Shellsharks Blogroll - BlogFlock

Introducing Roundabout - Werd I/O

2025-12-02T01:11:16.000Z

[Hays Witt and Josh Kramer at New_ Public]

Really interesting to see New_ Public announce its first community product from its Local Lab:

“The main thing to know, maybe the most important thing, is that this is not just another social media app. Roundabout is a community space, built from the ground up with community leaders and neighbors.

[…] As a project incubated within New_ Public, a nonprofit, Roundabout will grow incrementally, sustained by a diverse and balanced set of revenue sources. With business incentives aligned towards utility and everyday value, instead of engagement and relentless scale, we’re designing Roundabout to be shielded from the cycle of enshittification. The ultimate goal is to build for social trust — every decision, every design, optimized to build bonds and increase belonging.”

There’s a lot to comment on here.

It’s amazing to see a social product co-designed with communities. For the safety and equity of all involved, this is how it should be done. I really hope New_ Public shows off more of its methodology in the future. I’d love to dive into the meta-conversation about what they’ve learned about this kind of co-design. The descriptions of participating communities — in Burlington, NC; Richmond, VA; Lincoln County, WI; North Chattanooga, TN; and Lancaster, PA — are already really promising.

The technical lead is Blaine Cook, who you might remember as Twitter’s first employee and first CTO. Since then he’s been a strong, sharp advocate for decentralized social.

On Mastodon, New_ Public mentioned that it’s building the platform in a way that’s compatible with AT Protocol, although it’s not the main focus for now.

Over on Bluesky, Blaine said they’re “building on atproto primitives but off-network because it's currently not possible to push private/scoped data around the wider atproto network.” He also made the important point that it’s not worth building for interop until you know what the user behaviors are actually going to be — so it’s too early to focus on decentralization.

That community co-design is key, and it makes sense that this is the first step. Communities are human; they can’t be defined by protocols. The protocols should describe real human behavior, not the other way around.

I’m excited to see how the platform develops, and how New_ Public seeds the ecosystem conversations around it. And: this is only one of its community initiatives. There’s more to come.

[Link]

What Happens After the Hype? Lessons from Mobile Internet’s Long Road to Success - Werd I/O

2025-12-01T14:34:14.000Z

[Shomila Malik]

We’re beginning to see the end of the AI hype cycle, and thank goodness. That doesn’t mean that there aren’t uses for aspects of the technology, but it does mean that some of the hyperbole will diminish as investors and speculators move on to the next thing.

As Ecrue founder Shomila Malik points out here:

“The question isn’t whether the current AI investment cycle will face a reckoning. It’s what form that reckoning takes — and what comes after.”

The lessons she draws from the mobile industry’s hype and decline also parallel what happened during the dotcom crash, when a lot of companies went away but a lot of underlying useful infrastructure was left for the next generation of innovations. But a facet of how those two events were different is exactly how they imploded:

“The difference between a pop and a deflation often comes down to how adaptable the infrastructure is. 3G networks built for one vision of mobile internet ended up powering something completely different — but they still got used. The investment wasn’t wasted, just redirected. Time will tell if AI will be a deflation like mobile internet or a ear deafening explosion like the dot com crash.”

Either way, investment is way ahead of proven capabilities or even business models. Companies like OpenAI are losing money hand over fist. At some point, these endeavors have to touch oxygen, and either they’ll find their way to stunning profitability, or they’ll fizzle into acquisitions at best and leave some interesting ideas behind.

My bet? Ten years from now we’ll be looking at a series of smaller, more focused models that perform well-scoped tasks really well, and we’ll look back at the hype around generalized megamodels — and particularly AGI — with rolled eyes and a slight shudder when we remember the environmental and human impacts.

[Link]

Year 3 at the Smallholding - Kev Quirk

2025-12-01T12:00:00.000Z

We're been living on our smallholding in Wales for 3 years now. Here's how things have been going this year.

I’m a little late with my update this year because I’ve had a few things going on at home. This has accidentally become an annual tradition at this point, so I’m gonna roll with it.

I re-read last year’s update to see what I did and, more importantly, what I’d listed in the closing what’s next? section. It included:

Renovating the brick shed on the drive into an annex for guests.
Continuing to work on the garden.
Insulating the roof in the conservatory.
Two more bathrooms, a downstairs loo, and the kitchen.

Well, dear reader, most of that plan went to utter rat shit this year. Aside from continuing to work on the garden, we got absolutely nothing on the list done. That’s mainly because we ended up having to replace the entire roof on the house, which is still ongoing as I write this.

Worse still, because the new roof is heading into winter, we’ve had lots of rain. That in turn means leaks in the house, the worst of which has been in my oldest son’s bedroom. If you read last year’s post, you’ll recall we only renovated that room last year. 😡

If you’ve never had to put a new roof on your house, firstly you’re very lucky. But secondly, they’re really expensive. So that has meant we haven’t had any disposable income for other projects.

Making progress in the garden

We managed to plant some wildflowers in the far field, which one of our neighbours who keeps bees is very appreciative of.

Wild flowers starting to come through in field

We also had a load of groundwork done at the back to flatten some of it off. They ended up moving 50 tonnes of soil from the area to make it level. Our hope is that this summer we’ll be able to enjoy drinks and barbecues on the new flat piece of land.

We’re also continuing to improve the chicken coop. We now have a fairly large enclosed outdoor space for them, mainly because of bird flu in the and the council applying restrictions on where they can roam. We’ve also grown the flock to 17 hens and a rooster.

Looking to year 4

The list for this year is going to be similar to last year’s. I just hope there will be fewer expensive surprises.

We’re hoping to add a polytunnel so we can grow more of our own vegetables. I’d also like to insulate the roof in the conservatory as it’ll effectively give us another room we can use all year round.

The bathrooms, toilet and kitchen will have to wait. We’ll just have to see how the cashflow looks. If next year I can get the polytunnel and conservatory done, I’ll class that as a win. I’d love to get a quad bike for towing the flail too, but again…money.

