Shellsharks Blogroll - BlogFlock

Upgrading My Home Internet to Full Fibre - Kev Quirk

2026-05-12T18:19:00.000Z

As many regular readers know, we live in the North Wales countryside, which means it can take time to get the latest and greatest when it comes to technology.

As a result, we were previously "limited" to FTTC (fibre to the cabinet) which had a max speed of 70Mbps. As a result, we got okay internet speeds:

But then I saw the ISP vans in the village, and I asked them what they were doing - "oh, we're upgrading the village to full fibre" she said.

I had to have it!

As soon as FTTP (fibre to the premises) was available, I placed the order with my ISP (who offered me a great deal that's only £5 per month more), and this is the result:

Is it worth it?

In all honesty, I haven't noticed the difference. We didn't have any buffering issues when watching things like Netflix or Apple TV, so I'm not really sure why I upgraded in hindsight.

I thought it would be this incredible difference where my internet would then be rapid, but the truth is, it's complete imperceptible. I remember when I upgraded from a 56k MODEM, to ~2Mbps broadband and it blew my mind. I was thinking this would be the same, but no.

I do think the increased upload speed is going to come in handy when it comes to things like syncing my private git repos back to my Synology, but aside from that, there's not much in it.

Had I paid full price (~£20 more per month) I don't think I'd have been too happy, but since I got a good deal, I'm not too bothered.

Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️

You can reply to this post by email, or leave a comment.

Go fuzzing was missing half the toolkit. We forked the toolchain to fix it. - Trail of Bits Blog

2026-05-12T11:00:00.000Z

Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, and C++ ecosystems offer with LibAFL and AFL++. Path constraints are hard to solve. Structured inputs usually need handmade parsing. It doesn’t even detect several common bug classes, such as integer overflows, goroutine leaks, data races, and execution timeouts. So to make it better, we built <a href="https://github.com/trailofbits/gosentry">gosentry</a>, a fuzzing-oriented fork of the Go toolchain that keeps the standard <code>testing.F</code> workflow while using a stronger fuzzing stack underneath to tackle those issues. With gosentry, <code>go test -fuzz</code> uses LibAFL by default. It can fuzz structs natively, run grammar-based fuzzing with Nautilus, detect bug classes that it couldn’t detect before, and create a fuzzing campaign coverage report in one command. If you already have Go fuzz harnesses, you don’t need to rewrite them. Point them at gosentry’s binary and you get all of the above through the same <code>go test -fuzz</code> interface, with a few new flags: <figure class="highlight"> <pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell">./bin/go test -fuzz=FuzzHarness --focus-on-new-code=false --catch-races=true --catch-leaks=true</code></pre> <figcaption>Figure 1: Basic gosentry usage</figcaption> </figure> gosentry keeps the harness API and changes the engine and the surrounding tooling — you just tweak the CLI. You can also generate coverage reports from an existing campaign with <code>--generate-coverage</code>. Run it from the same package with the same <code>-fuzz</code> target, and no corpus path is needed; gosentry stores the campaign state under Go’s fuzz cache index by package and fuzz target, so restarting the campaign resumes from the existing corpus. <h2 id="why-we-built-gosentry">Why we built gosentry</h2> We started this project after we released <a href="https://blog.trailofbits.com/2025/12/31/detect-gos-silent-arithmetic-bugs-with-go-panikint/">go-panikint</a> to improve Go fuzzing’s integer overflow detection. We realized that integer overflow detection wasn’t enough. Go’s fuzzing ecosystem was still missing techniques that Rust, C, and C++ researchers already use every day. We often faced these gaps in our own security work using Go’s vanilla fuzzer: <ul> <li>Program comparisons (path constraints) were impossible to solve: one complex <code>if</code> branch, and the Go fuzzer could stay stuck forever.</li> <li>Grammar-based fuzzing was never an option.</li> <li>Structure-aware fuzzing required additional manual work.</li> <li>Several Go bug classes would not crash by default or would depend on external libraries, so the fuzzer could reach insecure target behaviors without reporting them.</li> <li>Generating coverage reports from a fuzzing campaign was cumbersome.</li> <li>Making the fuzzer crash on critical error logs required manual code changes.</li> </ul> <h2 id="same-harness-stronger-engine">Same harness, stronger engine</h2> Gosentry keeps the parts Go developers already know: <ul> <li>Write a fuzz target with <code>testing.F</code>, as usual.</li> <li>Create your initial corpus with <code>f.Add</code>.</li> <li>Pass the input into <code>f.Fuzz</code>.</li> </ul> Under the hood, gosentry captures the fuzz callback, builds a Go archive with libFuzzer-style entry points, and runs it in-process through a Rust-based LibAFL runner. The API stays familiar, but gosentry enhances the engine, scheduling, detectors, and much more. We designed it this way to avoid friction for developers and security researchers adopting a new tool. Existing Go harnesses do not need to be ported to a new framework. And since the Go toolchain documentation and usage are already widely integrated into LLM pre-training datasets, an agent can easily use gosentry, as it is a fork of the Go toolchain. <h2 id="more-bugs-become-visible">More bugs become visible</h2> Another added value of gosentry is its capacity to turn more bad behaviors into failures that the vanilla Go fuzzer wouldn’t report. It includes compiler-inserted integer overflow checks by default and optional truncation checks through the <a href="https://blog.trailofbits.com/2025/12/31/detect-gos-silent-arithmetic-bugs-with-go-panikint/">go-panikint</a> integration. It also lets you choose function calls that should stop the fuzzer. For example, you can use the <code>--panic-on</code> flag to stop fuzzing when <code>log.Fatal</code> is called. This flag is useful for codebases that log critical errors and keep going instead of panicking and reporting the bug to the user. It can also catch data race issues using the native Go race detector (<code>--catch-races</code>), and goroutine leaks through its <a href="https://github.com/uber-go/goleak">goleak</a> integration (<code>--catch-leaks</code>). Finally, timeouts can be caught at fuzz-time to help detect issues like infinite loops. <h2 id="better-inputs">Better inputs</h2> Gosentry improves input quality in two different ways, which solve different problems. <h3 id="struct-aware-fuzzing">Struct-aware fuzzing</h3> Go’s native fuzzing accepts only a small set of parameter types, which doesn’t include composite types, such as structs, slices, arrays, and pointers. Gosentry supports fuzzing of these types.  <figure class="highlight"> <pre tabindex="0" class="chroma"><code class="language-go" data-lang="go">type Input struct { Data []byte S string N int } func FuzzStructInput(f *testing.F) { f.Add(Input{Data: []byte("hello"), S: "world", N: 42}) f.Fuzz(func(t *testing.T, in Input) { Process(in) }) }</code></pre> <figcaption>Figure 2: Supported gosentry harness with structured input</figcaption> </figure>  Under the hood, gosentry still mutates bytes. The difference is that it encodes and decodes the composite value for you in a proper way, so you don’t have to invent a custom wire format just to fuzz typed Go inputs. <h3 id="grammar-based-fuzzing">Grammar-based fuzzing</h3> In this mode, gosentry uses <a href="https://github.com/nautilus-fuzz/nautilus">Nautilus</a> to generate and mutate grammar-valid inputs while LibAFL still drives the coverage-guided loop. Let’s imagine you want to fuzz a homemade JSON parser. Without a grammar, most of the time you would generate junk input that wouldn’t even pass the first branches. For example, the fuzzer would mutate <code>{"postOfficeBox": 123}</code> to <code>{postOfficeBox"": """"&%}</code>, while a more interesting generated input of <code>postOfficeBox</code> would be a much larger number like <code>u64.MAX</code>, giving <code>{"postOfficeBox": 18446744073709551615}</code>. In that case, you need grammar-based fuzzing. You define what the structure should be, and the fuzzer generates inputs accordingly. You could write a harness like this:  <figure class="highlight"> <pre tabindex="0" class="chroma"><code class="language-go" data-lang="go">func FuzzGrammarJSON(f *testing.F) { f.Add(`{"postOfficeBox":123}`) f.Fuzz(func(t *testing.T, jsonInput string) { ParseJSONFromString(jsonInput) }) }</code></pre> <figcaption>Figure 3: Grammar-based harness for our JSON parser</figcaption> </figure>  The grammar format is a JSON array of rules: <figure class="highlight"> <pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"> [ ["Json", "\\{\"postOfficeBox\":{Number}\\}"], ["Number", "{Digit}"], ["Number", "{Digit}{Number}"], ["Digit", "0"], ["Digit", "1"], ["Digit", "2"], ["Digit", "3"], ["Digit", "4"], ["Digit", "5"], ["Digit", "6"], ["Digit", "7"], ["Digit", "8"], ["Digit", "9"] ]</code></pre> <figcaption>Figure 4: Definition of our postOfficeBox JSON grammar</figcaption> </figure> Just note that grammar mode still feeds bytes or strings to the harness. So your target needs to be able to parse either strings or bytes. <h2 id="what-it-has-found-already">What it has found already</h2> We’ve been running gosentry on a bunch of targets using grammar-based differential fuzzing campaigns and found a number of bugs. We have disclosed some of these issues to Optimism and Revm: <ul> <li><a href="https://github.com/ethereum-optimism/optimism/issues/19334">Unknown batch type panics and causes denial of service in kona-protocol</a></li> <li><a href="https://github.com/ethereum-optimism/optimism/issues/19333">Kona and op-node can disagree on brotli channels</a></li> <li><a href="https://github.com/ethereum-optimism/optimism/issues/19335">Kona frame parsing mismatch against op-node and OP Stack Specs</a></li> <li><a href="https://github.com/bluealloy/revm/issues/3458">Failed deposit in op-revm stopping with <code>OutOfFunds</code> does not bump nonce, leading to a state root mismatch against other clients</a></li> </ul> Those are exactly the kinds of bugs we wanted Go fuzzing to expose. They wouldn’t have been easy to find via the native Go fuzzer, but our grammar-based fuzzer via gosentry was able to easily detect them. Now, see what you can find. If you already have a Go fuzz target, run it under gosentry and see what it can reach compared to the native Go fuzzer. The project is available on <a href="https://github.com/trailofbits/gosentry">GitHub</a> and includes documentation for each feature described above. If you’d like to read more about fuzzing, check out the following resources: <ul> <li>Our <a href="https://appsec.guide/docs/fuzzing/">fuzzing chapter</a> in the Testing Handbook</li> <li><a href="https://blog.trailofbits.com/2024/02/23/continuously-fuzzing-python-c-extensions/">Continuously fuzzing Python C extensions</a></li> <li><a href="https://blog.trailofbits.com/2020/06/05/breaking-the-solidity-compiler-with-a-fuzzer/">Breaking the Solidity Compiler with a Fuzzer</a></li> </ul> As always, <a href="https://trailofbits.com/contact/">contact us</a> if you need help with your next Go project or fuzzing campaign.

