The Teensy Files
https://www.muppetlabs.com/~breadbox/software/tiny/
Really cool work creating the smallest ELF headers for a Linux binary.
There's also a recorded talk by the author explaining it all in a fun and succinct way.
Today I Learned
Everything from 2025
Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog
https://eprint.iacr.org/2025/1237.pdf
Oh, wow. Somebody call the coroner. It's not even smoke, it's just hot air.
I still like the idea of adding an extra post-quantum crypto routine into protocols like Signal did for applications where the extra compute is offset by long term privacy concerns of the data. Even still, given the likelihood that it's just more p-hacking, I'm definitely more worried about anyone even thinking of moving off of battle tested cryptography for post-quantum at this point.
Flip side, I definitely like the suggestion of some non-trivial primes for people to factor to better demonstrate the capabilities of these machines. Reminds me of a great paper I read, The quest to replace passwords: a framework for comparative evaluation of Web authentication schemes. Watching later papers start to use that framework for their password alternative research really seemed to slow down how often papers would invent both a solution and evaluation criteria at the same time. Fooling yourself is easy. That's why it helps to have others create the tests you aim to pass.
Honey, AI Capex is Eating the Economy
https://paulkedrosky.com/honey-ai-capex-ate-the-economy/
If you expect a bubble pop, you should position yourself to take advantage of the implosion. I wonder what will be left to salvage. What can you do with hundreds of mostly empty data centers and going out of business priced floating point compute modules to repurpose for small scale operations? There will be a lot of spare power in the short run since many of these projects are bringing online significant energy capacity. Food for thought.
Lecture Friday: Larry McEnerney analyses the Gettysburg Address
Another great lecture about writing, and in this case, speech writing, by Larry McEnerney.
NIH Is Far Cheaper Than The Wrong Dependency
https://lewiscampbell.tech/blog/250718.html
So much this. I've been banging my head against a wall explaining to developers that adding random things from the internet to production code is not a good long term plan for so long my mind is starting to mush.
I love calling this methodology Skyrim Driven Development after the sprawling modding scene for that game. Hundreds of thousands of mods, mostly compatible but with all sorts of weird edge cases, poor coding practices, and shoddy support. All that in an ecosystem where most people just blindly download and patch them into their game without any thought to the consequences.
Oh, is there an new pre-alpha framework written by an eager high school student in their parent's basement? Better use it to rewrite the mission critical system for the multimillion dollar business that's employing you.
Did installing something based entirely on the advice of Stack Overflow or an LLM cause problems? Just try adding and removing things randomly until it works again. Better chmod 777 * just in case.
Look this one says it improves things you didn't even know needed improving. Into the soup it goes.
Oh great, they changed the deal and now I need to pay for continued support. I mean, good on them for making money for their hard work, but damn the people at my company who signed us up for this.
Granted, your own developers building all sorts of action at a distance, implicit execution magic by themselves into the product is also hideously problematic. But at least all that code's in your control. You don't have to hope someone somewhere will keep working on it for free for you forever. Or constantly spend time fixing things some random person on the internet did to break your build for the third time this month.
Again, not all dependencies are bad. It's just that everything in engineering has trade-offs. There are ups and downs, and you must weigh them properly to make good products.
Why Do Tree-based Models Still Outperform Deep Learning On Tabular Data?
https://arxiv.org/abs/2207.08815
At one point, "just use XGBoost", became a bit of a meme in the machine learning community. Now it's all LLM or bust, no matter how trivial the problem. I even had someone explain recently how they were using them to do binary classification…
All that waste kind of makes you wish people would just go back to spamming XGBoost. You'd likely get better results to boot.
Lecture Friday: Introduction to Git
https://guide.handmadehero.org/code/day523/
This is some great slow burn satire. Well worth the watch.
