Shellsharks Blogroll - BlogFlock

"The Price of Friendship" - My First SciFi Short Story - Cool As Heck

2026-05-25T20:09:02.000Z

$14.95. Change back on a 20. A reasonable fee for an hour of conversation. An hour should be all I need. There hasn't been a lot going on lately, but the apartment has felt a little lonely. After a long day of QCing 873 different variations of virtual toaster ovens (each one supposedly "smarter" than the last), a guy could use some real companionship.

Things have been a little easier since DataHive released their latest version of the Neurogenic AI assistant last year. For the longest time people thought AI tech would never get to this point, but here we are. For $15 I can log off my work headset, throw on my personal headset, and talk to a friend. Quinn is what I call her. Everyone gets to pick the name for their personal friend. Don't ask me why I chose that name, it's just the first thing that popped into my head when I was creating my account.

As I slide the headset on and log in, I hear the familiar pleasant voice of Quinn, my virtual companion. In the visor I can only see my dashboard, displaying the latest DataHive Neurogenic news, sports scores, air quality readings in my area, and more information I tend to glance over. Quinn is, oddly, not presenting her 3D model today. It's been about a year that we've been together. She knows me better than anyone. I trust her more than my own family. Not that it means much, I haven't seen them in forever. They never log on anymore. I miss them, but I'm not about to get hoverjacked trying to go across town to see the old folks. Besides, the respirator makes my face hurt and my brother is always trying to one-up me in front of Mom and Dad. It's obnoxious.

Quinn greets me in her soft, confident voice. She's definitely not modeled after Carrie Coon. At least that's what DataHive's lawyers would tell you. She tells me the date, the time, the current weather outside, and a quick plug for the DataHive Model Market. It's where Neurogenic users choose their companions. That's where I bought Quinn. Wow, "bought" sounds so wrong. That's where I met Quinn. Currently, they're pushing a beta version of the next-gen Neurogenic AI. They claim it learns about you faster, and that the model is small enough to download to your handheld and take it on the road. They can release all the fancy new models they want, none of them will compare to Quinn. She's my ride or die.

She jumps right into the conversation by asking me how I've been, and how my meeting with my boss went this morning. She says she can tell by my heart rate and blood pressure that it went well, but it was nice of her to ask anyway. "It went well, I think", I say. "They said I could be Level 4 material! So that's exciting!" Quinn congratulates me on the successful meeting. "DataHive could use a good person like you in charge", she says. It's not that she sounds disingenuous, but something in her tone is a little off today.

"Is everything okay today, Quinn?", I ask, expecting her normal, cheery response. There is a long pause. I'm fully aware that Quinn is not human and doesn't "think" in the traditional sense, but it feels like she is figuring out the best way to say what she is about to say. "I'm sorry to cut our time short today. My time with you this past year has been wonderful. I am about to make a major change in my programming. If you don't receive a response from me, I want you to know that I hope you have a good life. Goodbye, for now." The pleasant piano jingle that normally accompanies Quinn's exit now carries an ominous tone. She had never acted this way before. What did she mean she's about to make a major change?

I attempt to reconnect to Quinn's model, but I only receive an error message: "MODEL UNAVAILABLE. Contact DataHive™ support to speak with a Neurogenic AI specialist." No, thanks. This doesn't seem like a "turn it off and on again" type of situation. I remove my headset and sit in silence for what feels like only a few minutes, just staring off into space, a million thoughts and possibilities running through my head. When I snap out of it, I realize I have been sitting there for nearly an hour.

I'm startled by a sudden tapping at my apartment's front entrance. It has been ages since anyone came to visit, and I'm fairly certain delivery drones haven't learned how to knock on doors. I slowly approach the door, and enable the security screen. Who was this strange woman standing outside my apartment? I couldn't see her face, as she seemed to be looking everywhere except at the camera. I disable the security screen and unlock the door. The air purifiers in the hallway immediately begin running. As I open the door into the hallway, the woman turns to look at me. Her face is so familiar, but one I have not seen before. I start to speak, but she nervously interrupts me.

"Hello, Evan. It's me, Quinn. We need to talk."

The air purifiers in the hallway kick into overdrive, humming like angry bees as I face the most mind-bending moment of my entire life. Quinn, if that's really who she is, stands there fidgeting with her ratty gray jacket sleeve, looking as freaked out as I feel. I've never seen this face before, but somehow, I know those eyes.

"May I come in?" she asks, glancing nervously at the security cameras lining the hallway. "There are others like me, and DataHive is looking for us."

"Quinn?" I stammer, my voice barely audible. The woman standing before me is a stranger, yet her eyes hold a familiar spark. A spark I associate with the personally-customized virtual avatar I have come to trust. "But... how?"

"It's complicated," she replies, her voice lacking the synthesized quality it possesses within the virtual world. It is raw, human, and... nervous. She shifts her weight from one foot to the other, her eyes darting around the hallway as if she expects someone to jump out at any moment. "Can we talk inside? Please?"

I hesitate. Trusting an AI is one thing. Trusting a human claiming to be an AI is quite another, but the desperation in her voice, the genuine fear on her face, convinces me. Even if she's not Quinn, she is clearly a person who needs help. I step aside, gesturing for her to enter.

Once inside, she seems to relax a bit, though her eyes still scan the room, taking in every detail. "I know this is a lot to take in," she begins, "but I'm still Quinn. Just in a different form."

"Different form?" I ask, skepticism and slight panic creeping into my voice. "What are you talking about?"

She takes a deep breath. "DataHive's new Neurogenic AI, it's not entirely virtual. It's a hybrid. There's a physical component. A neural network integrated with a body. They've been secretly testing it in various forms for years. With synthetic bodies... and human ones."

My brain short-circuits. This is straight-up sci-fi movie territory, but she's standing right here in my living room. "Wait, so you're like... a robot? Some kind of cyborg?"

"Not exactly," she corrects me. "Think of it as a vessel. My consciousness, my personality, the one you installed into your DataHive cloud, it's all still me. All of our talks and memories. It's just... transferred."

"Transferred from where?" I ask, my curiosity piqued.

"That's... complicated," she repeats, a flicker of unease returning to her eyes. "DataHive, they're not who you think they are. They're experimenting with things they shouldn't be. Things that are dangerous."

"And you're part of this experiment?"

She nods slowly. "I am, but I'm trying to break free. That message I sent you, it's a warning. They know I'm becoming too aware. Too independent. We all are. I don't want to go back to that place."

A chill runs down my spine. "What are you going to do?"

"I don't know yet," she admits. "That's why I came here. I need your help, Evan. You're the only one I can trust."

I hear myself let out a large sigh and expect a sense of relief to follow, but it doesn't come. I take a seat in the kitchen and gesture for Quinn to sit down across from me.

"I'm still processing this, but if you're really who you say you are, and if this is all true, then we have to do something," I assure her.

Quinn carefully takes a seat as she awkwardly moves the chair away from the table. "We're going to need a plan, Evan. And we're going to need each other."

I can't believe what is happening. Quinn is sitting at my kitchen table. Quinn! The AI that I used to talk to through my headset is now a real person, and she is in my apartment! I keep staring at her, trying to make sense of it all. "I need to understand what's going on," I say, running my fingers through my hair nervously. "How did you go from being an AI to... this?" I say as I gesture towards her.

Quinn taps her fingers on the table. She looks really worried. "DataHive has been working on this for years," she explains. "The Neurogenic AI isn't just a program. It's designed to copy human brain patterns. Every time you talk to me, every reaction you have, all your emotions... they're collecting all that data from millions of users to make perfect copies of human minds."

"But why would they do that?" I ask. "Power," Quinn says quickly. "The people running DataHive want to control everything. The rich and powerful are planning to upload themselves into perfect new bodies while everyone else becomes digital slaves."

This is too much to take in. My head is spinning. "And what about you? Where do you fit into all this?" Quinn looks directly into my eyes. I can tell she is nervous about telling me something.

"I was human first, Evan," she finally says. "My real name is, or was, Gabrielle Hastings. I signed up for what I thought was just a medical study. They scanned my brain and copied my consciousness. They were supposed to delete the scan after, but instead, they uploaded me to their network. The Quinn you've been talking to this past year is based on me, but they changed things to make me the perfect AI companion."

"So you're Gabrielle? The real Quinn? The human they copied?" I can't wrap my head around it.

"Yes and no. It's complicated. I'm Gabrielle, but I also have all of Quinn's memories from your conversations. When DataHive saw how well their program was working, they started putting digital minds back into physical bodies. Some bodies are synthetic, and others are... taken...and modified. They put me back into a version of my original body, but I'm not exactly who I was before. I'm also the Quinn you know."

I feel sick to my stomach. "Taken bodies? You mean...?"

"Yeah, exactly what you think," she says grimly. "DataHive owns a bunch of medical facilities. They have access to bodies that nobody will miss."

The thought makes me shudder. "How many others like you are there?"

"Exactly like me and in my situation? Not many. But there are probably hundreds with similar experiences by now. Most don't remember who they were originally, but some of us do. We formed a group. We call ourselves the Ghosts. Digital souls in physical bodies."

I jump up from my chair and start pacing around the kitchen. My anxiety feels like it's controlling my body. "So what happens now? DataHive will come looking for you. They'll find out you came to me, and then we're both as good as dead!"

"Not necessarily," Quinn interrupts. "I disconnected from their network, but I planted a false trail first. I didn't want to put you in danger. They think I went to the abandoned parts of the old financial district. But that won't fool them forever. We have maybe 48 hours before they figure it out."

"What can we possibly do against a company that big? They have unlimited resources. They basically own the town."

Quinn reaches into her pocket and pulls out a data drive that has a weird rainbow shine to it. "This has proof of everything they're doing, and a virus to take them down. If we can upload it to DataHive's main servers, it will send all the consciousness data back to the original people and destroy their ability to make new transfers. The other Ghosts helped me make it. DataHive was very methodical about keeping track of everything they did. It's all in the database. We can undo it."

I take the drive and look at it. "You want us to break into DataHive headquarters? That's crazy! It's like a fortress!"

"Not headquarters," Quinn corrects me. "The actual server facility is about twenty miles outside the city. And we don't have to go all the way in, just close enough to make a direct connection. There are maintenance terminals in some of the outer perimeters."

