Latest Posts (20 found)
Jim Nielsen 3 days ago

In The Beginning There Was Slop

I’ve been slowly reading my copy of “The Internet Phone Book” and I recently read an essay in it by Elan Ullendorff called “The New Turing Test” . Elan argues that what matters in a work isn’t the tools used to make it, but the “expressiveness” of the work itself (was it made “from someone, for someone, in a particular context”): If something feels robotic or generic, it is those very qualities that make the work problematic, not the tools used. This point reminded me that there was slop before AI came on the scene. A lot of blogging was considered a primal form of slop when the internet first appeared: content of inferior substance, generated in quantities much vaster than heretofore considered possible. And the truth is, perhaps a lot of the content in blogosphere was “slop”. But it wasn’t slop because of the tools that made it — like Movable Type or Wordpress or Blogger. It was slop because it lacked thought, care, and intention — the “expressiveness” Elan argues for. You don’t need AI to produce slop because slop isn’t made by AI. It’s made by humans — AI is just the popular tool of choice for making it right now. Slop existed long before LLMs came onto the scene. It will doubtless exist long after too. Reply via: Email · Mastodon · Bluesky

writing Writing ai AI culture Culture
1 views
Jim Nielsen 1 weeks ago

The AI Security Shakedown

Matthias Ott shared a link to a post from Anthropic titled “Disrupting the first reported AI-orchestrated cyber espionage campaign” , which I read because I’m interested in the messy intersection of AI and security. I gotta say: I don’t know if I’ve ever read anything quite like this article. At first, the article felt like a responsible disclosure — “Hey, we’re reaching an inflection point where AI models are being used effectively for security exploits. Look at this one.” But then I read further and found statements like this: [In the attack] Claude didn’t always work perfectly. It occasionally hallucinated […] This remains an obstacle to fully autonomous cyberattacks. Wait, so is that a feature or a bug? Is it a good thing that your tool hallucinated and proved a stumbling block? Or is this bug you hope to fix? The more I read, the more difficult it became to discern whether this security incident was a helpful warning or a feature sell. With the correct setup, threat actors can now use agentic AI systems for extended periods to do the work of entire teams of experienced hackers: analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator. Less experienced and resourced groups can now potentially perform large-scale attacks of this nature. Shoot, this sounds like a product pitch! Don’t have the experience or resources to keep up with your competitors who are cyberattacking? We’ve got a tool for you! Wait, so if you’re creating something that can cause so much havoc, why are you still making it? Oh good, they address this exact question: This raises an important question: if AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is that the very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. Ok, so the article is a product pitch: But that’s my words. Here’s theirs: A fundamental change has occurred in cybersecurity. We advise security teams to experiment with applying AI for defense in areas like Security Operations Center automation, threat detection, vulnerability assessment, and incident response. We also advise developers to continue to invest in safeguards across their AI platforms, to prevent adversarial misuse. The techniques described above will doubtless be used by many more attackers—which makes industry threat sharing, improved detection methods, and stronger safety controls all the more critical. It appears AI is simultaneously the problem and the solution. It’s a great business to be in, if you think about it. You sell a tool for security exploits and you sell the self-same tool for protection against said exploits. Everybody wins! I can’t help but read this post and think of a mafia shakedown. You know, where the mafia implies threats to get people to pay for their protection — a service they created the need for in the first place. ”Nice system you got there, would be a shame if anyone hacked into it using AI. Better get some AI to protect yourself.” I find it funny that the URL slug for the article is: That’s a missed opportunity. They could’ve named it: Reply via: Email · Mastodon · Bluesky We’ve reached a tipping point in security. Look at this recent case where our AI was exploited to do malicious things with little human intervention. No doubt this same thing will happen again. You better go get our AI to protect yourself.

go Go security Security ai AI
0 views
Jim Nielsen 1 weeks ago

Creating “Edit” Links That Open Plain-Text Source Files in a Native App

The setup for my notes blog looks like this : I try to catch spelling issues and what not before I publish, but I’m not perfect. I can proofread a draft as much as I want, but nothing helps me catch errors better than hitting publish and re-reading what I just published on my website. If that fails, kind readers will often reach out and say “Hey, I found a typo in your post [link].” To fix these errors, I will: However, the “Open iA Writer” and “Find the post” are points of friction I’ve wanted to optimize. I’ve found myself thinking: “When I’m reading a post on and I spot a mistake, I wish I could just click an ‘Edit’ link right there and be editing my file.” You might be thinking, “Yeah that’s what a hosted CMS does.” But I like my plain-text files. And I love my native writing app. What’s one to do? Well, turns out iA Writer supports opening files via links with this protocol: So, in my case, I can create a link for each post on my website that will open the corresponding plain-text file in iA Writer, e.g. And voilà, my OS is now my CMS! It’s not a link to open the post in a hosted CMS somewhere. It’s a link to open a file on the device I’m using — cool! My new workflow looks like this: It works great. Here’s an example of opening a post from the browser on my laptop: And another on my phone: Granted, these “Edit” links are only useful to me. So I don’t put them in the source markup. Instead, I generate them with JavaScript when it’s just me browsing. How do I know it’s just me? I wrote a little script that watches for the presence of a search param . If that is present, my site generates an “Edit” link on every post with the correct and stores that piece of state in localstorage so every time I revisit the site, the “Edit” links are rendered for me (but nobody else sees them). Well, not nobody. Now that I revealed my secret I know you can go get the “Edit” links to appear. But they won’t work for you because A) you don’t have iA Writer installed, or B) you don’t have my files on your device. So here’s a little tip if you tried rendering the “Edit” links: do to turn them back off :) Reply via: Email · Mastodon · Bluesky Content is plain-text markdown files (synced via Dropbox, editable in iA Writer on my Mac, iPad, or iPhone) Codebase is on GitHub Builds are triggered in Netlify by a Shortcut Open iA Writer Find the post Fire Shortcut to trigger a build Refresh my website and see the updated post Read a post in the browser Click “Edit” hyperlink to open plain-text file in native app Make changes Fire Shortcut to trigger a build

