Thoughts's "gab" Script - 2022-06-20

There's something interesting about smaller social communities of the tech-savvy using SSH and *nix to create social networks. They have none of the commercial aspects associated with large social networks (ads, tracking, algorithm-based feeds, etc.), but they also seem to tend to stay off the web, instead using SSH, Gemini, Gopher, and RSS.

I think the web is largely OK as is (though I admire Gemini quite a bit), but needs to be made easier for folks to run, like a vacuum cleaner or a car.

Take a look at the gab script for as an example. It's an entire chat service, with rooms, users, blocking/unblocking, in a single 356-line Python script. There are a lot of attributes of the problem that make such a simple approach possible:

  • Storage: available for each user, it's nothing more than creating a directory in the user's home directory to store the necessary files.
  • Permissions: the *nix filesystem has user permissions, so setting the right bits is all that's needed.
  • Identity: provided automatically via $USER and enforced by SSH keys.
  • UI: the commmand-line provides an existing UI that is already familiar.

This is neat! A chat service to serve up to several hundred users can be tiny and easily written by one person if it reuses existing components. What's interesting to me is that we don't have this for the web. Where is the reusable storage, permissions, identity, and UI to make web apps as trivial as CLI apps? I think web frameworks come close, and Parse/Firebase were exploring related ideas (making the backend highly reusable), but there might be room for a "cartridge" style of webapp that reuses storage (maybe sqlite), identity (maybe providing OAuth and password-based options), and UI (default layouts for standard views).

The value of this is not to power world-class services like YouTube or Facebook, but to power the neighborhood message board. It would be a beautiful thing if every town and neighborhood and family had their own system that did this. Fragmentation can be ok in an ecosystem with aggregators. Then one could use RSS to aggregate posts from all the interesting networks. I suspect this would be a much healthier outcome than the centralized services for a variety of reasons, but perhaps that's best discussed another time.

The gab script at

EU Joins Mastodon Social Network, Sets Up Its Own Server - 2022-04-29

There's been a lot of chatter about "free speech" and "censorship" on the popular social platforms (Twitter, Facebook, and others), and I'm constantly confused by it. We have federated social media (the Fediverse) that allows anyone to set up a server and publish posts that can be consumed from other servers, via the web, or via RSS. The idea that elected government officials are using Twitter to publish updates is extremely strange, and it's even weirder that they do so while complaining about the rules Twitter imposes.

So, with that context, it's a breath of fresh air to see the EU approaching this problem in the most obvious way imaginable: have the government run their own server! I'd be very supportive if the U.S. government did this so representatives of the people could communicate with their constituents.

To be clear, having the government run their own server isn't magic pixie dust that will solve all the problems. But it will allow the government to directly confront those problems and optimize for healthy discourse rather than going through Twitter, which cares less about healthy discourse and more about advertising revenue.

EU Joins Mastodon Social Network, Sets Up Its Own Server

Due Dates are a Lazy Way to Gain Commitment - 2022-04-17

I largely agree with Tristan on this. Business folks are constantly thinking in terms of dates; I'm sure it seems obvious that this is the way. And I largely agree! The system I use to manage teams is gathered from a variety of sources, but contains only two guidelines.

Frontload Risk

One type of slowdown is unanticipated complexity. These snags slow things down because one aspect of the work took longer than expected. These snags are often things we can anticipate in advance. In cases where we think there may be a snag, start working on that part of the project first and create a prototype. I sometimes call this "de-risking" or "retiring risk" in management meetings, but it just means "try to make the tricky parts work first".

Set Target Dates

After frontloading risk, you can allow some time to work through those risks, as well as the "easy" parts of the project. Do some rough sizing ("3 days to identify the correct backend storage system and make it region-aware") and then set a target date for the project. This date is not a commitment, but a public statement of what the team is shooting for. It's not the manager than sets this, but rather the engineers, and it comes with one instruction: the team must raise a flag as soon as the they encounter a snag that they think will alter the target date. This frees the team from sync meetings to assess status, and comes with an added benefit: sources of delay are easy to pick out when the team reflects on the project after it is complete. Some findings might be generally applicable and can be integrate into a list of things to think about during the "rough sizing" phase of the project next time.

That's it! I've used this approach across multiple companies over the past 10 years or so, and it's is fantastic at getting out of everyone's way keeping the focus on shipping great work.

Due Dates are a Lazy Way to Gain Commitment

TIC-80 - 2022-04-12

TIC-80 is a small fantasy computer that includes a full development environment (runtime + code editor) along with a set of tools to develop sound effects, music, maps, and sprites. Programs are limited to 64kb, and support Lua, along with Lua-hosted languages like Fennel (my preferred language!) and Wren.