All in all it’s been a difficult year at the smallholding, but we have a new roof, so that’s good. I suppose…

Thanks for reading this post via RSS. RSS is great, and you're great for using it. ❤️

Reply to this post by email

Knowing when to leave - Werd I/O

2025-11-30T17:12:19.000Z

I wrote this in my blog drafts well over a decade ago (exact date unclear). I thought I'd publish it as-is as an aside. I'm sure it was going to be an excellent full post, but clearly this is just the intro. I still agree though: knowing when to go is important!

Some years ago, someone I worked with closely on a project that was failing had a mini-meltdown. He unfriended the rest of the team across social media, including the official accounts, which he took over unilaterally; he refused to even sit at the same table as the rest of the team on company trips, and at events.

To this day, I still don't exactly know what triggered the episode. But it was a moment that made me realize the project we were working on together could never succeed. Four months later, I had extracted myself.

Years later, I believe this was the wrong decision.

Knowing when to leave is an important skill. You've got to balance your loyalty, and your long-term career, against the objective facts in any situation. Leaving a project early is not a good idea: it sends a message that you're ready to flake out when times get tough. (In a startup situation, times will get tough.) However, if a project:

genuinely has no long-term prospects, either for you personally or as a whole
and there's absolutely nothing you can do about it
and the situation is not directly of your own making

You need to think about going. Anything else is running on a treadmill for no reason.

imperfect notes & my second subconscious - Werd I/O

2025-11-30T14:22:24.000Z

[Winnie Lim]

I’ve never been a successful notetaker. Winnie Lim enumerates the many reasons why not, which seem to be very close to her thinking too:

“Because of my personality I tend to solve for the whole before wanting to do something. For years I wanted to figure out how I could retrieve the notes in a meaningful manner before I committed to making them. If I cannot remember I had made the note, did the note really exist?”

The problem is that you end up trying to come up with a smart taxonomy of notes ahead of time — and that’s always bound to fail, at least for me. I’ve lost count of the number of times I’ve wiped my Obsidian vault clean because I didn’t like the structure or the maintenance of it all threatened to overtake any utility. Instead, as Winnie points out, the best thing to do is just write the note. It’s a bit like throwing the text into a big bucket, and that’s okay.

I hate to say it, but this might be a decent use case for some kind of personal LLM (ideally on-device so I’m not sharing my private notes with a third party I don’t trust). If you’re constantly just making notes without structure, being able to ask something about their content feels like it would have a lot of utility — again, at least for me. I’d love to be able to have my notes about a certain topic summarized when I need them. Or even have the summary proactively come up for me depending on my context.

Then again, maybe that doesn’t matter at all:

“My brain is constantly holding scattered bits of information so it is just better to offload them somewhere in one place. I think the main difference is I don’t see obsidian as my second brain, I see it as my second subconscious.”

I like that. Blogging is a little bit that for me, but blogging has an audience. There’s something useful in being the Harriet the Spy of your own life and putting words to things that otherwise might go unsaid. There’s poetry in it, too, which is very obvious from Winnie’s post.

I’ll give notetaking another try.

[Link]

A big list of things I disable in WordPress - Terence Eden’s Blog

2025-11-30T12:34:23.000Z

There are many things I like about the WordPress blogging software, and many things I find irritating. The most annoying aspect is that WordPress insists that its way is the best and there shall be no deviance. That means a lot of forced cruft being injected into my site. Headers that bloat my page size, Gutenberg stuff I've no use for, and ridiculous editorial decisions.

To double-down on the annoyance, there's no simple way to turn them off. In part, that is due to the "WordPress Philosophy":

Decisions, not options

[…] Every time you give a user an option, you are asking them to make a decision. When a user doesn’t care or understand the option this ultimately leads to frustration.

I broadly agree with that. Having hundreds of options is a burden for users and a nightmare for maintainers. Do please read this excellent discussion from Tom McFarlin for a more detailed analysis.

But I want to turn things off. Luckily, there is a way. If you're a developer, you can remove a fair number of these "enforced" decisions. Add the following to your theme's functions.php file and watch the mandatory WordPress bloat whither away. I've commented each removal and, where possible, given a source for more information. Feel free to leave a comment suggesting how this script can be improved and simplified.

//  Remove mandatory classic theme.
function disable_classic_theme_styles() {
    wp_deregister_style( "classic-theme-styles" );
    wp_dequeue_style(    "classic-theme-styles" );
}
add_action( "wp_enqueue_scripts", "disable_classic_theme_styles" );

//  Remove WP Emoji.
//  http://www.denisbouquet.com/remove-wordpress-emoji-code/
remove_action( "wp_head",             "print_emoji_detection_script", 7 );
remove_action( "wp_print_styles",     "print_emoji_styles"              );
remove_action( "admin_print_scripts", "print_emoji_detection_script"    );
remove_action( "admin_print_styles",  "print_emoji_styles"              );
//  https://wordpress.org/support/topic/remove-the-new-dns-prefetch-code/
add_filter( "emoji_svg_url", "__return_false" );

//  Stop emoji replacement with images in RSS / Atom Feeds
//  https://danq.me/2023/09/04/wordpress-stop-emoji-images/
remove_filter( "the_content_feed", "wp_staticize_emoji" );
remove_filter( "comment_text_rss", "wp_staticize_emoji" );

//  Remove automatic formatting.
//  https://css-tricks.com/snippets/wordpress/disable-automatic-formatting/
remove_filter( "the_content",  "wptexturize" );
remove_filter( "the_excerpt",  "wptexturize" );
remove_filter( "comment_text", "wptexturize" );
remove_filter( "the_title",    "wptexturize" );

//  More formatting crap.
add_action("init", function() {
    remove_filter( "the_content", "convert_smilies", 20 );
    foreach ( array( "the_content", "the_title", "wp_title", "document_title" ) as $filter ) {
        remove_filter( $filter, "capital_P_dangit", 11 );
    }
    remove_filter( "comment_text", "capital_P_dangit", 31 );    //  No idea why this is separate
    remove_filter( "the_content",  "do_blocks", 9 );
}, 11);

//  Remove Gutenberg Styles.
//  https://wordpress.org/support/topic/how-to-disable-inline-styling-style-idglobal-styles-inline-css/
remove_action( "wp_enqueue_scripts", "wp_enqueue_global_styles" );