go Go web-development Web Development javascript JavaScript
0 views
Jim Nielsen 2 weeks ago

To Make Software Is To Translate Human Intent Into Computational Precision

In “The Future of Software Development is Software Developers” Jason Gorman alludes to how terrible natural language is at programming computers: The hard part of computer programming isn’t expressing what we want the machine to do in code. The hard part is turning human thinking – with all its wooliness and ambiguity and contradictions – into computational thinking that is logically precise and unambiguous, and that can then be expressed formally in the syntax of a programming language. The work is the translation , from thought to tangible artifact. Like making a movie: everyone can imagine one, but it takes a director to produce one. This is also the work of software development: translation . You take an idea — which is often communicated via natural language — and you translate it into functioning software. That is the work. It’s akin to someone who translates natural languages, say Spanish to English. The work isn’t the words themselves, though that’s what we conflate it with. You can ask to translate “te quiero” into English. And the resulting words “I love you” may seem like a job complete. But the work isn’t coming up with the words. The work is gaining the experience to know how and when to translate the words based on clues like tone, context, and other subtleties of language. You must decipher intent . Does “te quiero” here mean “I love you” or “I like you” or “I care about you”? This is precisely why natural language isn’t a good fit for programming: it’s not very precise. As Gorman says, “Natural languages have not evolved to be precise enough and unambiguous enough” for making software. Code is materialized intent. The question is: whose? The request ”let users sign in” has to be translated into constraints, validation, database tables, async flows, etc. You need pages and pages of the written word to translate that idea into some kind of functioning software. And if you don’t fill in those unspecified details, somebody else ( cough AI cough ) is just going to guess — and who wants their lives functioning on top of guessed intent? Computers are pedants. They need to be told precisely in everything, otherwise you’ll ask for one thing and get another. “Do what I mean, not what I say” is a common refrain in working with computers. I can’t tell you how many times I’ve spent hours troubleshooting an issue only to realize a minor syntactical mistake. The computer was doing what I typed, not what I meant. So the work of making software is translating human thought and intent into functioning computation (not merely writing, or generating, lines of code). Reply via: Email · Mastodon · Bluesky

programming Programming career Career
0 views
Jim Nielsen 3 weeks ago

You Might Also Like: My Notes Blog

If you subscribe to this blog, you must like it — right? I mean, you are subscribed to it. And if you like this blog, you might also like my notes blog . It’s where I take short notes of what I read, watch, listen to, or otherwise consume, add my two cents, and fire it off into the void of the internet. It’s sort of like a “link blog” but I’m not necessarily recommending everything I link to. It’s more of “This excerpt stood out to me in some way, here’s my thoughts on why.” It’s nice to have a place where I can jot down a few notes, fire off my reaction, and nobody can respond to it lol. At least, not in any easy, friction-less way. You’d have to go out of your way to read my commentary, find my contact info, and fire off a message (critiquing or praising). That’s how I like it. Cuts through the noise. Anyway, this is all a long way of saying: if you didn’t already know about my notes blog, you might like it. Check it out or subscribe . Today, for example, I posted lots of grumpy commentary. Reply via: Email · Mastodon · Bluesky https://notes.jim-nielsen.com/#2025-12-18T1130 https://notes.jim-nielsen.com/#2025-12-18T1128 https://notes.jim-nielsen.com/#2025-12-18T1136