Might take a stab at developing a simple dice game (Zilch perhaps?) in TIC-80. One of the draws, beyond simply being able to deploy the game to any platform that runs TIC-80 (browsers, desktops, phones) is that RetroArch bundles TIC-80, so TIC-80 games run on anything that runs RetroArch, including devices like the RG280V: modern handhelds that run retro games. Fantastic gateway to writing portable games as a hobby!

TIC-80 (Github)

M1 Macbook Pro - 2022-04-01

I hesitate to post on 01 April, but here's a (true) embarrassing story: after reading about how fast the M1 Macbooks are, I was conflicted about deciding to avoid them for a while (I like to stay a bit behind the curve when system architecture is changing). I switched jobs in March and they said they were sending me an Intel Macbook, which arrived in great condition, and I was very pleased that the touchbar was gone and the keyboard had reasonable travel.

So I've been using this laptop for a month now, and got a weird error about the ARM architecture when I attempted a brew install jq this morning. So I clicked on "About this Mac" and saw it was indeed an M1 chip.

I hadn't even noticed!

Total War (Wikipedia) - 2022-03-20

Modern war involves sanctions, which impact civilian parts of the economy to a substantial degree. Some open source code is being modified to cause additional damage and disruption in areas associated with the war, but of course there is collateral damage even beyond the intended civilian targets.

This reminds me of the idea of "total war". Wikipedia's summary:

Total war is warfare that includes any and all civilian-associated resources and infrastructure as legitimate military targets, mobilizes all of the resources of society to fight the war, and gives priority to warfare over non-combatant needs.

I think total war is likely much more disruptive than the open-source sabotage we're seeing now, but it seems like a related concept somehow; rather than trying to constrain the scope of the conflict, the aim seems to enlarge it, with the hope that doing so can avoid a catastrophic escalation. This seems a bit like a loose cannon to me: lots of power unleashed, but little control over it. Is there a term for this kind of sabotage of largely civilian infrastructure to support a war effort? The more I read about it, the more murky the issue becomes.

Total War (Wikipedia)

Pale Blue Dot - 2022-03-09

Spoken close to 30 years ago, Carl Sagan's insights have aged well, I think.

From this distant vantage point, the Earth might not seem of any particular interest. But for us, it’s different. Consider again at that dot: That's here. That's home. That's us. On it everyone you love, everyone you know, everyone you ever heard of, every human being who ever was, lived out their lives. The aggregate of our joy and suffering, thousands of confident religions, ideologies, and economic doctrines, every hunter and forager, every hero and coward, every creator and destroyer of civilization, every king and peasant, every young couple in love, every mother and father, hopeful child, inventor and explorer, every teacher of morals, every corrupt politician, every "superstar", every "supreme leader", every saint and sinner in the history of our species lived there - on a mote of dust suspended in a sunbeam.

The Earth is a very small stage in a vast cosmic arena. Think of the rivers of blood spilled by all those generals and emperors so that, in glory and triumph, they could become the momentary masters of a fraction of a dot. Think of the endless cruelties visited by the inhabitants of one corner of this pixel on the scarcely distinguishable inhabitants of some other corner, how frequent their misunderstandings, how eager they are to kill one another, how fervent their hatreds.

Our posturings, our imagined self-importance, the delusion that we have some privileged position in the Universe, are challenged by this point of pale light. Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity, in all this vastness, there is no hint that help will come from elsewhere to save us from ourselves. The Earth is the only world known so far to harbor life. There is nowhere else, at least in the near future, to which our species could migrate. Visit, yes. Settle, not yet. Like it or not, for the moment the Earth is where we make our stand.

It has been said that astronomy is a humbling and character-building experience. There is perhaps no better demonstration of the folly of human conceits than this distant image of our tiny world. To me, it underscores our responsibility to deal more kindly with one another, and to preserve and cherish the pale blue dot, the only home we've ever known.

Carl Sagan, 1994

Joe Armstrong - Erlang and other stuff - 2022-02-25

I've been working on generating an Atom feed for this site (because RSS should never die!) and in the course of my research, I discovered a conversation on Twitter from someone else who was working on migrating their blog to Tiddlywiki. The name "Joe Armstrong" rang a bell, and it hit me suddenly...this can't be the late Joe Armstrong of Erlang fame, can it? But further poking around showed it was indeed. His journey to use Tiddlywiki really hit me; it's just so similar to my own, from thinking of Tiddlywiki as a note system to discovering that it's really more of a database and programming language disguised as a web page. He wrote an interesting post in 2018 about wanting new blogging software that would stay still so he could focus on blogging rather than blog software. He even has a quote in there that really hits home for me:

I decided to take the easy way out. Write my own static site generator. Moreover I would use no external dependencies...Are you crazy - no dependencies at all? Perhaps I am crazy, but every time I've included somebody elses code it has turned round and hit me in the face a few years later.