I know we all just accept it, but he's on point. Everyone just gets used to git through brute force memorization and aliases. The data structure can be learned, but it only somewhat helps. Fundamentally should you switch, or checkout, or branch, or merge, or rebase, or reset, or restore, or revert, or rerere, or like… what are we even doing? Most people toss like ten words into documenting their commits. Most times I ignore the commit messages because they contain almost no useful information and instead just look at the diff anyway. Some people write good stuff, but if it's 99% pointless, you learn to ignore it. So why are we even writing it? Git says you must. So we toss git a couple words and move on.
If you take a few minutes and try and look dispassionately at the situation, there's definitely room for improvement here but it's popular because it's subject to the collective action problem. Everyone has to use git because everyone else has to use it. I'd say it has about the same usability as GPG. Consider that PGP is dead and everyone just uses WhatsApp or Signal. There's always room for improvement.
Maybe GOT's on the right track? Try and reuse the protocols and data formats so power users can keep using git but fundamentally keep the complexity on the inside and just let it all fade into obscure details of an otherwise simple and easy to use workflow. We'll have to see. Until someone builds a path out of this, at least we can sit back and laugh.
The Illusion of Thinking: Understanding the Strengths and Limitations of Reasoning Models via the Lens of Problem Complexity
https://ml-site.cdn-apple.com/papers/the-illusion-of-thinking.pdf
This caused a huge splash so you may have already read it. I think it's generally full of excellent insights. There's been a lot of these types of papers experimenting on LLMs to really dissect them and try and understand how they work scientifically.
I am by no means going to claim to understand LLMs emergent behaviour. However, one thing I'm starting to consider is that this may just be what a type of lossy text compression looks like. I'll probably end up posting the keynote at some point, but I remember John Carmack once saying something to the effect of, "Procedural generation is just glorified compression." When you look at procedural generation from the perspective of a decompresser, they look very similar.
Think of it this way, a compressor is a program that takes some input and creates a different program which, when run through an interpreter (the decompresser), yields a result with desired properties mimicking the original data. That last bit may sound weird, but only if you focus on lossless compression. Lossy compression is where it really starts getting interesting. Lossless has a fairly high lower bound. Lossy, now that's an area where we get subjective and weird.
For example, keep dialing down the quality on the compression. When you do, you start to get less faithful artifacts, things that are derived from the original, that in some way bear statistical relation to the original, but who's form after decompression starts to take on a character of their own. Now imagine that an artist is working on the decompresser so that these artifacts are actually somewhat pleasing and desirable instead of the more typical ugly compression artifacts.
That in mind, doesn't procedural generation sound a lot like substituting the compressor for a human? They take a bunch of input data to craft a program which, when executed, yields a result with desired properties mimicking the original data. Like a level generator, the human is removing all the redundant level geometries and instead creating a statistical model that encodes all this redundant information. Now instead of decompressing to get all possible geometries at once, you instead sample, and decompress only part of the space.
With that in mind, LLMs start to sound an awful lot like a compression algorithm. You generate a large model who's data consists of all this statistical similarity from the original, and in the output you sample the space starting at a point (the prompt) and expand to generate a position in the space of all compressed inputs.
That would explain why they have problems counting the number of "R"s in strawberry or solving the Tower of Hanoi. Nobody's written the solutions in the mountains of input data. Why can they now count the number of letters? The companies behind these are doing all sorts of synthetic input data generation. Farms of people creating questions for answers Jeopardy style. Writing programs to procedurally generate more training data helps bulk out the relatively limited human generated work and add examples of things humans haven't bothered to publish.
This doesn't fully account for everything these models seem to be able to do, but the research on these models also seems somewhat limited still. Science is a very slow process of trying to constantly falsify information. It's trivial to declare them god or slight of hand, but it takes time to exhaustively search for a way they can't possibly be and then conclude that you've searched long and hard enough that it's unlikely they aren't. But you also keep an eye out for anyone who can figure out a way to show they aren't, just in case.