media Media ai AI writing Writing
0 views
Jim Nielsen 4 weeks ago

The “A” in “AI” Stands For Amnesia

My last article was blogging off Jeremey’s article which blogged off Chris’ article and, after publishing, a reader tipped me off to the Gell-Mann amnesia effect which sounds an awful lot like Chris’ “Jeopardy Phenomenon”. Here’s Wikipedia: The Gell-Mann amnesia effect is a cognitive bias describing the tendency of individuals to critically assess media reports in a domain they are knowledgeable about, yet continue to trust reporting in other areas despite recognizing similar potential inaccuracies. According to Wikipedia, the concept was named by Michael Crichton because of conversation he once had with physicist Murray Gell-Mann (humorously, he said by associating a famous name to the concept he could imply greater importance to it — and himself — than otherwise possible). Here’s Crichton: you read with exasperation or amusement the multiple errors in a story—and then turn the page to national or international affairs, and read with renewed interest as if the rest of the newspaper was somehow more accurate about far-off Palestine than it was about the story you just read. You turn the page, and forget what you know. He argues that this effect doesn’t seem to translate to other aspects of our lives. The courts, for example, have a related concept of “false in one thing, false in everything” . Even in ordinary life, Crichton says, “if somebody consistently exaggerates or lies to you, you soon discount everything they say”. In other words: if your credibility takes a hit in one area, it’s gonna take a hit across the board. At least, that’s his line of reasoning. It’s kind of fascinating to think about this in our current moment of AI. Allow me to re-phrase Crichton. You read with exasperation the multiple errors in AI’s “answer”, then start a new chat and read with renewed interest and faith as if the next “answer” is somehow more accurate than the last. You start a new prompt and forget what you know. If a friend, acquaintance, or family member were to consistently exaggerate or lie to you, you’d quickly adopt a posture of discounting everything they say. But with AI — which even comes with a surgeon general’s warning, e.g. “AI can make mistakes. Check important info.” — we forgive and forget. Forget. Maybe that’s the keyword for our behavior. It is for Crichton: The only possible explanation for our behavior is amnesia. Reply via: Email · Mastodon · Bluesky

writing Writing ai AI media Media
0 views
Jim Nielsen 1 months ago

It’s Uncomfortable To Sit With “I Don’t Know”

Chris Coyier : There’s the thing where if you’re reading an article in the newspaper, and it’s about stuff you don’t know a ton about, it all seems well and good. Then you read another article in the same paper and it’s about something you know intimately (your job, your neighborhood, your hobby, etc) there is a good chance you’ll be like hey! that’s not quite right! Chris extends this idea to AI-generated code, i.e. if you don’t know or understand the generated code you probably think, “Looks good to me!” But if you do know it you probably think, “Wait a second, that’s not quite right.” Here’s Jeremy Keith riffing on Chris’ thoughts : I’m astounded by the cognitive dissonance displayed by people who say “I asked an LLM about {topic I’m familiar with}, and here’s all the things it got wrong” who then proceed to say “It was really useful when I asked an LLM for advice on {topic I’m not familiar with, hence why I’m asking an LLM for advice}.” Kind of feels like this boils down to: How do we know what we know? To be fair, that’s a question I’ve wrestled with my whole life. And the older I get, the more and more I realize how often we barely know anything. There’s a veneer of surety everywhere in the world. There are industries of people and services who will take your money in exchange for a sense of surety — influencers, consultants, grifters, AI, they all exist because we are more than willing to pay with our time, attention, and money to feel like we “know” something. “You’re absolutely right!” But I, for one, often feel increasingly unsure of everything I thought I knew. For example: I can’t count the number of times I thought I understood a piece of history, only to later find out that the commonly-accepted belief comes to use from a single source, written decades later in a diary or on a piece of parchment or on a stone, by someone with blind spots, questionable incentives, or a flair for the dramatic, all of which leaves me seriously questioning the veracity and objectivity of something I thought I knew. Which leads me to the next, uncomfortable question: How many other things are there that I thought I knew but are full of uncertainty just like this? All surety vanishes. And that’s an uncomfortable place to be. Who wants to admit “I don’t know”? It’s so easy to take what’s convenient over what corresponds to reality. And that’s what scares me about AI. Reply via: Email · Mastodon · Bluesky

ai AI
0 views
Jim Nielsen 1 months ago

Icons in Menus Everywhere — Send Help

I complained about this on the socials , but I didn’t get it all out of my system. So now I write a blog post. I’ve never liked the philosophy of “put an icon in every menu item by default”. Google Sheets, for example, does this. Go to “File” or “Edit” or “View” and you’ll see a menu with a list of options, every single one having an icon (same thing with the right-click context menu). It’s extra noise to me. It’s not that I think menu items should never have icons. I think they can be incredibly useful (more on that below). It’s more that I don’t like the idea of “give each menu item an icon” being the default approach. This posture lends itself to a practice where designers have an attitude of “I need an icon to fill up this space” instead of an attitude of “Does the addition of a icon here, and the cognitive load of parsing and understanding it, help or hurt how someone would use this menu system?” The former doesn’t require thinking. It’s just templating — they all have icons, so we need to put something there. The latter requires care and thoughtfulness for each use case and its context. To defend my point, one of the examples I always pointed to was macOS. For the longest time, Apple’s OS-level menus seemed to avoid this default approach of sticking icons in every menu item. That is, until macOS Tahoe shipped. Tahoe now has icons in menus everywhere. For example, here’s the Apple menu: Let’s look at others. As I’m writing this I have Safari open. Let’s look at the “Safari” menu: Hmm. Interesting. Ok so we’ve got an icon for like half the menu items. I wonder why some get icons and others don’t? For example, the “Settings” menu item (third from the top) has an icon. But the other item in its grouping “Privacy Report” does not. I wonder why? Especially when Safari has an icon for Privacy report, like if you go to customize the toolbar you’ll see it: Hmm. Who knows? Let’s keep going. Let’s look at the "File" menu in Safari: Some groupings have icons and get inset, while other groupings don’t have icons and don’t get inset. Interesting…again I wonder what the rationale is here? How do you choose? It’s not clear to me. Let’s keep going. Let’s go to the "View" menu: Oh boy, now we’re really in it. Some of these menu items have the notion of a toggle (indicated by the checkmark) so now you’ve got all kinds of alignment things to deal with. The visual symbols are doubling-up when there’s a toggle and an icon. The “View” menu in Mail is a similar mix of: You know what would be a fun game? Get a bunch of people in a room, show them menus where the textual labels are gone, and see who can get the most right. But I digress. In so many of these cases, I honestly can’t intuit why some menus have icons and others do not. What are so many of these icons affording me at the cost of extra visual and cognitive parsing? I don’t know. To be fair, there are some menus where these visual symbols are incredibly useful. Take this menu from Finder: The visual depiction of how those are going to align is actually incredibly useful because it’s way easier for my brain to parse the symbol and understand where the window is going to go than it is to read the text and imagine in my head what “Top Left” or “Bottom & Top” or “Quarters” will mean. But a visual symbol? I instantly get it! Those are good icons in menus. I like those. What I find really interesting about this change on Apple’s part is how it seemingly goes against their own previous human interface guidelines (as pointed out to me by Peter Gassner ). They have an entire section in their 2005 guidelines titled “Using Symbols in Menus”: See what it says? There are a few standard symbols you can use to indicate additional information in menus…Don’t use other, arbitrary symbols in menus, because they add visual clutter and may confuse people. Confused people. That’s me. They even have an example of what not to do and guess what it looks like? A menu in macOS Tahoe. It’s pretty obvious how I feel. I’m tired of all this visual noise in my menus. And now that Apple has seemingly thrown in with the “stick an icon in every menu by default” crowd, it’s harder than ever for me to convince people otherwise. To persuade, “Hey, unless you can articulate a really good reason to add this, maybe our default posture should be no icons in menus?” So I guess this is the world I live in now. Icons in menus. Icons in menus everywhere. Reply via: Email · Mastodon · Bluesky Text + toggles Text + icons Text + icons + toggles