//  Remove Gutenberg editing widgets.
//  From https://wordpress.org/plugins/classic-widgets/
//  Disables the block editor from managing widgets in the Gutenberg plugin.
add_filter( "gutenberg_use_widgets_block_editor", "__return_false" );
//  Disables the block editor from managing widgets.
add_filter( "use_widgets_block_editor", "__return_false" );

//  Remove Gutenberg Block Library CSS from loading on the frontend.
//  https://smartwp.com/remove-gutenberg-css/
function remove_wp_block_library_css() {
    wp_dequeue_style( "wp-block-library"       );
    wp_dequeue_style( "wp-block-library-theme" );
    wp_dequeue_style( "wp-components"          );
}
add_action( "wp_enqueue_scripts", "remove_wp_block_library_css", 100 );

//  Remove hovercards on comment links in admin area.
//  https://wordpress.org/support/topic/how-to-disable-mshots-service/#post-12946617
add_filter( "akismet_enable_mshots", "__return_false" );

//  Remove Unused Plugin code.
function remove_plugin_css_js() {
    wp_dequeue_style( "image-sizes" );
}
add_action( "wp_enqueue_scripts", "remove_plugin_css_js", 100 );

//  Remove WordPress forced image size
//  https://core.trac.wordpress.org/ticket/62413#comment:40
add_filter( "wp_img_tag_add_auto_sizes", "__return_false" );

//  Remove <img> enhancements
//  https://developer.wordpress.org/reference/functions/wp_filter_content_tags/
remove_filter( "the_content",  "wp_filter_content_tags", 12 );

//  Stop rewriting http:// URls for the main domain.
//  https://developer.wordpress.org/reference/hooks/wp_should_replace_insecure_home_url/
remove_filter( "the_content", "wp_replace_insecure_home_url", 10 );

//  Remove the attachment stuff
//  https://developer.wordpress.org/news/2024/01/building-dynamic-block-based-attachment-templates-in-themes/
remove_filter( "the_content", "prepend_attachment" );

//  Remove the block filter
remove_filter( "the_content", "apply_block_hooks_to_content_from_post_object", 8 );

//  Remove browser check from Admin dashboard.
//  https://core.trac.wordpress.org/attachment/ticket/27626/disable-wp-check-browser-version.0.2.php
if ( !empty( $_SERVER["HTTP_USER_AGENT"] ) ) {
    add_filter( "pre_site_transient_browser_" . md5( $_SERVER["HTTP_USER_AGENT"] ), "__return_null" );
}

//  Remove shortlink.
//  https://stackoverflow.com/questions/42444063/disable-wordpress-short-links
remove_action( "wp_head", "wp_shortlink_wp_head" );

//  Remove RSD.
//  https://wpengineer.com/1438/wordpress-header/
remove_action( "wp_head", "rsd_link" );

//  Remove extra feed links.
//  https://developer.wordpress.org/reference/functions/feed_links/
add_filter( "feed_links_show_comments_feed", "__return_false" );
add_filter( "feed_links_show_posts_feed",    "__return_false" );

//  Remove api.w.org link.
//  https://wordpress.stackexchange.com/questions/211467/remove-json-api-links-in-header-html
remove_action( "wp_head", "rest_output_link_wp_head" );
//  https://wordpress.stackexchange.com/questions/211817/how-to-remove-rest-api-link-in-http-headers
//  https://developer.wordpress.org/reference/functions/rest_output_link_header/
remove_action( "template_redirect", "rest_output_link_header", 11, 0 );

You can find the latest version of my debloat script in my theme's repo.

If there are other things you find helpful to remove, or a better way to organise this file, please drop a comment in the box.

"Disagree and Let’s See" - Werd I/O

2025-11-30T01:22:54.000Z

[Molly Graham]

This feels emotionally honest and an idea I can get behind, as an alternative to the popular “disagree and commit”:

““Disagree and let’s see” allows you to stay aligned with the team without forcing you to pretend you had conviction you didn’t have. It lets you walk into a room with your team and be honest:

“Here’s the path that was chosen. It wasn’t my first pick, but here’s the experiment we’re running, and here’s what we’re trying to learn.””

Committing to something you disagree with is an emotional contortion that is hard to do in practice. But the work of every team is a series of experiments at its heart, and by changing the onus from “let’s commit to this thing we don’t all agree with” to “let’s try it and see what happens”, we move from steamrollering dissent to mutually agreeing on an experimental hypothesis and testing it. You’re learning based on agreed criteria.

That’s much harder to argue with — and at the end, there’s no “I told you so” or winners and losers. There’s just a “here’s what we learned” and an implied set of next steps. Bliss.

[Link]

The Optical Illusion of Prosperity - Werd I/O

2025-11-29T15:01:04.000Z

[Michael W. Green]

Simplify Asset Management’s Chief Strategist and Portfolio Manager Michael W Green examined how the US poverty line is calculated, and discovered that it has been wildly miscalculated for years. In fact:

“[…] if you measured income inadequacy today the way Orshansky measured it in 1963, the threshold for a family of four wouldn’t be $31,200.

It would be somewhere between $130,000 and $150,000.”

The big differentiator is childcare, which in the US averages out at $32,773 a year, but it’s not the only differentiator. Our costs are enormous, and a poverty line at $31,200 only really helps legislators avoid having to provide (and therefore pay for) real support.

A family of four that genuinely earns $32,773 will receive all kinds of state help. A family that earns $80,000 does not. As Green points out, the difference largely comes from costs that went away during the pandemic:

Childcare ($32k): Suspended. Kids were home.

Commuting ($15k): Suspended.

Work Lunches/Clothes ($5k): Suspended.

Of course, many incomes also went away, depending on the jobs that were keeping these families afloat. Knowledge workers were relatively sitting pretty, while people who worked in retail, etc, were in trouble. There’s a lot more help that we can provide everyone. But this is one reason why I cannot stand return to office mandates, particularly when peoples’ salaries are under the $140,000 threshold that Green identifies. (Hint: outside high earning categories like big tech, it’s almost all of them, and inside those categories there are plenty of people who are earning lower.)

