Published
Weekend Reading — Locally hosted torment nexus
John "Posted today by Lego on their official Instagram account. Well done, Lego, well done. 😁"
Tech Stuff
portless HTTPS for npm dev using .localhost URLs instead of port numbers:
Portless runs an HTTPS reverse proxy on port 443 by default. Each app registers a route mapping its hostname to an assigned port. Requests to
https://<name>.localhostare proxied to the app.
Colima When you need to use Docker without the overhead. I occasionally use apps that need Docker — buildx to build deploys, act to emulate GH actions, etc — so don't have much patience for using the Docker GUI. My script does colima start when its need Colima and colima stop when done. As simple as that.
It's less that atom/RSS is "dead", and more that its "done".
The protocol is finished. It works well. It's stable and unremarkable as opposed to trendy.
And to capitalists, that's "dead".
Nothing to hype, no wealth to extract.
tilde.run Turns every agent run into a transaction you can roll back. Code from GitHub, data from S3, and documents from Drive show up as a single versioned filesystem. Every outbound call is checked and logged.
14.5. Non-Durable Settings I asked the LLM to update my Postgres config for speed over durability — on my dev machine I build code and run tests, so I don't care about fsync and checkpoints and such. I just need the tests to run faster.
Google Chrome silently installs a 4 GB AI model on your device without consent. At a billion-device scale the climate costs are insane. Sigh. If you're looking to avoid Chrome but you like Chromium (the underlying browser tech), there are some good alternatives without the baggage. Vivalidi is commonly recommended. I recently switched to Helium which is open-source, light-weight and privacy focused. And don't forget WebKit (Safari, Orion), which is just as good. (via Lou Plummer)
Mono One subscription that allows you to switch between models — Claude, Gemini, GPT, Deepseek, and more. Mind you, they make money if they charge you more than it costs them with a profit margin, so you can save more with a DIY approach, but if you don't have AI tools with smart switching capabilities, you could save a few bucks without an overbundence of hallucinations using this service.
Cursed Browser: Rendering Engine using Visual-LLMs (via Thomas Steiner)
Cursed Browser asks an LLM to look at the page's HTML and draw what it thinks it looks like. Every page load is a surprise. Every render is a work of art. It's better than correct, it's AI Native.
The coreutils Rust rewrite story is pretty funny.
Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.
But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:
https://seclists.org/oss-sec/2026/q2/332
PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.
Red Squares The contribution graph nobody asked for.
Business Side
We should replace "Quiet Quitting" with "Acting your wage".
Internet Graveyard An archive of sunsetted technologies, derelict architectures, and dead protocols. "We learn as much from failure as we do from success."
Machine Intelligence
AI-generated images have left us questioning what is real. But the godfather of digital forensics, Hany Farid, is not giving up Looking at the intersection of parallel lines to determine if the image was generated by AI. 🤔 (via Fabrizio Musacchio)
Someone I know IRL always Googles the name of doctors she is offered an appointment with. She got a letter through with a gynaecologist’s name and she searched him up and the results said he has been accused of sexual assault. She rang the hospital and asked about this, they said it’s not true, it’s AI generated. She is not comfortable seeing him. It could be true that it’s completely fabricated but how as a patient are you to know? Careers get ruined by this stuff.
DOOM runs in ChatGPT and Claude I don't know if ChatGPT is turing complete, but at least it can play Doom :)
Insecurity
60% of MD5 password hashes are crackable in under an hour If you read this blog obviously you don't consider MD5 password hashes secure, but there's a chance you might be using a service that's still on MD5, eg if they used MD5 when you first signed up and set your password:
Using a dataset of more than 231 million unique passwords sourced from dark web leaks - including 38 million added since its previous study - and hashing them with MD5, researchers at security firm Kaspersky found that, using a single Nvidia RTX 5090 graphics card, 60 percent of passwords could be cracked in less than an hour, and a full 48 percent in under 60 seconds
Quite honestly, it is very impressive that @[email protected] has a little down time as it does. The certificate world is full of landmines that themselves have small poison darts that fire randomly. To issue a metric ton of certificates with this little outage is an accomplishment.
So have an outage. As a treat.
A hacker ran me over with a robot lawn mower A motorized robot with rotating blades, a GPS, and a fixed password … what could possibly go wrong? (via Dex)
Makris explains that not only does each Yarbo robot have the same hardcoded root password, but owners can’t defend themselves just by manually setting a better password. Every time Yarbo updates a robot’s firmware, it changes the robot’s root password right back to its default password. Hackers can come right back in. “Wow, that’s even worse than I thought,” Petach says.
Everything Else
okay but what if we had a locally hosted torment nexus?
Not to brag, but I put the ‘pro’ in ‘procrastination’.
mitosis is just a scam by Big Biology to cell more
Empty Screenings About 10% of AMC movie showings sell zero tickets. This site finds them, so go enjoy your private theater.
I’m glad my cats love me. I just wish they loved me a little less at 5:30 in the morning.
People take it for granted, but the average person has more Fast & Furious films than even the richest medieval nobles did.
The Intolerable Hypocrisy of Cyberlibertarianism The pre-Internet era was not that great — paper maps and yellow books and such — and yet the Internet age is weird because people never change:
They produce, with frightening regularity, the exact behavior any kindergarten teacher could have predicted. Then they act surprised.
But the cyberlibertarian model required pretending it was unforeseeable. The platforms couldn't acknowledge that they needed governance because acknowledging it would mean acknowledging responsibility, and acknowledging responsibility would mean acknowledging liability, and acknowledging liability would mean the entire economic model collapses. So instead the industry invented a beautiful fiction: governance happens, but it happens by magic, performed by volunteers, for free, who we will simultaneously rely on and mock.
We’re Now Scoring Wireless Headphones (and One of Them Already Hit 10/10) Replaceable battery. Replaceable ear pads. Modular design. Actual repair manuals. This is what headphones look like when they’re built to last.
Viva la revolución: LinkedIn profile visitor lists belong to the people, says Noyb Creative use of GDPR Article 15 to work around the premium plan: (via Dare Obasanjo)
Think of it like this: LinkedIn has every right under the GDPR to take data it has about profile visitors, package it up, add analytics, and present it in its most useful form to those willing to pay the platform for such a premium service. But a masochistic user who wants to rawdog a CSV file of the same data should have the right to do that, too - and GDPR Article 15 gives it to them.
The clippening ‘Clippers’ cut up podcasts, videos, and events into infinite shorter versions. How long can they ride the algorithms?
Fabricated citations: an audit across 2·5 million biomedical papers A new study in The Lancet shows that the rate of fake citations increased more than 12x between Jan 2023 and Feb 2026. (via petersuber)
Today I learned Studio Ghibli old-school threatened Harvey Weinstein by sending him a single katana and a note that said "No cuts."
Weinstein was trying to shorten Princess Mononoke for American audiences and Toshio Suzuki was having none of that.
Wow.
The Boring Internet The internet you grew up on isn't dying. A commercial veneer glued on top of it is. And it’s not a bad thing. (via Scott Francis)
The platform layer is the loudest and the youngest. It is culturally dominant. It is where most of the screenshots come from. It is where the arguments happen and where the panic lives.
It is also a thin commercial crust on top of older, quieter machinery.
Under the platform layer is the service layer: the companies that own infrastructure but do not always need to become the destination. Gmail. GitHub. Cloudflare. AWS. CDNs. Payment processors. Identity providers.
LEGO® Icons Road Bike It doesn't climb hills at a fast clip but certainly it looks the part! 🚴
