Tim

Since imgur was blocked in the UK I was searching for an alternative way to occasuonally share photos on a Usenet group I’m in. (Text group, not binary, of course.)

I ended up just settling on a Hugo static site. It’s not quite drag and drop, but close enough for me - I just drag the photos into a content directory, run a build script and push the repo - argo deploys it.

Because it’s just plain old httpd serving static files, in a container, it’s about as safe/stable as I can make it.

Another perfectly normal day in Dumbfuckistan.

You do realise that “not being afraid of the police” is actually the norm in most developed democracies, right?

The state of the US police force is not some kind of act of God that nothing can be done about. You’re just all too goddamned lazy and selfish to fix it (see also: healthcare, education, school shootings, …)

Provided they are made with rolled steel and have a big-ass two-stroke diesel attached, I am entirely sure that routers are within the abilities of the US’s high-tech industrial base.

Can you power a router with Clean Coal™?

Warning, anecdote:

I was unexpectedly stuck in Asia for the last month (because of the impact of the war), turning an in-person dev conference I was organising into an “in-person except for me” one at a few days notice.

I needed a simple countdown timer/agenda display I could mix into the video with OBS; a simple requirement, so I tried a few from the standard package repos (apt, snap store, that kind of thing.)

None of them worked the way I wanted or at all - one of them written in Python installed about 100 goddamned dependencies (because, Python,) and then crashed because, well, Python.

So I gave up and asked my local hosted LLM model to write it for me in Rust. In less than 10 minutes I had exactly what I wanted, in a few hundred lines of Rust. And yeah, I did tidy it up and publish it to the snap store as well, because it’s neat and it might help someone else.

Which is more secure? The couple of hundred lines of Rust written by my LLM, or the Python or node.js app that the developer pinky-promises was written entirely by human hand, and which downloads half the Internet as dependencies that I absolutely am not going to spend time auditing just to display a goddamned countdown clock in a terminal window?

The solution to managing untrusted code isn’t asking developers for self-declared purity test results. It’s sandboxing, containers, static analysis… All the stuff that you are doing already with all the code/apps you download if you’re actually concerned. You are doing those things, right?

Honestly, any developer that isn’t using an LLM as an assistant these days is an idiot and should be fired/shunned as such; it’s got all the rational sense of “I refuse to use compilers and I hand-write my assembly code in vi.”

(And I speak as someone who has a .emacs file that’s older than most programmers alive today and finally admitted I should stop using csh as my default shell this year.)

Here’s the disclosure you need: all projects you see have involved AI somewhere, whether the developers like to admit it or not. End of. The genie is out of the bottle, and it’s not going back in. Railing against it really isn’t going to change anything.

I don’t see the pitchfork mob making that distinction. (And I think you are severely underestimating the capability of, say, the qwen-3.5 models locally hosted with a good CLI agent like Mistral Vibe.)

Personally, I run them on my own hardware, and am trying to learn to use and supervise them appropriately. The things they are good for they are amazing at. And yeah, they are also often mendacious and unreliable with the possibility of going rogue - but no more than any junior developer or intern. If you can’t manage an AI, you can’t manage hires either - which for a hobbyist is just fine of course, but if you’re a professional it’s not a good look.

You either learn to ride the wave, or you let it drown you. Shaking your fists at the tsumani though is a sure fire route to involuntary early retirement.

You’re exactly right.

I started my career writing assembly code, by hand, for money; I did not throw my toys out of the cot when that ceased to be a particularly useful skill. I spent a great deal of my career rawdogging malloc(), but then managed runtimes came along… And I also didn’t quit because I didn’t like having training wheels forced on me. Because I understood that writing code was never my job, solving problems was and code was just one of the tools at my disposal to do so.

AI is another tool. It’s fantastically useful in the right pair of hands. Any developer who refuses to use it is simply going to be left behind - and that’s ok, because those people are not software engineers, they’re coders with a hobby - and I’d never expect to tell someone how to enjoy their hobby. But nobody should expect to be paid for it.

I ain’t reading all that… All I can say is, sync (both ways) with Keepass & Nextcloud on Android works just fine for me.

What’s the problem with Nextcloud? I use KeepassDX (on android, KeepassXC on desktop) with the database on Nextcloud and don’t have any problem syncing.

find . -name LICENSE.md -print

There, arduous search complete.