It sounds like Green is moving to show that 401(k)s and similar instruments are also a scam for most ordinary earners — something I tend to agree with. If society is an operating system that allows people to live well, start businesses, be healthy, etc, it’s failing us on every level. I say it’s time for an upgrade.

[Link]

Saturday - James' Coffee Blog

2025-11-29T14:49:04.000Z

Last week I ran a meetup for writers on the web. During the session, I brought up the topic of distance in writing. [1] We explored the topic in various ways – the distance between writing and publishing, the distance between reader and writer, how distance varies. As I write, I am thinking about the distance of poetic writing.

When I write poetically, I can use the ambiguity of poetic language to create a space for the reader to interpret something in whatever ways come to mind. I find it easier to write about the child-like joy of snow than to say that I had been missing the feeling of play I felt on that day for a while. But it also means I might not say something directly. That is not to say writing a personal blog post could substitute this writing. Poetic writing helps me say what I want to say.

What does this mean? That I want to write more personal stories? Right now, it is a thought, one that, previously only in my head, now exists in words. Through words I get closer to figuring out how I feel. It’s one of the reasons I love writing. It is also one of the reasons that writing can be so difficult. If I am not sure where to begin, the blank page feels particularly difficult. I might wish to have a formula for writing to come easier, but would the exercise be the same?

I intended for this blog post to be a bit of a narrative of my day. Sometimes I go to write one thing and end up in another direction. Thus is one of the joys of making things! With that said, I do still want to share the narrative of my day – this winter Saturday.

I had intended on going to a museum today and to pick up a library card but I had a bit of a headache in the morning. I might be getting a cold; I have what I would call the sniffles, but not to a great extent. Looking back I realise I sneezed a few times yesterday in such a way that makes me think I might be getting the cold. Nevertheless, I thought I’d stay inside and stay warm (although if you have ever spent time in a Scottish house in winter, you might know that it can still be a bit chilly indoors without the heating on!).

I spent the morning finishing Robin Sloan’s Sourdough book, which has been a delightful read. I enjoyed Sloan’s Mr. Penumbra’s 24-Hour Bookshop. Both titles were set in San Francisco, the former about the curious characteristics of a sourdough starter and the latter about a bookshop with more stories to tell than met the eye. I then continued reading another book, had some lunch, and watched a vlog of someone going around Japan. The vlogger mentioned a band called Yoasobi whose music I have been listening to since – Yoasobi’s music is great!

I plan to spend the rest of the day listening to music, reading, and maybe catching up on a few blogs!

[1]: V.H. Belvadi did a terrific write-up on the writing event too.

Little moments of joy - James' Coffee Blog

2025-11-29T13:21:12.000Z

I was thinking about a design for a web page yesterday that I wanted to build with a few illustrations. I remembered that there was a site with old-timey illustrations that were available in the public domain. I thought I have no idea how to find this website!

Today,, I was both surprised and delighted that the search query “old timey illustrations” allowed me to find the site, which I now know is called Old Book Illustrations. It is amazing that I can type in a query like “old timey illustrations” into a web search engine and find the page for which I am looking. The speed with which I found the website for which I was looking – and how a search engine found the page with my description "old timey" – brought a smile to my face.

Addendum: It looks like not all illustrations are public domain according to the Terms of Use, but this doesn't detract from the story :)

Experimenting with web design - James' Coffee Blog

2025-11-29T11:25:27.000Z

Every so often I open developer tools in the web browser and start tinkering with my website. I love experimenting with different design directions, not necessarily in pursuit of a complete design so much as fuelled by a sense of curiosity. What would it look like if I made my web pages wider? What would I do with the extra room? Would this help me create grids of images that would be easier to peruse? What would it look like if my accent colour was on the left side of a page?

I was recently playing around with using more of the space available on desktops to create wider content columns. I experimented with this both in the context of blog posts and then, later, an overall layout that I could use as a template for other pages on my website.

While the final results are not anywhere on the web, I was proud of what I made so I decided to take the styles from my browser and put them into a local stylesheet. I started developing a layout. I then took a few screenshots of the results as documentation for the project, which I have listed below. Perhaps you will find them interesting!

A blog post layout with an image

In this concept, I simplified my navigation bar, moved it to the top of the page, and created a new card component that appears on the far left with metadata about a blog post. I also moved my accent stripe from the top of the web page to the left side.

A blog post with a wider image

I then replaced the heading with a serif font which I thought would fit the page better. I also made the image on the page bleed out both the left and right sides of the main content container, and made the text a bit wider, too.

A page for hats

I was enjoying the direction I was exploring, so I decided to see what the design would look like on a page that was not for blog posts. I experimented with my hats page, creating a four-column grid that escaped the main content container in a similar fashion to the full-bleed image I tried in the blog post.

An about page

I liked the single-column content layout and also the floating container I had for tags on my blog post layout. I decided to experiment with a layout that had a single column for content and a column on the right side of the page for images. I experimented with this on an about page.

Playing

I was going to start this paragraph with "I spent many more hours tinkering" but, in truth, I'm not sure how long I spent playing around. Indeed, I wasn't keeping track. Whether an hour or several passed, it didn't matter for I was having so much fun with the new direction.

I thought about turning my template into a new layout and design for my website, but I then realised that it would be non-trivial to transfer my new design concepts to my existing website. I had made changes to the HTML, and wanted to change some of my pages to have new elements like the image grid on the about page. It would have been a lot of work to make everything work. And I wanted to play!

With that said, I did copy what I wrote for the about page I designed onto this website. So now I have an About page!

Announcing Validate Everything - James' Coffee Blog

2025-11-28T21:09:32.000Z

Today the IndieWeb community hosted a Create Day event in which participants were invited to make something on the web. The theme of the event was “Build Don't Buy”, an invitation to make something this Black Friday.

While I wasn’t sure what I wanted to make, I knew I wanted to make something. I consulted my list of ideas and one stood out: a website that lets you type in a URL and creates links to various helpful validators. This project was inspired by Adactio’s “Bookmarklets for testing your website” project.

During the event, I made a new page on my website called “Validate Everything”. The web page lets you paste in a URL and automatically generates links to validators like the WAVE accessibility validator, the Google Rich Results Test tool, microformats testers, and more. I added tools I have used in the past to validate or understand the markup behind web pages.

