Archive

All published posts

2494 posts latest post 2026-06-16 simple view
Publishing rhythm
May 2026 | 56 posts

Malicious Aur Packages Jun 2026

Recent Arch linux vulnerabilities are a good reminder of a few things. - AUR [1] is not the official package repo - The AUR is community driven - AUR packages are not always safe The first thing I’m doing to stop myself from running any aur updates automatically is removing any arch helper. sudo pacman -Rns yay paru paru-bin Currently the reported vulnerabilities are supply chain attacks limited to the aur, keep your arch system up do date, BUT do not update packages from the AUR right now. In fact I’m auditing my aur usage and removing anything I have not used in awhile. Here is a nice script I’m using to walk through my packages and get rid of things I installed and probably don’t need anymore. pacman -Qemq | fzf -m --preview ' echo "== package ==" pacman -Qi {} 2>/dev/null echo echo "== required by ==" pacman -Qi {} 2>/dev/null | grep "Required By" ' | xargs -r -o sudo pacman -Rns Supply chain attacks are getting real scary in 2026, maybe we should listen to Ginger...
1 min read
linux

Mythos gone already

Mythos released days ago, now its gone, before most of us were allowed to touch it.

just good enough

I built shit on the web before AI, some of it was okay, some I put a lot of time into, but some was just really shitty. Done just well enough to get the job done. All of it had to be written by hand or copy pasted from stack overflow. It was a lot of fun. Now we have a new level of shitty, it looks fine. It looks like it should work good. None of it is just barely good enough, nearly browser default style anymore.
rsync delays
I’ve been deploying my site old school for most of this year, rsync to a volume mounted to nginx. I ran into an issue today where I updated my site and all of the pages updated first, followed by upload. The issue this created was that the new cache busted css files were not up yet and the site had no styles for a brief period during upload. I found that delaying updates and delaying deletes until the new content exists first solves this problem pretty well. Theres still possiblility of jank while uploading to a live directory and not doing some sort of hot swap, but I’m good with this low budget option for now. sync: rsync -rlt --delete --omit-dir-times \ --info=progress2 \ --delay-updates \ --delete-delay \ ./output/ \ server:/mnt/mysite
The Unraveled Fail
Surgeons Key
Liquid Laquer
The Website Specification specification.website
The Website Specification A platform-agnostic, full specification of the technical features a good website should have. Built in the open under an MIT licence. The Website Specification · specification.website [1] A solid checklist for agents to implement on most sites. Very few sites need 100% coverage, but most should probably check most of these boxes References: [1]: https://specification.website/
Revisiting the closed canon derekkedziora.com
Revisiting the closed canon A post I wrote in 2023, the closing of the canon, predicted that LLM answers would replace search results, dramatically lowering traffic to individual sites, thereby removing the incentives to eve... Derek Kedziora · derekkedziora.com [1] This is what makes rss so interesting to me. Its boring old tech that fell out of mainstream popularity years ago, yet many sites still support it. Not all, especially ones that come with a good dickover [2]. At the same time, it’s sad to see the human internet dying, even more quickly than before. Not only do we have rampant bots and sites seo maxxing to get to the top. We have ai search overview that answers mose simple questions pretty good, chat that does good, and agents at our fingertips. The need for tutorials is pretty much dead. What we need now is human experiences shared and documented more than ever. I’ve been writing a whole lot less simply because this transition has been hard. Most of my pre 2024 posts were how to, notes for future me. Things so simple agents just spat out better versions in seconds these days with barely a question. References: [1]: https://derekkedziora.com/notes/revisiting-the...
On Rendering Diffs :: Pierre Computer Company pierre.computer
On Rendering Diffs A technical deep dive into how we built the @pierre/diffs package and CodeView component for zero-blanking diff rendering. Pierre Computer Company · pierre.computer [1] It’s incredible how some problems seem so simple until you load the browser with so much text it just bogs to nothing and how impossibly difficult it becomes after this point. Very cool implementation of a problem that…. who has this problem. If it takes me 2 mintues to scroll through a diff at mach speed like the video, is a diff going to solve my problem? References: [1]: https://pierre.computer/writing/on-rendering-diffs
His presence is still felt in the codebase to this day 😂 #codi... www.youtube.com
- Remember this clip in 5 years, after the churn we just had with RTO and ai this is going to hit. Or AI will just figure is all out for us, who knows anymore. Not that they will figure out the human side, the what does this do, why is it here. A temporary fix is a clear signal to your other devs I didn’t have enough time to do it right, but this works. I think AI will squash a large number of these, especially in big coorporate internal tooling where you are trying to juggle as much as you can and just keep it a float at all times.