Regardless of what my understanding seems to suggest, my thanks to the researchers here for spending the time to better understand what's going on and give us some great insights into this emergent system.
Lecture Friday: Burning Down the House: Carbon Politics, American Power, and the Almighty Dollar
More understanding for the seemingly sudden shifts and what they could mean. Mark Blyth has had a few works that seem to be slightly ahead of the mainstream, so I tend to really pay attention to what he's thinking about and why he thinks these things matter. Anyone telling you what's in store is very likely to get specifics wrong, but general trajectories are often easier to get right and prep for even if they turn out to not matter.
Also, this is probably one of the first question and answer periods for a talk that had any value what so ever. Some people in the audience there really trying to better understand these ideas and play with them together through dialogue. Not just grandstanding or asking about irrelevant things the person in the audience knows about.
I love when you couple this with the video friendlyjordies did about how Australia, having reelected their Labor government, is now perfectly set to do what America couldn't. Australia has Future Made in Australia, which has a lot of the same investment public-private partnerships the now abandoned IRA had. With the end of one, billions, if not trillions in private investment are potentially up for grabs. If not Canada, at least our sister state has a shot at the prize.
You Can Choose Tools That Make You Happy
https://borretti.me/article/you-can-choose-tools-that-make-you-happy
I maintain a website that I've built entirely by hand, being read by basically nobody, for no other reason than the joy it brings me and maybe the vein hope I can inspire someone to see what I see, or at the very least, consider reconsidering.
That said, yeah, get weird. Never fool yourself, you're the easiest to fool, but also never give in and never give up. As Bernard Shaw wrote, The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.
Nobody would have created many of the incredibly cool things we have if they'd stuck to what was easy and what already worked. They thought they saw what could work better and went for it. Many failed, some were right, a few even paid a high price for their dream. Most of the things around you are mealy an accident of history and incredibly hard work, not some divine truth. Reinvent things now and again for no other reason than you can. Do unconventional things for unconventional outcomes. To see what's possible, and to see if you really can make things better. Build your dreams, and maybe change the world. Probably not, but the avalanche starts with a single snowflake.
Wikipedia: Norman Borlaug
https://en.wikipedia.org/wiki/Norman_Borlaug
Another one of those people I brought up in a conversation that I think more people should know about. There may not be anyone less well known who's had as big an impact as Norman Borlaug. If you're alive today, that's partly the fault of Norman Borlaug. Truly one of the greats.
A Non-anthropomorphized View of LLMs
https://addxorrol.blogspot.com/2025/07/a-non-anthropomorphized-view-of-llms.html
Less a learning and more a plea. It's so cringe listening to people talk about statistics like they're omnipotent, going to wipe out all life on earth, or obsolete the terrain for a map. Conversations become much more productive when sophists stop trying to bear witness to the next coming in the output of gradient descent. It's just a tool. It's not magic. Yes, this has significantly surpassed the state-of-the-art NLP models of just a few years ago. No, you shouldn't be using it in lieu of actually learning how statistics work and then picking the right model for the job.
As someone who's been using computational statistics and machine learning for about a decade, I'd years ago written off large parts of the literature as mostly non-replicable p-hacking by people running the software equivalent of the egg-drop experiment. So many "advances" boil down to either moving the goal post by making up a benchmark you're conveniently the best at, overfitting a model and declaring it state-of-the-art, Frankensteining an ensemble for a one percent improvement at ten times the cost, or one of a few other shenanigans researchers have been routinely pulling since AlexNet really shook things up.
As it turns out, I was right that Attention Is All You Need was, in fact, game changing. The game I wasn't really paying attention to was BERT, a model so bloated and of such limited utility, I thought it was mostly a joke at the time. Turns out, if you just keep going with the joke, well past reason, until your model begins to use so much energy that it competes with the fossil fuel industry to see who can cook the planet faster, there's some interesting and useful properties to the joke.