I use a several validators but I typically end up typing the name of the validator into a search engine and then reading through the results to find the one I want. With this project, I wanted to have a single page with many common validators.

You can try out the page today, and see the source code on GitHub. Contributions are most welcome!

How the page works

As part of the project, I wanted to experiment with CSS. I asked myself: could I show/hide the validator links depending on whether there was a valid URL in the form field on the web page? After some thought, reading, experimentation, and discussion with fellow participants in the Create Day event, I learned that you can select a form field if it its contents are valid or invalid using the :valid and :invalid selectors. I could then combine these with the :has and :not selectors to manipulate content on the page depending on whether the user has typed in a valid URL in the form field on the page.

I came up with the following selector to show/hide the validator links not he page depending on if there is a valid URL in the page form field:

body:not(:has(#url:valid)) #items {
      display: none;
}

This selector will select the #items element if the page body does not have an element with the ID #url that is valid. If the condition is met, the #items element is hidden. The #items element contains the list of validators.

For :valid to work, I needed to specify a few validation rules in my HTML input. I wrote the following input tag:

<input type="url" id="url" name="url" placeholder="https://example.com" pattern="https://.*\.[a-zA-Z]{3,}.*" required autocomplete="off" />

This input says that the URL field must have a URL that:

Starts with https://, and;
Is followed by any string of characters, which is then;
Followed by a . (dot), which is then;
Followed by two or more letters.

For example, https://jamesg.blog would be valid, and as a result the validator URL list would appear. But https://jamesg.b would not be valid (only one character follows the .), so the validator list would not appear. An input is also required by specifying the HTML required boolean. This means that the validator URLs will not appear when the field is blank.

NB: This regex is not testing for whether a user’s TLD is valid. This could be done with a more complex regex, but this is something I can always add later. What I have right now is good enough!

When a URL is typed in, JavaScript makes two changes to the page:

A ?url=… parameter is added so that the user has a link they can bookmark/share, and;
All the validator links are updated to add the text the user has typed in.

This means that when the user has finished typing – or has pasted in – their URL, all the links on the page will directly link to different validator websites.

Building things is fun

I had a lot of fun making this web page! I learned about the :valid CSS rule. I got to play around with the :has selector more. I experimented with page spacing and typography. And I also learned that you can’t click on a view-source: link directly on a page in Firefox for security reasons. Indeed, with everything I build, I always learn something new.

I have been in a bit of a creative rut lately in terms of making new things. I am learning about so many new things, but I’m not ready to translate much of what I am learning into a project. I am eager to make things that push me outside my comfort zone and let me use my new skills, but I haven’t been quite sure where to begin. I read somewhere that sometimes the hardest step is getting started. Today, I was able to get started and create a page that I think is fun and interesting, useful, and based on an idea I had several months ago. I’m proud of the page I made today. I love making things.

Addendum: How it started

I like taking screenshots of my projects as I build them, especially if I'm experimenting with different designs.

I had a tab open from my first version of this project I made early in the meetup. I took the following screenshot:

When compared with the live page, you can see the above list has the essence of what I wanted: a URL bar, and a list of links. I then added subheadings to separate the validators into categories, realising there were many I wanted to add. I added some styles (and dark mode!) and worked on the JavaScript to make the page work.

Which is to say: all projects start somewhere, and are built one step at a time!

Deploy on push with Forgejo and Coolify - Posts feed

2025-11-28T19:48:00.000Z

All of my projects are now stored on my Forgejo instance rather than GitHub as the latter continues to speed run the enshittification curve. I've implemented a manual deploy button in my site's admin but for other, lighter-weight projects, I prefer to deploy changes whenever I push them up.

Coolify has a native integration with GitHub, but not with other git hosts. For deploys, I've worked around this by cloning my projects using an API key within the Dockerfile for the project as a sort of lightweight continuous integration.

Within each Coolify resource you'll find a webhooks section. There's a unique deploy webhook for each resource that accepts POST requests to trigger a new deployment. Rather than use a Forgejo action, I'm having the repositories that I want to deploy on push send a webhook event to the appropriate Coolify deploy URL. You can do this in the Forgejo repository's webhooks settings by adding a webhook, selecting a target (I simply selected Forgejo, the first option in the list), adding the Coolify URL, changing the force parameter value at the end of the URL from false to true to ensure the build is performed without using the cache and add a Bearer <COOLIFY-DEPLOY-TOKEN>. The Coolify API token only needs deploy permissions.

Now, when I push to Forgejo, it sends a POST request to the Coolify webhook and deploys a fresh build of the project.

My Wikipedia account is now old enough to vote - Terence Eden’s Blog

2025-11-28T12:34:17.000Z

I have no idea what I was doing on the 28th of November 2007 but, apparently, that's when I first logged in to Wikipedia. Which means, as of right now, my Wikipedia account is 18 years old!

I didn't make my first edit until April 2009. That was for the nascent Ada Lovelace Day.

Since then, I've racked up a bit over 600 edits which simultaneously feels like a lot and barely anything.

Every edit gives you a crude representation of how many characters you've deleted or added. If I've done my sums right, I've added about 86k letters to Wikipedia and deleted about 25k. So a net addition of 61K characters.

That feels like a worthwhile contribution to the commons.

How I Replaced My Son’s PC With an £88 iMac - Kev Quirk

2025-11-28T07:51:00.000Z

I recently replaced my son's broken PC with a 2015 iMac from eBay. Here's how it went...

A year or so ago, my wife and I gave our oldest son a spare computer we had lying around. This was mainly for homework, but also for some light gaming, like Minecraft and Super Tux Cart. The machine was actually the little home server I built a few years ago.

At 6 years old the motherboard decided to give up the ghost and blew. After talking to him about it, we decided to look for something a bit smaller and cool looking. Originally I was going to go with one of those Raspberry Pi keyboards, but they’re £200 and would likely struggle playing Minecraft.

Then I read about someone loading Linux onto an old Mac with great success (I can’t remember who it was, so can’t provide a link I’m afraid). Anyway, I’ve always loved the look of the old iMacs, so decided to have a peek on eBay for one.

