I recently discovered a static site generator called Astro, which supports many syntaxes but the .astro is a nice mix of TypeScript and JSX-like syntax. Content can use MDX which is like Markdown but with {JSX} style markup for variables and etc. The static components are used very similar to React, with familiar import statements and <ComponentName props=etc> patterns. It is extremely easy to pick up. Best of all, it has plugins to support all sorts of other interactivity, so you can create interactive 'islands' of content using React or Preact or SolidJS or Vue etc. That way you have most of your content statically generated, and then the dynamic parts can be done from the client side.
Best of all, if you use simple unchanged files for other dynamic stuff like JSON etc, you can just generate those on build and serve those files in the host directly as the 'response' to a simple REST request, which is sometimes overlooked despite being the most fundamental form of a REST API.
I came across this after researching various options for a website that had, mostly for my own entertainment, restrictions on wanting to be mostly statically generated but customizable easily without learning a lot of new syntax / etc, something JSX-like with Markdown support etc, and MDX was an immediate find - and astro was the easiest SSG I found for it after trying with 11ty and several others. Actually felt like a delight playing with it.
In Hack, collection objects were one of the biggest early mistakes that the took a huge amount of effort to undo. It turns out that the copy-on-write semantics of PHP array were extremely important for performance and good APIs. Being able to pass arrays to things without fear of mutation allowed for tons of optimizations and not needing to copy things just in case. This is why Hack switched to using `dict`, `vec`, and `keyset` rather than collection objects.
More generally, it's weird to see a whole blog post about generics for PHP not even mentioning Hack's generics designs. A lot of thought and iteration went into this like 5-10 years ago.
Ah, the marvels of modern democracy. No serious way to enact change, politicians still do whatever the hell they want, and we still believe that voting for someone else will change things.
It’ll soon be like the UK, that if you campaign against this kinda stuff, the party in power publicly calls you a paedophile. Because only people with something to hide want privacy.
Privacy is a losing proposition. Governments have the perfect trojan horse (child safety) so it’s only a matter of time before massive surveillance is the norm.
If I had to make a guess, I'd say this has much, much less to do with the architecture and far more to do with the data and training pipeline. Many have speculated that gpt-oss has adopted a Phi-like synthetic-only dataset and focused mostly on gaming metrics, and I've found the evidence so far to be sufficiently compelling.
> It’s a subscription product, but it has an insanely generous free tier that covers basically anything you’d ever want to do as an individual.
Tailscale do have a very nice product, but privacy-conscious users should be aware that you must disable Tailscale's real-time remote collection of your behavior on your “private” network. See KB1011: https://tailscale.com/kb/1011/log-mesh-traffic
“Each Tailscale agent in your distributed network streams its logs to a central log server (at log.tailscale.io). This includes real-time events for open and close events for every inter-machine connection (TCP or UDP) on your network.”
For an example of how invasive this is for the average user, this person discovered Tailscale trying to collect ~18000 data points per week about their network usage based on the number of blocked DNS requests for `log.tailscale.com`: https://github.com/tailscale/tailscale/issues/15326
“When you use the Tailscale Solution, we collect limited metadata regarding your device used to access the Tailscale Solution, such as: the device name; relevant operating system type; host name; IP address; cryptographic public key; user agent (where applicable); language settings; date and time of access to the Tailscale Solution; logs describing connections and containing statistics about data sent to and from other devices (“Inter-Node Traffic Logs”); and version of the Tailscale Solution installed.” (emphasis mine)
Anyway, the reason I quoted that part of your post is because Tailscale are using some Fear, Uncertainty, and Doubt tactics here by naming the privacy-preserving option “no-support”, and if you are a free user then you aren't getting support from them anyway, so there should be no downside to keeping your private network private :)
I tried using `tailscale funnel` against a dummy server `python -m http.server`, and within 10 seconds the bots started to check for vulnerabilities.
Tailscale warns you about how enabling it will issue an HTTPS certificate which will be in a public ledger. But I wasn't expecting it to be this quick.
I was initially enthousiastic about sandstorm when I encountered it, but in the end my preferred solution for self hosting has been Docker Swarm. Dead simple setup, low maintenance, everything easily deployable within Swarm (crons, backups, first deployment setup, reverse proxy config incl. certificates, etc).
Additionally a lot of projects provide a Docker compose file which is mostly compatible with swarm. I started using Swarm [1] when k8s was already ruling, but never regretted my choice.