design Design
0 views
Jim Nielsen 1 months ago

Malicious Traffic and Static Sites

I wrote about the 404s I serve for robots.txt . Now it’s time to look at some of the other common 404s I serve across my static sites (as reported by Netlify’s analytics): I don’t run WordPress, but as you can see I still get a lot of requests for resources. All of my websites are basically just static files on disk, meaning only GET requests are handled (no POST, PUT, PATCH, etc.). And there’s no authentication anywhere. So when I see these requests, I think: “Sure is nice to have a static site where I don’t have to worry about server maintenance and security patches for all those resources.” Of course, that doesn’t mean running a static site protects me from being exploited by malicious, vulnerability-seeking traffic. Here are a few more common requests I’m serving a 404 to: With all the magic building and bundling we do as an industry, I can see how easy it would be to have some sensitive data in your source repo (like the ones above) end up in your build output. No wonder there are bots scanning the web for these common files! So be careful out there. Just because you’ve got a static site doesn’t mean you’ve got no security concerns. Fewer, perhaps, but not none. Reply via: Email · Mastodon · Bluesky

devops DevOps web-development Web Development security Security
0 views
Jim Nielsen 1 months ago

Notes From an Interview With Jony Ive

Patrick Collison, CEO of Stripe, interviewed Jony Ive at Stripe Sessions . Below are my notes from watching the interview. I thought about packaging these up into a more coherent narrative, but I just don’t have the interest. However, I do want to keep these notes for possible reference later, so here’s my brain dump in a more raw form. On moving fast and breaking things: breaking stuff and moving on quickly leaves us surrounded by carnage. There’s an intriguing part in the interview where Ive reflects on how he obsessed over a particular detail about a cable’s packaging. He laughs at the story, almost seemingly embarrassed, because it seems so trivial to care about such a detail when he says it out loud. But Collison pushes him on it, saying there’s probably a utilitarian argument about how if you spend more time making the packaging right, some people mights save seconds of time and when you multiply that across millions of people, that's a lot of savings. But Collison presumes Ive isn’t interested in that argument — the numbers, the calculation, etc. — so there must be something almost spiritual about investing in something so trivial. Ive’s response: I believe that when somebody unwrapped that box and took out that cable, they thought “Somebody gave a shit about me.” I think that’s a nice sentiment. I do. But I also think there’s a counter argument here of: “They cared when they didn’t have to, but they were getting paid to spend their time that way. And now those who can pay for the result of that time spent get to have the feeling of being cared for.” Maybe that’s too cynical. Maybe what I’m getting at is: if you want to experience something beautiful, spend time giving a shit about people when you don’t stand to profit from it. To be fair, I think Ive hints at this with his use of “privilege” here: I think it’s a privilege if we get to practice and express our concern and care for one another [by making things for one another at work] People say products are a reflection of an organization’s communication structure. Ive argues that products are a function of the interpersonal relationships of those who make them: To be joyful and optimistic and hopeful in our practice, and to be that way in how we relate to each other and our colleagues, [is] how the products will end up. Ive talking about how his team practiced taking their design studio to someone’s house and doing their work there for a day: [Who] would actually want to spend time in a conference room? I can’t think of a more soulless and depressing place…if you’re designing for people and you’re in someone’s living room, sitting on their sofa or floor and your sketchbook is on their coffee table, of course you think differently. Of course your preoccupation, where your mind wanders, is so different than if you’re sitting in a typical corporate conference room. Everybody return to the office! Ive conveying an idea he holds that he can’t back up: I do believe, and I wish that I had empirical evidence What is the place for belief in making software? Ive speaks about how cabinet makers who care will finish the inside parts of the cabinet even if nobody sees them: A mark of how evolved we are as people is what we do when no one sees. It’s a powerful marker of who we truly are. If you only care about what's on the surface, then you are, by definition, superficial. Reply via: Email · Mastodon · Bluesky

design Design business Business culture Culture
0 views
Jim Nielsen 1 months ago

My Number One “Resource Not Found”