I ended up finding a late-2015 21.5” iMac with 8GB RAM, a 1TB HDD, and a 4th Gen Core i5 processor for £88, delivered!

For that price I wasn’t expecting much. But it looked clean in the pictures, so I decided to take a punt.

Getting the iMac

While waiting for it to arrive, I ordered CPU paste, adhesive strips for resealing the screen, and a RAM upgrade before realising the RAM is soldered on these models, so that was a bust. I also replace the tired old HDD with the 512GB SSD from my son’s previous machine.

I opened it up, replaced the paste, installed the SSD, and sealed it back up. The SSD already had Ubuntu Mate 22.04 on it with all his files and Minecraft maps, so I booted it and let the drivers sort themselves out.

A quick sudo apt update && apt upgrade -y later and everything worked perfectly. I also bumped it to 24.04 while I was there.

Here’s how the new machine looks on his little desk in his bedroom:

Pretty cool, I think you’ll agree.

Performance

Oh lordy, this thing is quick! It boots up in a few seconds, every single app opens pretty much instantly, and he gets a stable 60+ FPS on Minecraft. He’s thrilled with it, and so are we. So much so that we will probably do the same thing again next year when we look to get a machine for our youngest.

Final thoughts

If you’re on the hunt for a new device, I’d seriously consider looking at an Intel Mac with Linux. They’re blazing fast, they look great, and are amazing value.

The only downside is that this window is closing. Apple’s move to the M-series chips means Linux support will be tougher over time. Projects like Asahi Linux exist, but support varies and the long-term outlook is unclear.

For now though, our oldest son has a solid machine that should last him for a few years. If it dies again, I’ll probably look at a Framework 12, but hopefully it won’t come to that.

What do you think about running Linux on older hardware? Would you try something like this? Leave a comment or drop me an email and let me know.

Thanks for reading this post via RSS. RSS is great, and you're great for using it. ❤️

Reply to this post by email

The Idiot Sandwich - On Embedding Alt Text - Terence Eden’s Blog

2025-11-27T12:34:27.000Z

Alt text is great. It allows people who can't see an image to understand what that image represents.

For example, the code might say: <img src="whatever.gif" alt="Two cute kittens are playing on a blanket">

If you are blind, you get an idea of what's being conveyed by that image. If you're on a train and the WiFi craps out just before the image loads, you'll also benefit! If the image is of text in a language you don't read, your device can translate it for you.

The alt text can be as long or as short as is necessary. It might just be "kid giving a thumbs up" or it could be incredibly detailed. Here's how the BBC's Newsbeat typically adds alt text for younger viewers:

Is that too much? Maybe. It depends on your audience. For partially sighted kids who crave the same pop information as their sighted peers, I think it is great.

So alt text is a good thing. But people are lazy and don't always write it. Perhaps the answer is to embed alt text inside image metadata?

It's a lovely idea - and technically feasible - but it fails to account for user needs.

And that brings me to the point of this post. Who is your alt text for? What information are you trying to share?

Here's a good example. I looked at a bunch of popular memes which had alt-text pre-populated in them. Here's what they said:

Terence Eden

@Edent@mastodon.social

Whenever people talk about embedding alt text into images, I remember that lots of gif search services already try to do that.

Here's BlueSky's gif service. I searched for some popular memes. Each had alt-text baked in.

Take a look and tell me if you think that the embedded text conveys the sentiment of the image? If you couldn't see the animation, would you understand what was going on from that alt?

2025-09-07, 21:11 12 boosts 22 favorites

OK, so sometimes the captioner makes a mistake and thinks the Chuckle Brothers are kissing (WTF?!) perhaps we can excuse that as being an obscure image. But the "idiot sandwich" one is inexcusable. It's a popular meme with a specific meaning.

Which leaves me with a few questions for you:

If you saw that the image you were sharing had crap alt text - would you bother editing it?
Is bad alt text worse than no alt text?
Can the same image have multiple meanings?
Have you spent any time browsing the web with images turned off? Did you enjoy it?

You can find out more about Alt Text on the RNIB site.

Local vs Cloud - Kev Quirk

2025-11-27T11:33:00.000Z

I was listening to the Waveform podcast on my way to work this morning and they were talking about cloud vs local computing, and I have thoughts...

I was listening to the Waveform podcast on my commute this morning when they started talking about cloud vs local computing. The discussion quickly drifted into hypotheticals about unlimited storage and choosing one world or the other.

But the whole debate felt off to me, because it rests on a bad assumption: that “cloud” and “local” are two totally separate things.

Defining “the cloud”

Before we can argue about cloud vs local, we need to be clear about what we’re comparing.

People talk about the cloud like it’s some mystical ether, but as the saying goes, it’s really just someone else’s computer. If it’s a machine you don’t own, sitting in a datacentre somewhere, it’s cloud.

By contrast, local doesn’t just mean “the laptop you’re holding”. It includes anything you own and control: your PC, a server in a cupboard, or a NAS on your home network.

Once you see it this way, the Waveform question becomes more interesting. Because I think local can include your own private cloud.

My approach

At home I use a Synology NAS as the centre of my own little ecosystem. It runs all the services I rely on daily, but with the convenience you’d usually expect from big cloud providers. A few examples:

Plex for media
Synology Photos for backing up images from my phone
Calendar and Contacts, all synced via DAV
Synology Drive for documents
My journal app
A notes app I use for Fediverse posts, so I have local copies of everything I post

Everything lives on hardware I control, but it’s still available wherever I am.

Backups are handled locally (to a USB drive connected to the Synology) and off-site (to Backblaze B2, encrypted before upload). The result is a system that behaves like a cloud service, but where I hold the keys.

Here’s my extremely high-quality architectural diagram:

No, I never studied art.

What about security?

I’m not going to get into specifics for obvious reasons, but the short version is that my Synology isn’t exposed to the Internet at all. My router only accepts traffic from specific networks, so I connect over VPN. It’s always-on for me and my wife, so the experience is completely transparent.

If you’re thinking of building something like this, I’d strongly recommend not exposing any part of your home network directly to the Internet.

So… cloud or local?