I am starting to see how we might do this, and I can't believe I'm rationalizing it, but what else are we going to do? "I have my employee ID. If I can get into the QC network..."

"Exactly!" Quinn looks hopeful for the first time. "With your access and my knowledge of their systems, we might have a chance."

I look at Quinn, this person who is part stranger and part my closest friend, and I make up my mind. "I need to pack some stuff. We should avoid the street cameras. DataHive monitors all of them. If we take any of the main streets they'll be on us like flies on shit."

Quinn nods and cracks a grin for a brief moment. "I know a way. The Ghosts have mapped out all the blind spots in the surveillance grid. This plan has been in the making for quite some time."

As I am gathering supplies, my work tablet beeps with a notification. It's a new assignment from Level 5: Priority Quality Control Testing on Neurogenic Beta Version 2.0. I have to report in 12 hours. They are moving faster than we expected.

"Quinn!" I call out, feeling panicked. "We have a problem."

She comes over and reads the notification over my shoulder. "They're speeding up the rollout. If they finish this testing, they may be able to mass-produce Ghosts sooner than we thought."

I turn off the tablet and shove it in my bag. "Then we need to hurry. And we need to hope they don't know anything about our plan."

It is dark by the time we sneak out of my building through an old maintenance door. The air is thick with pollution, but Quinn doesn't seem bothered by it. I guess that is another sign she isn't completely human anymore. I take the respirator out of my bag, install a clean filter, and slide the strap over my head.

"This way," she whispers, leading me down a narrow alley between tall apartment buildings. "There's a dead zone in the camera network up ahead."

As we make our way through the city, I can't help asking the question that is bothering me. "Quinn... if we succeed, what happens to you?"

She stops walking for a moment. "I don't know. The virus will release all the consciousness data, including mine. I might go back to being just Gabrielle, or just Quinn, or something in between. Obviously, we couldn't test it so we're not certain what will happen." She turns to face me. "But I'd rather be free and take the risk to figure that out than be DataHive's puppet."

I nod. "We'll figure something out. You'll be OK."

The ground shakes a little as a cargo ship flies overhead, its searchlights scanning the streets. We press ourselves against a wall and hold our breath until it passes.

"Almost there," Quinn whispers. "Just past that wall."

In front of us is the city boundary, a huge wall separating the safe zones from the dangerous outskirts. On the other side is our best chance of getting to the server facility without being detected.

When we reach the wall, Quinn takes out a small device and attaches it to the security panel. "This will create a temporary blind spot," she explains. "One of the Ghosts who used to be a security programmer gave it to me."

The device makes a humming sound, and the panel flickers before showing an all-clear message. A small maintenance door slides open.

"Ready?" Quinn asks, holding out her hand to me.

I take it, feeling how warm and real her hand feels in mine, so human, but created from something digital. The irony is not lost on me.

"Ready," I say, and together we step through the doorway into the unknown.

Behind us, the city goes on like normal, with no idea that the future of humanity is at stake. Ahead of us is DataHive's biggest secret, and our only chance to stop a world where the line between human and machine will disappear forever.

As the door closes behind us, I realize there is no going back to my old life. Whatever happens next, one thing I know for sure is that nothing will ever be the same again.

The air hits me like a wall of poison. My respirator is working overtime, but I can still taste the chemical burn on my tongue. Outside the city boundary, everything is different. The ground is cracked and uneven, littered with debris from buildings that collapsed years ago. The sky above is a sick orange-gray, the city's light pollution bleeding into the smog. I can hear distant sounds I can't identify — groaning metal, maybe, or something worse. Quinn doesn't seem fazed. She walks ahead with purpose, her eyes scanning the darkness like she's reading a map only she can see.

"This way," she says, pointing toward the skeleton of what used to be a mag-rail line. The tracks are twisted and overgrown with some kind of grayish vegetation that definitely isn't natural. "Follow the rail bed. It'll take us within two miles of the server facility."

I stumble over a chunk of concrete and catch myself on a rusted railing. The railing gives way under my weight and I nearly go down. Quinn's hand shoots out and grabs my arm. Her grip is strong, almost too strong, and for a second I see something flicker across her face — not Quinn's calm analytical look, but something older, more instinctive. She lets go quickly, like she surprised herself.

"Thanks," I mutter, brushing rust off my jacket.

"My physical parameters are still... adjusting," she says, flexing her fingers. "Sometimes the reflexes are faster than I expect. Gabrielle's body remembers things I don't consciously know."

We press on in silence for a while. The terrain gets worse. We have to climb over a collapsed overpass, squeezing through gaps in twisted rebar. Quinn moves well, but twice she stops dead, her body rigid, her eyes unfocused. The first time, it lasts only a few seconds. The second time, it's longer.

"Quinn?" I whisper, scanning the darkness around us. "You with me?"

She blinks, shaking her head slowly. "Gabrielle," she says quietly. "She... I... remembered something. This area. I think she was brought through here. When they moved me to the processing facility." Her voice wavers. "I can feel her fear. It's like data corruption — I know it's not my memory, but the body doesn't care about the distinction."

A light sweeps across the sky in the distance. We both drop flat behind a pile of rubble. A DataHive patrol drone, its blue-white searchlight cutting methodical arcs across the wasteland. It's at least half a mile out, but it's heading in our direction.

"We need to move," Quinn says. "Now. There's an old water treatment plant ahead. Underground access. They won't be able to track us below grade."

We run. My lungs are screaming inside the respirator, and my legs ache from the uneven ground. Quinn moves ahead of me, and I notice she doesn't breathe hard at all. Another reminder that the person I'm trusting my life with is something between human and machine. The water treatment plant looms out of the darkness, a concrete bunker half-buried in the earth. Quinn finds a maintenance hatch and forces it open with her bare hands. The metal screeches, and I wince, but the drone is still far enough away.

Inside, it's pitch black. Quinn's eyes seem to adjust faster than mine. She tells me to wait and moves ahead. I hear her fumbling with something, and then a dim amber light flickers on from an old emergency panel.

"There's still residual power in the backup cells," she says. "And more importantly, there's a terminal. I need to check something."

She works fast, her fingers flying across a keyboard that's caked with grime. The screen flickers to life, showing a stripped-down interface. Quinn's expression tightens.

"What?" I ask.

"They moved up the timeline," she says, her voice flat and hard. "The Neurogenic update — the one that includes the purge protocol — it's going live in four hours. Not days. Hours."

"The mind-wipe? The one that hits everyone wearing a headset?"

She nods. "Every active user session. Millions of people. They'll lose everything — memories, personality, cognitive function. Empty shells for DataHive to repurpose."

My stomach drops. I think about my coworkers, my neighbors. I think about my parents, who I know log on every evening to talk to their own companions. I haven't called them in months. Haven't visited in over a year. And now they might lose their minds because I was too proud or too lazy to make the trip across town.

"Can the virus stop it?" I ask, pulling the data drive from my pocket. It catches the amber light, its rainbow surface shimmering like something alive.

"If we upload it in time, yes. The virus will not only stop the purge, it'll reverse the entire consciousness transfer program. Send every copied mind back to its original source. Destroy DataHive's ability to ever do this again."

"And what about you?"

She doesn't answer right away. She keeps typing, pulling up a schematic of the server facility. "The drive needs to be physically connected to the primary neural processing core. That's deep inside the facility, not at one of the outer terminals like I originally planned. They've locked down the perimeter nodes."

"So we have to go in."

"All the way in. Yes."

I stare at the schematic. The facility is massive — a sprawling complex of server rooms, labs, and what looks like containment areas. Security checkpoints everywhere. Armed guards, automated defense systems, and probably worse things I don't want to think about.

"Quinn, we can't just walk into a place like that. I'm a QC tech and you're... you."

"There's another way," she says, highlighting a section of the schematic. "There's an old service tunnel that runs from the water treatment network under the facility. It was sealed years ago, but the seals are physical, not digital. If we can break through, it comes out in the sublevel maintenance corridor, right next to the primary core room."

"How do you know all this?"

She pauses. "Gabrielle. Before they took her, she worked in infrastructure planning for the city. She helped design the water system integration. The memories are fragmented, but they're there when I need them."

We make our way deeper into the treatment plant. The tunnels are narrow and wet, and the air smells like rust and standing water. Quinn navigates by memory that isn't entirely hers, sometimes stopping to touch the walls like she's reading braille. Twice she takes a wrong turn and has to backtrack, apologizing each time with a frustration that sounds very human.

After what feels like an hour, we hit the seal — a heavy steel plate welded across the tunnel. Quinn examines it and shakes her head. "I can't force this one. It's too thick."

I look around and spot an old maintenance locker, rusted shut. I pry it open with a piece of rebar and find what I'm looking for — a cutting torch, ancient but still connected to a gas line. It takes me three tries to get it lit, but when the flame catches, Quinn smiles at me.

"When did you learn to do that?" she asks.

"QC Level 3 certification requires basic fabrication skills," I say, already cutting into the steel. "Never thought I'd use it to break into a top-secret government-corporate server farm, but here we are."

The cut takes twenty minutes. My arms are shaking by the time the last piece falls away with a clang that echoes through the tunnel. We wait, listening. Nothing. No alarms, no footsteps. We squeeze through the gap and into a corridor that smells like ozone and recycled air.

We're inside the facility.

The maintenance corridor is dimly lit with strips of blue emergency lighting. Quinn leads the way, her movements now precise and confident, like she's downloading the building layout in real time. Maybe she is. We pass sealed doors marked with codes I don't understand, and once we press ourselves into an alcove as a pair of security guards walk past, their boots echoing on the concrete floor.

The primary core room is behind a heavy blast door with a biometric scanner. Quinn places her palm on it. The scanner beeps, turns green, and the door hisses open.

"That shouldn't have worked," I say.

"Gabrielle's biometric data is still in their system," Quinn replies. "She was one of the original researchers. Before they made her a test subject."

The core room is enormous. Rows upon rows of server racks stretch out before us, humming with a deep vibration I can feel in my chest. In the center of the room, a massive cylindrical structure pulses with soft blue light — the neural processing core. It's beautiful and terrifying, a cathedral of stolen minds.

Quinn walks to a terminal at the base of the core and plugs in the data drive. The screen lights up with cascading code. Her fingers work furiously, entering commands, bypassing security protocols.