Just please stop telling me it's thinking or alive or concious, or any other biological adjective. We still have neither a scientific nor philosophical understanding of what thinking even is. It's just statistically likely unstructured data. Is it useful? Yeah, in some applications. Is it reliable? It's reliable enough for some applications. Is it efficient? Mostly no, but some applications don't yet seem to have efficient alternatives. Using it for those we do, seems pretty foolish given the situation.
Just try and stop it with the pareidolia.
Handles Are The Better Pointers
https://floooh.github.io/2018/06/17/handles-vs-pointers.html
Great breakdown on how to handle memory without uncontrolled malloc()/new everywhere. Instead, create a manager for a subsystem that has its own memory pool. It can then use array indices (either on the pool or a lookup structure) which it issues and accepts through its API.
I'd heard about the technique before elsewhere but this breaks it down and gives some great examples. You've already been doing this with files, windows, and other resources the operating system provides you, so you may even understand the idea intuitively. Either way, a great piece on the technique.
Linux Is Dead, Long-Live Docker Monoculture
https://antranigv.am/posts/2021/08/2021-08-13-13-37/
I'm the type of person to go listen to a live symphony orchestra once every few years. I went to a performance of a famous classic symphony that was preceded by the premier of a brand new symphony. A brand new symphony, delightful, and all I could think while listening was, oh, it's just a movie score.
When the only work for composers is scoring movies, new symphonies are going to sound a lot like movie scores.
When the only work for developers is SaaS, software's going to all start to look like web shit.
So now the Windows start menu is written in React, otherwise promising image viewers require setting up a database and docker, and developers expect you to install their applications by intentionally opening yourself to remote code execution.
Unless a market and/or business model is soon found to bring about a renascence of desktop application development, I'm finding I have to agree with Casey Muratori that gaming really will become the Irish Monasteries of software development.
You MUST listen to RFC 2119
https://ericwbailey.website/published/you-must-listen-to-rfc-2119/
This is pretty funny. I love when someone pays an artist just to bring something fun into the world. I do it now and again but we can always use more of that.
Art and fun aside, if you don't know RFC 2199, now's your chance to learn one of the most influential RFCs ever written.
Already know that one by heart? Do you know about the related RFC 6919?
If you already know both of those, well then perhaps I could interest you in RFC 3339, what people usually mean when they say ISO 8601.
I could go on, but I won't.
Lecture Friday: Making Impossible States Impossible
Not going to use Elm, nor do I condone trying to treat your type system as a formal specification language. However, there are a lot of data structures I often see that have all sorts of invalid states available. Mostly places where two or more pieces of data have to agree on a value or state. Structures that are begging for some incorrect logic to corrupt things and cause unhandled edge cases.
In almost every case, very simple changes to the structure of the data could completely eliminate the problems. If your familiar with normal forms, this will feel super familiar to you. Relational algebra transcends SQL databases because it started as math, and was later ported to a programming language to try and make it easier to approach. If your familiar with Entity Component Systems (ECS) from game engines, you will start to see how it's all interconnected. When you think in normal forms, both your data and logic improve.
What LLMs Know About Their Users
https://www.schneier.com/blog/archives/2025/06/what-llms-know-about-their-users.html
I liked the analogy someone said a while ago, that LLMs would be able to make all texts interactive. One big body of text is a database. Obviously not an accurate mechanism to query the data, but who really cares about accuracy if you can sidestep those who'd thwart your aims at power?
As developers rushed to build the ultimate surveillance apparatus, we felt safe that at least access to the knowledge trapped in the database required some technical expertise. We the priesthood would be able to guard access to the troves of surveillance only for the aims of a better future. We could intervene and prevent sociopaths using the data to enact their control fantasies.
Turns out people with a lot of power really want to get a list of those who'd dare oppose them. Doesn't really matter how accurate it is. A list only 20% accurate works just as well for the goon squads.