Back to the original question. The unlimited storage bit doesn’t matter; you only need enough storage, not infinite.

Given the choice between 100% cloud or 100% local, I’d choose local every time. Not because I want to avoid cloud-like features, but because local gives me the same benefits without giving away control. My photos sync automatically, I can share links to files, edit documents anywhere, and my data is backed up properly.

The truth is that the whole premise of cloud vs local is a false choice. You don’t have to pick one at the expense of the other.

You can have the convenience of the cloud running entirely on hardware you own. The real choice isn’t cloud or local, it’s whose cloud you want to rely on.

What do you think? Do you lean toward cloud, local, or something in between? Feel free to leave a comment or drop me an email, I’d love to hear how you approach it.

Thanks for reading this post via RSS. RSS is great, and you're great for using it. ❤️

Reply to this post by email

22.00.0170 Decimal Diary: TGIF and vintage annual reports - Johnny.Decimal

2025-11-26T09:20:33.000Z

Decimal Diary: TGIF and vintage annual reports

Dear Decimal Diary,

Last week I did a little TGIF – Thank God I Filed it – time. And when I was nosing around I found a fun folder I'd forgotten about in 43 Images in our Small Business System.

TGIF is Johnny's idea about spending some time on Friday afternoons filing things properly and neatening your system. When your brain is too tired for other stuff.¹ It's the kind of thing I put off, and then when I start I can't stop. Now I know about how files sort beautifully using the date, I get a small thrill from tidying up messy filenames.²

The ID I neatened last week was 43.21 Vintage annual reports. It has some PDFs I'd downloaded for inspiration at some point. The filenames were haphazard and as-downloaded. And since they're annual reports, putting the year out the front makes sense to me. Now they're all lined up and tidy. It's a small win, but satisfying. And I'll remember I have these in the chamber.

Figure 22.00.0170A. A nicely sorted ID.

Some reports

Figure 22.00.0170B. The Bureau of Economic Geology.

Figure 22.00.0170C. The Ford Foundation.

Figure 22.00.0170D. The Deep East Texas MHMR.

Figure 22.00.0170E. A page with a financial report.

Figure 22.00.0170F. The Philippine Wood Products Association.

Figure 22.00.0170G. The Jet Propulsion Laboratory.

Figure 22.00.0170H. A page with a photo by the Voyager probe.

Figure 22.00.0170I. The Electricity Supply Board.

Figure 22.00.0170J. The Jet Propulsion Laboratory.

Figure 22.00.0170K. The Jet Propulsion Laboratory.

If you have any leanings this way, the vintage annual report world can be a dangerous rabbit hole.³ And so can filing using the date to sort.

From Lucy

100% human. 0% AI. Always.

Our Friday afternoon soundtrack is often the Platinum Collection by Genesis, but anything similar will improve this type of admin. ↩
Remember, you can set up a shortcut to add dates automatically. ↩
Especially the space ones. ↩

Client Registration and Enterprise Management in the November 2025 MCP Authorization Spec - Articles by Aaron Parecki

2025-11-25T21:25:00.000Z

The New MCP Authorization Spec is Here! Today marks the one-year anniversary of the Model Context Protocol, and with it, the launch of the new 2025-11-25 specification.

I’ve been helping out with the authorization part of the spec for the last several months, working to make sure we aren't just shipping something that works for hobbyists, but something that even scales to the enterprise. If you’ve been following my posts like Enterprise-Ready MCP or Let's Fix OAuth in MCP, you know this has been a bit of a journey over the past year.

The new spec just dropped, and while there are a ton of great updates across the board, far more than I can get in to in this blog post, there are two changes in the authorization layer that I am most excited about. They fundamentally change how clients identify themselves and how enterprises manage access to AI-enabled apps.

Client ID Metadata Documents (CIMD)

If you’ve ever tried to work with an open ecosystem of OAuth clients and servers, you know the "Client Registration" problem. In traditional OAuth, you go to a developer portal, register your app, and get a client_id and client_secret. That works great when there is one central server (like Google or GitHub) and many clients that want to use that server.

It breaks down completely in an open ecosystem like MCP, where we have many clients talking to many servers. You can't expect a developer of a new AI Agent to manually register with every single one of the 2,000 MCP servers in the MCP server registry. Plus, when a new MCP server launches, that server wouldn't be able to ask every client developer to register either.

Until now, the answer for MCP was Dynamic Client Registration (DCR). But as implementation experiences has shown us over the last several months, DCR introduces a massive amount of complexity and risk for both sides.

For Authorization Servers, DCR endpoints are a headache. They require public-facing APIs that need strict rate limiting to prevent abuse, and they lead to unbounded database growth as thousands of random clients register themselves. The number of client registrations will only ever increase, so the authorization server is likely to implement some sort of "cleanup" mechanism to delete old client registrations. The problem is there is no clear definition of what an "old" client is. And if a dynamically registered client is deleted, the client doesn't know about it, and the user is often stuck with no way to recover. Because of the security implications of an endpoint like this, DCR has also been a massive barrier to enterprise adoption of MCP.

For Clients, it’s just as bad. They have to manage the lifecycle of their client credentials on top of the actual access tokens, and there is no standardized way to check if the client registration is still valid. This frequently leads to sloppy implementations where clients simply register a brand new client_id every single time a user logs in, further increasing the number of client registrations at the authorization server. This isn't a theoretical problem, this is also how Mastodon has worked for the last several years, and has some GitHub issue threads describing the challenges it creates.

The new MCP spec solves this by adopting Client ID Metadata Documents.

The OAuth Working Group adopted the Client ID Metadata Document spec in October after about a year of discussion, so it's still relatively new. But seeing it land as the default mechanism in MCP is huge. Instead of the client registering with each authorization server, the client establishes its own identity with a URL it controls and uses the URL to identify itself during an OAuth flow.

When the client starts an OAuth request to the MCP authorization server, it says, "Hi, I'm https://example-app.com/client.json." The server fetches the JSON document at that URL and finds the client's metadata (logo, name, redirect URIs) and proceeds on as usual.

This creates a decentralized trust model based on DNS. If you trust example.com, you trust the client. It removes the registration friction entirely while keeping the security guarantees we need. It’s the same pattern we’ve used in IndieAuth for over a decade, and it fits MCP perfectly.