Position or Perish: The Narrative Blueprint - Westenberg

2026-05-12T10:15:17.000Z

Avis was losing $3.2 million a year; and they'd been unprofitable for thirteen straight.

In 1962, they sat at number two in American car rental, well behind Hertz, with no plausible path to catching up. Robert Townsend, the new president, hired Doyle Dane Bernbach and asked them to do something useful with the worst hand in the industry.

The campaign DDB produced ran a single line:

"Avis is only No. 2 in rent a cars. So we try harder."

Within a year, Avis had moved from $3.2 million in losses to $1.2 million in profit. The cars hadn't changed. The locations hadn't changed. The pricing hadn't changed; but the story they told about themselves had, and they let that story do the work.

What positioning is

Positioning is the answer to a question every customer asks before they decide whether to care about your product: "What is this, and why should it matter to me right now?"

Before you have a product, and well before you have an investor, you need to have an answer to that question - and you need it in a single // simple sentence. Nobody is going to do the cognitive work for you; they'll categorise your product based on whatever signal they catch in the first three seconds, and the category, once set, is near-impossible to dislodge.

The category - the box they put you in - determines who you compete with, what price they expect to pay, what features they expect you to have, and what story you're allowed to tell. Get the category right and you set the terms; get it wrong and you spend the rest of your life arguing with the market about who and what you are.

Al Ries and Jack Trout published Positioning: The Battle for Your Mind in 1981. The book makes a forty-year-old argument that the war is fought in the customer's head, where there's no spare room and no patience for new claims.

The most expensive mistake founders make

The vast majority of founding teams treat positioning as a marketing exercise: Something the marketing team does after the product is built; something you put on the homepage when you're ready to launch.

This is both wrong - and expensive.

Positioning is upstream of marketing. It's upstream of product, pricing, hiring, fundraising, and PR. It determines what you build, who you sell to, what you charge, and what investors think you are. A company with clear positioning ships faster and raises at higher multiples because every decision flows from the same understood centre.

A company without clear positioning ships features that contradict each other and hires people who can't agree on what the company does.

I've worked with companies that had product-market fit and were still failing because no two people inside the building could finish the sentence: "We are the _____ for _____." When the founders can't agree, the sales team improvises, and the marketing team writes copy that doesn't ladder up to anything coherent.

The messaging spine

Every positioning piece should open with a messaging spine. It's the series of claims and narrative touchpoints that hold up an entire company. Decks, websites, sales scripts, hiring materials etc all come later.

A spine has four parts.

The first is the category. What kind of thing are you? What bucket do you belong in? A category is a shortcut, telling the customer how to think about you in a half-second of attention. If your category is wrong or fuzzy, every downstream message leaks energy trying to fix it.
The second is the audience. Who is this for, in specifics? "Businesses," "developers," and "creators" are broad nouns that fall apart under any pressure. A real audience description names a role and a moment. "Heads of compliance at mid-market fintechs trying to pass their first SOC 2" is an audience. "Modern professionals" is a hallucination.
The third is the alternative. What are they doing today instead of using you? This is the question most founders skip, and it's the one that matters most. Customers don't compare you to nothing. They compare you to the spreadsheet they've used for eight years, to the agency they hired last quarter, to the open-source tool they already know, or to the colleague who handled it last month. Until you name the alternative, you can't claim the wedge.
The fourth is the wedge. What's the single sharp thing you do better than the alternative? One thing, expressed so cleanly that a customer can repeat it back to a colleague without stumbling.