So what does he go with in 2018? Emacs' org-mode. Ah, I know this path well! But I share his viewpoint: if you want a low-maintenance site, you need stable, monolithic building blocks that you assemble yourself into the desired solution (stuff like SQLite, Fossil, Emacs, and Tiddlywiki fill the bill nicely). Joe started with org-mode, and then added his own embedded Erlang tags to automate things. But, facing similar challenges that I've faced (I'm sure), a couple of years later, he discovered Tiddlywiki. He has a post about his eureka moment working with it. It has this quality that isn't apparent at first: it's a full-fledged system for manipulating a database of notes (and the notes themselves contain the system!), so no extra embedded language is needed. Instead, it not only has wikitext (with macros and widgets), but can embed JavaScript code as well. This self-contained package is self-sustaining, needing no updates unless they are desired. This property makes it different than other systems (he mentions Jekyll and Hugo): both are dependent on separate language ecosystems (Ruby and Go, respectively) as well the associated projects being maintained. His tweet about using Tiddlywiki because it will endure really resonates with me:

you can hopefully read [my posts] in 1000 years

And then, just months later, he was gone. For me, finding his posts about all this only three years later is amazing...I never knew Joe, but I've long been a fan of Erlang, and it turns out he was a fan of the same sort of tech that I've found inspiring. The great news is that, since he switched to Tiddlywiki, his site should stay up as long as Github will host it, and even then, if anyone has saved the wiki (I have!), it can easily be hosted elsewhere, not only over the web, but also over newer technologies like IPFS. And that's great! His blog has a host of interesting posts about crazy stuff that I adore like Sonic Pi and the joy of really bad websites. If you're curious, the link is below, as usual.

Joe Armstrong - Erlang and other stuff

A.I. has mastered 'Gran Turismo' - 2022-02-24

I worked with autonomous vehicles a bit, and one of the elements of machine learning that jumps out from that time is the large investment in structuring the neural net and deciding overall architecture, as well as curating a good data set for training.

Notably, the thing that can be made to be quite fast is the training itself. This may not be that surprising, but in the context of the human mind, it's kind of very much reminds me of the scenes in the first Matrix film where the characters can learn a skill (like kung fu or flying a helicopter) in a matter of seconds. We're not quite to that "instant expert" effect with AI, but we're not far off:

"It takes about an hour for the agent to learn to drive around a track. It takes about four hours to become about as good as the average human driver. And it takes 24 to 48 hours to be as good as the top 1% of the drivers who play the game."

A.I. has mastered 'Gran Turismo' — and one autonomous car designer is taking note

Is Firefox OK? - 2022-02-16

Wired is pointing out that Firefox is now "flatlining", after dropping in browser market share from 30% in 2008 to less than 4% today. They're 100% right: Firefox has no clear future.

I'm a niche user, so while I have strongly-held beliefs about what I like in software, I know that most others won't care about those same things. But since Firefox is bleeding users at high speed, I'm going to outline what I would like to see in Firefox that could give people a reason to use it again.

Split View

Remember browsers before they had tabs? Opera started the craze, and it took off and was adopted across all browsers over a few years. The next frontier is a split window view. While I normally would argue that the window manager should be doing this, most folks don't have mastery of their window manager, but could easily make use of a "split vertically" and "split horizontally" option.

Better Bookmarking and History

Lots of folks leave tabs open forever, and when they try to use bookmarks instead, they find themselves overwhelmed with bookmarks. This lack of organization within the browser opens them up to having companies organize their information instead: find that Twitter post using Twitter instead of the browser, just search Google again to find that recipe you were reading yesterday, etc. As a privacy-centric product, one thing Firefox can do is have a UI that pops up when the user is tying in the omnibox that progressively filters all their bookmarks based on the input, prominently highlighting when the bookmark was created and the last time it was visited. This is sort of available using * <bookmark name>, but so few know about changing search bar results on the fly that the feature might as well not exist for 99% of users.

Keyboard Customization

Many apps allow keyboard shortcuts to be customized, but browsers tend not to. In particular, it seems silly that extensions can't overwrite defaults like Ctrl-w, Ctrl-p, Ctrl-n, and Ctrl-t.

Serious Tools for Addon Management

Every addon is now a potential supply-chain attack against end users, so there is a lot of value in vetting high-profile extensions. They currently do this for extensions like uBlock Origin and Singlefile, but not other heavyweights like Vimium, Dark Reader, HTTPS Everywhere, and Decentraleyes. Providing a system that not only vets the code during install, but also when updates happen has a lot of value to folks that want to customize Firefox's behavior.

The general theme is that Firefox can give users a reason to come back by offering what other browser can not or will not. Instead, Firefox has been chasing what other browsers do, and this means they are always behind. Rather than focusing on "personalization" that allows users to change the color of the browser chrome, they need to focus on "functional personalization" that allows users to change the behavior of the browser in a safe way.

