when a camera takes a photo, that camera should include a “taken by a camera” disclaimer. C2PA uses two strategies to protect this metadata: Each physical camera (or phone) has its own private key, for obvious reasons 3 . How do we know that those millions of private keys are trusted? Via PKI , like HTTPS: each camera’s private “certificate” (which contains its public key) is signed by the manufacturer’s well-known private key, so the chain of authenticity can be verified as long as you have (say) Apple’s root public key 4 . What happens if you then edit your photo in Photoshop? Photoshop will leave the camera’s metadata untouched, but will layer a “also, Photoshop was used” piece of metadata over the top, signed with Adobe’s private key (well, with the private key associated with your official copy of Photoshop, which is signed by Adobe’s official private key). Likewise, if you ask ChatGPT to generate an image for you, ChatGPT will sign its “made by ChatGPT” metadata with OpenAI’s private key. In theory, every single image could contain unforgeable C2PA metadata, allowing software like Twitter to trivially distinguish real photos from fake ones. Right now, C2PA does not have anything like the adoption it’d need to work. It’s hard to find hard data on how many images in the wild use C2PA, but FotoForensics reports around a dozen per week (so around 600 out of the 900,000 images processed each year). This is even worse than it sounds, because basically all of the signed images are AI-generated. The adoption rate of C2PA for human-generated images is much, much lower: so far, Google’s Pixel 10 is the only phone camera to sign photos by default. The iPhone doesn’t sign photos. If almost all AI images are C2PA-signed, but almost no human-generated images are, consumers have no reliable way of identifying AI content, because anyone who wants to pretend their AI content is human can simply remove the signature. For C2PA to succeed, it needs to be on every camera and every phone, so that a photo with no signature is rare and suspicious. Is that realistic? Actually, I think it is. The appetite (at least in the EU) to regulate AI will increase over time, and while the current EU AI Act only mandates that AI-images are tagged (which by itself is useless), it’s plausible that some future regulation will enforce tagging of all images. Another adoption problem that must be solved for C2PA to work is preservation . Right now, if you download a C2PA-tagged image, send it as a Facebook message, then re-download it, the C2PA manifest is stripped out. Most images we see on the internet have passed through some social media asset server at least once. All of these social media companies would need to update how they re-encode image content in order to preserve the C2PA data 5 . This would almost certainly require more regulation: C2PA adds tens or hundreds of kilobytes to each file, which at social media scale is big money 6 . Could a clever attacker forge a C2PA signature? Kind of. Neal Krawetz, who seems to have led the anti-C2PA charge, points out that with a camera development kit it’s straightforward to trick a digital camera into thinking that it’s taking an image when in fact it’s being fed one. This is very much not my area, so please write in if you know more about camera hardware and you think I got this wrong. I suppose you could also take a photo of an AI image on a screen, though I imagine you’d have to be careful to make it look real. If you exclude physical attacks on a digital camera, I think C2PA is more robust. You can sign a photo with a self-signed certificate, but the C2PA spec and docs say that validators must check that your certificate bubbles up to the official C2PA trust list . This list currently contains only 26 certificates, and there’s a whole process for being added to it. That’ll slow down adoption, but at least it makes it hard to forge 7 . We’ve been talking exclusively about images, but it’s more or less the same story for any type of content. If the file doesn’t support JUMBF metadata (say, an Excel file or a PDF), then the C2PA metadata has to live in a “sidecar”: a separate file, probably on some Microsoft or Adobe content server, which contains the signed checksum and the data about who created the file. However, the distinction between “real” and AI-generated content is fuzzier when you’re not talking about images. Here’s a trivial example: if I ask ChatGPT to create an Excel spreadsheet for me, the file will be tagged as AI-generated, but I can simply copy/paste the content into a new Excel doc and save it, which will tag it as human-generated 8 . There’s no software tool that can identify when I’m retyping some AI-generated text (except for perhaps text fingerprinting , which has its own raft of issues). There are also interesting questions around key management. ChatGPT and other AI tools have an easy problem — their users are all online, and so the files can be signed server-side — but how do you sign files created via Photoshop/Excel/Word? If the user doesn’t have internet, do you use some kind of local key? If so, how do you prevent that key being extracted and used to sign AI-generated content? Finally, is it a civil liberties problem to automatically fingerprint every photo? Does it make it impossible to be a whistleblower if every photograph can be traced back to your camera? I think this is a complicated question, but in short: I’d expect whistleblowers to already strip EXIF metadata from their images, C2PA metadata is similarly trivial to strip out, and overall I think image attribution is positive for whistleblowers because it heads off “this was AI-generated” responses. C2PA is probably here to stay. But it isn’t useful now, and won’t be