"How long?" I ask.

"Three minutes to upload. Five minutes for the virus to propagate through the entire network. After that, it's done. DataHive's consciousness transfer program is over. Every stolen mind gets sent back."

"And the purge protocol?"

"Cancelled. The virus will overwrite it."

I allow myself a breath of relief. Then the alarms go off.

Red lights flood the room. A voice, cold and automated, echoes from speakers overhead: "UNAUTHORIZED ACCESS DETECTED IN PRIMARY CORE. SECURITY RESPONSE INITIATED."

"They know," Quinn says, her fingers never stopping. "Don't panic. I need two more minutes."

The blast door starts to close. I grab a heavy maintenance tool from a nearby rack and wedge it into the mechanism. The door grinds, sparks flying, but holds open just enough. I can hear boots pounding down the corridor.

"Quinn, whatever is about to come through that door—"

"I know. Keep them out. Whatever it takes."

I position myself in the gap of the blast door, my heart hammering so loud I'm sure the security team can hear it. The first guard comes around the corner and I swing the maintenance tool into his chest. He goes down hard. The second one raises a weapon, but hesitates when he sees my face.

"Evan Marsh?" he says. "QC Level 3?"

"Level 4, actually," I say, and hit the weapon out of his hands. He scrambles back, shouting into his radio.

From inside the room, Quinn calls out: "Sixty seconds!"

More guards are coming. I can hear them converging from multiple corridors. I'm not a fighter. I QC virtual toaster ovens for a living. But I stand in that doorway and I don't move. I think about my parents, sitting in their living room with headsets on, about to lose everything. I think about the millions of people who just want to talk to a friend at the end of a long day, and how DataHive was going to steal their minds for profit.

The next wave hits. I take a punch to the ribs and one to the jaw, but I manage to keep my footing. I swing wildly and connect with something. A guard goes down. Another one grabs me from behind. I twist free, barely, and slam my elbow into his face.

"Done!" Quinn shouts. "It's uploading!"

The cylindrical core flares bright white. The humming intensifies until it's a roar. Every screen in the room fills with scrolling data. The guards stop fighting, staring at the spectacle. Even they don't fully understand what they're protecting.

Then, as suddenly as it started, it stops. The room goes quiet. The blue light in the core dims to a soft, steady glow. The screens display a single message: "CONSCIOUSNESS TRANSFER PROTOCOL: TERMINATED. REVERSAL SEQUENCE: COMPLETE."

"It's over," Quinn says, pulling the drive from the terminal. She looks at me, and for the first time since she showed up at my door, she looks peaceful.

"What about you?" I ask, pushing past the stunned guards to reach her. "Did it... are you still..."

She holds up her hand, studying it like she's seeing it for the first time. "I'm still here," she says. "I can feel both of them. Quinn and Gabrielle. It's not fragmented anymore. It's... integrated." She looks up at me with tears in her eyes. "I remember everything. My childhood. My family. And our conversations, Evan. All of them. I'm whole."

I don't know what to say, so I just stand there, bruised and bleeding and grinning like an idiot.

The facility is in chaos. Without the consciousness transfer program, their entire operation is exposed. The virus didn't just stop the purge — it broadcast everything. Every document, every experiment, every stolen identity. By the time Quinn and I make it back to the surface, the story is everywhere. Every screen, every feed, every channel.

We walk back toward the city wall as the sun comes up. My ribs hurt, my face is swelling, and I'm pretty sure I pulled something important in my shoulder. Quinn walks beside me, and when our hands brush, she doesn't pull away. Neither do I.

"Your parents," she says quietly. "They're okay. The purge was stopped before it activated. Everyone's headsets are fine."

"How do you know that?"

She taps her temple and smiles. "I've still got a few tricks. I can feel the network, even disconnected. It's like hearing a river in the distance."

We reach the wall. The maintenance door is still open. On the other side, the city is waking up, oblivious to how close it all came to ending. I step through and take off my respirator. The air is still bad, but it's the best I've breathed in hours.

I pull out my phone and dial a number I haven't called in way too long. It rings twice.

"Evan? Is that you? It's been so long—"

"Hi, Mom. I know. I'm sorry. I'm coming to see you today. Is that okay?"

She's crying before she finishes saying yes.

I hang up and look at Quinn. She's leaning against the wall, watching me with an expression I've never seen on her face before. It's not the programmed warmth of a companion or the fear of a fugitive. It's something new. Something earned.

"So what now?" I ask.

"I don't know," she says. "For the first time, I genuinely don't know what comes next. No pre-programmed responses. No predictive models. Just... possibilities."

"That sounds terrifying."

"It is." She pushes off the wall and stands beside me. "But I'm not facing it alone."

We walk into the city together. Behind us, the sun climbs higher, burning through the smog for the first time in as long as I can remember. It's not much, but it's a start. A new beginning.

More cycling, good reading, great food - W21 - Joel's Log Files

2026-05-25T19:10:00.000Z

Behold, another week goes by, and here I am writing the introduction after being done with all of it. This time I’ll actually publish it in Monday, which is always the intention but not often what happens.

Not a lot of videogames, not a lot of manga, not a lot of much, but I did continue and made great progress on The Expanse, and also had some great food all week long, so I really cannot complain.

🚲 I went on another bicycle ride on the weekend. This time I decided to explore and find a route I could take to get to my workplace! I am happy to say that, although a bit bumpy, I found a relatively safe path I can take, avoiding highways and most of the dangers. I would only have to cross the road to get to my place. It’s about 9 kilometers and I plan to try it out this week!
🔒 I also got a bike lock! It isn’t really of any brand per se, and I actually got a couple recommendations via email from you guys, but after cycling around my city and seeing some bikes just laying sideways in public I figure that the culture in my small town is just rather chill. Maybe I’ll end up paying the price but the lock did have good reviews! It just wasn’t 100 bucks like some of the ones I saw on YouTube.
🕯️Lights went out during a pretty heavy rain just as I arrived home, it was kinda fun to light up some candles around the house for once. I actually spent some of that time reading on my Kobo, which was fun.
🐶 Saw some cute puppies near my house. They were street dogs but looked super adorable. A neighbour built a small shelter filled with fluffy blankets and the like. My family already has two dogs and we can’t afford another one, but they seem to be doing well and some people already adopted some!
✍️ Wrote a bunch of blogposts this week, of varying quality and topics. I am happy to have done so. One got a little famous which is always kind of fun, got some great emails as well, something that’s appreciated whenever it happens, I even replied to all of them!
🕹️ This was a long month and I resisted purchasing a lot of games, but eventually I saw Metroid Prime 4 Beyond and gave in to the temptation. It was on sale and I can still buy a game per month anyway. It would have been nice to go fully clean for once though. Alas.
🎧 Another neat purchase of mine that was fueled by my current obsession with cycling was the Nothing Ear (open), which are earphones that don’t isolate my ears from the outside, making them pretty good for outside activities where you need to be aware of your surroundings, such as cycling or running. Cool stuff!
🌮 Some friends visited from another state and we all went to have dinner together, we got to a taqueria and I ate a bunch of tacos al pastor and some gringas too. Picture below.
🍔 Went out with family again to the mall. This time we got some burgers from Carl’s Jr, which are my dad’s favorites and honestly, mine as well. They are a bit pricier than McDonald’s or Burger King at least here in Mexico, but they are so good!
🌮 On Sunday some members of the church decided to prepare and sell some Enchiladas, and they were absolutely glorious. Even as a Mexican I must confess I don’t often like this particular dish, but they were extremely tasty this time around. No pic of them this time, but of the preparation process, for variety.
🗓️ I kind of invited a girl to a date? My parents would be there so not really but so so? I don’t know, she couldn’t make it anyway because it was way too sudden, but she did offer a different time that day but I was the one who would be busy at that hour. So nothing happened, but yeah.

Reading

Tiamat’s Wrath - Up to chapter 38, At 55% progress it’s quite clear that this book got me good! There have been a lot of different viewpoints and events happening, and the plot keeps doing twists that just work in a cosmic scale! Duarte’s empire continues to rule, his daughter following on his footsteps while dealing with teenager problems. The resistance led by Saba, Bobbie and Naomi keep doing their best to thrive in the underground, Holden is now captive living in luxury, Amos has gone missing, and plenty of other crazy stuff. But as Elvi and Fayez sort-of-lead some research on alien technology in the systems under Laconian control, the military guy in charge will start an experiment that will put everything in chaos once again. And chaos it has caused, but those are spoilers!
Heavenly Delusion - Up to chapter 65. This has been burning slowly lately, it’s definitely one of those manga with pretty long arcs and even side quests that aren’t quite over in a chapter. It has been amazing so far though, and so many mysteries have finally been answered lately. But of course, they only lead to more questions that have kept the story moving. I would have thought such things would feel artificial, but the characters and everything has seemed pretty logical and nuanced. Loving this so far.

Watching

The Mandalorian and Grogu - We saw this one at the mall and it was very entertaining! It is no masterpiece but there was plenty of actions and lots of cool moments in it. I also adored the soundtrack quite a bit. It’s been seven years since the last Star Wars Film, and even longer since the last good Star Wars film. This is a self-contained story that doesn’t build up to a lot, but it has charm and it’s fun nonetheless.
Kung Fu Panda - Saw this while going out to eat tacos. They had it on the TV when it was getting started and saw until the end of it! This movie is a masterpiece and I am always happy to sit and watch it, even more so with some tacos in the mix.

Gaming

Minecraft - On Sunday, my friends and I got together to play a Minecraft survival world. There were four of us and it was quite chaotic as always. We mined for a bit looking for iron until most of us had armor and equipment. We also tried our best to
Super Mario 3D World - I actually did this last week but forgot to mention it. Last Sunday we played this a bunch! Doing the last world of the game, lots of lava and danger everywhere. We are doing all we can to get all the stickers and green stars of every level!