The data is in. The number one requested resource on my blog which doesn’t exist is: According to Netlify’s analytics, that resources was requested 15,553 times over the last thirty days. Same story for other personal projects I manage: “That many requests and it serves a 404? Damn Jim, you better fix that quick!” Nah, I’m good. Why fix it? I have very little faith that the people who I want most to respect what’s in that file are not going to do so . So for now, I’m good serving a 404 for . Change my mind. Reply via: Email · Mastodon · Bluesky iOS Icon Gallery : 18,531 requests. macOS Icon Gallery 10,565 requests.

web-development Web Development Analytics
1 views
Jim Nielsen 1 months ago

Podcast Notes: Feross Aboukhadijeh on The Changelog

I enjoyed listening to Feross Aboukhadijeh , founder and CEO of the security firm Socket, on the Changelog podcast “npm under siege” . The cat-and-mouse nature of security is a kind of infinite source of novel content, like a series of heist movies that never produces the same plot so you can never quite guess what happens next. I like how succintly Feross points out the paradox of trying to keep your software safe by upgrading packages on npm: The faster you upgrade your packages, the safer you are from software vulnerabilities. But then the faster you upgrade the more vulnerable you are to supply chain attacks He points out (and I learned) that pnpm has a feature called that lets you avoid installing anything super new. So you can, for example, specify: “Don’t install anything published in the last 24 hours.” In other words: let’s slow down a bit. Maybe we don’t need immediacy in everything, including software updates. Maybe a little friction is good . And if security vulnerabilities are what it took to drive us to this realization, perhaps it’s a blessing in disguise. (Until the long running cat-and-mouse game of security brings us a bad actor who decides to exercise a little patience and creates some kind of vulnerability whose only recourse requires immediate upgrades and disabling the flag, lol.) Later in the podcast Feross is asked whether, if he was the benevolent dictator of npm, he would do things the same. He says “yes”. Why? Because the trade-offs of “trust most people to do the right thing and make it easy for them” feels like the better decision over “lock it down and make it harder for everyone”. He’s a self proclaimed optimist: There’s so much good created when you just trust people and you hope for the best. Obviously Feross has an entire business based on the vulnerabilities of npm, so his incentives are such that if he did change things, he might not exist ha. So read that how you will. But I like his optimistic perspective: try not to let a few bad actors ruin the experience for everyone. Maybe we can keep the levers where they are and try to clean up what remains. Reply via: Email · Mastodon · Bluesky

ai AI programming Programming
0 views
Jim Nielsen 1 months ago

Data Storage As Files on Disk Paired With an LLM

I recently added a bunch of app icons from macOS Tahoe to my collection . Afterwards, I realized some of them were missing relational metadata. For example, I have a collection of iMove icons through the years which are related in my collection by their App Store ID. However, the latest iMovie icon I added didn’t have this ID. This got me thinking, "Crap, I really want this metadata so I can see apps over time . Am I gonna have to go back through each icon I just posted and find their associated App Store ID?” Then I thought: “Hey, I bet AI could figure this out — right? It should be able to read through my collection of icons (which are stored as JSON files on disk), look for icons with the same name and developer, and see where I'm missing and .” So I formulated a prompt (in hindsight, a really poor one lol): look through all the files in and find any that start with and then find me any icons like iMovie that have a correlation to other icons in where it's missing and But AI did pretty good with that. I’ll save you the entire output, but Cursor thought for a bit, then asked to run this command: I was like, “Ok. I couldn’t write that myself, but that looks about right. Go ahead.” It ran the command, thought some more, then asked to run another command. Then another. It seemed unsatisfied with the results, so it changed course and wrote a node script and asked permission to run that. I looked at it and said, “Hey that’s probably how I would’ve approached this.” So I gave permission. It ran the script, thought a little, then rewrote it and asked permission to run again. Here’s the final version it ran: And with that, boom! It found a few newly-added icons with corollaries in my archive, pointed them out, then asked if I wanted to add the missing metadata. The beautiful part was I said “go ahead” and when it finished, I could see and review the staged changes in git. This let me double check the LLM’s findings with my existing collection to verify everything looked right — just to make sure there were no hallucinations. Turns out, storing all my icon data as JSON files on disk (rather than a database) wasn’t such a bad idea. Part of the reason I’ve never switched from static JSON files on disk to a database is because I always figured it would be easier for future me to find and work with files on disk (as opposed to learning how to setup, maintain, and query a database). Turns out that wasn’t such a bad bet. I’m sure AI could’ve helped me write some SQL queries to do all the stuff I did here. But what I did instead already fit within a workflow I understand: files on disk, modified with scripting, reviewed with git, checked in, and pushed to prod. So hey, storing data as JSON files in git doesn’t look like such a bad idea now, does it future Jim? Reply via: Email · Mastodon · Bluesky