useful until two huge programs of technical work are completed: This will be a long organizational process, since each manufacturer must go through the approvals process (or decide to start their own competing system), evaluate the legal ramifications of storing attribution data in images, and so on. It will be a long technical process, because C2PA metadata is a substantial fraction of image sizes: storing it will add many petabytes of content. Of course, just because C2PA isn’t useful doesn’t mean we’re not all going to do it. Lots of companies are under pressure to signal that they care about AI safety and to head off regulatory attack. “We’re cryptographically signing AI-generated content” is a compelling “we’re doing something ” pitch, particularly for people who aren’t technically savvy enough to understand the limitations. In the near term, I expect large AI-involved companies to invest a substantial amount of engineering effort in C2PA-related activity. In the long run, once everyone gets on board, I think C2PA could end up working well. It’s awkward in some ways, but “attest content via a PKI certificate chain” is a good idea. Is it possible to defeat? Yes, of course. By design, private keys will be in the user’s hands — in their cameras, in their local versions of Photoshop or Microsoft Word, in their phones — so sufficiently technical users will be able to crack them out or use them to sign whatever content they want. I still think C2PA will end up stemming the tide of AI content, because most users are not going to be sophisticated enough to perform attacks like this. However, we should still retain some skepticism of unlikely-looking content, even if it has “created by a human” in its C2PA metadata. See sub-measure 1.1.1 of the Act’s associated Code of Practice . While an early draft of the Code of Practice made an offhand mention of Content Credentials (in the caption of a picture), that was stripped out. The contents of the Act and the final Code of Practice don’t contain “C2PA” or “Content Credentials” (you can search for yourself here ). Otherwise if you cracked the key out of one Sony camera, you could spoof content from any Sony camera. In practice there are usually more “links in the chain”: a device will be signed by some intermediate certificate, which in turn will be signed by another intermediate certificate, which will be signed by the root certificate. That’s because the root key is so valuable. If an intermediate private key leaks, it can be revoked and replaced (via the root key), but if the root key leaks, it would take years to rebuild the network of trust. So almost all signing is done by intermediates, and the root key stays on a USB drive locked in a safe somewhere. Not to mention that the whole point of C2PA is that these social media companies will be displaying a “human or AI” sticker in their UI, which will require retaining the metadata. C2PA allows for storing the manifest content as a separate file, and just including a manifest url in the image metadata itself, but that doesn’t solve the cloud provider problem: they still have to store all the files on-disk somewhere. I think this defuses Neal Krawetz’s “worst-case scenario” . I downloaded his forged image, and (as expected) it gets flagged as “signed, but we don’t trust the root”. I think Krawetz was right at the time, though, since the official “trust list” was only launched in mid-2025. You could do the same thing with images by copying into Photoshop or Paint, but while that’d obscure the AI source, it would still be clear that the photo wasn’t taken by a camera. C2PA broadly makes sense and is a good idea It is pointless to use C2PA for AI-generated images only It will take many years for C2PA to be adopted across all images Because C2PA makes such great safety theater, we’re going to see a lot of hue and cry about it long before it becomes useful The metadata must be signed by some trusted private key The metadata contains a hash of the file’s contents, so you can’t copy an existing signature onto a new file Every camera manufacturer (including phones) must C2PA-sign all images by default Every social media company must retain the C2PA metadata on uploaded images See sub-measure 1.1.1 of the Act’s associated Code of Practice . ↩ While an early draft of the Code of Practice made an offhand mention of Content Credentials (in the caption of a picture), that was stripped out. The contents of the Act and the final Code of Practice don’t contain “C2PA” or “Content Credentials” (you can search for yourself here ). ↩ Otherwise if you cracked the key out of one Sony camera, you could spoof content from any Sony camera. ↩ In practice there are usually more “links in the chain”: a device will be signed by some intermediate certificate, which in turn will be signed by another intermediate certificate, which will be signed by the root certificate. That’s because the root key is so valuable. If an intermediate private key leaks, it can be revoked and replaced (via the root key), but if the root key leaks, it would take years to rebuild the network of trust. So almost all signing is done by intermediates, and the root key stays on a USB drive locked in a safe somewhere. ↩ Not to mention that the whole point of C2PA is that these social media companies will be displaying a “human or AI” sticker in their UI, which will require retaining the metadata. ↩ C2PA allows for storing the manifest content as a separate file, and just including a manifest url in the image metadata itself, but that doesn’t solve the cloud provider problem: they still have to store all the files on-disk somewhere. ↩ I think this defuses Neal Krawetz’s “worst-case scenario” . I downloaded his forged image, and (as expected) it gets flagged as “signed, but we don’t trust the root”. I think Krawetz was right at the time, though, since the official “trust list” was only launched in mid-2025. ↩ You could do the same thing with images by copying into Photoshop or Paint, but while that’d obscure the AI source, it would still be clear that the photo wasn’t taken by a camera. ↩
