I just finished converting my rather large (just under 500 lines) init.vim to Lua. It took way longer than I had hoped. I feel like I've forgotten the motivation and what benefits it was supposed to bring. At this point I really don't want to consider another conversion, using Fennel or otherwise.
I think about writing the config in fennel all the time, but I’m not a big config tinkerer and already worry about struggling with Lua when I have an upgrade gone awry.
I’ve found the neovim ecosystem to churn way more in recent years than it did when I initially started using it 8 years ago. It really reminds me of the JS ecosystem of the past decade: full featured plugin that works great decides to strip things back so that it’s functionality is all plugable and you suddenly have to wade through 2 major release’s migration docs to get things kind of working like they were before. I digress to point out why it might be hard to have yet another layer to translate through. Though if you don’t have kids, I’d say “go for it!”
I have 3500 lines config file in Lua that I have converted from VimScript last year. I see that Lua it's way easier to maintain than VimScript.
Fennel solves some Lua kirks, so I think that is a good use case, since Fennel has some cool features that can help to maintain the code. Right now I am moving the plugins that I maintain to Fennel.
Cruft is like dust bunnies, it grows if not cleaned up!
I literally just removed some code from 2021 that was echoing huge JSON files into build logs that nobody looked at.
It reduced the pipeline run duration from 45 to 30 minutes.
Now, a crypto coin will probably be harder to remove, but there's a weird inertia around long-lived repositories where people are afraid to make any changes. Although I hope the crypto portion is feature-flagged and can be somewhat easily disabled.
I've encountered this argument ... repeatedly. Let's explore the DIY route:
If you can build your own Signal server, you too can serve you and your own circle of friends. The bar is not that high (Java and VPS).
Signal clients are even easier but it remains mostly an unique build-challenge due to not so strong documentation and by the virtue of mastery of multi-platforms.
Having said all that jazz, step back and ask yourself this, what am I losing by building my own Signal-protocol network?
Anonymity
Now, you would easily stick out like sore thumb to all the Internet overwatch, even within VPN tunnels.
That's a risk for me.
What am I actually gaining?
Not much: a more unique hash signature of client app (it has downsides); the ability to perform a unique but slight tweak of hash/key/encryption algorithm using same Signal protocol (dangerous rabbit hole), and avoidance of XDR/NDR/IPS/IDS firewall, and the biggest one: zero spreading of hashed contact info (more on this below).
-----
Alternatively, let's take the original route: your own client against "the" Signal server:
Now, Signal protocol would be open to misshapen protocal usages (think "fuzzing"). Might be a good thing but certainly not at this early stage; do we have the manpower to stand guard over a protocol like ISC Bind9 team do with their DNS?
The one area that is not firmed up 100% (more like 99.999%) yet is the Privacy Information Protection axiom and that is centered around the exhanges of hashed "Contact" address book.
This there is largely understudied and under-whitepapered: how to exchange contact info in safe privacy order just to build your network: I keep that Signal client app option off for now and manually add my contacts. That's why I think that Signal team is moving away from telephone number.
Starting with "Which insider used MobileCoin to steal a billion dollars from FTX with the help of the publicity created by Signal?"
Then perhaps, "Now that SGX has been completely destroyed by a class break when will MobilCoin support be removed along with signals other security dependencies on SGX?"
And it fails to address why SemWeb failed in its heyday: that there's no business case for releasing open data of any kind "on the web" (unless you're wikidata or otherwise financed via public money) the only consequence being that 1. you get less clicks 2. you make it easier for your competitors (including Google) to aggregate your data. And that hasn't changed with LLMs, quite the opposite.
To think a turd such as JSON-LD can save the "SemWeb" (which doesn't really exist), and even add CSV as yet another RDF format to appease "JSON scientists" lol seems beyond absurd. Also, Facebook's Open Graph annotations in HTML meta-links are/were probably the most widespread (trivial) implementation of SemWeb. SemWeb isn't terrible but is entirely driven by TBL's long-standing enthusiasm for edge-labelled graph-like databases (predating even his WWW efforts eg [1]), plus academia's need for topics to produce papers on. It's a good thing to let it go in the last decade and re-focus on other/classic logic apps such as Prolog and SAT solvers.