Geeks, MOPs, and Sociopaths in Subculture Evolution
https://meaningness.com/geeks-mops-sociopaths
This essay came up in a chat I was having with some people at work. It's a real depressing take on the topic, but worth a consideration if you've ever wondered why groups of people don't really exist in the real world anymore outside of capital generation.
There's more to it than capitalism fundamentally exploits everything to death as is portrayed in the piece. Sure that's one of the best modes to kill things. It doesn't fully explain why interest groups don't form much anymore though. This is one entry from the work, Meningness. I'm not fully sold on it all, but I think this presents a good picture of what any shared endeavour seems to experience as it grows and dies.
Spanner: Google's Globally-Distributed Database
https://static.googleusercontent.com/media/research.google.com/en//archive/spanner-osdi2012.pdf
Recently had reason to briefly explain how Google Spanner works when I was discussing Amazon Aurora Limitless. I have no idea if Limitless implements the same tech as Spanner, but my guess is it's not entirely unreasonable. Again, I'm not talking about Limitless, I really don't know how it works. But someone was explaining it to me and it just sounded like Spanner.
The Ultimate Insider Threat: North Korean IT Workers
https://cloud.google.com/transform/ultimate-insider-threat-north-korean-it-workers
Worth knowing if you're in the market for a job or hiring. The flip side of these scammers trying to get hired to infect your company with malware is running interviews for devs and having a technical interview involving running malware on your machine. They'll say it's something like a web API server you'll build a frontend against or something like that. They're hoping you use your employer's laptop to do it and either have a bunch of credentials on your machine, or if they're really fancy, they'll wait in the background and see what they can do over the next couple days. Even if it's just your personal laptop, expect to get extorted.
Stay vigilant out there.
Wikipedia: Henry Dreyfuss
https://en.wikipedia.org/wiki/Henry_Dreyfuss
Henry Dreyfuss is responsible for so many of the designs of everyday objects you take for granted. I recently brought him up in a discussion I was having where we lamented the frankly appalling industrial design of many modern versions of things with pointless touchscreens, wireless radios, and impossible to use ergonomics. I humorously joked that Dreyfuss must be rolling in his grave.
Cheating the Reaper in Go
https://mcyoung.xyz/2025/04/21/go-arenas/
I've always tried to explain to devs that you can do manual memory management in a garbage collected language. The simplest method is to just start using resource pools. The reason to manually manage memory is to prevent the garbage collector interrupting you randomly. If you have a lot of identical objects you're routinely allocating for a limited amount of time, I suggest you look into them.
Either way, I came across this piece discussing how you can dig deeper in Go if you want to get even more manual control of your memory in a garbage collected language. They show how you can effectively implement an arena allocator.
When would you want an arena allocator? Whenever you have a bunch of work you want to allocate for that has a single conclusion point where you want to delete it all and start again. Instead of randomly pausing and running mark-sweep, you can just set the memory index to zero when the work is done. It's perfect for work loops like web request handlers, scratch space during game update/render loops, and between processing files/records in large batch ETL jobs.
While I like manually controlling memory, I also like being lazy. I like the idea of structuring languages where you can nest manually controlled memory regions within an otherwise GC environment. Allowing you to reach for power tools when appropriate.
Begging for Bounties and More Info Stealer Logs
https://www.troyhunt.com/begging-for-bounties-and-more-info-stealer-logs/
Welcome to beg bounties. In our ongoing deterioration into a society predominantly defined by scams and cons, bug bounties are becoming an increasing target of malicious actors. In this case, one group of attackers have created huge pools of people infected with malware. They use that malware to steal login credentials to websites and build massive dossiers, colloquially referred to as stealer logs. These are passed around for pay in private channels for money until it gets shared in a channel with a leak. At that point these collections hit the web.