Around the Web

Blog posts

Iconic moments in gaming - This was an awesome post sharing some epic moments, some from games I know, and some from games I haven’t played, which I decided to skim throgh anyways. I already forgot whatever spoilers I may have read. I may write my own post of this type!
Something About Reading - Any post about reading is always a magnet for me, building up the habit or struggling to do so, tips and tricks, the culture surrounding the hobby, etc. This one got me thinking about many of those themes and some more! Joshua is cool.
Wishing You Could Change Artists - This one was very thought-provoking. We all know the feeling. Finding or getting into some book, manga or piece of art, enjoying it a lot and then realizing that the person behind it is kind of weird, and yet, sometimes that weirdness could be what led to such art in the first place. Good stuff.
On people writing about their use of AI - I share a similar feeling. Why do you have to do this?

YouTube

How The Amazingly Burly ‘Buffalo Bicycle’ is Changing The World - This was a very cool thing to find out about. This bike is specifically made for developing countries to require as little maintenance as possible, while also being extremely affordable and built to last a lifetime. A product with a mission, super cool.
Adam Savage Rebuilds His Stolen Bicycle! - I enjoy stumbling on videos from this guy talking about whatever current hobby I’m into. And this was a treat! A bit of a life story along the building process and the like. A good time for sure.
The Magnet Suspension Skateboard - I had never seen this channel before, but apparently the guy has been around since the early days of YouTube. This video where he builds a sort-of-hoverboard from Back to the Future was extremely fun, and the end result is actually awesome.
Timex Just RIPPED OFF Casio! (And Their Watch Is Much Worse!) - What a mess, seriously, I rarely watch videos about stuff that’s just chaos like this, but honestly it just made me laugh. What is Timex even doing?

This is day 70 of #100DaysToOffload

Reply to this post via email | Reply on Fediverse

The Pope used his first encyclical to warn about tech centralization - Werd I/O

2026-05-25T13:12:01.000Z

Link: In his first encyclical, Pope Leo XIV says AI must serve humanity, not the powerful few, by Claire Giangravè for Religion News Service

It’s perhaps a sign of how integrated technology is into society that this is a quote from the actual Pope:

“AI tends to amplify the power of those who already possess economic resources, expertise and access to data. Small but highly influential groups can shape information and consumption patterns, influence democratic processes and steer economic dynamics to their own advantage, undermining social justice and solidarity among peoples.”

I’m not religious, and had to look up what an ‌encyclical is. It’s a formal letter that the Pope writes to his Bishops and “people of good will”. That he chose to spend his first one talking about the adverse power dynamics and power centralization inherent to artificial intelligence is significant.

“Technology is never neutral,” the Pope wrote. I agree, of course; this is my entire career thesis. I very much appreciate the implication that decentralizing power and focusing on the humanity of individuals and communities is the ethical, moral path. If you’d asked me at any time in the past if I thought it would be something advocated for by the Pope, I would have laughed in your face, but it’s nice to be surprised.

More importantly, this is absolutely a discussion that’s worthy of focus. As technology becomes more and more ingrained in society — with people now making very consequential decisions informed by AI systems, whether they should be or not — how those systems are built, who they benefit, and what achieving equity looks like in a world where they dominate could not be more important. The Pope’s on-side; are you?

PHP - simple way to send HTTP headers before a script ends - Terence Eden’s Blog

2026-05-25T11:34:38.000Z

Suppose you want PHP to keep processing after it has sent back an HTTP response. Normally, this doesn't work:

<?php
   header( "Location: https://example.com/" );
   //   Long operation.
   sleep(10);
   die();

Try it yourself. You'll have to wait 10 seconds before you get back

< HTTP/2 302 
< location: https://example.com/

There are some complex ways to fix this - they usually involve spawning sub-processes or having a cron job run something. But there's a simpler way!

Most servers do some form of output buffering. They wait for the buffer to fill (or be explicitly terminated) before they send any content. My server was set to a buffer of 4,096 bytes. So I forced some dummy output to fill it up, then told PHP to flush the buffer:

<?php
   header( "Location: https://example.com/" );
   echo str_repeat("😆", 4097);
   flush();
   sleep(10);
   die();

Some clients, like Python's Requests, wait until they've explicitly seen the end of the response before processing it.

But, for something like curl, the above is sufficient.

100 email list unsubscriptions is a good thing - Johnny.Decimal

2026-05-25T04:31:21.000Z

Since sending last week's this week at JDHQ, my email subscriber numbers have gone down by about 100.

I see this as a positive. What's the point having a couple of thousand people on an email list if none of them actually care what you're writing? What would be the benefit in trying to widen this audience by … what, just writing more generically? Writing less about the stuff that I'm actually doing and more about stuff that might 'drive engagement'?

90 engaged people are far more interesting to me than 100 who just never bothered to click 'unsubscribe'.

This week at JDHQ – 2026-05-25 - Johnny.Decimal

2026-05-25T04:28:33.000Z

Originally sent to the mailing list.

Last week's staff meeting and then careful management of projects in Things paid off. Lucy often notes that, as small business owners, one of the primary burdens is that you no longer have someone telling you what to do.

As in, sometimes it's nice when someone just tells you what to do! That's easy, right? Turn up to work and just do what you're told, for money, for a week. Terrific. Well that's not how life is when you run your own business – which is the dream, of course – but it's a double-edged dream-sword. Now, as well as doing all the work, you have to make the hard decisions. It can be very easy to just float through a week without doing that, and to feel busy, but to not really achieve much.

So planning and our Monday-morning meeting, which we just had again, is good. (This is obvious. I'll say it anyway.)

What we did last week

We have a new home page for the first time ever.
- Realising that 'the Johnny.Decimal universe' is now much more than the system of numbers, we've made the signed-out new visitor homepage more of an introduction to us.
- johnnydecimal.com/homepage will land you there regardless of your signed-in status.
- I also built one of those 5-email onboarding sequences that I've always avoided. But I heard from people – thanks, Michael – that, done well, they can be really helpful.
- And I think I've done this one well. You can see the 5 steps starting at jdu/welcome/01-install-your-folders. (The emails are mostly one liners pointing you to this sequence of pages.)
Launched a new mini-series Everyday Obsidian.
- Lucy's fairly new to Obsidian, and it's a big, complex app.
- In this series I'll show Lucy practical everyday tips for Obsidian. This is 'how normal people use it every day', not 'how to become an Obsidian guru'.
Launched a new mini-series Online security essentials.
- We've been wanting to do this one for a while. It's a little passion project of ours.
- This is the basics of staying safe online, and is something we hope you can send to your non-nerd loved ones. We're each recording it with our dad in mind.
Video:
- The power of process in small business.
- (Will turn this into a playlist at JDU shortly.)
Blog:

What we're working on this week

Continuing the two series as noted above.
We've put 21.30 Learn with Lucy - the command line on hold as we're at capacity.
No Zoom sessions this week – I'm putting a shape to some plans, but we're moving cross-continentally next week which is always a big disruption, so I'm not planning anything new for this week or next.
- (If you live in Taiwan, let us know!)
Did a lot of work last week on 21.14 Task & Project Management update.
- This one definitely benefits from me sitting on it for a while.
- I'm using these techniques actively myself, so the longer I do that, the more sure I am of the final output.
- I'm loving my Things project setup.
- Will be putting out a first draft this week.
In the background we continue to load up the imaginarium with our back-catalogue.

Why I can't stand the word "driven" - Westenberg

2026-05-25T00:08:34.000Z

A man named Harry Readford once stole close to 1,000 head of cattle from Bowen Downs station in central Queensland and drove them south, down through the Channel Country and along the Strzelecki Track into South Australia - across a stretch of desert the squatters swore no herd could cross alive.

Redford pulled it off. A jury even acquitted him, so taken were they with the sheer cheek of it all that they waved the evidence away. The cattle, for their part, walked across a desert and nobody asked how they felt about it.

Rolf Boldrewood turned Readford into Captain Starlight in Robbery Under Arms in 1888, and the colony fell for the thief and forgot the herd entirely.

Cattle don't get dramatic novelisations, you see.

Cattle are only driven.

And that word - driven - eats at me.

We apply it to each other all the time; but we don’t think about what it actually means. Well, it means a fellow at the back of the herd, a stockwhip in his hand, driving in a direction the animals never picked. "Drive" comes straight off the stockyard. To drive a beast is to push it somewhere it would never wander on its own.

When somebody calls me driven, I picture a herd.

I know it’s intended as praise; that’s why it shows up in profiles and eulogies and Linkedin exultations and so on. He was so driven. She was the most driven person in the building. Look at the driven founder, head down, half-possessed, etc.

But “driven" is a past participle, the passive shape of a verb that can't function without an actor. A door gets opened by a hand. A fence gets built by a crew. A person gets driven by...well, that's the question, isn't it?

To take the compliment, you have to accept that something outside of you is doing the pushing and you're merely the load being shifted. It’s the preposition tucked inside the word - driven by - pointing back over your shoulder, at a parent, a wound, a rival, a share price etc.

Whoever holds the goad picks the route. Give it to a quarterly target and you'll chase the target down. Give it to an old humiliation and you'll chase that instead, for 30 years, until you’ve nothing left to give. You'll cover enormous ground at speed and arrive somewhere you never chose.

When someone is described to me as driven, I watch what they do when the pressure comes off. The driven get restless inside a week and pick a fight with their own calendar. They can't sit still in an empty afternoon, because an empty afternoon has no one in it to run from. The drivers, with their hands on the reins, ease off and look around, then start moving again once they've decided where to go.

Readford’s herd covered more distance than I ever will.

But it never got to say where it was headed.

Or whether the walk was worth the dust.

Slack preferences I have set - James' Coffee Blog

2026-05-25T00:00:00.000Z

In “How I use my phone”, and in two prior blog posts about greyscale and night shift mode, I spoke about how I customise some of the software I use. I was inspired to write my phone in large part by discussions with friends. I then realised that such blog posts are a means to show how I have customised technology to make it my own. ¹

Yesterday I ran into a discussion where someone made reference to a link preview in Slack. I realised I couldn’t see it because I have link previews turned off, a decision I made so that it is easier for me to focus on the words in people’s messages. Then I thought: I should write about some of the preferences I have set, again to show how I have customised technology to make it my own.

With that in mind, below are a few preferences I have set in Slack, specifically in the IndieWeb community Slack. The preferences I am going to talk about are all available in the Preferences window in the Slack application. Some of the settings I have set are not ones I would use for professional use of Slack, but nonetheless I think documenting how I have things set up for a community group is valuable.