sql Sql ai AI data Data json JSON
0 views
Jim Nielsen 2 months ago

Tahoe’s Terrible Icons: The B-Sides

This post is a continuation of Paul Kafasis’ post “Tahoe’s Terrible Icons” where he contrasts the visual differences across a number of Apple’s updated icons in macOS Tahoe (a.k.a. the Liquid Glass update). While Paul’s post mostly covers icons for the apps you’ll find in the primary folder, there’s also a subset of possibly lesser-known icons in the folder which have suffered a similar fate. When I first got a Mac back in college, one of the things I remember being completely intrigued by — and then later falling in love with — was how you could plumb obscure areas of the operating system and find gems, like the icons for little OS-level apps. You’d stumble on something like the “Add Printer” app and see the most beautiful printer icon you’d ever seen. Who cares what the app did, you could just stare at that icon. Admire it. Take it in. And you’d come away with a sense that the people who made it really cared . Anyhow, enough reminiscing. Let’s get to the icons. I’m saving these pre-Tahoe icons for posterity’s sake because they’re beautiful. On the left is the pre-Tahoe icon, on the right is Tahoe. (Psst: I’ve got a long-running collection of icons for iOS and macOS if you want some eye candy.) Reply via: Email · Mastodon · Bluesky

design Design
0 views
Jim Nielsen 2 months ago

Leveraging a Web Component For Comparing iOS and macOS Icons

Whenever Apple does a visual refresh in their OS updates, a new wave of icon archiving starts for me. Now that “Liquid Glass” is out, I’ve begun nabbing the latest icons from Apple and other apps and adding them to my gallery. Since I’ve been collecting these icons for so long, one of the more interesting and emerging attributes of my collection is the visual differences in individual app icons over time. For example: what are the differences between the icons I have in my collection for Duolingo? Well, I have a page for that today . That’ll let you see all the different versions I’ve collected for Duolingo — not exhaustive, I’m sure, but still interesting — as well as their different sizes . But what if you want to analyze their differences pixel-by-pixel? Turns out, There’s A Web Component For That™️. Image Compare is exactly what I was envisioning: “A tiny, zero-dependency web component for comparing two images using a slider” from the very fine folks at Cloud Four . It’s super easy to use: some HTML and a link to a script (hosted if you like, or you can vendor it ), e.g. And just like that, boom, I’ve got a widget for comparing two icons. For Duolingo specifically, I have a long history of icons archived in my gallery and they’re all available under the route for your viewing and comparison pleasure . Wanna see some more examples besides Duolingo? Check out the ones for GarageBand , Instagram , and Highlights for starters. Or, just look at the list of iOS apps and find the ones that are interesting to you (or if you’re a fan of macOS icons, check these ones out ). I kinda love how easy it was for my thought process to go from idea to reality: And I’ve written the post, so this chunk of work is now done. Reply via: Email · Mastodon · Bluesky “It would be cool to compare differences in icons by overlaying them…“ “Image diff tools do this, I bet I could find a good one…“ “Hey, Cloud Four makes a web component for this? Surely it’s good…” “Hey look, it’s just HTML: a tag linking to compiled JS along with a custom element? Easy, no build process required…“ “Done. Well that was easy. I guess the hardest part here will be writing the blog post about it.”

javascript JavaScript ai AI web Web frontend Frontend html HTML
1 views
Jim Nielsen 2 months ago

Down The Atomic Rabbit Hole

Over the years, I’ve been chewing on media related to nuclear weapons. This is my high-level, non-exhaustive documentation of my consumption — with links! This isn’t exhaustive, but if you’ve got recommendations I didn’t mention, send them my way. Reply via: Email · Mastodon · Bluesky 📖 The Making of the Atomic Bomb by Richard Rhodes. This is one of those definitive histories (it’s close to 1,000 pages and won a Pulitzer Prize). It starts with the early discoveries in physics, like the splitting of the atom, and goes up to the end of WWII. I really enjoyed this one. A definite recommendation. 📖 Dark Sun: The Making of the Hydrogen Bomb by Richard Rhodes is the sequel. If you want to know how we went from atomic weapons to thermonuclear ones, I think this one will do it. It was a harder read for me though. It got into a lot of the politics and espionage of the Cold War and I fizzled out on it (plus my library copy had to be returned, somebody else had it on hold). I’ll probably go pick it up again though and finish it — eventually. 📖 The Bomb: A Life by Gerard J. DeGroot This one piqued my interest because it covers more history of the bomb after its first use, including the testing that took place in Nevada not far from where I grew up. Having had a few different friends growing up whose parents died of cancer that was attributed to being “downwinders” this part of the book hit close to home. Which reminds me of: 🎥 Downwinders & The Radioactive West from PBS. Again, growing up amongst locals who saw some of the flashes of light from the tests and experienced the fallout come down in their towns, this doc hit close to home. I had two childhood friends who lost their Dads to cancer (and their families received financial compensation from the gov. for it). 📖 Command and Control: Nuclear Weapons, the Damascus Accident, and the Illusion of Safety by Eric Schlosser Read this one years ago when it first came out. It’s a fascinating look at humans bumbling around with terrible weapons. 🎥 Command and Control from PBS is the documentary version of the book. I suppose watch this first and if you want to know more, there’s a whole book for you. 📖 Nuclear War: A Scenario by Annie Jacobsen Terrifying. 🎥 House of Dynamite just came out on Netlify and is basically a dramatization of aspects of this book. 📖 The Button: The New Nuclear Arms Race and Presidential Power from Truman to Trump by William J. Perry and Tom Z. Collina How did we get to a place where a single individual has sole authority to destroy humanity at a moment’s notice? Interesting because it’s written by former people in Washington, like the Sec. of Defense under Clinton, so you get a taste of the bureaucracy that surrounds the bomb. 🎧 Hardcore History 59 – The Destroyer of Worlds by Dan Carlin First thing I’ve really listened to from Dan. It’s not exactly cutting-edge scholarship and doesn’t have academic-level historical rigor, but it’s a compelling story around how humans made something they’ve nearly destroyed themselves with various times. The part in here about the cuban missile crisis is wild. It led me to: 📖 Nuclear Folly: A History of the Cuban Missile Crisis by Serhii Plokhy is a deep look at the Cuban Missile crisis. This is a slow burning audiobook I’m still chewing through. You know how you get excited about a topic and you’re like “I’m gonna learn all about that thing!” And then you start and it’s way more than you wanted to know so you kinda back out? That’s where I am with this one. 🎥 The Bomb by PBS. A good, short primer on the bomb. It reminds me of: 🎥 Turning Point: The Bomb and the Cold War on Netflix which is a longer, multi-episode look at the bomb during the Cold War. 📝 Last, but not least, I gotta include at least one blog! Alex Wellerstein, a historian of science and creator of the nukemap , blogs at Doomsday Machines if you want something for your RSS reader.