This is where our new bottom feeders enter the scene. Being essentially talentless and morally bankrupt, they search out these lists and then contact all the sites who have users with computers infected with malware (so basically any site with a big enough user base). When someone shows up with a list of legitimate user credentials for your site, you take notice. How'd they get them? Your worst fear, there's a problem in your site leaking credentials.
The reality is much more benign. They're available through a few well known internet forums. They then try to spin a tale about how you need to pay them thousands of monies for forwarding them to you. Even if one percent of companies react before they think, contact a few thousand companies and you can make bank before it becomes too obvious a scam.
Lecture Friday: Elements of Programming Style
Loud sound at the 56 minute mark. The fire alarm goes off and it's quite loud because the recording is fairly soft.
I quite like the elements of style discussed here. The style rules presented tend to port fairly well as general concepts to any other language. For example, I now try and order the blocks of my conditionals to put the shorter block at the top, even when it requires negating the conditional as I first think of it.
I'm sure I've picked up a couple other techniques from here and I hope you will too.
I'm Not Feeling The Async Pressure
https://lucumr.pocoo.org/2020/1/1/async-pressure/
Another piece to add to the long running debate on whether or not python's asyncio is worth it. My guess is in 3-5 years it'll become a regrettable complexity in the ecosystem when full lock free threading becomes generally available. Just in time for everyone to have significant investment in red versus blue functions that we can't easily backtrack on.
If language committees could stop adding everything just because it exists in another language C++ style, that would be great. In JavaScript's case, async was a worthwhile problem to add in order to solve the existing problem of having to live inside an event loop outside your control and simultaneously having access to anonymous functions. More specifically that given such a language, developers will instinctively nest lambda callbacks until they're in so deep they're forced to start using single spaces as indentation.
CSP like in Go takes a step forward by not color coding functions, but takes two steps back by having the standard library magically hard code which syscalls are blocking. The more I keep looking at the problem, the more I think I have to agree with Jeff Bonwick and Brian Cantrill who note how userspace multitasking will forever over promise and under deliver. How fundamentally, non-preemptive multitasking leads to an endless series of design problems you don't have if you just let your OS schedule you.
Lecture Friday: How Much Math Is Knowable?
Great recap of many of the proofs we have about provability.
Wikipedia: Great Stork Derby
https://en.wikipedia.org/wiki/Great_Stork_Derby
Not the type of thing I usually share, but it kind of sticks with you.
Rough Idling
https://flak.tedunangst.com/post/rough-idling
Frustration at the state of software being interminably busy doing nothing of value.
What's in OpenBSD 7.7?
https://flak.tedunangst.com/post/Whats-in-OpenBSD-77
What's in OpenBSD 7.7? Essentially just an AMD GPU driver with a small Unix OS wrapped around it at this point.
I've kind of wondered for a while when the graphics card will just subsume the motherboard like a reverse integrated graphics stack.
Lecture Friday: Practical Data Oriented Design (DoD)
The thing that takes a bit to understand about Data Oriented Design is how the name implies it should be similar to some sort of code aesthetic like Object Oriented Programming. You go looking for the abstractions and intellectual virtues to structure code around but you never find any. It seems hard to understand because you keep trying to put it alongside philosophies like functional programming, procedural programming, and object oriented programming. The problem is it doesn't fit. You're comparing dogma to empiricism. It's like getting the intellectual tradition of Francis Bacon suddenly injected back into software development after a few decades concerned with moral purity and virtue. Turns out, you can measure things that matter to users and your code comes up wanting because you're not as good a developer as you think you are.
One of the things brought up is how booleans in structs destroy your performance, and how storing out of band works. This is exactly what loops to the bottom, conditionals to the top
looks like in practice. Having two lists of monsters, one living, one dead, you move the "is alive" conditional above the loop and improve performance in a few ways. There's now less memory involved, so you get better data cache coherence, but you also remove the branch miss prediction penalties, and gain instruction cache coherence by doing all of one and then all of the other.
