Indeed. At least the source PDF (cited in the graphic) has the data:

Indeed. At least the source PDF (cited in the graphic) has the data:



For Zulip there are some public instances to look around if you don’t know it, like https://rust-lang.zulipchat.com/
There are some specialized tools if you only need video chat (like good old Jitsi) and there is one centered around a shared whiteboard / slide-sharing area (forgot the name). Or if you’re looking to just quickly do some collaborative editing there is CryptPad.


New engineers shouldn’t just learn how to prompt. […] The signal that an agent is bullshitting you is a learnable skill, and right now we’re mostly learning it by accident.
No. Education should focus on basics that are likely to remain relevant. The biggest signal that something will remain relevant is that it has been relevant for more than a decade already. Laws of physics, the PID control loop, what is a register, what is a LRU cache, asymmetric cryptography. Failure mode effect analysis, stuff like that. LLM prompting is very new. Better learn about big-O notation first, or you’ll never realize that the LLM went off rails. They didn’t teach you the latest Javascript framework at University either.
A simulator for engineers. This is the one I haven’t seen anyone build, and I think there’s a real gap.
We are having big fun with those.
A simulator for engineers.
You haven’t played Factorio, have you? ;-)
[A simulator for] debugging unfamiliar production-like code, reasoning about state in a real system, recovering from a nasty incident without help. Someone should build that. (Hit me up if you already are. I would be very eager to try this.)
You probably have been building mostly new software, and not yet had the pleasure to maintain something that was built two decades ago by a team that isn’t around anymore to maintain it. There is a big market for the skill to work on high-value legacy systems without breaking them. This kind of work that you don’t see in the hyped blog posts. (Or if you do, it will have “post-mortem” in the title. In fact, you have succeeded if your work on those system never makes it to the news.)
(Edit: The problem is not building this simulator. The problem is finding both the budget and the cruelty to beat an engineer into analyzing a legacy system that is currently working as it should. At the end of the day they are frustrated not having done anything, and the company has spent money with no tangible result. I guess we really could learn something from aviation - this kind of “getting intimate with the system” for its own sake just isn’t valued.)


It’s cute how they think they can control every technology by controlling commercial sales. And this after 3D printing started as this huge RepRap movement where everybody and their friend built their 3D printer from online instructions and rollerblade bearings.
Up next: when buy a 3D printer kit, you have to agree to only flash the unmodified firmware on your Arduino, and not one of the forks from Github. And you are no longer allowed to create your own hardware at home, or tinker with electronics of any kind, or publish instruction how to make your own electronics. And after that, you now need to register yourself before you can use a debugger.


The authenticated encryption of HTTPS similarly protects the CDN-based web clock approach. This avoids situations where an attacker-in-the-middle tampers with insecure NTP responses, messing up your system’s clock.
Almost… there is this fun thing called a delay attack that works despite encryption! (I’ll admit that it’s probably not a practical concern.)
Anyway, the article talks about time measurements through an absurd amount of abstraction layers. Please don’t ever call this “simple” or even “cloud-native time” or the like.
If you start trying to improve this setup you’ll find so many face-palm moments. Like TCP retransmissions (which the article mentions, to be fair). You’d have to use WebRTC to avoid that, which I bet the CDN network doesn’t support. Or the fact that web browser timers have intentionally reduced precision to resist fingerprinting. (Granted, if you are still in the milliseconds range it is not a problem.)
After I fiddle with the firewall rules (or a system install or major upgrade) I usually only do a quick portscan with nmap from another box. (TCP and UDP; only IPv4 only because I disabled IPv6 completely.) There are online port-scan services too, but you never know if they also invite the bots.
I agree with others here that vulnerability-scanning your own applications seems overkill. Like with external virus scanners, I always feel they are just as likely the attack vector themselves. The more complexity, the more risk.
What I do is:
AllowUsers user whitelist, but KbdInteractiveAuthentication no should be good enough too. If the failed login attempts by the bots bother you, you could run sshd on a non-standard port.Something else I always wanted to do (but never got around doing) is to create a simple canary intrusion detection. Like, putting some important-looking “prod” host into ~/.ssh/config and a private ssh key, and configure the target host to send me a SMS instead when this key tries to log in. (Or even shut everything down automatically.) This should prevent me from becoming part of a botnet for months unnoticed, maybe.
Check out the “tyranny of the rocket equation”.
Or ask Randall Munroe How many model rocket engines would it take to launch a real rocket into space?
I have a router with a few cronjobs like this:
# m h dom mon dow command
00 20 12 * * echo "check bank transactions (monthly reminder)"
00 19 15-21 * * test $(date +\%u) -eq 6 && echo "Anki learning reminder"
Cron will by default send an email with the script output. So you “just” need a non-broken email setup that forwards system emails to your main account. (Assuming you don’t self-host email too.)
This setup is useful because I have a few other cronjobs (backup scripts, and a health check for my own application) that should notify me in case of failure, and I would eventually notice that this is broken by noticing that those “calendar” emails no longer get through.
Reminds me of this Calvin and Hobbes comic about ethics :)
Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.
Interstellar (2014) - Scene that quotes the poem. Now this is where you go for proper theatrical drama.


You don’t have to live with the developers. You don’t examine Google or Apple with that kind of scrutiny either, as a user. In fact you can’t, because Google and Apple developers have NDAs and PR to prevent any internal human drama from leaking to the public. Doesn’t mean there is less of it.
With community-driven open source projects, almost everything happens in public, so you can dig up all that, and drama gets amplified through social media. If you want the illusion of something free of imperfect humans, better stick to the corporate stuff, I guess.


Yes. Not going to happen. The next best thing would be to shorten copyright protection to 10 years. (Also not going to happen, but easier to convince people that we should try this.)


You obviously want WTFPL instead of MIT for that.


Fun fact: Helikopter brauchen oft auch keinen Schlüssel.


I feel old now. I can almost hear the noise of the drive trying to chew on this one.
Anyway, have some on-theme music video: BAD SECTOR by unfa (youtube.com)


Or !inhabitedbeauty@piefed.social maybe?


Yes, and well written too. It was easy to read, and not too long.
Came here to make some smart-ass comment, but the article already says it all. One additional thing I’ve read though is that rat poison (used by farmers) is also a major killer for birds-of-prey. But it may be a local problem.
Yes but despite the footguns, C (not C++) is a relatively small language, not too hard to learn. And it’s the glue between kernel, system libraries, and all other languages. You don’t want to write big applications in it any more, but it’s still useful to know when you interface with existing stuff.


I agree that showing the zero level may be useful here, but… I cannot find a scientific source that shows it differently, so it’s not intentionally misleading at least. The bigger issue IMO is that it doesn’t show enough historic context (ice core data). The original article has it, or nature.org or co2science.org (though it doesn’t show the latest measurements).
I switched to Termux for a while too. It works. But it was a bit too fiddly. (Symlinks and permissions stuff, separate browser window, notification that it is still running, and also I never set it up to start on boot.)
I switched to BasicSync a while ago, can recommend.