There are definitely some new considerations and risks this brings, so it's worth diving into the details about Client ID Metadata Documents in the MCP spec as well as the IETF spec. For example, if you're building an MCP client that is running on a web server, you can actually manage private keys and publish the public keys in your metadata document, enabling strong client authentication. And like Dynamic Client Registration, there are still limitations for how desktop clients can leverage this, which can hopefully be solved by a future extension. I talked more about this during a hugely popular session at the Internet Identity Workshop in October, you can find the slides here.

You can try out this new flow today in VSCode, the first MCP client to ship support for CIMD even before it was officially in the spec. You can also learn more and test it out at the excellent website the folks at Stytch created: client.dev.

Enterprise-Managed Authorization (Cross App Access)

This is the big one for anyone asking, "Is MCP safe to use in the enterprise?"

Until now, when an AI agent connected to an MCP server, the connection was established directly between the MCP client and server. For example if you are using ChatGPT to connect to the Asana MCP server, ChatGPT would start an OAuth flow to Asana. But if your Asana account is actually connected to an enterprise IdP like Okta, Okta would only see that you're logging in to Asana, and wouldn't be aware of the connection established between ChatGPT and Asana. This means today there are a huge number of what are effectively unmanaged connections between MCP clients and servers in the enterprise. Enterprise IT admins hate this because it creates "Shadow IT" connections that bypass enterprise policy.

The new MCP spec incorporates Cross App Access (XAA) as the authorization extension "Enterprise-Managed Authorization".

This builds on the work I discussed in Enterprise-Ready MCP leveraging the Identity Assertion Authorization Grant. The flow puts the enterprise Identity Provider (IdP) back in the driver's seat.

Here is how it works:

Single Sign-On: First you log into an MCP Client (like Claude or an IDE) using your corporate SSO, the client gets an ID token.
Token Exchange: Instead of the client starting an OAuth flow to ask the user to manually approve access to a downstream tool (like an Asana MCP server), the client takes that ID token back to the Enterprise IdP to ask for access.
Policy Check: The IdP checks corporate policy. "Is Engineering allowed to use Claude to access Asana?" If the policy passes, the IdP issues a temporary token (ID-JAG) that the client can take to the MCP authorization server.
Access Token Request: The MCP client takes the ID-JAG to the MCP authorization server saying "hey this IdP says you can issue me an access token for this user". The authorization server validates the ID-JAG the same way it would have validated an ID Token (remember this app is also set up for SSO to the same corporate IdP), and issues an access token.

This happens entirely behind the scenes without user interaction. The user doesn't get bombarded with consent screens, and the enterprise admin gets full visibility and revocability. If you want to shut down AI access to a specific internal tool, you do it in one place: your IdP.

My default apps, 2025 edition - Posts feed

2025-11-25T19:47:00.000Z

An update on my 2024 post. Some fairly major changes this time around. I've been making a concerted effort to move to more self-hosted applications and, failing that, hosted applications built with privacy in mind. This has also been done with an eye towards relying on fewer Apple services.

📮 Mail service: Proton
📨 Mail client: Proton's macOS and iOS clients.
📝 Notes: Obsidian
✅ Tasks: Obsidian with the obsidian-tasks plugin.
📖 RSS service/client/bookmarking: FreshRSS + NetNewsWire + articles sent to linkding
🔎 Launcher: Spotlight
📇 Contacts: Baïkal
😶‍🌫️ Cloud storage: Proton Drive + iCloud
🎞️ Photo library: Ente
🌐 Web browser: Orion
💬 Chat: iMessage + Signal
🗓️ Calendar: Proton calendar
🌤️ Weather: Mercury Weather
📚 Books: an ePub PWA I wrote that leverages Audiobookshelf's API + Audiobookshelf using ShelfPlayer
🎙️ Podcasts: Audiobookshelf¹ using ShelfPlayer
🎧 Music: Cadence + Navidrome + a custom scrobbler
🔐 Passwords: Proton Pass
💸 Budgeting: A spreadsheet in LibreOffice
🐘 Mastodon: Mona
📺 TV/Movie tracking: Custom/self-hosted implementation.
👨🏼‍💻 Code: Cursor + iTerm
🕵🏻 Search: Kagi
📦 Package tracking: Parcel

I only listen to 404 Media's and saved items from linkding I convert to audio. ↩

Shellsharks Blogroll - BlogFlock

Introducing Roundabout - Werd I/O

What Happens After the Hype? Lessons from Mobile Internet’s Long Road to Success - Werd I/O

Year 3 at the Smallholding - Kev Quirk

Making progress in the garden

Looking to year 4

Knowing when to leave - Werd I/O

imperfect notes & my second subconscious - Werd I/O

A big list of things I disable in WordPress - Terence Eden’s Blog

"Disagree and Let’s See" - Werd I/O

The Optical Illusion of Prosperity - Werd I/O

Saturday - James' Coffee Blog

Little moments of joy - James' Coffee Blog

Experimenting with web design - James' Coffee Blog

A blog post layout with an image

A blog post with a wider image

A page for hats

An about page

Playing

Announcing Validate Everything - James' Coffee Blog

How the page works

Building things is fun

Addendum: How it started

Deploy on push with Forgejo and Coolify - Posts feed

My Wikipedia account is now old enough to vote - Terence Eden’s Blog

How I Replaced My Son’s PC With an £88 iMac - Kev Quirk

Getting the iMac

Performance

Final thoughts

The Idiot Sandwich - On Embedding Alt Text - Terence Eden’s Blog

Terence Eden

Local vs Cloud - Kev Quirk

Defining “the cloud”

My approach

What about security?

So… cloud or local?

22.00.0170 Decimal Diary: TGIF and vintage annual reports - Johnny.Decimal

Decimal Diary: TGIF and vintage annual reports

Some reports

Footnotes

Client Registration and Enterprise Management in the November 2025 MCP Authorization Spec - Articles by Aaron Parecki

Client ID Metadata Documents (CIMD)

Enterprise-Managed Authorization (Cross App Access)

Further Reading

My default apps, 2025 edition - Posts feed