books Books Science media Media
0 views
Jim Nielsen 2 months ago

Browser APIs: The Web’s Free SaaS

Authentication on the web is a complicated problem. If you’re going to do it yourself, there’s a lot you have to take into consideration. But odds are, you’re building an app whose core offering has nothing to do with auth. You don’t care about auth. It’s an implementation detail. So rather than spend your precious time solving the problem of auth, you pay someone else to solve it. That’s the value of SaaS. What would be the point of paying for an authentication service, like workOS, then re-implementing auth on your own? They have dedicated teams working on that problem. It’s unlikely you’re going to do it better than them and still deliver on the product you’re building. There’s a parallel here, I think, to building stuff in the browser. Browsers provide lots of features to help you deliver good websites fast to an incredibly broad and diverse audience. Browser makers have teams of people who, day-in and day-out, are spending lots of time developing and optimizing new their offerings. So if you leverage what they offer you, that gives you an advantage because you don’t have to build it yourself. You could build it yourself. You could say “No thanks, I don’t want what you have. I’ll make my own.” But you don’t have to. And odds are, whatever you do build yourself, is not likely to be as fast as the highly-optimized subsystems you can tie together in the browser . And the best part? Unlike SasS, you don’t have to pay for what the browser offers you. And because you’re not paying, it can’t be turned off if you stop paying. , for example, is a free API that’ll work forever. That’s a great deal. Are you taking advantage? Reply via: Email · Mastodon · Bluesky

web-development Web Development api API css CSS
0 views
Jim Nielsen 2 months ago

Don’t Forget These Tags to Make HTML Work Like You Expect

I was watching Alex Petros’ talk and he has a slide in there titled “Incantations that make HTML work correctly”. This got me thinking about the basic snippets of HTML I’ve learned to always include in order for my website to work as I expect in the browser — like “Hey I just made a file on disk and am going to open it in the browser. What should be in there?” This is what comes to mind: Without , browsers may switch to quirks mode, emulating legacy, pre-standards behavior. This will change how calculations work around layout, sizing, and alignment. is what you want for consistent rendering. Or if you prefer writing markup like it’s 1998. Or even if you eschew all societal norms. It’s case-insensitive so they’ll all work. Declare the document’s language. Browsers, search engines, assistive technologies, etc. can leverage it to: Omit it and things will look ok, but lots of basic web-adjacent tools might get things wrong. Specifying it makes everything around the HTML work better and more accurately, so I always try to remember to include it. This piece of info can come back from the server as a header, e.g. But I like to set it in my HTML, especially when I’m making files on disk I open manually in the browser. This tells the browser how to interpret text, ensuring characters like é, ü, and others display correctly. So many times I’ve opened a document without this tag and things just don’t look right — like my smart quotes . For example: copy this snippet, stick it in an HTML file, and open it on your computer: Things might look a bit wonky. But stick a tag in there and you’ll find some relief. Sometimes I’ll quickly prototype a little HTML and think, “Great it’s working as I expect!” Then I go open it on mobile and everything looks tiny — “[Facepalm] you forgot the meta viewport tag!” Take a look at this screenshot, where I forgot the meta viewport tag on the left but included it on the right: That ever happen to you? No, just me? Well anyway, it’s a good ‘un to include to make HTML work the way you expect. I know what you’re thinking, I forgot the most important snippet of them all for writing HTML: Reply via: Email · Mastodon · Bluesky Get pronunciation and voice right for screen readers Improve indexing and translation accuracy Apply locale-specific tools (e.g. spell-checking)

frontend Frontend web-development Web Development html HTML
1 views
Jim Nielsen 2 months ago