Building your own keyboard is a rite of passage for those caught up in the ergonomic rabbit hole. So, it was only a matter of time before I went all the way and did so. However, as a complete noob when it comes to soldering, I had a rough time getting started. I hope that this brief guide saves you hours of anguish! After procuring all the parts required for our keyboards, my friend and I proceeded to get absolutely nowhere with our soldering. Little did we know that the tip of my usb C iron (TS80p) was oxidized. We thought it was because the iron wasn’t getting hot enough or staying at a consistent temperature, and I promptly went to buy a Weller soldering station (which I would also not recommend, reasons to follow). I also promptly oxidized the tip on this machine as the sponge they give you in the kit is a travesty and you should not do that. The very first thing I would say that would have saved me much anguish is not using a wet sponge. The fact that many soldering stations ship with one instead of what you should be using (a brass sponge/wire) is a head scratcher. Water (if not using de-ionized water) will very quickly oxidize a soldering iron tip, and the temperature difference (ambient room temperature vs 350-400C) is enough to actually cause the iron tip to crack over time. Use brass wool. No water. Get this thing and use it instead. The second thing I would recommend is to use flux when you are soldering. And, not liquid flux, but something a little tackier that won’t immediately vaporise when you hit it with your iron. The reason that I had no luck was that the tip of my iron was not tinned, and that is how you “dry out” your iron very quickly, causing black/grey oxidation to build up. So, tin the iron when you first turn your iron on AND AGAIN BEFORE YOU PUT IT AWAY. The consensus on the internet about soldering temperature is to keep the iron just above the melting point. When your tip is oxidized, you have to bump to 400 degrees C or higher (some usb irons max out at 400) and as such you will be having one hell of a time to get solder to melt. I use lead-free solder, so I shoot for around 360 C give or take. Many will say leaded solder is more forgiving and it very well may be, I just don’t have experience to compare. The TS80p is a pluggable tip with a 3.5mm TRRS jack. The Weller WE1010 station has a heating element that I will call “legacy” - it does not go all the way to the tip of the iron, and the thermometer is located away from the tip, giving wildly inaccurate temperature readings. In addition to the previous point, the iron stays heated at a certain temperature with no auto down-regulation (they’ll shutoff after 1-2 minutes if you have it in settings). So oxidization is more likely on a traditional iron. What you want is a JBC C245 or C210 compatible iron or clone station. You don’t have to buy the authentic tips, and there are videos online of the cloned tips from Aliexpress actually being just as good (or better!) than the authentic tips. I thought about getting a full station, but instead got a capable USB C iron that seems to very much hold up to the wired stations. It’s only 100W, with many stations being 220W - so take that with a grain of salt, but for a keyboard or two, it has held up just fine. I may consider a TC22 or Fnirsi D200 station in the future, but will cross that bridge when we get there. If you are interested in the iron I am using, it is the Fnirsi HS-02 . Most irons will ship with a conical tip. These are trash and put heat at a very small point. I recommend a knife/chisel tip as you can then manipulate the tip and have greater or lesser heat transfer with the rotation of your wrist. You probably don’t want to be breathing in soldering fumes, so get yourself a cheap desk fan to blow the fumes away from you. For hobby projects, a fume extractor is probably not necessary, but you can go all out on this and build your own if you so wish . I cannot have a soldering tip post without the classic Louis Rossmann meme : “HEAT THE BOARD!” I didn’t have issues with this as I remember the above, but when first starting, some think that soldering is about heating and applying solder. It is not. It is about heating the components to the point they will accept solder. This makes a massive difference. The more people that learn to solder, the more we can fight for repairability, and you start to see that no board is actually dead, it probably just needs a new chip somewhere. The “literacy” that comes with soldering and the ability to repair electronics can take you from a consumer to someone that actually understands the underlying mechanisms. As always, God bless, and until next time. If you enjoyed this post, consider Supporting my work , Checking out my book , Working with me , or sending me an Email to tell me what you think.
I’ve been thoroughly enjoying my new iPad , it’s pretty much replaced my personal laptop in my day-to-day. Surprisingly it’s also replaced my need for a desktop computer. Through the use of my USB-C dock and Apple wireless keyboard/trackpad, this little iPad works perfectly as a desktop machine. It drives my 32” Ultrawide perfectly, and the windowed multi-tasking is excellent. It can even use my webcam! The only downside I’ve really run into is my monitor is pretty old, so the refresh rate is much lower than the iPad making my mouse feel laggy when moving between the two.