When the spine is right, every other piece of copy in the company writes itself.

Narrative is positioning told over time

Positioning is the static claim, but narrative is the moving picture.

A company can hold a single positioning statement for years, and most should; but the narrative around that statement has to evolve, because the world evolves and your competition evolves with it.

Stripe's positioning has been close to constant since 2010: payment infrastructure for the internet. The narrative around it has cycled through a dozen variations; in the early years they talked to developers about seven lines of code. By 2015 they were talking to CFOs about reducing fraud and reconciliation overhead. By 2020 they were telling Fortune 500 boards that they were the operating system for global commerce. But the spine held steady across each story.

Most companies get this backwards; they keep the narrative fixed and let the positioning drift. The pitch deck still says what it said three years ago, while the product has wandered into a new category and the leadership team is pretending it hasn't.

The remedy is to write the spine down, share it with everyone who joins the company, and revisit it once a year with the discipline of a financial audit.

Position against something specific

Every position works through contrast. The claim says you're better than something, simpler than something, more honest than something, or designed for someone the alternative ignores.

When Salesforce launched in 2000, they positioned themselves against “software” itself. "No software." Every piece of collateral pointed at the same enemy: installed enterprise software that took twelve months to deploy and cost millions in services. Customers didn't have to understand SaaS as a category. They had to understand they were tired of waiting for IT to install Siebel.

Pick your enemy with care. It should be big enough to matter, recognisable enough that customers already have an opinion about it, beatable enough that your wedge works against it, and unable to follow you into the corner you're claiming.

The wrong enemy is another startup nobody's heard of. The wrong enemy is the abstract status quo of "manual processes," because nobody buys against an abstraction. The right enemy has either a name and a market cap, or a behavioural pattern your audience can picture without effort.

The category gambit

Sometimes the right move is to claim an existing category.

Sometimes the right move is to invent a new one.

Inventing a category is harder and more expensive than founders think. The standard venture advice is to "create a new category and dominate it," and most who try this fail because they don't have the budget, the airtime, the patience, or the distribution to teach the market a new word.

When category creation works, it's because someone with serious distribution put their full weight behind a single term until the market repeated it back. HubSpot did this with inbound marketing. Drift did it with conversational marketing. Gong did it with revenue intelligence. Datadog did it with observability. Each company spent years publishing books and running conferences under a single banner until journalists and analysts stopped questioning whether the category was real.

If you're a seed-stage company with $2 million in the bank, you can't afford to create a category; but you can afford to claim a corner of an existing one, and own it harder than anyone else does. This is the Avis play: you don't need to invent the rental car. You need to be the company that tries harder than Hertz.

The category gambit gets misread because the visible examples are the winners. The failed attempts at category creation don't get studied. For every Drift, there are twenty companies that tried to coin a term, ran out of money before the market adopted it, pivoted into someone else's category, and disappeared from view.

What investors actually buy

Founders raising venture money tend to treat the pitch deck as a product spec. The deck explains what the product does, how the technology works, why the team is qualified to build it, and how the market is large enough to matter.

This is also wrong.

Investors fund stories about products. The deck is a narrative artefact, and its job is to make a partner at a fund repeat your story in a Monday morning meeting without garbling it. If the story collapses when an underprepared partner retells it on three hours of sleep, the deck has failed at the only thing decks exist for.

The best decks I've worked on open with a claim about the world. The product comes in around slide six, after the world has been described in a way that makes the product feel inevitable. Something has changed, something is broken, and the audience half-believes it already but hasn't seen it written down with any precision.

Founders skip this because they think the world-claim is obvious. It rarely is, even to the founders who built the company. The investor sees fifteen decks a week and starts each one cold. The first three slides install the worldview that makes everything that follows feel like the logical conclusion of a premise they've already accepted.

Copy as evidence

Every word on the homepage either confirms the positioning or contradicts it. There's no such thing as neutral copy and there should be no such thing as filler. A hero headline that says "Empower your team" contradicts the positioning of every company that uses it, because the words do no work and the customer has read the same line on a hundred other websites that week.

Specific words confirm positioning; vague words dissolve it. "We process two billion dollars a year in same-day payouts for marketplaces" is a positioning sentence. "We make payments easy" is a marketing hallucination that any company in the category could have written.

A good test: take your homepage copy, swap your company name for a competitor's, and see if the sentences still make sense.

If they do, you've written wallpaper.

The same test applies to investor decks, sales scripts, hiring pages, and press releases. If a competitor could lift your copy verbatim and use it without changing anything, you've written nothing of your own.

The pricing tell

A consultancy charging $4,000 a month is in a different category from one charging $40,000 a month, regardless of what either website claims. A SaaS product priced at $19 a seat competes in a different market from one priced at $19,000 a year, even when the feature lists overlap. The price tells the customer which competitive set you're in, and the customer believes the price more than they believe the copy.

Founders who underprice are doing it because they don't trust their own positioning. They worry that customers will balk, so they hedge by setting a number nobody could object to. The result is that nobody treats them as serious peers, because cheap reads as low-stakes, and low-stakes products don't get bought by buyers with real budget authority.

The correction is to price for the position you want, and let the positioning catch up to the number. If the plan is to sell to enterprise, an SMB price contradicts the plan on contact.

The number itself is a positioning claim, and underpricing is a way of telling the market you don't believe what your own homepage says.

Hiring is downstream of narrative

People want to work for companies whose story they can repeat at a dinner party without sounding ridiculous. If your narrative is sharp, you can hire above your weight class. If it's muddy, every hire becomes a war.

I've watched companies with worse products win senior hires from companies with better products, because the narrative was clearer and the candidates could picture themselves inside it. The folks who are actually in demand evaluate the story before the feature set. They want to know whether the story they'll tell their next employer about this job will sound impressive or embarrassing. We’re all climbing the ladder. Your story has to place you one rung up.

The same logic applies to retention. The best people leave when they can no longer explain what the company is doing. They leave before the bad ones do, because the bad ones don't have other options, and the good ones run the calculation every six months.

A clear positioning is a retention tool. It tells your best engineers why their work matters at the scale of the company, and it lets them say something coherent at parties when someone asks where they work.

When to reposition

Repositioning is the most dangerous play in the manual. Done well, it can rescue a stalled company in a quarter; done badly, it can torch ten years of accumulated meaning in a week.

A company should reposition when one of four things happens.

The market has moved underneath the original claim, and the position now describes a world that no longer exists.
The product has expanded into territory the original claim can't cover, and customers are confused about what they're actually buying.
A competitor has captured the language you used to own, and the contrast has stopped doing the work it used to do. Or,
the founders have learned something material about who their best customers are, and the original audience description has stopped matching the people writing the cheques.

Repositioning that happens because the founders are bored with their own message will always fail; personal boredom is not a strategic signal. The customer hasn't heard the message yet. The customer is just starting to remember it. Throwing it out because the founders have repeated it a thousand times is throwing out the only thing the market has begun to recognise.

Most repositioning attempts try to rewrite everything, and most fail because the new version has no equity, no recognition, and no proof points. A surgical change at the wedge or the alternative is easier to absorb than a full rebrand of the category and audience.