Everything Is Broken

Chris Coyier wrote about it . Now it’s my turn. Last week I’m flying home. My flight gets delayed in air, then lands late so I miss my connecting flight… [Skip over all the stuff about airline customer support, getting rebooked, etc.] It’s ~10pm and I’m stranded overnight. I need a last-minute hotel room. I figure I’ll try HotelTonight because that’s their shtick, right? “Incredible last-minute hotel deals” says their homepage hero banner. I find the closest hotel, click “Purchase” it takes me to checkout, I do the whole Apple Pay thing, then it says “failed to book” because there are no more rooms left. Ok? Would’ve been nice to know that before going through all the checkout stuff, but ok. I’ll find another. Two more hotels, same deal. Click through, checkout, blah blah blah, payment won’t go through. It says there are no more rooms left. No I’m getting frustrated. I’ll try one more time… Same flow. Finally! Payment goes through. Confirmation number and all — I’m good to go! I leave the airport and get a rideshare to the hotel. Go up to the desk. “Yes, I’m checking in please.” They ask for my name. I give it. They can’t find me. “Oh, no…” I think. “Do you have a reservation number?” Hell yes I do! Right here in the email HotelTonight sent me. I give it to them. It’s not in their system. “Ok well, can you get me a room?” Nope, they are completely full for the night. Knowing that I booked through a third-party system, and it’s not in the first-party system, I know there’s no chance I’m getting a room. So now it’s 10:30pm. I’m in the lobby of the hotel for which I have a bogus confirmation and I begin my search for the next-closest hotel. I know at this point I’m not using anything internet-based to make a reservation. Over-the-phone only! I call a bunch of nearby hotels. Every one is giving me their automated phone system — “If you want to book a reservation, press 1. If you want to…” I sit through the first couple calls and eventually connect to a human: “Do you have any rooms available tonight?” “Yes sir, can you confirm which location you are calling for?” They don’t know because this isn’t someone at the hotel. This is a call center somewhere. I quickly realize this ain’t gonna work. New rule: if the number online is a centralized number that gives me your automated phone system, I’m out. Next hotel. I just need to connect to a human at a front desk. I call maybe 12 hotels. About two give me humans at the front desk. Both of those are booked solid for the night. But you know what? Props to those hotels for having direct lines to a human. YUGE props. A direct line to a human feels like the ultimate luxury at this point. “Hey you got any rooms tonight? No? That’s ok. I appreciate you being there to answer my call, friend. You have a good night.” Eventually I find a hotel 20 minutes down the road where somebody at the front desk answers and says they have a room. “It’s twice the cost since it’s our last room.” I don’t care, I book it. This is a phone call with a person at the front desk, I know I’m getting a room. Postscript: I also spent several days going back and forth with a rep at HotelTonight to get a refund. I guess it’s hard to prove that their system sold me a room that did not exist. Reply via: Email · Mastodon · Bluesky

ai AI
0 views
Jim Nielsen 2 months ago

AI Browsers: Living on the Frontier of Security

OpenAI released their new “browser” and Simon Willison has the deets on its security , going point-by-point through the statement from OpenAI’s Chief Information Security Officer. His post is great if you want to dive on the details. Here’s my high-level takeaway: Everything OpenAI says they are doing to mitigate the security concerns of an LLM paired with a browser sounds reasonable in theory. However, as their CISO says, “prompt injection remains a frontier, unsolved security problem”. So unless you want to be part of what is essentially a global experiment on the frontier of security on the internet, you might want to wait before you consider any of their promises “meaningful mitigation”. (Aside: Let’s put people on the “frontier” of security for their daily tasks, that seems totally fine right? Meanwhile, Tom MacWright has rationally argued that putting an AI chatbot between users and the internet is an obvious disaster we’ll all recognize as such one day .) What really strikes me after reading Simon’s article is the intersection of these two topics which have garnered a lot of attention as of late: This intersection seems primed for exploitation, especially if you consider combining different techniques we’ve seen as of late like weaponizing LLM agents and shipping malicious code that only runs in end-users’ browsers . Imagine, for a second, something like the following: You’re an attacker and you stick malicious instructions — not code, mind you, just plain-text English language prose — in your otherwise helpful lib and let people install it. No malicious code is run on the installing computer. Bundlers then combine third-party dependencies with first-party code in order to spit it out application code which gets shipped to end users. At this point, there is still zero malicious code that has executed on anyone’s computer. Then, end users w/AI browsers end up consuming these plain-text instructions that are part of your application bundle and boom, you’ve been exploited. At no point was any “malicious code” written by a bad actor “executed” by the browser engine itself. Rather, it’s the bolted on AI agent running alongside the browser engine that ingests these instructions and does something it obviously shouldn’t. In other words: it doesn’t have to be code to be an exploit. Plain-text human language is now a weaponizable exploit, which means the surface for attacks just got way bigger. But probably don’t listen to me. I’m not a security expert. However, every day that voice in the back of my head to pivot to security gets louder and louder, as it’s seemingly the only part of computer science that gets worse every year . Reply via: Email · Mastodon · Bluesky npm supply chain attacks AI browsers

ai AI security Security web-development Web Development
0 views