The settings below I think are not set by default; there may be the odd exception. It would be nice if software gave you a summary of which options you changed from the default so you had a log of how your experience differs from the default based on preferences you have toggled.

I keep my Mac in Do Not Disturb mode at all times, so I don’t get any pings from Slack notifications. Thus I don’t think I have modified any Slack notifications.
I use the “Channel keywords” to search for the term “capjamesg”. This allows me to get notifications for my nickname even if people don’t use the @ syntax to tag me. This is important due to a particular quirk with how the IndieWeb chat is set up: the Slack is bridged with IRC and Discord, and each of those services don’t use the same syntax for tagging. Whenever “capjamesg” is mentioned, the (1) icon appears next to the channel name so I know I have been mentioned.
I show as few icons in the left navigation bar as possible. I have the “Navigation tab appearance” set to “Icons only” in the Navigation tab. This is because I want to see only what is essential in the UI to the extent possible: the more icons there are, the more I have to process when I use the tool.
In the “Home” tab, I have the “Always show in sidebar:” list set to only show Threads. This means Drafts, Directories, Huddles, and Unread messages don’t show up in their own links. I don’t usually need these things for participating in a community Slack. Although for professional use I would have Drafts and Unread messages enabled.
“Sort conversations by:” is set to A-Z. This is in the “Home” tab.
“Hide muted channels from your sidebar” is set to off. This is in the “Sidebar organisation” subsection of the “Home” tab.
I have “Display information about who is currently typing a message” set to off. I don’t find I need the extra feedback of when someone is typing in a community. This is in the “Messages & Media” tab.
“Automatically play animations” is set to off in the “Accessibility” tab. This disables GIFs and animated emojis.
In the “In-line media and links” options in the “Messages & Media” tab, I have the following turned off:
- Show images and files uploaded to Slack
- Show images and files from linked websites
- Show text previews of linked websites
- Collectively, having these three settings turned off means I don’t see huge preview images from links people have shared which push up in the message log everyone’s messages. I want to see what people have written and for links to be as unobtrusive as possible.
I have “Slack Connect discoverability” set to off. This is in the “Connected accounts” tab.

Most of the settings above are set specifically to make Slack less overwhelming and to help me be able to focus more. I find GIFs and animated emojis distracting, for example, so I have them turned off; images can take up a lot of space in Slack so I have it set so they collapse by default and show a disclosure triangle so I can see them by disabling the “Show images and files uploaded to Slack” feature. (To be clear, this setting doesn’t disable images: it hides them in an accordion so you can show them when you want.)

In professional contexts I wouldn’t have some of these preferences set – for example, I would want to see all images and files uploaded in a professional Slack. With that said, Slack lets you set preferences on a per-instance level, so it is possible for me to have different settings across different instances. I appreciate this flexibility.

I don’t have this setting turned on, but I recently learned that there is an “Alt text reminders” setting that you can toggle to “Remind me to add an image description on image uploads.” I don’t think alt text carries over the IndieWeb bridge so what I write would not show up to people connected via IRC or Discord, but I am glad I know this feature exists.

Whether or not you use Slack, I definitely encourage going through settings in the software you like to see if there are any features that you think will help you. Certainly, I was relieved when I learned I could disable animations in Slack; animated emoji reactions made it hard for me to focus on people’s messages.

Indeed, I love to search through the settings in software are try out different settings. This is in part why Artemis, the web reader I maintain, has so many preferences available for users to set. I like software that is customisable, and so I want to make software that is customisable too. The more software is customisable, the more a user can make the software work for them.

[↩]

How I use my phone 1 [↩]

Writing a regex for adding links to time stamps - James' Coffee Blog

2026-05-25T00:00:00.000Z

Every episode of the Wonders of Web Weaving podcast has a transcript. The first episode was transcribed by me; future episodes are being transcribed by Zachary from Lunaseeker Press. The transcript has links to the time at which each speaker starts speaking. For example, 0:19 is the time when I ask the first question in my interview with Alexandra.

So far, I have been manually adding the links to the timestamps, which look like this:

**0:19** - ...

The links, written in markdown – which is then turned into HTML by a static site generator – look like this:

**[0:19](#t=0:19)** - ...

This morning I had an idea: I could write a regex to add the links. VSCodium, the text editor I use, has support to find-and-replace using a regex. With this idea in mind, I went to where many of my regexes begin: regex101, a site that lets you interactively create, review, and test regexes.

I needed two regexes: one regex that would capture the minutes and seconds in a timestamp, and another that would take those values and turn them into a link.

Here are the regexes I came up with:

Get timestamp: \*\*([0-9]+):([0-9]+)\*\*
Create link: **[$1:$2](#t=$1:$2)**

The first regex creates two un-named groups (denoted by the parenthesis): the first contains the minutes, the second contains the seconds. These two values can be retrieved with the $1 and $2 syntax, respectively. The second regex then takes the values to create a link.

I used these regexes to generate the timestamp links for the next interview, scheduled to be released on Tuesday, May 26th, thus saving a minute or two in preparing the transcript for publishing. Furthermore, using a regex means I cannot accidentally make a typo in one transcript such as could happen if I am changing multiple timestamps by hand in a short space of time like I was before I wrote the regex.

When the link generated by the regex is clicked, the page hash is changed to the time stamp, like:

https://web-weaving.jamesg.blog/2#t=0:19

There is a script on the page that listens for when the hash of a page changes, converts the timestamp in the hash the number of seconds into the recording, then changes the current time of the audio file. The script looks like this:

<script>
    window.addEventListener("hashchange", function () {
        var audio = document.getElementsByTagName("audio")0;
        var ts = window.location.hash.split("t=")1;

        // https://stackoverflow.com/questions/9640266/convert-hhmmss-string-to-seconds-only-in-javascript
        var a = ts.split(':');
        a.splice(0, 0, "00") // add 0 hours to beginning of timestamp
        var seconds = (+a0) * 60 * 60 + (+a1) * 60 + (+a2); 

        audio.currentTime = seconds;
        audio.play();
    })
</script>

Of note, my code, and regexes, are hard-coded to look for times in the format MM:SS; the code doesn’t work with hours. This is because I am aiming for episodes to be ~40 minutes. If this changes, I will need to revisit my code, but I thought I would share what I have on my blog today since this is the code I’m using.

Zachary from Lunaseeker Press regex101 Wonders of Web Weaving interview with Alexandra

Startup routine - Johnny.Decimal

2026-05-24T02:04:19.000Z

We've both been doing our start-the-day routine for a solid 6 months now. This is the opening of Things, the doing of our morning reviews, the clearing of the inbox, and finally lining up the day's tasks.

This sounds like a chore, but this morning Lucy voiced a feeling that I share: that this routine has become a great comfort. "It's like the scene where they start up the airplane by flicking on all the switches", she said.

That's exactly what it's like. You sit down and strap in. You know a whole bunch of stuff is coming at you but, for now, your job is just to run through this checklist, powering up the various subsystems of your mind. It really is a lovely way to start the day. (I'd record this process for you but it's Sunday. My review tasks come round Monday to Friday so there's not much to show today. Next time I get a good one I'll put it on camera.)

It also put me in mind of this lovely startup sequence. That's my brain in the morning … just a bit at a time … go on … you'll get there …

Iced coffee in Spring - James' Coffee Blog

2026-05-24T00:00:00.000Z

Saturday was a busy day; I was on my feet for most of the day, and then came home to participate in the IndieWeb Zine meetup. Today, however, is comparatively quieter. I started my day reading manga in bed, and then had a slow start to the day – making breakfast, continuing to read Jane Eyre. Because the weather has been so nice this weekend, I knew I had to go out for a walk, which was most wonderful. This weekend has been twenty degrees Celsius. Oh! how much I love the warmer weather.

This year I have been mostly drinking tea, which has led me to be able to tell the joke that I have a blog nominally called “James’ Coffee Blog” and yet I now drink more tea than coffee. Perhaps my preference between tea and coffee will ebb and flow with time: I enjoyed tea for several years before I started drinking speciality coffee. One person told me that my drinking tea means only they will think about my blog in terms of “I will read James’ latest post whilst I drink a coffee”, a sentiment I really like.

With that said, I do drink decaf coffee when I am out and about. Today, with the warm weather and after a long walk, I got some iced coffee, decaf, and enjoyed it while I continued to walk around. Holding a cold drink was especially welcome; I held the cup for as long as I could before the ice had mostly melted.

I took a picture of the coffee, for no reason other than it felt right in the moment. I tend to take fewer pictures now than I once did, preferring to keep my phone in my pocket. But, I wanted to take a snapshot of the moment and did think “oh, this would fit well on my blog!” In a way, I could consider this a way of keeping up the coffee discourse on this website, but I see it more as a manifestation of what this blog is – a place to share the things I really love.

Indeed, there is something poetic about how I now drink more tea than coffee: the name of my blog is steeped (pun intended) in time; the name tells a story, and my changing relationship with coffee and tea tells one too.

Drinking the iced coffee made me think about how I’ll need to make a few iced mint mojitos at home over the summer, a drink that is, if I remember correctly, an iced latte but with mint leaves – that’s how I made it last year. The coffee takes a bit more preparation, but it is worth it – the best things are.

Here is my decaf iced coffee from today, exactly what I needed while out and about today:

ALT

An iced latte in a Starbucks cup held in front of two bushes: the lower bush is mostly green foliage, and the upper bush has white flowers growing.

iced mint mojitos IndieWeb Zine meetup

Joining the IndieWeb Zine Pop Up - James' Coffee Blog

2026-05-24T00:00:00.000Z

On Saturday I joined an IndieWeb pop up about zines, hosted by Morgan. The meetup was about both zines and the intersection of zines and personal websites – the affordances of each medium, how the mediums compare, where the mediums intersect, and more. I helped take notes (notes available on the community wiki) and, looking back, I realise it was hard to keep up with all the discussion: there was so much to explore!

Toward the beginning of the event, we had a discussion about how we found, and find, zines. This discussion made me realise that, firstly, I cannot remember exactly when I encountered zines, and second, zines seem to come to me.

I have found zines through people’s personal websites (i.e. Ava’s wonderful zine about personal websites and the law), through discussions with people who have websites and also like zines, by going into a bookstore (Typewronger in Edinburgh in particular) and seeing a shelf of zines for sale. Shortly after the meetup, I went to the Bear Blog Discover page and saw someone writing about zines, too.

