1. Love the addition. Everything becoming its own self-serve artifact factory is great. Malleable software's been a dream a long time, it's supposed to be soft and this concept helps get it there.

2. Since Claude goes on and on about surface, now everyone is using it. Or was everyone using it already?

FTA: “I quickly realised that the sandboxed pattern is interesting for way more than just adding custom apps to the interface surface and promoted it to its own top-level concept within the Datasette ecosystem.”

For decades that sentence would have parsed without the word surface in it. What does it mean that's suddenly so – um – load-bearing?

This is not beta. This is alpha.

- - -

After becoming allergic to SQL, I opened 120+ issues in Dgraph, Typedb and surrealdb looking for the perfect graphDB.

What were those 120+ issues supposed to do?

That sounds suspiciously like something OpenClaw would think is a good idea. And surely only an agent would think it a good idea to brag about here.

Specifically, you're typically giving the office's providers and their marketing "affiliates" and your insurance company and its marketing "affiliates" the right to forward around (through any length chains of agreements) your entire medical history associated with enough (research proven as de-anonymizing) details to retarget you personally. And you're typically doing this by accepting a company insurance (in the US) or the provider's reception counter while you're in need of care.

This effectively forced consent is arguably illegal, but as far as I know, untested, so it's standard across the medical system and across omnibus insurance (e.g. company-provided healthcare "plan").

Of course, every touch point is another place your personal history will get stolen and rolled into modern digitally scripted exploitation of your identity and or targeted forms of phish-mongering (a term I made up meaning marketing so personalized you believe it's necessary to sign up for and pay for).

If you have any relationship with the team at your company that procures employee insurance packages, see if you can persuade them to start with the firm's insurance consultant (high end) or broker (low end) and systematically remove every step in the "we can pass along all your info to our affiliates for our own pinky-swear good reasons like making more money off your private info" chain.

In our experience, this added 3+ months to the procurement process as every single provider balked until interacted with by counsel -- and then instantly capitulated.

Our goal was always to give our employees a top tier benefits package, and we consider it a top tier hard-to-match employee benefit to not have random firms and government agencies pawing through your doctors notes, prescription histories, lab results, and enough biographical data to fake your digital twin.

Sadly, most employees -- though none of them are sheeple -- shrug at that for reasons in this thread: no time to fight such pervasive exploitation, especially when it hits them while needing a service as it hit you, or just plain weary of trying. So much easier, and psychically healthier, to just avoid thinking about it. Everyone is resigned.

If a company you consider working for claims "we take your privacy seriously" ask if they got privacy waivers removed on your behalf from all vendor contracts including payroll (does your salary go to 'work number'?) and insurance providers (can your data leave your doctor's EMR?). Odds are, they do not, in fact, take your privacy as seriously as they could.

https://aws.amazon.com/compliance/fedramp/

Don't count heads. Use tech spend per capita and wallet share.

It never occurs to router makers a static base could see a million Wi-Fi networks come and go every week.

Nobody would say that person "created" the solution to the maze.

The maze is solvable (that's the latent vulnerability), the person "discovered" the way through.

Not being snarky, it seems to be Anthropic's value prop to "real" SMB is papering over Claude Code and agent protocol with a white collar business IDE.

Most of these "runs on a Mac Mini!" offerings seem to be "hipper than thou" variants for the LinkedInfluencer class, while Cowork is for the workplace.

There seem to be effectively zero Cowork alternatives that understand most SMB don't run on Google Workspace and Slack (or Hetzner and Telegram).

Except that "after 1 year of working there" is not how VCs work.

Not a fan of this phrasing, prefer "discovering exploits".

It makes it clearer the problem was already there, latent.

Minor vocab diff, but important to better contextualize the present situation.

now, having read it, perhaps 85% human, 15% augmented? or a very precise and organized human. plus, to be fair, the machines learned “load-bearing” somewhere — perhaps they too wish to be less wrong.

* i em-dash

Ah yes, the newfound pastime of arguing online – sure miss those pre-COVID days of online's universal consensus…

A more useful headline (that fits in our limit) might have been the takeaway they want you to have:

The more domain expertise brought to Claude sessions, the more end in success

The original sin is calling any bugs security bugs in the first place.

It's just unintended behavior.

If you say "should this model be able to fix unintended behavior" the answers are not alarming.

If you say "what about when those behaviors interact in unforeseen ways, allowing even crazier unintended behavior, should it be allowed to help you fix that too?"

Again, the answers are going to be clear.

Our tools must support correctness and resilience and help the exact thing humans are bad at: combinatorial explosions of subtle lacks of correctness…

…and just f'ing fix it.

Also, funny lumping the M4 "and" the M5, I find them 15% to 45% different performance, depending.

And for a good deal of work, an M3 Studio Ultra outpaces the M4 and ties the M5 on single work at a time, outpaces both doing multiple work at a time.

If you are running a pull-up-the-ladder play, it helps to be ensconced above it first.