Flowing Thoughts Ai To Help Blast Radius

Not sure how this matters to anyone else, but I'm sitting in the car and letting the thoughts flow. I'm having really interesting conversations with ai recently. Like things I never thought I would care this deeply about. In part because it feels like the vulns are coming faster and harder, and in part because it is really enabling me to invest some time into the development that I would not otherwise have. I'm thinking about least privilege, reducing dependencies in containers, limiting pod access to the Internet and other pods. Reducing the blast radius. Now I've always been hesitant to bring in new dependencies. I've always tried to strip to the lowest possible dependency set n my containers, but I would also re-use the main server container to run cron job workflows. I wasn't giving much thought about what services they could access, or their internet access
UUID as a service?! youtube.com
- How many people watching this sent their clankers out to make a uuid service for them as they were watching it. UUID as a service sounds great, heck @steipete just has to mention it and his claws are on it building out the service, no need to even type anything or directly form a thought, just mention it in the meeting and a new repo will be up by end of meeting.
First Sinner
Almost Broken Drivetrain
Chain between the gears, its almost more frustrating that it still works most of the time and teases me that if I just knew what I was doing I could fix it properly.
setopt HIST_IGNORE_SPACE
To ignore commands that start with a space character, use the HIST_IGNORE_SPACE option in bash or zsh. setopt HIST_IGNORE_SPACE
The Point Of Making Things Is To Make Them - YouTube www.youtube.com
- The 3 piece design for wheel s without a z-seam is absolutely genius. That is a sick trick. Love this guys style. Need a tool Make a tool. [1] [2] References: [1]: https://dropper.waylonwalker.com/file/8b6f5e2d-f8f2-4ff8-9744-0812bff8879c.webp [2]: https://dropper.waylonwalker.com/file/34430a1b-cd5a-4762-89ca-d3428c70e20c.webp
Burgers For Dinner On The Sheetpan
Fresh burgers off the flattop
Power Washing The Sidewalk 2026
It's been a couple of years since I've fully done our sidewalk, it was time before it got slimy again.
Jonathan Blow Made Me Quit My Job | Prime Reacts - YouTube www.youtube.com
- damn Johnathan Blow is not afraid to give you the cold hard opinions. If you want to be good you need to spend your early most formative years doing hard things, because you will not do it later, then goes on to say you should not do anything related to web development during that time as it will rot your brain.
Why Agent Harness Layer is DYING - YouTube www.youtube.com
- Thorsten is always a great listen with well thought out answers. I thought the advice “all you have to be is good” from his is so great, so many people focus too hard on credentials and certificates, they miss the time in the saddle and raw, just being good at what you do. They talk a lot about industry trends and that ai/llms have been here long enough to see that they are the new iphone. In some way you need to learn to work with them. Much of the minutia is churn, it will change and we will forget about it in six months. Working at amp right now is really trying to focus on releasing exactly the right thing and not everything. We’ve been given these great models that can churn out poc very quickly, it is our job to focus on what the right thing to adopt is.
Why Agent Harness Layer is DYING - YouTube www.youtube.com
- Thorsten is always a great listen with well thought out answers. I thought the advice “all you have to be is good” from his is so great, so many people focus too hard on credentials and certificates, they miss the time in the saddle and raw, just being good at what you do. They talk a lot about industry trends and that ai/llms have been here long enough to see that they are the new iphone. In some way you need to learn to work with them. Much of the minutia is churn, it will change and we will forget about it in six months. Working at amp right now is really trying to focus on releasing exactly the right thing and not everything. We’ve been given these great models that can churn out poc very quickly, it is our job to focus on what the right thing to adopt is.