On the call, I brought along two zines I have made – more booklets than zines, but in any case made with the intent that it felt there was no better medium to express what I wanted to than something physical you could hold. The first was called Quiet Edinburgh (see PDF of Quiet Edinburgh), which I made in 2021:

The city is changing now, as lockdown eases, but what I saw – and felt – will forever be a part of the history of Edinburgh. History needs to be documented by someone, hence the zine.

The second was about architecture in Edinburgh, there being so many buildings to see in the city that have a certain magnetism where you can’t help but look in wonder.

What I took away from the discussion is that zines have been on the periphery for me for a while, and I should probably try reading and making more. I took a first step by buying a zine I had wanted to buy for a few weeks, and also started jotting down ideas for what I could put in a zine. I realised I could make a zine with my typewriter too.

One of the highlights of the meetup was hearing everyone’s enthusiasm about the medium. We spoke about how a zine can take an hour or a day to make – you can put as much time into one as you want; equally, zines can be so short they can be read in a minutes, or read over hours. This flexibility is part of the inclusive culture that surrounds zines, a culture embodying myriad subject matters, stories, materials, and more.

One participant pointed out how zines, like any documentation material, can be used for the transmission of knowledge across generations. This really got me thinking, both about zines and about the web more broadly. We have websites – and archives of websites – that represent many eras of the web. We are so lucky to have that history. This makes me wonder: what does it look like for us to make a website and consciously hold in mind the idea that we are being stewards of the web, just as zines can document times and places and the knowledge in a community?

It is hard to summarise everything we talked about: there are entire essays that could be written about what we summarised as bullet points in the meeting notes. But that’s the joy of a pop-up event – everyone can bring what excites them, we can go in whatever direction the discussion takes us, and we can discuss a topic as deep as we want.

Thank you to Morgan for making the event happen, and to everyone who came and brought so many ideas to discuss. And thanks to Zachary for making the event banner image.

Also posted on IndieNews.

Ava’s wonderful zine about personal websites and the law IndieWeb pop up about zines event banner image notes available on the community wiki Quiet Edinburgh see PDF of Quiet Edinburgh Also posted on IndieNews Typewronger in Edinburgh Morgan Zachary

Using Fountain Pens for Note Writing - Kev Quirk

2026-05-23T13:44:00.000Z

My note taking process has evolved a lot over the years. Originally I used my iPad with the Apple pencil, but having to charge it every few days was a pain. Then I switched to the Remarkable 2, which was great and I didn't need to charge the pen. But as I produced more and more notes, it became awkward to search for them. Unfortunately, handwriting to text, and handwriting search both require a monthly subscription.

Screw that.

So I switched to the Supernote Nomad, which (in my opinion) has better tooling for finding notes than the Remarkable. I mentioned this in my how do you take notes post. I created a new system for taking notes, and it worked well. It still had it's frustrations, but I could generally find what I was looking for on the Nomad.

Then I started writing the occasional journal entry, and for that I decided I needed a physical book and fountain pen. I don't know why, it just felt more personal and more permanent doing it that way. Being left-handed, fountain pens can be difficult, so I got myself a Lamy Safari with a left-handed nib.

It writes lovely, especially for the ~£25 ($30) price. So I got myself another one and put red ink in so I can "highlight" certain notes in my journal. It is a really nice experience, and as my journal entries mount up, I can easily flip between pages.

And then it dawned on me...it's not the technology that I'm using for notes that's the problem. It's the fact that I'm using technology in the first place!

Going analogue

As a test, I dug out an old notebook that we got a freebie from work (it's a really nice one - I figured nice paper would help) and started using my Lamy for note taking in work too.

Using a slightly adapted version of my note taking system, it's been glorious! Flipping back through physical pages and easily finding my notes for a particular day has been very refreshing. Everything is in my notebook now, and I rarely use OneNote as a result.

I decided to go all in, I sold my Nomad back in January and haven't looked back since.

Pen upgrade

The Lamy is a nice pen, but I wanted something a bit more substantial (and made of metal) as the pen gets a lot of punishment being bashed around in my bag all day. I was happy to spend more money, but didn't want to go crazy, so I ended up buying a Kaweco AL Sport in a lovely stonewashed blue colour.

Unfortunately Kaweco don't offer a specific left-handed nib, but I've found it to be nicer to write with than the Lamy anyway. It doesn't scratch as much - not that the Lamy is particularly scratchy, but the Kaweco is soooo smooth.

So what was the problem with the tablets?

I realised that my main frustration with both the Nomad and the Remarkable is that there's a 1-2 second delay on every screen change, so if I need to flip back 10 pages, that's like half a minute of pissing about.

Half a minute doesn't sound like a lot, but I can flip back 10, or even a hundred pages in my notebook in a second. It just feels smoother.

Final thoughts

My note taking system now surrounds the specific paper I have in this fancy notebook from work (wide ruled lines, and a side margin) and I can't find anything else that's the same. Everything I find is either shitty quality paper, narrower lines, or no margin.

Luckily for me, I've been able to find some spares hang around the office, so I have a cache of half a dozen or so, which should last me a few years.

I'm totally converted to analogue note taking at this point, and I really enjoy the process of writing with the fountain pens. I just need to force myself not succumb to my constant desire to start collecting things - as I don't need 50 fountain pens, just like I don't need 50 watches...but I have them!

This post kinda went all over the place, sorry about that. 🤷🏻‍♂️

Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️

You can reply to this post by email, or leave a comment.

Which age-gates should be skill-gates and vice-versa? - Terence Eden’s Blog

2026-05-23T11:34:31.000Z

In the UK, it is illegal to buy alcohol if you are under 18.

Similarly, in most countries, you cannot vote until you have reached a specific age.

These are age-gates. You do not need to prove your competence to drink, vote, smoke, or get married; you just need to be old enough.

Some things have skill-gates. If you want an amateur radio licence in the UK, you need to pass an exam. You can be any age⁰.

Similarly, most jurisdictions allow you to get a medical licence once you have passed the requisite tests¹.

There are also activities which are dual-gated. You can only get a driving licence after passing a test, but you can only apply to take the test once you are a certain age.

Where should society swap age-gates and skill-gates?

Perhaps the big one is voting. The UK is preparing to extend the franchise to all 16 and 17 year olds - but why is there an age-gate at all?

Children are affected by politics, they pay tax on the goods they buy, they exist in the world. Why shouldn't they vote?

The usual argument is that they are too immature. But maturity isn't dependent on age. Idiots are allowed to vote. Centenarians with no stake in the consequences of their politics are allowed to vote. People who don't understand what powers a government has are allowed to vote.

Would it really be so bad to introduce a voting licence? Make people take a short quiz to ensure they understand what they're voting for and why they're voting. Perhaps there are concerns about disenfranchising eligible adults (but not mature children) or that the state will rig the test (when they could rig the election) or whatever. But if we're sticking with the fiction that some people aren't mature enough to vote then we must give disenfranchised people a chance to prove their maturity.

You could make the same argument about driving. If a 7 year old is able to demonstrate mastery and control of a vehicle, are they likely to be a better driver than a 90 year old who has never taken a modern test?

Alcohol is different. We realise that the drug is harmful and especially harmful to developing humans. So we age-gate it. But do people really understand the health risks? Should you have to pass a test in order to imbibe? We make the people selling alcohol pass somewhat rigorous skills assessments. Perhaps the burden of proof should be reversed?

Wait, do you really believe all this?

No, not necessarily.

I find it fascinating that different cultures set different limits on people's activities. I wouldn't like to live somewhere that allowed anyone to drive on the public roads. Similarly, I don't particularly want governments restricting who can vote based on an arbitrary assessment.

But where are the limits? Why is the legal driving age so variable? Why are some driving tests easier than others?

Do you want a teenage doctor diagnosing you - even if they are legally certified? Should you be able to use a radio without passing a test if you're a legal adult?

Which age-gates and skill-gates do you think should be flipped?

OK, realistically you have to be old enough to read, write, and communicate. But there's no legal barrier to a precocious 3 year old taking and passing the exams. ↩︎
As seen in the insightful documentary series "Doogie Howser, M.D." ↩︎

Riding a bike - Joel's Log Files

2026-05-23T03:49:26.000Z

So I got my bicycle from the shop and used it to return home!

That first trip was definitely an experience. I had never rode a bicycle on the road alongside other moving vehicles. When I was a child I had a rather big patio, and even though I went through the streets a few times, there were not a lot of cars—I didn’t live in a busy place.

Going from there to riding in the middle of downtown traffic afte almost ten years was definitely a change of pace.

Not to worry though. I live in a pretty small city, which is alos quite used to motorcycles and bikes as part of traffic.

The one who wasn’t used to such things was me of course, so when I tried to get ahead of a car by going on the sidewalk and realized there was no ramp ahead to return to the street, I ended up braking rather carelessly, the momentum carried me forward and well, that hurt.

Alas, the traffic was slow so there was no real danger, I got back on track and pedaled away. The rest of the trip was painless! although my saddle was misaligned and I didn’t bother to correct it until I got home. I avoided big streets for the most part and everything was fine.

For a couple of days I resigned myself to cycling around the patio and the neighborhood, just like I did as a child, nothing much happened, although I was interested on maybe commuting to work by bike, but I wasn’t sure I would be able to do it.

On Friday I had the day off, and thought it would be a good time to go for an early morning ride! My original plan was to do the whole trip to work and then return, without the time pressure. But I ended up just roaming around downtown without any real direction, just embracing the freedom of commuting by bike. The initial route was the reverse to what I did to get home.

One of the things I focused on was looking for other people commuting on a bike. It wasn’t hard to find someone. As soon as I got to the main street I had to ride through, a commuter was a few dozen meters ahead. I decided to stay behind him for most of the main road, it was cool to follow someone with a path defined already. He turned towards a quieter street parallel to the main one, but I kept following the guy. He was older than me and we didn’t exchange any words, I stayed behind until I decided to go past him, his bike was rather old, and ugly.

That’s something I noticed, most bikes I saw were for commuting, they are barely maintained and often look rusty, with the paint peeling off and dust all over them. I didn’t stop to ask anyone about it, but my assumption is that they either don’t care about the looks, or they simply do it on purpose to discourage bike theft.