I thought it was well known/understood that the server component was how Joplin pays their wages, and thus being under a different license is hardly a big shock; it’s entirely optional, and the fact they’re still sharing the source seems like a good thing rather than bad.

As for “they could just keep adding licenses!!!” Well, yeah, but so could any project. Apache could stick a proprietary license deep in a folder of httpd tomorrow and unless you were looking, you’d never know. Even a GPL project could incorporate a proprietary licensed component tomorrow provided it wasn’t linked into the binary/was a separate piece of software - like, say, the server component of Joplin. You just trust that they won’t, and/or properly check changes whenever you pull a new release like you were supposed to be doing anyway for security (hahaha, ok, no you weren’t,) or trust that if they did pull shenanigans it would be ‘news’ and you would hear about it.

That Joplin is open about it, and they retain the original licenses of FOSS they have incorporated instead of deleting/hiding the original license is a good thing. I wish more did it.

I still find it fairly wild that on US domestic arrivals they seemingly dump your baggage straight onto the sidewalk and you have to race to get to it before the nearest tramp does… There is much about US airport design that seems absurd in an international context.

Are the airport facilities (i.e. how much space is given over to security, how many scanners there will be, the queuing arrangements, that sort of thing) part of TSA’s remit, or is that someone else’s problem and they just work with what they’re given by the airport authorities (genuine question)? Because as an outsider, it doesn’t feel like “having basic airport security” is an absurd thing - it’s “doing it badly with completely inadequate capacity” that is. It doesn’t have to be that way (nowhere else in the world seems to have this problem), but it seems like in the US instead of doing the job properly they’ve instead decided to just come up with an endless number of schemes to allow people to pay to jump the queue instead of actually fixing the queue. I guess if that’s the TSA’s responsibility, I’d probably hate them too…

I mean, sure, if the only threat you can imagine is an exact replica of 9/11, sure, I guess they’re useless. But there have been far more people killed by bombs on airliners than 9/11, and someone needs to do the screening.

It can be true that the TSA are assholes, and also that US airport security was laughable before 9/11 and someone probably ought to be checking baggage for threats. Particularly while, as a nation, you seem to be doing everything in your power to make every country in the world except Russia hate you.

The weird thing about this thread is just how many people hate the TSA.

And I’m not suggesting they shouldn’t, but - it’s weird. I don’t hate the guys and girls who work at airport security anywhere else (and I fly a lot, around Europe and Asia.) They’re just people doing a job that I regret is necessary, on the whole keeping people safe. Even the ones in China with a battery and cigarette lighter fetish.

What is it about the US that means as soon as someone gets even the remotest sniff of ‘power’ that they have to turn into a monumental asshole? There has to be something about education, society, organisation structures, whatever that makes the US almost uniquely like the Stanford Prison Experiment on a continental scale.

But also markedly better in many. I’ve worked in Changsha on and off for the last decade, and I’d move there to live in a heartbeat. The modern US I wouldn’t touch with a hundred foot pole.

That’s subjective of course - but, while I don’t know what you’re taught in the US (it’s actually exciting to learn that you still have schools, I thought they’d all been converted into gun ranges) about China, that some people are clueing up to the reality being different is an objectively good thing - even if it’s not all sunshine and roses in Xi’s world either.

Don’t forget a UK gallon is about 25% bigger than a US gallon (160fl.oz vs 128fl.oz).

(Why yes, yes Imperial measurements are fucking ridiculous, thank you for noticing…)

Advanced Vector Extensions instruction set; introduced with Sandy Bridge in 2011, but not included in Pentium/Celeron branded processors even after then for reasons best known only to Intel.

Mongo is the application that has most irritated me by requiring it, but I doubt it’s the only one.

Just throwing this in here as another thing to consider - instruction set. From a quick check (so I’m happy to be told I’m wrong) the Celeron & Pentium options don’t support AVX. That means some stuff - and I’m giving a hard stare at MongoDB here, but there will be others - is not going to run, or at best you’re going to be either stuck with old versions or recompiling yourself from source.

(I don’t know if any of your apps require Mongo or AVX, but I was bitten by this in the past and it was one of the main reasons I eventually upgraded one of my small clusters.)

That hasn’t been true since 2018. (And in my experience (about a decade working at Sky), not that you’ll believe me, there was practically zero influence when it was - not least because James Murdoch had very different views to his father.)