Founders as narrators

Every founder is the chief narrator of the company, whether they want the role or not. Investors read founders; hires read founders; and customers read founders. The way the founders talk about the company in informal settings tells the market more than any campaign ever will.

The founders who win at this discipline share two habits.

They use the same vocabulary to describe the company across every audience, so the deck, the all-hands speech, the analyst briefing, and the dinner-table answer to a stranger all sound like they came from the same head.
They resist the temptation to update the story every time a journalist asks a clever question, because they understand that the question is a test of conviction, not an invitation to redesign the company in real time.

Founders who lose at this discipline tend to do the opposite. They tailor the story to whoever's in the room. The deck says one thing, the all-hands says another, the analyst briefing says a third, and the dinner-table answer says a fourth. Over time the company loses the ability to say anything at all, because nobody inside it can agree on what the company is.

The fix is the spine again. Write it down, read it out loud, and use the words themselves. The discipline is to bore yourself with your own message a decade before the market starts repeating it back, and to keep saying the same true thing while competitors burn their oxygen on rebrands every eighteen months.

What to do this week

Skip the rebrand for now. Sit five people in a room and finish the sentence: "We are the _____ for _____ who want to _____ instead of _____."

The blanks are the spine: category, audience, outcome, alternative.

If everyone in the room agrees on the completed sentence, the company has working positioning. If the sentence doesn't read cleanly to everyone, no amount of homepage redesign or paid advertising will fix the underlying problem, because the underlying problem is that the company doesn't know what it is.

Run the exercise this week. Don't leave the room until the sentence reads cleanly. Then check it against the homepage, the deck, the sales script, and the latest job posting. Anything that contradicts the sentence is a leak in the spine. Patch the leaks one by one, and don't open a new marketing channel until they're closed.

The longer game

Positioning is a posture you hold for years, not a campaign you run for a quarter. Companies that hold a clear posture for a decade compound advantages that companies running a fresh campaign every quarter never accumulate.

Berkshire Hathaway's annual letter has said the same things, with the same vocabulary, since the 1970s. Buy good businesses at fair prices, hold them forever, trust the underlying math, and ignore the short-term noise. The letter doesn't change because the position doesn't change. The position doesn't change because Warren Buffett worked out what he believed early and refused to negotiate with the market about it.

You don’t have fifty years. At most, at the absolute stretch, you have 2-3 before the company either compounds into something or doesn't.

Pick the claim, hold the claim, write everything else from the claim, and let competitors burn their oxygen on rebrands every eighteen months while you keep saying the same, damned, true ~thing.

Announcing Wonders of Web Weaving - James' Coffee Blog

2026-05-12T00:00:00.000Z

If you have ever spoken to me, you may have heard me express a meandering interest in doing something with audio. I think the heart of this interest is that I love conversations and storytelling. I love hearing people talk about the things that make them light up. I love asking questions. I enjoy the feeling where you feel like you see the world in a new light after having spoken with someone.

With all that in mind, a few weeks ago I had an idea: I could interview people who love the web and chat about all things indie web. This coalesced into an outline for a podcast, which then became Wonders of Web Weaving.

Every Tuesday for the next fifteen or so weeks, I am going to be releasing an episode of the show. The first episode is with Adam, the creator of omg.lol and maintainer of many wonderful web projects.

I named the podcast the way I did because web weaving – making websites and the community around doing making websites – really is wonderful. After the first interview, I felt I had made the right choice in the name – the magic of the web permeates through so much of the indie web.

The show has its own website, which has an RSS feed you can use to follow along with episodes. Each episode will be accompanied by a hand-written transcription, available on the web page for each episode.

I am thinking of the next fifteen weeks as either season one, or the entirety of the show. Whether there will be another season, I’m not sure. For now, I’m challenging myself to commit to fifteen conversations. Having a clear goal towards which I can strive makes the project more sustainable than committing to a recurring show.

I hope that you all enjoy the show as much as I enjoy recording it. The first episode is ready for you.

Wonders of Web Weaving The first episode is ready for you. The first episode is with Adam, the creator of omg.lol and maintainer of many wonderful web projects RSS feed you can use to follow along with episodes

Bridging feels seamless. Behind the scenes, it's a technical marvel - Werd I/O

2026-05-11T22:29:51.000Z

Link: Bridging on a budget, by Ryan Barrett at A New Social

I’ve been in awe of Ryan Barrett since I first met him over a decade ago. He cofounded Google App Engine and led engineering at Color Health. His Bridgy tool, which allows people on different protocols and networks to follow and converse with each other, is now the basis of A New Social, the open social web non-profit that he runs with Anuj Ahooja. (Disclosure: I’m on the board.)

This post about how he reduced Bridgy costs is brilliantly detailed. It’s a good look into what’s involved when you need to refactor and reduce cost at scale — and what’s remarkable is how effective this work actually was.

“The end result of all of this is that we grew from 2k users to almost 150k, added a ton of heavy new functionality, and still managed to optimize and cut down costs from $.15 per active user per month to just $.03 or so.”

But it didn’t come easily. When you’re connected to the kinds of firehoses that Bridgy needs to be, and serving the kind of traffic it’s starting to handle, every optimization really counts. Because it’s open-source, you can dig down into individual optimizations and follow along each exploration. It’s painstaking work and a demonstration of their commitment to financial responsibility. Try vibe coding that.

Bridgy (and its parent A New Social) exists to help make the individual protocols less important: everyone should be able to collaborate with everyone else regardless of which platform they’re using. It’s the kind of thing that feels easy in the moment — but as this post proves, it’s far from simple under the hood.

To maintain their independence, publishers are fleeing Substack - Werd I/O

2026-05-11T21:58:25.000Z

Link: Writers are fleeing the Substack Tax, by Emma Roth in The Verge

If you weren’t all that bothered about Substack platforming and compensating Nazis, The Verge reports that there’s a new reason to be worried: it costs more and its much-touted network doesn’t count for much if you’re not one of its featured writers.

Sean Highkin of The Rose Garden Report is quoted in the piece:

““When I first joined up, [Substack] gave me a big push and featured me and funneled a lot of traffic to me, which led to a good amount of growth,” Highkin says. “But once I wasn’t one of the ‘new recruited talent’ they could tout, they stopped featuring me and I saw my growth stagnate.””

Ghost (with Ryan Singel’s Outpost) cost less than half and drove a significant increase in subscribers. It’s mentioned here alongside Beehiiv and Kit, but is the only truly open-source alternative. That means you can use Ghost’s services (as I do), but if you’re dissatisfied, you can move to another provider.

This is in stark contrast with Substack, which has been promoting social media style following relationships over true subscriptions, and only allows creators to export their subscribers should they choose to move. Similarly, Beehiiv starts with open protocols like RSS switched off by default, locking readers into its ecosystem.

That freedom is important. As Casey Newton says in the piece:

“The more important thing is that we have a home on the open web that we control, and whatever anti-creator changes Substack is forced to make in the future to live up to its valuation we won’t be affected by.”

Every media company, publisher, and individual creator needs to maintain their platform independence if they want to make independent business decisions. It’s good to see more people taking this step, and it’s good to see that they have options.