Ping 59

"All you have to be is good" [source](https://www.youtube.com/watch?v=thMFsqe8kbQ) Not sure if this is a quote from somewhere but thought it was some interesting advice that @thorstenball received when he was starting into web development. He asked a friend already in the industry if he thought he had a shot. He had no degree, no credentials, no experience at the time.
Whiteward Spool Fragment
Coral Commandment
Marrow Skull Tyrant

remember rule 4

I almost for got Rules [1] 4 today, rollout when smooth late in the day right before a vacation day (terrible time to deploy I admit not my clearest plan). Race conditions are a b****, all around on this one. The app I was concerned about won the race to deploy first and was fine by itself, then another app had a race condition inside itself that killed it References: [1]: /rules/
Pump Sprayer Seal Shot
Tried to use the pump sprayer for the first time this year and all of the seals were shot.
Press Escape To Stop Mid Responses
If you are looking for s-tier respnses try pressing escape.
Ginger Chillin Laundry Room
Ginger scared the crap out of me when just chillin at eye level in the dark laundry room.
Rhiannon's Vocal Velocity Stage Setup
A look at the stage setup for Rhiannon's Vocal Velocity set, capturing the atmosphere after a performance. So proud of how well this set turned out, she killed it, the kids nailed the show.
Pilgrims Rhinogrund2
Voltvessels
These Layoffs Backfired Instantly (ft. Primeagen) - YouTube www.youtube.com
- Prime on Big A they make a really great mix. I really like primes perspective on the layoffs here. Adding in an ops perspecive a bit here. Maybe inspiring a full level post. infra, ops, sre roles are incentivised to keep uptime, that is your goal in these roles. Idk how it works on big products, its probably more greased, higher stakes, more well thoguht out, more well discussed. In my role for many small internal applications developers constantly use my platform different and find new edge cases that we never expected to hit. Depending on my week I’m either the team blocker and I’m fighting fires all week making sure new releases are getting out and stay running while everything is breaking, or I’m tending to the fire lanes, predicting the new edges, looking at previous outages and asking myself how do we never see this category of failure again. I think AI is really good a enabling both of these. I think you can probably run a leaner team with AI on the latter half. AI is really good at implementing things consitent (if you are careful) and fast. But when shit hits the fan, you still need the people who know the systems to get things back up quickly and prevent a cascade o...

agents are never done

Agentic coding has this nice trick of letting you bang out a project in an afternoon, something complex that would have take some real time to implement, not just some rounding error that can slip right in between the jira board. Then it will be perpetually never done. There will always be bugs and thorns rear their head up, new features no one ever thought of, and now no one really has to think much about beyond having the idea. This part of software engineering has always been here, its the root of the never complete 200 side projects. But now it feels like fuel has been poured on the fire, like we can get more done than ever. But we are tricking ourselves, these projects will never be “done”. There’s always more to add. Without feeling any of the pain of implementing it yourself, why not just keep adding new features forever. This is the mentality that is crushing me right now. It pulls at your token anxiety like crazy. You look at the usage board and you are almost cooked so y...
2 min read
ping
Songclave Supplies Fail
Pilgrims Rhinogrund
Pilgrims Rest Supplies
Pilgrims Rest Supplies Fail
Hivesteel Needle
Great Taste Of Pharloom
Chef Lugoli
Microsoft Doesn't Have it in Them to Win - YouTube youtu.be
- I havent used windows in years at this point, but I feel this on the products I am forced to use for work. Basic features are not right, kinda work most of the time. New features, ai integrations, new skin/design, but still teams can’t use my system mic appropriately yet every other app does. Also feel this computers have not got significantly better since around getting ssds. Yes they are better, but not at the same rate of being obsolete every two years. I hope we hit local model land and it flips this a bit, not in quite the obsolete every two years range, but some new hardware actually lets you do meaningful more new things.
How to Install Silksong mods on the Steam Deck | Long Play Tech longplaytech.com
How to Install Silksong mods on the Steam Deck Having a tough time with Hollow Knight: Silksong? These mods will help. Long Play Tech · longplaytech.com [1] Really good tutorial for how to mod silksong on the steam deck. We just did this on my son’s steam deck. I’d add a reccomendation to map ~ to a back button like L4. I think this guy was docked with a keyboard. References: [1]: https://longplaytech.com/posts/how-to-install-silksong-mods-on-the-steam-deck/