Unstructured Thoughts on the Problems of OSS/FOSS
https://www.gingerbill.org/article/2025/04/22/unstructured-thoughts-on-oss/
Great set of thoughts that bounce the problems around open source back and forth. I'm still lost in the quagmire. Can't say this really points the road beyond out. More thoughts on the table may be able to help us discern the way forward.
Some Surprising Code Execution Sources In Bash
https://yossarian.net/til/post/some-surprising-code-execution-sources-in-bash/
Works on bash and ksh. Zsh isn't impacted. So, it turns out [[ "${num}" -eq 42 ]] allows remote code execution. Yeah, I didn't know that one. For any non-trivial program you really should be using something other than a shell script. My dividing line continues to be arrays. If you need an array to solve the problem in a shell script, you really should be using a different language to solve the problem.
A New Oral Culture
https://www.oblomovka.com/wp/2025/02/12/a-new-oral-culture/
Interesting thoughts when you think about how it relates to project documentation.
The Best Programmers I Know
https://endler.dev/2025/best-programmers/
Not much I learned from this one, but always worth sharing things for those getting started.
🦕 RansomLook 🦖
Added this one to the links page, but you really need to be aware just how bad the problem with ransomware has become. We're talking hundreds of organizations a month.
How to Report Bugs Effectively
https://www.chiark.greenend.org.uk/~sgtatham/bugs.html
The key to a good bug report is helping them recreate the problem. If you know how to reliably recreate it, a developer can usually fix the problem. So take the time to figure out the simplest way to cause the problem to happen before reporting it.
13 Things I Would Have Told Myself Before Building An Autorouter
https://blog.autorouting.com/p/13-things-i-would-have-told-myself
I always love someone rubbing real performance engineering work in the face of developers who think Rust or C++ just magically make your garbage code fast or those who think interpreted languages can't possibly be fast enough. Developer skill continues to be the dominant factor in real world application performance.
Win32 Is The Only Stable ABI on Linux
https://blog.hiler.eu/win32-the-only-stable-abi/
This is just sad, but seemingly true. So many people in the POSIX ecosystem just don't take backward compatibility as seriously as you have to, in order to be treated as a platform. I can still run games compiled for Windows in the 90s just fine. Want to back test your website on old versions of Webkit known to exist in many IoT devices? Basically impossible given the state of API churn and system "innovation".
From False Alarms to Real Threats: Protecting Cryptography Against Quantum
https://threatresearch.ext.hp.com/protecting-cryptography-quantum-computers/
Yeah, there's a lot of hyperventilating about quantum computing. This at least tries to give a mostly realistic picture of where we are, what needs doing before it becomes a reality, and why getting started this early matters. The two principals are that the first group to get Shor's algorithm running at a realistic scale will most likely be sworn to national secrecy. Second, agencies with fat wallets are definitely sucking up and storing data streams likely to have juicy secrets worth the cost of storing for a decade or more.
Teaching Smart People How to Learn
https://hbr.org/1991/05/teaching-smart-people-how-to-learn
Colleague at work sent this my way. The 60's to the 90's truly had some great management philosophy and science going on before the dot-com-boom and big tech would come to dominate management discourse by fiat.
Landrun
https://github.com/Zouuup/landrun
I love code sandboxes for services. Any tool that makes setting them up simpler is worth a look in my opinion. Haven't tested this out, but I'm keeping an eye on it.
The End of US Democracy and the Implications for International Relations
Trying to situate the next few decades in the context of other country's backsliding helps understand what's likely in store. You won't be able to just vote for a reversal of what's likely to come to pass.
Kings Over the Necessaries of Life
Great report picking apart many of the reasons for the price "shocks" we're seeing.
Microsoft CEO Admits That AI Is Generating Basically No Value
https://ca.finance.yahoo.com/news/microsoft-ceo-admits-ai-generating-123059075.html
lol
How Complex Systems Fail
https://how.complexsystems.fail/
Classic insights on complex systems.