Asking platforms to do better won't work. We need to force their hands - Werd I/O

2026-05-11T14:31:51.000Z

Link: You couldn't create a more anti-news internet if you tried, by Matt Pearce

Matt Pearce, Director of Policy for Rebuild Local News, writes a behavioral economics inspired take on why our current embodiment of the internet is so bad for news and information.

In particular, he sees the introduction of “nudges” as being a pro-information feature that search engines, LLM interfaces, and social media platforms could introduce:

“Social media, too, could choose to feature quality news outlets as “defaults” or provide subtle “nudges” on content that prompt users to donate or subscribe to the news outlets providing high quality news videos on platforms like Instagram, which don’t pay for themselves.”

I happen to particularly agree with his implied criticism of newsrooms going deep on Instagram, which usually leads to vanity metrics going up and to the right but not necessarily to conversions, impact, or revenue. And I think it’s true that nudges across all these platforms would have the effect he’s hoping for. But I think the tragedy is that there’s no real reason why any of these platforms would actually do it.

The internet as it stands is perfectly optimized for the needs of these platforms: engagement, advertising revenue, and rapid growth. Adding pro-social nudges would add friction to their well-oiled loops and take users off-platform. That’s exactly why Google has moved from leading people to the best websites for a query to answering those questions on-page: its own needs are best served by keeping users in one place. For them to make different choices, they would need to be far more benevolent architects than they are.

So, one path forward is that they need to be forced to do it. This would need regulations to govern the features an information platform can provide, and could have very adverse side effects. We’re seeing increased regulations with respect to things like age verification, so introducing regulation is possible — but that age verification tech has become a surveillance layer that impacts freedom of speech for vulnerable groups. And if publishers go too far in that direction, for example by dictating that platforms share more ad revenue, the networks might simply stop supporting news content at all, as we’ve seen in places like Canada.

Another is to build new platforms that make better choices for the whole ecosystem: more interesting for readers, more supportive of publishers. We’re already seeing a resurgence in new open social web platforms as well as a regrowth in older technologies like RSS. But the incumbent platforms aren’t going to simply go away; any new pro-social platform has to directly compete with them while also building an ecosystem. Still, I think it’s more promising, particularly in a world where incumbent platforms are losing goodwill with the public. The kind of thinking that Matt’s done here is very useful in helping to design what those new platforms might look like.

We’re not in a great place and there’s a hard road ahead. I’m sure of one thing: asking existing platforms to do better is not going to work. So we need to take matters into our own hands.

WordPress powers 47% of the web. Now it's more social, too - Werd I/O

2026-05-11T13:31:54.000Z

Link: Radical Speed Month — The Reader Meets the Fediverse, by Mattias Pfefferle

We’re closer to the entire web being a social environment than ever before. That’s very exciting to me on two fronts. The first is that it’s always been the promise of the web that anyone could publish and be heard, and baking in social functionality is a huge part of that. The second is that it undermines the stranglehold that traditional social media platforms have had on the public discourse and democracy itself. We need movements like these to grow.

So I think it’s cool that WordPress.com just shipped some major improvements to its core reader:

“The Radical Speed Month bet: ship three protocol adapters in four weeks, and prove the Reader can become a universal aggregator. RSS / Google Reader API (so any reader app can use WordPress.com as a sync backend), ActivityPub (so Mastodon, Pixelfed, and friends show up natively), and ATProto / Bluesky (because that’s where a real chunk of the social-web conversation has gone). One Reader, every protocol you care about.”

In practice, that means that you can read updated content from the web via RSS, the Fediverse, and ATproto from the WordPress dashboard — and connect any compatible reader app to that dashboard to make reading more seamless. (I’m a die-hard fan of Reeder Classic, and it sounds like that works.) WordPress is now compatible with reading the whole open social web.

But, of course, it’s WordPress, which is a publishing environment at its heart. It’s supported RSS forever, and has supported the Fediverse for a while. Now it supports Bluesky, too. Unlike most readers, which are read-only environments, you can interact with those sources right from your feed, including by publishing posts and replying to other people’s.

That’s something the indie web community has been thinking about forever: people like Aaron Parecki have been building their own interactive readers using open web standards, and I remember working on a simple prototype at an IndieWebCamp in Portland.

But it’s also an idea that has become more powerful as the open social web has grown. There are millions of people to interact with – all of whom might be publishing from their own websites, on their terms, free from intermediation. May it continue to grow and spread.

Find blog posts with missing featured images - and missing alt text - without a plugin - Terence Eden’s Blog

2026-05-11T11:34:39.000Z

WordPress has the concept of "Featured Images". They are the images which show up when you share a blog post on social media or, on some themes, as the "hero" image.

How can you quickly and easily find any posts which don't have a featured image?

For this, I use WP CLI - it allows you to run complex WordPress actions and queries using the command line. After you have installed WP CLI you can get started.

Missing Images

On the command line, run:

wp eval 'foreach(get_posts(array("post_type"=>"post","post_status"=>array("publish"),"posts_per_page"=>-1,)) as $post){if(get_the_post_thumbnail($post)==""){$post_type_object=get_post_type_object($post->post_type);$link=admin_url(sprintf($post_type_object->_edit_link . "&action=edit", $post->ID));echo $post->post_date . " " . $link . " " . $post->post_title . "\n";}}'

Here's the code in a slightly more readable format:

foreach ( 
   get_posts( 
       array( "post_type"      => "post", 
              "post_status"    => array("publish"), 
              "posts_per_page" => -1,
       ) 
   ) as $post) { 
      if( get_the_post_thumbnail( $post)== "" ) { 
         $post_type_object = get_post_type_object( $post->post_type ); 
         $link = admin_url( sprintf( $post_type_object->_edit_link . "&action=edit", $post->ID ) ) ;
         echo $post->post_date . " " . $link . " " . $post->post_title . "\n";
      } 
}

That will print out:

2024-05-02 12:34:11 https://example.com/wp-admin/post.php?post=123&action=edit "A post about sausages" 
2023-09-13 20:55:52 https://example.com/wp-admin/post.php?post=456&action=edit "I like cheese"
2021-12-31 15:43:33 https://example.com/wp-admin/post.php?post=789&action=edit "Touching computers"

You can then go and edit each of those posts to add a featured image.

Missing Alt Text

Adding alt text means that people who can't see images will still be able to understand what the picture represents. Here's another one-lines to find all featured images with missing alt text:

wp eval 'foreach (get_posts(array("post_type"=>"post","post_status"=>array("publish"),"posts_per_page" => -1,)) as $post){if(simplexml_load_string(get_the_post_thumbnail($post))["alt"]==""){$post_type_object=get_post_type_object($post->post_type);$link=admin_url(sprintf($post_type_object->_edit_link . "&action=edit",$post->ID));echo $post->post_date . " " . $link . " " . $post->post_title . "\n";}}'

And, in slightly more readable form:

foreach (
   get_posts( 
      array( "post_type"      => "post", 
             "post_status"    => array("publish"), 
             "posts_per_page" => -1,
           ) 
   ) as $post) { 
      if( simplexml_load_string( get_the_post_thumbnail( $post ) )["alt"] == "") { 
         $post_type_object = get_post_type_object( $post->post_type ); 
         $link = admin_url( sprintf( $post_type_object->_edit_link . "&action=edit", $post->ID ) ) ;
         echo $post->post_date . " " . $link . " " . $post->post_title . "\n"; 
      } 
}

Again, that lists the datetime of the post, its edit link, and its title.