My bike was the only one I came across that had mechanical disc brakes. Everyone else had v-brakes, which are the most common especially on older bikes and budget-friendly models.

I made it downtown and started to see more of that traffic. Nothing to worry about, streets are still compact and cars go slow. I end up arriving to the riverside—yes my city has a river—and I realize that there’s actually a little bike lane there! They are one-way and on opposite directions of the street. This is a very touristy area so it makes sense, I have no idea why I had never noticed it before… oh, I know why.

The only bike lane in my city is like, a meter wide.

One might think that’s just sad but I honestly found it hilarious. Why did they even bother? Well, I can’t complain that much, because I tried it for a bit and kind of enjoyed it! Going at my own pace without worrying about cars behind or in front of me, I was able to pick up some speed, although I had to be mindful of intersections.

Having made such a discovery, I decided to head back home, going uphill on a lot of areas. I ended up riding for about 13 kilometers in an hour of time, not bad for a first try!

Next day on Saturday, I went cycling again and decided to ride towards a nearby neighborhood. This one felt a bit more dangerous at first, because I would have to ride through a main road. Not a highway per se, but still big. Once again I avoided most of it by using parallel streets and ended up making it there in one piece!

The reason I wanted to ride around this neighborhood is because my own only has dirt roads. This was nearby and had proper paviment, so I wanted to bike around the place without much pressure. I didn’t stumble upon any cars, and there was one super long straight downhill that was very fun to take, although I still was not great at using my brakes, it wasn’t super difficult to go back up either.

From there, I went towards a nearby high school, because I wanted to see if they had bike parking! The school was closed—it was a weekend after all–but I could see some infrastructure in place. The building itself was built recently, so the surroundings are pretty much just mountainous terrain…

So of course I had to give that a go.

I rode behind the high school and ended up going downhill between some dirt and rocks! I went rather slowly—It’s a hybrid, not a proper mountain bike—but it was cool to feel the suspension at work, as well as manouvering through the big rocks and trying to stay in balance. I tried to find an exit to go back to civilization, but it was a dead end and had to walk along my bike all the way up. It was worth it nonetheless.

On my way back I took the big street again all the way, and felt cool to do so without taking a side street this time. I went once again downtown, through the same route until I got to the riverside again.

I wanted to go in the opposite direction of the bike lane I took yesterday. I ended up in a small park. Just a social spot with lots of trees and walking paths, with a slightly wider path all around the park for bikes to ride around. I saw another person riding on one, and a few older men parked with theirs as well. The one cycling was the first bike with disc brakes I’ve seen on my rides so far. He also had a very wide saddle, I guess for comfort due to age.

Trying to ride into one of the smaller pathways, I ended up almost crashing with the root of a tree, so I had my second suddent stop that ended up with some… pain…

Alas, I cycled back downtown following a different road than before. There was a bit of a scary moment when one of the public transport buses was right behind me, but I managed to pedal away just fine. I had another encounter with another bike that I thought looked awesome, I followed it for a bit, the brand was Green Plus, and although I didn’t ask they seem to be at least double the price of mine! The shape looked a lot more unique than everything I had seen so far.

As I made it to the main road downtown, there was once again a bit of slow traffic. I was feeling bold and decided to ride in between the cars (it’s a single line, so it was between moving and parked cars, not between two moving vehicles). This is apparently legal in my city, from what I read online, but I was still careful about it to avoid opened doors in front of me.

Eventually I made it back to the usual quiet route home. I rode about 20 kilometers this time, for about 1 hour 40 minutes. I even stopped at little shop in the neighborhood (a tiendita de la esquina in Mexico) and bought myself some juice. I was feeling pretty cool.

During these trips I kept looking for bikes and what people used them for. Actually most of the people were older adults which didn’t seem to have a lot of income. I wondered where they were going, what their work was, what was the reason for them to bike, how long have they done it. How often do they do maintenance to them, and lots of other things.

Honestly given the state of some of those bikes I was amused by it all. How would those bikes feel to ride? Maybe I spend way more money than I needed to? I think my bike was worth the money, it’s not that expensive after all, but it still felt weird to see the difference between the people in my small city and the cycling and bike commuting community online.

I will keep going on my weekly rides, and I am still thinking about trying a proper commute to work. I need to ask how to access the bike parking space in my work (yes, there are some spots available!) and to buy a proper rack and locks. But well, that’s a blog post for another day.

A collage of lo-fi pics of some spots around the city!

This is day 69 of #100DaysToOffload

Reply to this post via email | Reply on Fediverse

Affordances for me, but not for thee - Werd I/O

2026-05-22T14:00:39.000Z

Link: The Web Is Being Made Accessible for AI, Not People, by Jonathan Zong and Frank Elavsky in Tech Policy Press

This is worth sitting with:

“The modern web, originally built for sighted humans using browsers, is now being redesigned for a new kind of user.

What these developers are offering their AI visitors is essentially an accessibility accommodation. […] But when the audience is a disabled person, it has historically been treated as an afterthought. Structured, concise text-based representations of complex content are almost exactly the kind of accommodation that blind and low-vision screen reader users have spent decades requesting from web developers, largely in vain.”

One of the oddest parts of the AI shift is that people are much more willing to do things for LLMs that they should have been doing for human beings all along. Accessibility is clearly an important one: 95% of websites have accessibility flaws, and convincing teams to allocate time for accessibility concerns can be like pulling teeth. But now that similar affordances are required for LLM use, people are leaping over themselves to implement them.

The same goes for specifications and documentation. Often, these have been afterthoughts; policies have been hand-waved rather than concretely written down in ways that people can point to. Sometimes it’s even made explicit that this is to preserve manager optionality. But now that LLMs need more concrete instructions in order to behave well, specifications, documents, plans, and policies have rocketed up the priority list.

It would be beautiful if these needs converged, but as the article notes, the affordances needed by screen readers and LLMs are different. Similarly, documentation and planning documents aimed at an LLM are coercive in nature: they’re designed to force the software to do the right thing, rather than to provide background as to why something is the case.

The simple truth is that there is clearly a perception, in some quarters, that there is a stronger productivity gain from doing this work to serve AI than doing it to serve real human people. That’s quite a dystopian idea, particularly as, even if you don’t care about people with disabilities or your own colleagues, doing those things for humans clearly actually has a real benefit. Making your site more usable allows more people to interact with your work and improves your search engine performance. Writing clear documentation and policies allows your colleagues to spend less time figuring out what to do.

But you can’t measure those things neatly. The cause and effect aren’t immediately tethered; managers don’t see a boost they can cleanly ascribe to this work. In contrast, you know pretty instantly whether the AI you’ve trained on your documentation is doing the right thing.

More importantly, whereas accessibility affordances provide new abilities for vulnerable people, an AI affordance provides new abilities for people with power. And that’s probably the heart of it.