I like SteetComplete but it's very basic, it just asks basic questions about the area you are in based on existing data.
I will usually set out to document something on my bike and just take lots of pictures, particularly of intersections. I then use the OSM website to update things at home.
The more meta data you feed into OSM, the more pointed questions StreetComplete asks. It can ask about simple things like road composition, street markings, and crossings. Often it's easier and faster to answer questions in App than using the OSM website.
For people who want to contribute but don't feel like traveling around, there's plenty to do at home using aerial or street view data. Many house numbers are wrong or misaligned with home locations.
Many neighborhoods use a hand full of footprints for homes and will mirror them or slap on a different facade. So I like to use aerial photography to trace out the foot prints of a few homes and then copy paste those onto all the like model homes.
Then I use street view photography to get accurate house numbers and update maps as well. The house numbers and locations vary wildly but for condos and townhomes they're usually pretty bad.
Simply putting accurate house numbers on foot prints makes a world of difference. Companies like Lyft and Amazon use OSM data for pickups and deliveries.
Road information is also often out dated, especially for new construction. We had a lot of people in our neighborhood complaining about Lyft pickups not being able to navigate to their location. I fixed our neighborhood, tagged Lyft on Twitter and they updated their maps within a week.
> with limited tracking, targeted broadly at the category of people who might listen to a particular podcast
Not so fast. Many podcasts are served by intermediaries. The same intermediary can then observe and collect an individual's listener preferences and create a more targeted profile.
The iOS podcast app Overcast shows you all the intermediary platforms a podcast goes through.
E.g. 99pi goes through Chartable, with Overcast flagging that it "may follow individual-listener behaviour across multiple shows or the web, often to track responses to ads.'
Not OP, but parent of multiple school-age kids and both:
1. You're 100% right, there are privacy concerns.
2. I don't know if they could possibly be worse than the majority of school districts (including my kids) running directly off of Google's Education system (Chromebooks, Google Docs, Gmail etc.).
You can generally register your child under an assumed name - at least, that is possible in my area. Families can choose this option if there is any threat to the security of their child.
It's important to differentiate concern(a feeling) from choosing to upload or not. In the calculus of benefits and risks, The feeling of concern(potentially leaking PII/health information) may be outweighed by the benefit in education. Even if someone is concerned, they may still see the positives outweigh the risks. It's a subjective decision at the end of the day.
I should have clarified that I used Adobe Acrobat to redact his personal identifiers from the report before uploading it to Claude. I generally also prompt using fake names. It's not perfect, but it's better than nothing.
And, on another note, this may be foolish, but I generally trust well funded organizations like Anthropic and OpenAI on the assumption that they have everything to lose if they leak private information from their paid users. Anthropic has a comprehensive and thoughtful privacy policy (https://www.anthropic.com/legal/privacy), which specifies they do not use your data to train their models, other than to refine models used for trust and safety:
"We will not use your Inputs or Outputs to train our models, unless: (1) your conversations are flagged for Trust & Safety review (in which case we may use or analyze them to improve our ability to detect and enforce our Acceptable Use Policy, including training models for use by our Trust and Safety team, consistent with Anthropic’s safety mission), or (2) you’ve explicitly reported the materials to us (for example via our feedback mechanisms), or (3) by otherwise explicitly opting in to training."
As for defending against a data breach, Anthropic hired a former Google engineer, Jason Clinton, as CISO. I couldn't find much information about the relevant experience at Google that may have made him a good candidate for this role, but people with a key role in security at large organizations often don't advertise this fact on their LinkedIn profiles as it makes them a target. Once you're the CISO, the target appears, but that's what the big money is for.
Thanks for the vote of confidence. I led the Chrome Infrastructure Security Team hardening for insider risk and generally defending against APTs for the last 3 years at Google. Before that, I was on the Payments Security Team defending PII and SPII data up and down the stack. Indeed, I and the company take this very seriously. We're racing as fast as we can to defend against the run-of-the-mill opportunistic attackers but also APTs. We've ramped the securtiy team over the last year from 4 to 35 people. I'm still hiring, though!