No, if you'll excuse me, I have about 873 posts which need updating 🤯

Hey you, start communicating! - Kev Quirk

2026-05-11T08:25:00.000Z

Hey you, start communicating!

by David Jamieson

David talks about why it's good to reach out to authors when you read their content. Even if it's just to say hi.

Read post ➡

Hard agree with David's comments here - he and I regularly exchange emails, actually. I try to reach out to authors whenever I read something that resonates with me. I'll also try to share their work via posts like this too.

For me, blogging is the original social network; just because we're on our own spaces doesn't mean we can't be socially connected. That's why I offer comments, and a reply by email link on all posts, including my RSS feed.

So yeah, start communicating! 🙃

Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️

You can reply to this post by email, or leave a comment.

Fear is information. - Westenberg

2026-05-11T03:52:45.000Z

The motivational industry has built any number of small empires on the notion that fear is a problem to be either managed, suppressed or out-manoeuvred. Fight the fear, etc. The language is typically martial - as if fear were a hostile enemy, camped at the gates of your better self.

But this is sloppy thinking that comes at a cost.

When the body floods with adrenaline // the mind locks onto a single threat, the system is doing what it evolved to do: reporting on the state of whatever it is you care about. The signal bypasses the conscious mind almost entirely; which is why you can spend years lying to yourself about what you want and still flinch at the wrong moment when the thing you value comes under threat.

My basic claim is this. When someone (anyone, everyone) is afraid, they're telling you what they actually value. Their fear is a noisy, but no less precise indicator of both the surface threat and their underlying stake. A founder who keeps delaying their launch has a private worry that has almost nothing to do with the launch itself; they're deathly afraid of the dissonance between who they've been telling people (and themselves) they are and who the market will reveal them to be. The surface object of the fear is misdirection; the actual content is a value statement signed in the writer's own hand.

You can argue with the rationalisations that get layered on top of the stake, but you can't argue with the signal itself.

People will lie to you about what they want, and they'll lie to themselves with even greater conviction. But their fear won't lie, because it can't. It's older than language and it runs on a circuit that doesn't consult the part of the mind responsible for maintaining a neat // tidy story.

If you want to know what someone actually values, pay attention to what they protect.

A client who keeps fixating on the timeline is afraid of something other than the difference between three weeks and four. Their fear is tied to a board meeting, or a budget cycle, or personal pressure. A prospect who keeps circling back to price is using the price as a placeholder for a deeper fear about whether they'll be able to defend their decision if it all goes sideways.

If you read the fear correctly, you can stop arguing with the placeholder and start addressing the actual stake.

Your own fear works in much the same way; it's drawn from a part of you that doesn't bother with self-deception. When you flinch at sending an email, you're exporting data about that relationship. When a project keeps slipping in your calendar - whether or not you've admitted to deprioritising it - your behaviour is an indicator. The thought of having that one conversation you've been putting off makes your stomach turn because you're responding to a real assessment of the stakes that the "refined" part of your brain has refused to acknowledge.

I've caught myself avoiding decisions for weeks at a time, generating elaborate justifications for the delay, when the actual reason was a single, one-line fear I would've been utterly embarrassed to say out loud.

But the fear is almost always right.

Even if it's usually wrong about what to do with the information…

Fear is excellent intelligence, but it's not much of a strategy. It tells you what's at risk with high fidelity, and what to do about that risk with all the sophistication of a small mammal in a patch of tall grass; the amygdala, after all, rarely understands either long games or leverage. If you let the part of you that knows what's at stake dictate your response to that stake, you'll spend your life flinching away from the things that matter to you and into the things that look superficially safer.

This is why so much of the advice we give // receive about fear is suspicious of the concept without quite understanding why. People do get controlled by their fear, and that control does produce bad outcomes; but it's a mistake to conclude that fear is therefore a corrupting influence and that it has to be smothered. The fear is fine - useful, even. The problem is letting an instrument designed for tactical reflexes write the plan.

Acknowledge the fear and read it carefully; and refuse to be moved by it until you've understood what it's telling you.

Then decide whether the information changes the plan.

But stop treating fear as either a master or an enemy. It's an instrument, and like any instrument, you have to read it and you have to choose what to do with the data it offers.

The list of things you're afraid to lose is the most accurate map you have of whatever you've built your life around. If you want to know what actually matters to you, watch what your nervous system does when something’s threatened. The list might not match the vision document you'd recite on a podcast, but it's much closer to a source of truth.

I find that clarifying rather than depressing.

The world is not as opaque as the official explanations make it look. People are constantly broadcasting what they value, in a frequency older than speech, on a channel they can't turn off. You only have to learn to listen to it, and be willing to listen to yourself.

The discipline is the same in both directions; read the signal carefully, and then decide what to do with the information, free of any pressure to obey it.

[RSS Club] A Sneak Preview of Upcoming Posts - Terence Eden’s Blog

2026-05-10T11:34:38.000Z

Psssst! This top secret post is only available to RSS subscribers!

As a little thank-you for being a member of RSS Club I thought I'd show you some trailers for upcoming blog posts.

I use the brilliant Editorial Calendar Plugin to organise all my scheduled blog posts. Here's what you can expect over the next month:

I tend to write in bursts - rather than once per day - and then spread the posts out. As I'm going on a long break soon, I want to make sure there are plenty of posts in the queue. There are also a bunch of posts scheduled over the next few years on specific dates.

Of course, if I unexpectedly die, I guess they be posthumous…

I'm also working on what will be (I hope) a reasonably big political story. I'm under embargo until my media partner publishes it - but I hope it'll go live in the early hours of Tuesday. Stay tuned 😊

If there's something you'd like to see me write about, please drop me a comment via your favourite method.

I'm off GitHub - Kev Quirk

2026-05-09T15:50:00.000Z

Ok, that's it. I'm officially off GitHub. First I moved all of my private repos to my Synology, which was extremely easy to do. I did that around a week or so ago and it's be working great.

Then I had to start sorting and moving all my public repos to Codeberg. Many were archived as I no longer maintained the projects, which left me with just 7 actual repos that I needed to move.

Pure Blog/Comments and Simple.css were the most challenging as they all had other people who relied on them, but I managed to get them moved with a little bit of messing around.

The others were super simply, I used Codeberg's migration tool to migrate the repos over, the ran a command locally to point my repos to a new target:

git remote set-url origin git@codeberg.org:kevquirk/[new-repo].git

That's it! Repo migrated.

Thoughts on Codeberg

It's fine. And I don't mean that negatively - there's a lot less going on in the UI than on GitHub, but everything is still familiar and similarly laid out. There's been almost zero learning curve moving from GitHub to Codeberg, so props to the Codeberg team for that.

I've applied for a Coderberg membership as I think it's important to support the open source projects we use, so hopefully that will be approved soon.

Overall I'm very happy with the move. All the old GitHub repos have had their README.md files updated to point to Codeberg, and they too have been archived.

So that's one less piece of big tech I need to rely on.

Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️

You can reply to this post by email, or leave a comment.

Canvas is open source, but its cloud services ransomware attack really hurts - Werd I/O

2026-05-09T13:51:02.000Z

Link: 'The Biggest Student Data Privacy Disaster in History': Canvas Hack Shows the Danger of Centralized EdTech, by Jason Koebler at 404 Media

I started in edtech. When I graduated with my Computer Science degree, I returned to the university to work at the Media and Learning Technology Service. There, I discovered that all the edtech software at the time was so bad — the learners hated it, the teachers hated it, the administrators hated it, and I have to assume the people who made it also had a deep-seated contempt for it — that it actively made learning worse. Worse, these platforms were charging institutions huge amounts of money for the privilege.

Because I was an avid blogger at that time and knew that people were learning from each other on the web all the time, I built a prototype social network for learning and tried to give it to them. They told me they didn’t want it (in a way that was much ruder than that). So I quit my job and ended up releasing it under an open source license so it wouldn’t be centralized and hold institutions hostage. That act of hubris set up the entirety of the rest of my career.

Which brings me to this article:

“Thursday afternoon, millions of students at thousands of universities and K-12 schools were locked out of Canvas, a piece of catch-all education technology software that has become the de facto core of many classes. ShinyHunters, a ransomware group, hacked Canvas’s parent company and apparently stole “billions” of messages and accessed more than 275 million individuals’ data, according to the hacking group. The group also locked students out of Canvas.”

Ian Linkletter — a librarian who has been an active, and in my opinion, unceasingly correct edtech critic — is quoted as calling this “the biggest student data privacy disaster in history”. It need not have been the case; Canvas is theoretically open source. But you can’t make money with open source alone, and self-hosting is not something most institutions want to undertake. Canvas is a huge codebase with real quirks that is non-trivial to self-host, and the maintenance and infrastructure costs are real.

It’s also not clear that self-hosted infrastructure would be more resilient: a university could be subject to a ransomware attack with very little recourse. At the same time, the centralized nature of Canvas’s core offering means every institution that uses it, including over half of all US higher education institutions, were in a hard place right in the middle of final exam season. Access is coming back, but at the time of writing, it hasn’t been fully restored. It’s a hard lesson about the dangers of putting everything in the cloud.

Note published on May 9, 2026 at 1:42 PM UTC - Molly White's activity feed

2026-05-09T13:42:31.000Z

A recent CoinDesk survey found 73% disapprove of government officials having crypto business ties, yet 55% weren’t aware of Trump’s involvement, and only 17% knew he co-founded World Liberty Financial.

This underscores why my work at Citation Needed is so necessary.

https://www.citationneeded.news/signup/

Book Review: The Names by Florence Knapp ★★⯪☆☆ - Terence Eden’s Blog

2026-05-09T11:34:20.000Z

This has an excellent narrative structure, some beautiful prose, and I just didn't enjoy it.

The story is Sliding Doors meets Same Time Next Year mixed with a distressing amount of domestic violence.

A mother faces a difficult choice. Should she name her child after her abusive and violent husband? In one strand she does, in another she doesn't, and in the third she makes a compromise. We rejoin the story every few years to see how our protagonists are progressing.

It mostly works and pushes us to consider how much the path of our life is influenced by factors outside of our control.

I have a real difficulty with books about violence. All of the characters are unsympathetic - trapped by tyrant but also trapped by their own inaction. I also struggled with how pedestrian and limited it was. In a world where you can read anything, why would you choose to spy on your horrible neighbours? Like a tawdry soap-opera it offered nothing more than misery and heartbreak. Fine if you need that sort of substitute empathy, but it left me feeling grubby and unsatisfied.

To be fair, the characters in the book address this:

‘Why read them if they make you feel bad?’

‘Because I’m hoping one of them might feel like me,’

It isn't a bad book - although it does veer into cliché a little too often - and the structure is interesting enough. But I found its subject matter too distressing to be enjoyable,

Book Club Discussion

This isn't the sort of book I'd normally pick up - but it was chosen by the book club I attend. The majority of readers rated it higher than I did. Here are some of the things we discussed.

The central message sees to be that, no matter how hard you try, the tragedy which infects your life can never be escaped. I found that depressing and disempowering. The domestic dreariness was stifling and just left me irritated with the passivity of the characters.

The evil father is an arsehole - but a one-dimensional arsehole. I get that there's a risk to humanising an antagonist, but other than a brief mention of his back-story there's nothing about him. I didn't want a justification for his actions, but he felt like a cartoon villain.

Even when one character gains a moment of happiness, it is offset by another's misery. No matter which path is chosen, someone always ends up broken.

Are we "destined" to meet the same people, no matter what path we take?

How Many Mildliner Mix Colours Are There? - Robb Knight • Posts • Atom Feed

2026-05-09T10:58:44.000Z

A couple of weeks ago Ben was kind enough to send me a 3-pack of Mildliner Mix pens — two-colour highlighters made by Zebra. This led me down a path of looking for the second set called "Cool" but the price of shipping meant I would have been paying ~£5 a pen which I wasn't willing to do.

Then this week, as I am want to do, I went over to Stationery Pal (that website is riddled with ads just a heads up) and they had a big banner on the home page about a ten pack of Mildliner Mix so I ordered them immediately. And if my maths is correct, ten is more than six, which is how many I was aware of until that moment. This was the image they had which I downloaded so I could update the Mildliner site.

I started adding them to the site and noticed that one of the colours I already had, Red and Gold, isn't going to be in the pack I ordered. I went back to Zebra's website and there's no mention of these additional colours, just the original six. So eleven is the number.

I'm down a rabbit hole now thinking about rebuilding the reference site, working out how many of the dot and stamp marker versions there are, and if there's a secret extra one in the brush versions like there is in other ranges. Very normal stuff.

A new website, and a focus on small business - Johnny.Decimal

2026-05-09T04:02:40.000Z

For me, looking back through this website’s version history is like watching the final scenes of Interstellar. Years fly by; visuals of who we were two, three years ago. Three years feels so close but then you see this page and: no, it just can’t be! That page looks so old.

And so it is again. What started as an ID born in Japan – 41.14 New design language – became an all-consuming project. As they do. I don’t even remember when it happened. One day I wasn’t rewriting all of our websites, the next day I was, and the git history tells me that was about 10 weeks ago. Time has lost all meaning.

The major change is that there’s just one website now: johnnydecimal.com. Last year I created JDHQ as its own thing because at the time integrating it with the main site would have been impossibly difficult. But the goal was never to have two websites.

I still like the term ‘JDHQ’, and will continue to use it to refer to the interactive parts of the site: the bits where you sign in and do a thing. (You can create a free account now.) It has a bright future; more below.

A focus on small business

Before I talk more about the website, a point that I think is more important. We’ve made a decision to focus all of our efforts, as a business, on helping other small businesses.

There’s so much overhead when you run a business, and when you’re small, you have to do it all yourself. With last year’s Small Business System (SBS) we hoped to give you a space to put everything: a hundred less decisions to make. Our dream was always to expand to become your ‘operations layer’, to provide you ops manuals and guidance and support. So that’s what we’ll be doing from now.