I made some updates to my notes blog , including a change to how my “Shuffle” feature worked. Figured I’d blog about it. At the time of this writing, I have 974 “notes” that I’ve published. For fun, I have a “shuffle” button that digs up a random note from the past. I like to press it from time to time and re-encounter some insight from the past. It’s like going through an old album, pulling out a random photo, and thinking, “Oh yeah, I remember this! Good times.” Like old photos, there’s also the occasional “that didn’t age so well”. But I find it fun to randomly dig up old insights from others and continue to be inspired. Since my site is built and hosted as static files without a runtime server, this feature required JavaScript to work. Every page had a snippet like this: Essentially: inject every note ID into every HTML page and, when the shuffle button is clicked, randomly grab one and navigate the user to it. Not the most elegant thing, but it worked. The problem was that every time I published a new post, every single page had to be re-uploaded to Netlify because every file’s hash would change and its etag/cache was invalidated. This made my builds slow. It also made it difficult, from a development perspective, to ensure refactors didn’t result in unexpected changes to output (using from my SSG web origami ). So I decided to make a change. Because I love to see if I can make things work without JavaScript, I had the thought to randomly write the at build time using my SSG, which would result in output like this: And every time I re-build my site, just have this logic run on the static site generator so that it’s different for every page, every time. I decided I didn’t want to do this, so on to JavaScript! My first thought was to create a single JSON file that contained all my note IDs. Then when the “Shuffle” button gets clicked, I fetch that, grab a random ID, and navigate the user, e.g. This would work. It localizes the caching issue to a single file, so only one file has to be invalidated/re-uploaded across builds. But in playing with it a little more, I decided to try something a little more...unconventional. I’ve written before about having lots of little HTML pages and I thought, “Can I put this functionality in a single HTML page rather than a JSON file?” And what I ended up with was a link, e.g. That when clicked navigates the user to a new page. That page has all the JS logic embedded in it, e.g. There are a few things I like about the experience this implementation provides. First: shuffle is a route , so I can navigate to it directly without using the GUI, e.g. notes.jim-nielsen.com/shuffle Second: I handle the UI/X with a slight delay to make it appear like something is happening when you click the button. If you click the button and it immediately jumps to the next, randomized page, it almost seems to happen too fast. Like you’re left with this feeling of “What just happened?” But in this scenario, it navigates you to the “Shuffle” page, the button you just clicked turns into a spinner + text indicating something is happening, and there’s a slight (intentional) delay before the JS executes and sends you to a randomized note. I know it’s a bit weird. “Introduce artificial slowness? Are you crazy?” But I like it. It feels like the shuffle feature on an old music player. I remember one of my CD players had a “Shuffle” feature. When I’d click the button, it would display “Shuffling…” on the little black and white screen and you’d encounter this brief state where (I presume) the lens inside the hardware would move along the physical track to the spot where it would start reading a new, random song from the CD. The hardware constraints necessitated this kind of an experience, but I always liked it because it felt like the CD player was “thinking” about what track to pick next. This state clearly conveyed to me that my intent to shuffle was received and being followed. I liked that feedback, and it’s exactly what I wanted to do on my notes site (even though it was completely unnecessary). I like having that brief moment of feedback where it’s very clear that your intention was received and being followed, vs. having it happen so fast you can’t even perceive precisely what happened. Here’s a video to show it in action: I know that’s a lot of information for something so small — and, arguably, unnecessary. But I still enjoy writing about how I make decisions when I build things for myself. Hence this post. Reply via: Email · Mastodon · Bluesky Doesn’t require JavaScript Doesn’t require a server (request-time logic) File hashes change across builds (even if there’s no new content or template changes, every HTML page now has a different for the shuffle link for every build ). This makes deployments way slower because Netlify has to redeploy every file on every build. Plus Etags change so caching is basically ineffectual.
From Nilay Patel, a recommendation for the best printer of 2023 : Here’s the best printer in 2023: the Brother laser printer that everyone has. Stop thinking about it and just buy one. It will be fine! The Brother whatever-it-is will print return labels for online shopping, never run out of toner, and generally be a printer instead of the physical instantiation of a business model. […] I am telling you to just buy whatever Brother laser printer is on sale and never think about printers again. Patel did the same in 2024 and 2025 – you should check them all out if you want to smile, because they’re genuinely funny, as are some of the comments: I’ve been using one of these for 6 years. The low toner indicator came on about 7 months ago. I bought new toner. Reader, I haven’t replaced anything. It still prints fine, the new toner is still sitting on a shelf somewhere. Least frustrating printer I’ve ever owned. Would buy again. I’m sharing these on this ostensibly software-related blog not only because printer enshittification happens primarily via software . I wanted to share it also because this feels very similar to me to the post about TextEdit – a simple and deserved desire to own technology that works without any strange machinations, forced updates, and stress. #enshittification #hardware