Is Firefox OK?

Australia Pays $20 Million To Buy The Copyright Of Aboriginal Flag, But It's Still Not Public Domain - 2022-02-09

The Aboriginal Flag (I think that's a proper name?) has a wikipedia page that's fascinating. While it currently shows the flag, it has an unexpected caption:

The above file's purpose is being discussed and/or is being considered for deletion. See files for discussion to help reach a consensus on what to do.

Of course, this is because the creator of the flag, Harold Thomas, has asserted copyright over the flag, prevented it from appearing in lots of places, and now negotiated with the Australian government for a payment of $20M to allow the government to use it, and it's still not in the public domain. I'm not going to embed an image here, but it's worth describing in its entirety, just so we can marvel again at the fact that it is both copyrighted and that the Austrailian government paid $20M for it:

The top half of the flag is black, the bottom half is red. A yellow circle with a diameter half the height of the flag is at the center.

I'm in the wrong business!

Australia Pays $20 Million To Buy The Copyright Of Aboriginal Flag, But It's Still Not Public Domain

google webfonts helper - 2022-02-07

I run ublock origin, so I notice when sites load resources from central repositories like Google, Cloudflare, or the popular CDNs for code, like unpkg. These resources are awesome and I'm glad they exist, but they introduce a dependency on an external service, which can change at any time. So I tend to avoid Google fonts because I prefer hosting webfonts myself. I discovered "google webfonts helper", which is a no-hassle way to download only the fonts I need for my page and then host them myself. This is particularly useful with frameworks like Remark, which I use to create presentations.

google webfonts helper

Developers react to 27% commission with astonishment and anger - 2022-02-05

The problem with companies that maintain such an iron grip on the ecosystem is that in the beginning, it seems like that "iron grip" is a feature. Without checks and balances, the company can solve problems and push the ecosystem ahead at a breakneck pace while onlookers cheer the company's incredible efficiency.

But then the problem emerges: what happens when the company no longer makes decisions you like? Suddenly that grip starts feeling less like a feature and more like bug. Apple has put a lot of their revenue eggs in the App Store basket, and given that Apple has more economic pull than most countries, laws aren't going to be particularly effective in preventing them from getting their way: rules have two problems. They require enforcement (which is expensive), and they don't change incentives, so malicious compliance becomes the order of the day.

Developers react to 27% commission with astonishment and anger

What NPM Should Do Today To Stop A New Colors Attack Tomorrow - 2022-01-10

Quick context: the author of a popular JavaScript package colors updated the package with malicious code that would spin in an infinite loop. This update was picked up globally because of how JavaScript package management works, and blocked deploys until a fix could be applied. For companies that don't test before deploy, this took down production.

The HN discussion about this article is extensive, much if it focusing on whether what happened with colors is really an "attack" or not. While that question is interesting, the article itself has some really good insights about package manager behavior and how it affects the overall ecosystem. I've worked on software build infrastructure of a few years, and it's a very closely related problem to package management. The key insight that Russ highlighted for me was that the way a package manager resolves dependencies has second-order effects on the how resilient the overall language ecosystem is to errors, whether intentional or not.

In particular, Russ' distinction between a high-fidelity build and a low-fidelity build seems extremely useful to me, and I hadn't run across it before. In short, high-fidelity builds resolve dependencies by using the latest transitive dependencies that direct dependencies have already tested with. Low-fidelity builds don't follow this pattern, and therefore suffer when new versions of packages appear that are broken and/or incompatible. Russ makes several other points around this, so the whole post is worth a read, but I wanted to highlight this aspect that was both new to me and useful. I will specifically look for this trait in package managers I evaluate, as it would have saved me a lot of pain in previous JavaScript and Python projects!

What NPM Should Do Today To Stop A New Colors Attack Tomorrow

How Copyright Keeps Works Disappeared - 2022-01-04

I recall some years ago hearing about the "copyright cliff" from some informal research that was done related to Amazon listings. In an effort to turn up that research again, I ran across this (much more formal) treatment from Berkeley Law. The basic idea is that publishers aim to maximize profit, which means focusing energy on publishing the most profitable works. As the terms of copyright have increased, it has also increased the number of works that remain under copyright, but are unpublished and unavailable. Accordingly, the researchers found a negative correlation between copyright and availability: works that are still under copyright are more likely to absent from store shelves.

This is interesting because it's a good example of a cost to society that is difficult to measure, and therefore gets ignored (McNamara Fallacy). It very much reminds me of how other industries can externalize their costs onto society in areas where money isn't a good measure of value.

How Copyright Keeps Works Disappeared [PDF]

Older Thoughts