I don't know if this is a good opinion, but I don't think it's a good idea for independent individuals to use highly permissive licenses on their open source software. Companies will just suck it up and might not contribute back. It distorts the market because if the software didn't exist, they'd have to hire people, contract it out, etc. somebody would get paid. you've saved a huge company from having to hire people to develop the software they need, which is good for them, but imo just gives the companies incentives to devalue engineers. I also think the value of somebody open sourcing their work as a means to getting a job is questionable and never really been backed up by any data.
Unfortunately, the choice of license likely won't matter in the nearest future (if not already so). If a tech giant wants you open-source library, they will just point their agent to it and ask "to rewrite in the style of War and Peace". And more unscrupulous players won't even bother with a rewrite, as we've seen recently in the case of Cheatingdaddy/Pickle.
> Instead of selling products based on helpful features and letting users decide, executives often deploy scare tactics that essentially warn people they will become obsolete if they don't get on the AI bandwagon. For instance, Julia Liuson, another executive at Microsoft, which owns GitHub, recently warned employees that "using AI is no longer optional."
So many clowns. It's like everyone's reading from the same script/playbook. Nothing says "this tool is useful" quite like forcing people to use it.
From a cursory glance, their apps seem to be of the kind that don't need continuous updates and can be considered complete. Self-contained, offline software that serves a specific purpose: https://search.f-droid.org/?q=SECUSO&lang=en
Unfortunately, Google no longer recognizes this as a valid development strategy. If you want to publish on Google Play, you need to continuously release updates targeting an SDK released within the past year[0]. If you don't, they will send you constant warnings about how your app is violating their policies, they might derank your app, and eventually they'll stop making your app available to new users.
Updating the SDK is not that simple and it often introduces new bugs if you don't read through the full changelog and test thoroughly. I have 3 apps and it already feels like I spend too much time each year updating SDK, I can't imagine updating 30.
They talk about how this somehow improves security and enhances user experience, meanwhile this policy worsens user experience by pushing people towards ad-filled apps that have the resources and courage to release needless updates, and they still publish spyware on their store.
- Kujtim Hoxha creates a project named TermAI using open-source libraries from the company Charm.
- Two other developers, Dax (a well-known internet personality and developer) and Adam (a developer and co-founder of Chef, known for his work on open-source and developer tools), join the project.
- They rebrand it to OpenCode, with Dax buying the domain and both heavily promoting it and improving the UI/UX.
- The project rapidly gains popularity and GitHub stars, largely due to Dax and Adam's influence and contributions.
- Charm, the company behind the original libraries, offers Kujtim a full-time role to continue working on the project, effectively acqui-hiring him.
- Kujtim accepts the offer. As the original owner of the GitHub repository, he moves the project and its stars to Charm's organization. Dax and Adam object, not wanting the community project to be owned by a VC-backed company.
- Allegations surface that Charm rewrote git history to remove Dax's commits, banned Adam from the repo, and deleted comments that were critical of the move.
- Dax and Adam, who own the opencode.ai domain and claim ownership of the brand they created, fork the original repo and launch their own version under the OpenCode name.
- For a time, two competing projects named OpenCode exist, causing significant community confusion.
- Following the public backlash, Charm eventually renames its version to Crush, ceding the OpenCode name to the project now maintained by Dax and Adam.
"I firmly believe that AI will not replace developers, but a developer using AI will replace a developer who does not."
Ugh, anyone who says that and really believes it can no longer see common sense through the hype goggles.
It's just stupid and completely 100% wrong, like saying all musicians will use autotune in the future because it makes the music better.
It's the same as betting that there will be no new inventions, no new art, no works of genius unless the creator is taking vitamin C pills.
It's one of the most un-serious claims I can imagine making. It automatically marks the speaker as a clown divorced from basic facts about human ability
I always find funny how the new, supposedly progressive, arguments in favor of mass immigration run so close to the ones given against when slavery was abolished, that society can only exist with cheap,exploitative, labor.
If your life has been as unfair to you as it has been to some of us, and forced you to work on SPAs as the result, try opening any large frontend project that uses Vite (or any other dev server that serves each file separately instead of bundling them).
If you're unfamiliar with this stuff, it results in your browser fetching thousands of JavaScript files from the local dev server.
Any Chromium-based browser handles that just fine in about 1-2 seconds. Firefox takes at least ten, including full page reloads. No adblocking on either, and yes I've tried all combinations of about:config knobs, fresh/empty profiles, etc.