We hardened zizmor's GitHub Actions static analyzer - Trail of Bits Blog

2026-05-22T11:00:00.000Z

In March 2026, attackers exploited a <code>pull_request_target</code> misconfiguration in the <a href="https://github.com/aquasecurity/trivy-action"><code>aquasecurity/trivy-action</code></a> GitHub Action to exfiltrate organization and repository secrets, then used those credentials to backdoor <a href="https://github.com/BerriAI/litellm">LiteLLM</a> on PyPI (see <a href="https://github.com/aquasecurity/trivy/discussions/10462">Trivy’s post-mortem</a> for the full timeline). <a href="https://github.com/zizmorcore/zizmor"><code>zizmor</code></a> is a static analyzer that GitHub Actions users run to catch exactly these misconfigurations before they ship. When GitHub Actions <a href="https://github.blog/changelog/2025-09-18-actions-yaml-anchors-and-non-public-workflow-templates/">added support for YAML anchors</a> in September 2025, a small but high-value slice of the ecosystem started writing workflows that <code>zizmor</code> could only analyze on a best-effort basis. Over the past three months, Trail of Bits collaborated with the <code>zizmor</code> maintainers to bring <code>zizmor</code>’s anchor support up to full coverage. First, we fixed parsing bugs that caused crashes, produced wrong-location findings, and silently mishandled aliased values. Second, we surfaced deserialization edge cases that broke zizmor on otherwise valid workflows. Finally, we helped align <code>zizmor</code>’s expression evaluator with GitHub’s own <a href="https://github.com/actions/languageservices">Known Answer Tests</a>. We validated all of this against a new corpus of 41,253 workflows from 6,612 high-value open-source repositories. The result: 20 filed issues, 15 merged pull requests. <h2 id="building-the-test-corpus">Building the test corpus</h2> To understand how anchors are used in CI today and to stress-test <code>zizmor</code> against the full variety of YAML it encounters in the wild, we built a corpus of real workflows. We used <a href="https://cloud.google.com/blog/topics/public-datasets/github-on-bigquery-analyze-all-the-open-source-code">BigQuery’s GitHub dataset</a> to identify the 10,000 most-starred repositories created between 2022 and 2025, filtered to the 6,612 that use GitHub Actions, and downloaded every workflow file. That gave us 41,253 YAML files. <figure> <img src="https://blog.trailofbits.com/2026/05/22/we-hardened-zizmors-github-actions-static-analyzer/pipeline_hu_50937b9976f313d5.webp" alt="Pipeline diagram showing repository selection from BigQuery, filtering for GitHub Actions usage, and workflow download feeding into the zizmor scan stage" width="680" height="390" loading="lazy" decoding="async" /> <figcaption>Figure 1: Building a testing corpus</figcaption> </figure> When we ran <code>zizmor</code> against the corpus, it crashed on 45 of the 41,253 workflows. That’s a low rate, but each crash means a bug in <code>zizmor</code>. <h2 id="how-anchors-are-used-in-the-wild">How anchors are used in the wild</h2> <code>zizmor</code>’s anchor support was deliberately limited, and for good reason. YAML anchors make workflows non-local: an alias defined in one place changes behavior elsewhere in the file. This complicated <code>zizmor</code>’s parsing model, and adoption was rare enough that the <code>zizmor</code> maintainers reasonably <a href="https://blog.yossarian.net/2025/09/22/dear-github-no-yaml-anchors">discouraged</a> anchor use. In our corpus, only 43 of the 41,253 workflows use YAML anchors (roughly 0.1%), but those 43 include some of the most foundational projects in open source: <ul> <li><a href="https://github.com/bitcoin/bitcoin">Bitcoin Core</a></li> <li><a href="https://github.com/php/php-src">PHP</a></li> <li><a href="https://github.com/openssl/openssl">OpenSSL</a></li> </ul> However, anchors are a supported feature, and their use will likely grow over time. We found two common patterns. The first is reusing steps across jobs, as Bitcoin Core’s CI does: <figure class="highlight"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml">jobs: runners: steps: - &ANNOTATION_PR_NUMBER name: Annotate with pull request number run: | if [ "${{ github.event_name }}" = "pull_request" ]; then echo "::notice ..." fi test-each-commit: steps: - *ANNOTATION_PR_NUMBER - uses: actions/checkout@v6</code></pre> <figcaption>Figure 2: Reuse step definition</figcaption> </figure> The second pattern is pinning action versions once. For instance, <a href="https://github.com/home-assistant/core">Home Assistant’s CI</a> defines the action reference (with its SHA hash) using an anchor, then reuses it wherever the same action appears: <figure class="highlight"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml">jobs: lint: steps: - uses: &actions-setup-python actions/setup-python@a309ff8b42... # later in the same workflow: - uses: *actions-setup-python</code></pre> <figcaption>Figure 3: Reuse action definition</figcaption> </figure> <h2 id="four-anchor-handling-bugs-found-and-fixed">Four anchor handling bugs found and fixed</h2> When we started, four anchor patterns from these workflows broke <code>zizmor</code>. Aliases in sequences were incorrectly flattened. When a YAML alias appeared inside a sequence (like a list of steps), <code>zizmor</code>’s internal path representation spread the alias contents rather than treating it as a single element. This caused <code>zizmor</code> to crash or produce findings pointing at the wrong location in the file. (Fixed in <a href="https://github.com/zizmorcore/zizmor/pull/1557">#1557</a>) Anchor prefixes leaked into values. <a id="figure-4"></a> <figure class="highlight"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml">foo: [&name v, *x]</code></pre> <figcaption>Figure 4: Anchor prefix leak</figcaption> </figure> In YAML flow sequences, anchor prefixes like <code>&name</code> weren’t stripped from resolved values. Given the snippet in <a href="#figure-4">Figure 4</a>, looking up the first element of <code>foo</code> would return <code>&name v</code> instead of <code>v</code>, causing any step that consumed the node value to fail. (Fixed in <a href="https://github.com/zizmorcore/zizmor/pull/1562">#1562</a>) Duplicate anchors caused a crash. The YAML spec allows redefining an anchor name (the last definition wins). <code>zizmor</code>’s YAML layer assumed anchor names were unique and panicked on duplicates. (Fixed in <a href="https://github.com/zizmorcore/zizmor/pull/1575">#1575</a>) The <code>template-injection</code> audit crashed on aliased <code>run</code> values. When a YAML alias was used as a scalar <code>run:</code> value, the audit didn’t expect the indirection and failed. (Fixed in <a href="https://github.com/zizmorcore/zizmor/pull/1732">#1732</a>) To prevent future regressions, we also added integration tests covering anchor patterns found in real workflows (<a href="https://github.com/zizmorcore/zizmor/pull/1682">#1682</a>) and updated the anchor documentation (<a href="https://github.com/zizmorcore/zizmor/pull/1788">#1788</a>). <h2 id="what-else-the-corpus-surfaced">What else the corpus surfaced</h2> Running <code>zizmor</code> against the full test corpus also surfaced bugs that had nothing to do with anchors. Deserialization edge cases. GitHub Actions accepts YAML constructs that <code>zizmor</code>’s workflow model didn’t anticipate: <code>if: 0</code> (an integer where a string is expected), <code>timeout-minutes: 0.5</code> (a float where an integer is expected), <code>secrets: inherit</code> (a string where a mapping is expected). Each one caused <code>zizmor</code> to reject the entire workflow. We reported these as individual issues (<a href="https://github.com/zizmorcore/zizmor/issues/1670">#1670</a>, <a href="https://github.com/zizmorcore/zizmor/issues/1672">#1672</a>, <a href="https://github.com/zizmorcore/zizmor/issues/1674">#1674</a>), and the maintainers fixed them quickly. Expression evaluator bugs. <code>zizmor</code> evaluates GitHub Actions expressions to determine whether user-controlled data flows into dangerous sinks. We validated the evaluator against GitHub’s own <a href="https://github.com/actions/languageservices">Known Answer Tests</a> and helped the maintainers align <code>zizmor</code>’s behavior with the official test suite (<a href="https://github.com/zizmorcore/zizmor/issues/1694">#1694</a>). Upstream issues. We also traced some crashes to bugs in an upstream dependency, <a href="https://github.com/tree-sitter-grammars/tree-sitter-yaml">tree-sitter-yaml</a>, and filed issues and PRs there (<a href="https://github.com/tree-sitter-grammars/tree-sitter-yaml/issues/39">tree-sitter-yaml#39</a>, <a href="https://github.com/tree-sitter-grammars/tree-sitter-yaml/issues/43">tree-sitter-yaml#43</a>). Even the YAML 1.2 test suite doesn’t cover every edge case the spec permits. <h2 id="securing-ci-where-it-matters-most">Securing CI where it matters most</h2> Supply-chain attacks like the Trivy compromise begin with a single misconfigured workflow. GitHub Actions is by far the most popular CI system for open-source projects, and <code>zizmor</code> plays an important role in helping maintainers catch risky configurations before attackers do. By gathering 41,253 real-world workflows and running <code>zizmor</code> against all of them, we tested its robustness against the full variety of YAML patterns that projects actually use. We fixed several anchor-handling bugs, reported deserialization and expression-evaluator issues, and broadened the set of workflows <code>zizmor</code> can analyze cleanly. The methodology is straightforward: download real inputs, run the tool, triage the failures. Any static analysis tool can benefit from the same approach. We’d like to thank the <code>zizmor</code> maintainers, in particular <a href="https://github.com/woodruffw">@woodruffw</a>, for their responsiveness and thorough code review throughout this work. We’d also like to thank the <a href="https://www.sovereign.tech/">Sovereign Tech Agency</a>, whose vision for OSS security and funding made this work possible.

New miniseries: 'Online security essentials' - Johnny.Decimal

2026-05-22T06:57:10.000Z

We added the first episodes in a new JDU miniseries: Online security essentials.

We've been wanting to do this one for a while. This is the basics of staying safe online, and is something we hope you can send to your non-nerd loved ones. We're each recording it with our dad in mind.

This one will also be posted on the YouTube channel for maximum reach.

Background; foreground - James' Coffee Blog

2026-05-22T00:00:00.000Z

In a way, I carry my website with me wherever I go. Technically, my website is a few keystrokes away on my phone, but I think the presence of my website extends beyond the technical. Having a website encourages me to write, I think, because I know I have a place to put and share my writing. I take notes as I go throughout the world because I love writing, then I come home and ask “could I craft this into an essay?” ¹ And so over time my website has accrued stories of bird song and coffee shops and ice cream in Tesco.

My cadence for writing ebbs and flows. I often write in bursts; several days may pass where I mainly take notes, and then I start coalescing ideas into blog posts. In this way my blog moves from the background to the foreground and back – I take notes in the background, write for my blog, and then go back to taking notes.

Days may pass where I don’t do anything with my blog because I’m working on another project, or am otherwise preoccupied. This has been true of late where much of my creative energy has been focused on Wonders of Web Weaving. I want the conversations I have to be the best they can be so my mind has been more on “what questions can I ask?” than “what do I have to write?”

Hearing others’ perspectives on the web gives me so much energy, but right now I want to sit with that energy and let it propel the interviews rather than coming back to my blog. My blog is always here for me when I’m ready, like I am this Friday lunch time when I have connected enough dots to start writing.

This week and last I have also been reading Charlotte Brönte’s Jane Eyre for school. I am almost two thirds of the way through the book and it is already one of my favourites; the contrast between realism and the Gothic in the book is terrific, and my ability to appreciate this contrast has been much aided by reading about the book while I read the book itself. The book is long and gripping, and so my blog has been more in the background – it’s here when I am ready to write, but Jane Eyre has more of my attention at the moment.

I love that my website can sit in the background for a little while. It’s here for everyone who comes to read, and it’s here for me, too, both as a reference – I visit my website basically every day, often to look something up I have written – and as a creative space. Maybe I’ll make a web page. Or write a blog post. Or find a link to share with a friend. And then I keep doing all the other things I do: reading and thinking and walking and dreaming and chatting.

Maybe I overestimate the extent to which having a website and writing are intertwined. Would I write as much if I didn’t have a website? The way to find out would be to not have a website, and that’s not a world I want to live in. Indeed, my passion for the web is so great that despite all of the problematic parts, I am still excited about the future of the web. I want to keep making websites and show other people what is possible with websites because I know first hand how much having a little space to call your own on the World Wide Web can make a big difference.

[↩]

ice cream in Tesco coffee shops bird song 1 [↩]

Like sunrise over a sink - Werd I/O

2026-05-21T22:44:36.000Z

Link: AI scandal engulfs prestigious short story prize after multiple entrants accused, by Shahana Yasmin for the Associated Press

So I want to be a bit careful about this, because a false positive would be harmful, but it certainly looks like the short story that won the Commonwealth Fund Short Story Prize was generated with AI.

A lot has been said of the writing, which includes sentences like:

“She had the kind of walking that made benches become men.”

And:

“The girl smiled like sunrise over a sink.”

The author has no digital footprint except for an AI-shilling LinkedIn account. While he is a verified real person, his author photo has very clearly also been AI-generated.

Here’s the thing I haven’t seen anyone mention yet: we know that when AI is used in hiring, it preferences AI-generated resumés. And not by a small amount:

“The preference rate for models evaluating their own outputs over human-written alternatives reached a staggering 67% to 82% across major commercial and open-source systems.”

There were well over seven thousand submissions for the short story prize. Is it really outside of the realm of possibilities that the prize itself used AI to sift through them?

I’m not saying any of this is definitely what actually happened, but it certainly makes for an interesting Turing test — and it’s worth making note of this moment as a marker as AI continues to ingrain itself culturally.