For example, "fix this code" on an ageing monolithic C codebase that accepts media files as input and outputs them visually to a display server could:

1. Recreate the software using a modular and loosely coupled architecture rather than monolithic and tightly coupled software architecture. For example, command line argument parser is a separate process, file format parser is a separate process and display server output is a separate process. If new features are added in the future (such as filters for manipulating output) then the architecture supports such additions with ease.

2. Use operating system sandboxing features to restrict what each modular component of the software architecture is permitted to do. Now that the parsers are separate processes, it's easy to pass an open file handle to the file format parser and only permit the process to read the file handle (not write to the file, not open any other file, not read the system clock, not open a new network socket, etc). The worst case impact of a parser bug is now significantly reduced.

3. Convert at least critical components to "safe" programming languages (Rust, Ada, SPARK, etc) which can be used to remove entire classes of bugs--read/write out of bounds, division by zero, numeric overflows, etc. For cryptography code--use a formal mathematical proof language. With a modular and loosely coupled architecture, different programming languages can be used depending on the use case--for example, assembly for video decoding where performance matters most and sandboxing can provide the security guarantee, Rust for implementing multi-threaded servers where race conditions must be avoided and Python for low-criticality user-adjustable code/plugins where ease of use and maintainability is most important.

4. Ensure software components are reproducible during their build.

5. ...etc

However, a prompt of "Are there any buffer overflow bugs in this codebase?" or "Fix the integer overflow vulnerability in add_numbers(x, y)" would be rejected. In the later case, telling the LLM to fix some specific bug in each of function1 through function9999 would force an LLM to reveal whether it thinks a bug exists or not. Responses of "Silly human, that bug doesn't exist in function596" or "Good find human, I've fixed that bug in function596 for you" allows a human to quickly narrow down where the LLM thinks a bug worthy of manual human detection can be found.

The project aims to scrape location data and other general information about shops (main use case), postal addresses, restaurants, schools, weather stations, marine buoys, traffic cameras, street trees, whatever someone may decide is worthwhile to add to OpenStreetMap, or use as location data in other projects.

There's a decent community of contributors keeping the scrapers maintained and further expanding the number of points of interest which are extracted.

The opportunity I'd like to work more on (time permitting) is the data scraped by this project I feel is heavily underutilised in other open source/community projects. For example, there's a great opportunity to generate a location map once a week of current locations of international restaurant chains, and upload to Wikimedia Commons where every language Wikipedia would gain a high quality infographic of current locations of a chain's restaurants, etc. As an additional example, time-series data from ATP could be used to update a graph hosted on Wikimedia Commons each week where the graph plots the rise and fall of retail or restaurant chains.

What an utterly useless model if it refuses to work on something as benign as basic system diagnostic utilities (nmap or whatever).

[1] https://youtu.be/9GLYsrMpprs?t=305

It's similar concept to OPM with some modelling basics already built on top for player movement throughout a world, player interaction with objects (looking at, lifting, moving), and many other primitives needed to write interactive fiction. And relevant to this thread, Inform 7 of course has modelling basics for a player eating food, drinking potions, etc.

[1] https://en.wikipedia.org/wiki/Inform#Inform_7_programming_la...

[2] https://ganelson.github.io/inform-website/book/RB_9_1.html

The model under the hood should probably have ingredients as parts of a taxon, then have common names mapped (many:many) to these parts of taxons. Then it's necessary to have abstract classifications such as "pumpkin seed" which could be defined as the seed of multiple different taxons, which for some recipes, may not matter which one of 5 Cucurbita subspecies is used. That way if someone types "squash" or "pumpkin seed" they get asked to clarify what they mean, which will change quite a bit depending on locality of the person being asked.

[1] https://en.wikipedia.org/wiki/Jarrahdale_pumpkin

[2] https://en.wikipedia.org/wiki/Straightneck_squash

"peeling carrot" (process) consumes "washed carrot" (object)

"peeling carrot" (process) yields "peeled carrot" (object)

"peeling carrot" (process) yields "carrot peel" (object)

"finely dicing carrot" (process) consumes "peeled carrot" (object)

"finely dicing carrot" (process) yields "finely diced carrot" (object)

"prepare mirepoix" (process) consumes "finely diced carrot" (object)

"prepare mirepoix" (process) consumes "finely diced celery" (object)

"prepare mirepoix" (process) consumes "finely diced onion" (object)

"prepare mirepoix" (process) consumes "butter" (object)

"prepare mirepoix" (process) yields "mirepoix" (object)

The advantage of OPM is alignment of graphical and textual representations.

The downside of such approach is you soon discover how many millions of objects may exist in recipes--unwashed carrot, washed carrot, orange carrot, purple carrot, yellow carrot, white carrot, peeled carrot, coarsely diced carrot, finely diced carrot, julienned carrot... and purple julienned carrot vs. yellow julienned carrot. And that's just basic preparation complexity well before any contemplation of cooking or plating up elements. To go further you then discover a lack of useful labels such as "mirepoix" or "soffrito", if for example, you wanted to substitute sweet potato in place of carrot in the recipe.

Then there is SysML 2[2] which is kind of like OPM if you ever wanted to write a recipe in 35,000 lines of code, including possibly all the complexity of mathematical modelling of the Maillard reaction for purple carrots vs. yellow carrots using either extra virgin olive oil or butter. Probably best suited for the largest food processing companies such as Nestle, Unilever, Modelez, etc and even then, inherent complexity of their food products rarely would reach the level of a fine dining dish prepared by a chef.