That's the only reason I use Chromium for development work.
Save that as script.py and you can use "uv run script.py" to run it with the specified dependencies, magically installed into a temporary virtual environment without you having to think about them at all.
Claude 4 actually knows about this trick, which means you can ask it to write you a Python script "with inline script dependencies" and it will do the right thing, e.g. https://claude.ai/share/1217b467-d273-40d0-9699-f6a38113f045 - the prompt there was:
Write a Python script with inline script
dependencies that uses httpx and click to
download a large file and show a progress bar
Societal pressure and expectations cut both ways, and I think are starting to harm young men more than young women, and is somewhat explanatory of recent machismo populist political turn in youth voting.
The stats are saying - women enroll and graduate college at higher rates than men, graduate with lower unemployment, and society has spent the last ~60 years correcting a lot of the wrongs that harmed women's choices & freedoms (notwithstanding some recent SCOTUS decisions).
A young woman in 2025 has been brought up in a society that tells them they can do anything, be anything, want anything, etc.
For young men, I firmly believe society expectations haven't really changed at all actually. They are still expected to be providers, and to make educational/career choices & sacrifices to facilitate that.
Very few men are stay at home parents, or make less than their wives. Those that do are not accepted by society the same way as when the roles are reversed. As expectations haven't changed but women have gained economically in relation to men, this sets up a very potent mix of resentment and mismatched singles (high end loser women & low end loser men).
A pattern amongst my richer/older friends I've noticed is that their sons are encouraged to go get STEM degrees to support themselves, while their daughters are encouraged to follow their passions, go work at an NGO, oh and here's a condo in Manhattan we bought for you. I sat on the board of a condo in yuppie Brooklyn a few years, and despite the stereotypes, the majority of trust fund buyers were women now.
In general, women get paid the same as men, within the error of measurement, and have for many years. The trope of women making less than men comes from an apples to oranges comparison. Women choose less lucrative careers, leave the workforce more often to care for children, and care more about work-life balance. The result is that on average across the workforce, women make less. But if you look at an individual career track and control for hours worked/overtime, years of experience, etc. it’s generally quite even.
In fact, there’s a recent trend of young women making more than their male counterparts, as per the link in this thread.
This article is really trying to gaslight us into believing it is only pessimism, when decline in quality is very real. The best example is that ikea no longer sells solid wood tables, they are particle board with wood grain stickers. The exciting part is they are more expensive than the original hardwood versions.
Many comments here are arguing that quality has actually gone up over the past decades. However, a common experience for me is that I own something of good quality from 5/10/15 years ago and now buy the successor model from the same brand, but the product has gotten worse, being cheaper made. And I have a hard time finding a replacement that matches the quality of the old version. It’s a regularly reoccurring frustration.
My suspicion is that when products are successful and mature but reach market saturation, profit growth pressure leads to cutting some corners on every iteration, and hence to a slow decline in quality over the years.
> One way is to ensure that machines that must be backed up via "push" [..] can only access their own space. More importantly, the backup server, for security reasons, should maintain its own filesystem snapshots for a certain period. In this way, even in the worst-case scenario (workload compromised -> connection to backup server -> deletion of backups to demand a ransom), the backup server has its own snapshots
My preferred solution is to let client only write new backups, never delete. The deletion is handled separately (manually or cron on the target).
You can do this with rsync/ssh via the allowed command feature in .ssh/authorized_keys.
"My computer was compromised with an early boot stage hypervisor backdoor" happens basically never. It's an attack vector that exists almost entirely in the minds of infosec fucktards.
"My brand new device ships with vendor-selected boot certificates that can't be changed, can't be overridden, and control what software I can install onto my own device" happens with every other smartphone, gaming console, car, and even some PCs.
"Trusted Computing" is, and always was, about making sure that the user doesn't actually own his device. This is the real, tangible attack vector - and the target of this attack is user freedom and choice.
Best of all, if you use simple unchanged files for other dynamic stuff like JSON etc, you can just generate those on build and serve those files in the host directly as the 'response' to a simple REST request, which is sometimes overlooked despite being the most fundamental form of a REST API.
https://astro.build/
I came across this after researching various options for a website that had, mostly for my own entertainment, restrictions on wanting to be mostly statically generated but customizable easily without learning a lot of new syntax / etc, something JSX-like with Markdown support etc, and MDX was an immediate find - and astro was the easiest SSG I found for it after trying with 11ty and several others. Actually felt like a delight playing with it.