You’ll find a calendar you can subscribe to in the sidebar of your SBS. The first events – 4× welcome Zoom sessions spread across timezones – are scheduled for next week. There’s also a WhatsApp group for our small business customers. Our job now is to support you: to make your life easier. Tell us what you need to succeed.

Information will still flow to the rest of the system. Problems solved for small business are problems we all face; tools built to help them will help you at home.

No more numbers

The previous site assigned an ID to every page. This was a cute affectation – and that sidebar table of contents was a crowd favourite – but ironically limiting.

The Johnny.Decimal system wasn’t designed to hold a preset list of pages in a specific order, but that’s what the old site did. This is in direct conflict with one of the major benefits of the web over print: you can update a website whenever you want. By giving each page a number, I inadvertently made the old site behave like a book.

As a result, it scarcely changed. There’s content that I haven’t published because I would have had to figure out how to fit it into the structure. That’s no way to run a website. So the numbers have gone.

(Technically, we do still have an ID for each page on the site. These are IDs in my own SBS and they allow us to store the artefacts for each page, e.g. the diagrams. You’ll see these IDs in the figure reference numbers. They’re meaningless and confer no order; which is how it’s meant to be.)

‘Aspirationally calm’

Our design goal was to make a place of calm. The internet is very shouty these days. There’s a lot competing for your attention. I wanted our place to be somewhere you could relax.

So there’s a lot more room. And maybe less of what gave the old site ‘character’? The ▒ shade characters at the start of headers have gone. The thick borders have gone. The line-drawing ‘brackets’ around navigation items have gone. We did try adding some of that back, but every time we decided: no. Too busy.

I’ve been using this design for a month or so and when I go back to the old sites they’re jarring. We refer to them as ‘the old clunkers’. The new place is cohesive, I hope. It’s simple. Because Johnny.Decimal’s job isn’t to get in your face and be all clever. It’s to help you get your work done and then get out of the way.

I have a lot of plans for JDHQ. This section got long, so I recorded a roadmap video. I’ll do these at the start of every month from now.

Housekeeping

Until an hour ago, there were 4 mailing lists: the ‘public’ list that anyone could sign up to, and a list for each of our products. These latter lists were intended for product updates, but I never used them.

I’ve collapsed the lists. There’s just one now and if you got an email today, you’re on it. If you don’t want to be, there's an unsubscribe link in the footer.

The site now has a version history whose entries appear in the RSS feed. The RSS feed remains the best way of keeping up to date – see RSS: a public service announcement if you don’t know how it works.

Thank you

We can only do this with your continued support. Thank you – especially to those of you who become lifetime members. It makes a massive difference.

I say it every time, and I’ll say it again: tell us what you need. You ask, we make.

Serendipity - James' Coffee Blog

2026-05-09T00:00:00.000Z

The steam of the espresso machine — of focusing in the milk to make sure it is just right, of tapping to remove the bubbles, of preparing. Soft instrumental music plays in the background, more upbeat than the music to which I was listening earlier — easing me more into the day. How the smile of a barista lights up my day. Of noticing the care and attention put into the latte art.

I have not been to a coffee shop in days, and so this morning – a morning where a drizzle of rain hung over the air, a refreshing air – I felt like I was seeing all of the rituals associated with making a cup of coffee from a new perspective. The care the barista puts into preparing a drink, the sound of the steam wand as it froths milk, the rapport between the staff members.

A hand-crafted (decaf) flat white was the best possible start to the morning on a day where the only thing I had planned was to have a coffee, read a bit of a book, and wonder “should I go see that movie I want to see?” The movie was The Devil Wears Prada 2. I had not seen the first one, but lots of actors I like appeared in the second one so I thought I would go see it.

Less than an hour before the morning screening, I booked a ticket. I usually like to prepare more, but perhaps my mind was already made up that I wanted to see the film and I was yet to realise it. It has been a year since I was last at the cinema, so I revelled in the chance to go again to see a movie that looked good. In summary, after watching the movie, I was impressed, and left excited to watch the first one too.

As I left the movie theatre, on the fourth floor of a shopping centre in the heart of the city, I heard the sound of bagpipes. The fourth floor has an open roof and so the bagpipes could have been coming from anywhere. I felt so much at home in hearing them. Where else in the world could I leave a movie screening and hear bagpipes? That sound was a portend for what was to come.

While I didn’t necessarily have a plan for the day, the more hours that passed the more I started to piece together things I was thinking about this week. I have started to get back into Magic: the Gathering, watching a few videos online of people playing games. I decided I wanted to go to a trading card shop to at least inquire about what has changed in the format since I last played seriously, nine years ago. It turns out, a lot has changed, but the worlds I could learn about are exciting.

On my way to the trading card shop, I noticed a crowd of people lining the streets on Waverley Bridge, the scene of a painting I really love. I stopped for a moment and overheard people talking about the event of the day – the tartan parade, dedicated to celebrating all things tartan. Last year, I had encountered the parade under similar circumstances: I was walking around and happened to be in the place where the parade was about to start, not knowing the event was scheduled. A lot has changed since last year, too.

Having fifteen minutes or so before the parade was scheduled to begin, I got some lunch and waited. Then, with great excitement, I watched the event from beginning to end – an hour of pipe bands, dancers, people from clans across Scotland, people who work for charities in Scotland, and people who have come from all over the world to celebrate tartan. There was a pipe band from Switzerland and contingent of people from Peru, Italy, and more. I love seeing so many people coming together — in so many outfits and from so many places., I wrote as I was surrounded by music and colour and stories and life.

Early on in the parade, a larger-than-life (paper?) unicorn was carried by several people. “A unicorn!” remarked a child nearby with great excitement. I was surprised for a split second until I remembered the unicorn is our national animal, my favourite fact to share with people I meet from other places in the world. I can think of no better animal to represent the Scottish attitude than the unicorn – welcoming, playful, and always able to bring colour to a room.

There were also people dressed as dinosaurs at the parade for a reason I can’t remember. Nonetheless the dinosaurs made me laugh the kind of laugh where you feel nothing but pure joy. The emcee for the parade had some playful banter with the dinosaurs who roared, saying something to the effect of “I’m glad I’m up here” (on the double-decker, open-top bus with tartan livery from where the emcee announced all the groups in the parade) to the dinosaurs below. I’m having a good time, I thought.

I walked for miles today, from the coffee shop to the theatre, stopping for an hour afterwords to watch the tartan parade, to the card game store and back. Serendipity was my best friend. Then, just as I was getting ready to go home, I saw someone I haven’t seen in months. Seeing them smile and wave as I did the same, my world was brightened, to an extent where despite my best efforts to describe what I was feeling it was impossible to do so. I felt so much less alone than I had the moment before.

The small things – the warm morning coffee, the smile and wave from a friend, the unicorns; the serendipity of walking without a plan and being open to what you see – really do make life special.

Published on Citation Needed: "Issue 105 – The new boogeyman" - Molly White's activity feed

2026-05-08T15:12:45.000Z

Published an issue of Citation Needed:

Issue 105 – The new boogeyman

A crypto billionaire who escaped fraud allegations after investing hundreds of millions of dollars into the Trump family’s crypto projects is now accusing them of fraud