CPU Benchmarks - Year on Year Performance
https://www.cpubenchmark.net/year-on-year.html
If you still think Moore's Law is going to save you, you're a decade out of date at this point. This marks the first time we've seen performance start to regress. It seems like we're starting to crest the S-curve on performance available on computers. The future is in squeezing the software, not the hardware.
Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2
https://arxiv.org/pdf/2311.10911
ReCAPTCHA continues to get worse than it already is.
SoK: Understanding Designs Choices and Pitfalls of Trusted Execution Environments
https://dl.acm.org/doi/pdf/10.1145/3634737.3644993
Trusted Execution Environments continue to be my computing enemy number one. Get your grubby little hands off my system. To that end, know thy enemy.
Unexpected Benefits of Building Your Own Tools
https://tiniuc.com/make-more-tools/
Another take on why only using off the shelf tools will always struggle to do a fraction of what a set of tools built for purpose can achieve.
Smooth Paths Using Catmull-Rom Splines
https://qroph.github.io/2018/07/30/smooth-paths-using-catmull-rom-splines.html
Another great curve worth understanding. While everyone reaches for bezier's first, these are interesting in the context of compressing freehand drawings and adding visually pleasing smoothing.
Lecture Friday: The Ultimate Guide to JTBD
Colleague sent me Bob Moesta as a reference when we were talking about a few things. I love the 2x2 framework discussed when thinking about why people change products.
Difference between Spline, B-Spline and Bezier Curves
https://www.geeksforgeeks.org/difference-between-spline-b-spline-and-bezier-curves/
A great primer on a few useful curves. You can never understand curve functions too deeply if you're working in computer graphics.
Beware of Metacognitive Laziness: Effects of Generative Artificial Intelligence on Learning Motivation, Processes, and Performance
https://arxiv.org/pdf/2412.09315
Worth keeping in mind. I'd love to see a replication and further extensions here to see what sort of effects were likely to see.
Let's Talk About AI And End-to-End Encryption
https://blog.cryptographyengineering.com/2025/01/17/lets-talk-about-ai-and-end-to-end-encryption/
Another step towards treating users like cattle instead of pets.
Mistakes Engineers Make in Large Established Codebases
https://www.seangoedecke.com/large-established-codebases/
Another acolyte of Socrates. I like the idea that the ability to work on large legacy codebases is what separates senior developers from junior developers. I mean, it's self serving since I'm someone who works on such code bases. Either way, good food for thought on development.
That's Not an Abstraction, That's Just a Layer of Indirection
https://fhur.me/posts/2024/thats-not-an-abstraction
Go look at abstract art. Now look at your abstraction. Well, those don't seem related at all…
They aren't. Your abstraction is just giving things names. Real abstraction moves away from the nature of the thing to be more precise. Relational algebra is an abstraction away from searching tuples of information. JSX is Javascript wearing an HTML skin suit. Knowing the difference is important.
Why Events Are A Bad Idea (for high-concurrency servers)
https://web.stanford.edu/class/cs240/readings/events-bad.pdf
Paper showing threads and events are just isomorphisms. They advocate for greater compiler support of threads, which is something I haven't really seen outside of language extensions like Cilk. I'd love to see what more we could do with the compiler to better signal context switching to the system rather than trying to outsmart it from our local point of view as we keep trying with userland threading.
Python for Lisp Programmers
https://www.norvig.com/python-lisp.html
I've always thought Python was fairly lisp like if lisp was based on dictionaries instead of lists. Sure Python's syntax isn't expressed in terms of dictionaries, but the runtime generally is.
Wikipedia: Amdahl's Law
https://en.wikipedia.org/wiki/Amdahl's_law
It's important to understand that horizontal scalability is also limited. You can't just throw more cores at a problem. There are those tasks that are embarrassingly parallel, but they represent only a subset of interesting computations.