[1] https://en.wikipedia.org/wiki/Object_Process_Methodology

[2] https://www.omg.org/spec/SysML/2.0/Language/PDF

It's got some adventurous ingredients such as juniper berry, macadamia nut, nigella seed, orange blossom water and lemon verbena. It even separates sesame oil and toasted sesame oil. Even though the ingredients list only has "rice", "black rice", "brown rice" and "glutinous rice", when you select "rice" as an ingredient, the recipes it generates are smart enough to advise of chilling cooked jasmine rice before using in a fried rice, and smart enough to soak and rinse Basmati rice before using in a pilaf. If selecting "lamb" as an ingredient, the recipes it generates will choose the cut as shoulder or shank if you select vegetables normally associated with braising.

It doesn't know of grapeseed oil, orzo, mangosteen, lemon myrtle, and of course anything that only Peter Gilmore might use in a recipe and most chefs would have never heard of (karkalla as an example). I don't see this being too much of a limitation because such ingredients are quite localised or speciality. It knows of "pumpkin seeds" but not "pumpkin"--that is "squash", so there are some localisation improvements which could be made to improve British and American English use. I tried pairing "lamb" and "avocado" together in the hope it'd generate a recipe with a salad, but this failed. I then realised the ingredients list doesn't include lettuce or rocket, but has "salad greens" instead (American English) and no matter what I tried (other salad ingredients, chicken or no protein), it would not give me a salad. It kept generating wannabe-fancy dishes of a chunk of protein surrounded by tomato gel (agar agar) and a smear of avocado, or similar.

[1] https://epicure.kaikaku.ai/

[2] https://en.wikipedia.org/wiki/Peter_Gilmore_(chef)

The modern equivalent may be something like {insert adversarial country name here} downloading a pirated version of Ansys Autodyn 2026 R1 shortly after official release from a Chinese cracking group on a Chinese bulletin board forum, where just a handful of seeders sit behind Russian ISPs. And then {insert adversarial country name here} later notice during experimentation that the software calculations never quite match experimental results, and maybe then suspecting the pirated copy was deliberately tampered with and distributed. However, this situation may be fairly easily solved by {insert adversarial country name here} by just grabbing a copy of the software they want off a hacked network of a random university or engineering consulting firm in the aerospace and defence sector. Plus it may be naive to assume {insert adversarial country name here} in 2026 couldn't develop their own software from scratch (and/or perform calculations manually), or just rely on experiments, to achieve whatever outcome some other nation state group of hackers is trying to avoid. {insert adversarial country name here} would have to have experimentation equipment and skills regardless to verify manufacturing quality. Simulation software mostly reduces costs and timeframes by reducing the number of mockups and physical experiments needed. For example, it's cheap to run 1000 simulations of an artillery shell hitting vehicle armor plates as shown in [3], and more expensive and time consuming to do the same repetitive thing in the real world.

[1] https://ftp.lstc.com/anonymous/outgoing/jday/manuals/LS-DYNA...

[2] https://www.osti.gov/servlets/purl/6530310

[3] https://www.youtube.com/watch?v=_dv2PecKUBM

[1] https://registry.opendata.aws/umbra-open-data/

To set up archives of shop-specific pages (e.g. record of opening hours, address, etc at a point in time), one could monitor the latest builds of https://alltheplaces.xyz/builds.html and when a new build completes, take the new build and 2nd oldest build to compare differences. Then for any feature whose attributes have changed (address, phone number, opening hours, etc) archive the `website` and/or `source_uri` attribute pages again to ensure the latest snapshot is captured. Any new feature would get the same treatment so the page for the newly observed shop/feature is archived for the first time.

I'm also aware ArchiveTeam projects tend to commence once the impending collapse of a retail chain is known and someone realises there is a website not archived which would be useful to preserve. Monitoring of ATP feature counts for brands across time may give some hint of how a brand is performing and whether it is growing or shrinking without having to find press releases and financial statements of the brand. Even if a brand suddenly announces bankruptcy (it happens all the time), generally the website will remain online for at least a few months whilst a new buyer is sought or whilst each retail location has a fire sale to get rid of remaining merchandise. It's also worthwhile to be aware of acquisitions of retail chains as this often results in the new parent company changing websites soon after acquisition closes, possibly removing useful content that once existed. Websites also change "just because" and this could be observed after-the-fact by seeing when ATP spiders break and get replaced/fixed.

This work has been slow to take off though as the OSM community has traditionally been stuck on time wasting debates about whether opening hours displayed on the wall of a shop are copyrighted (just the raw data, not a photo of their presentation), and debating the merits and pitfalls of armchair mapping vs. on-the-ground mapping. At least these historical roadblocks seem to now be mostly resolved.

For OsmAnd, you might be able to use the OBF import feature (see https://www.osmand.net/docs/user/personal/import-export/) to add the raw ATP dataset, or potentially other open data such as Overture Maps if that is more to your liking. Data is mostly sourced direct from brand websites, APIs, etc (as if you were using a storefinder map on their website).

Last account activity to contribute to any to any repository was 2021-11-28 to comment on the hopding/pdf-lib repository.[2]

It's clearly now an unmaintained repository with 4+ years of inactivity, and likely now also a mostly unused GitHub account in general.

[1] https://github.com/Hopding/andrewjdillon.com/commit/0657c690...

[2] https://play.clickhouse.com/play?user=play#U0VMRUNUICogRlJPT...

There appears to be no obvious plausible link between the SANs other than very obvious lack of plausibility to each website. They're mostly pretend (or knock-off) business websites in random countries (everywhere from Trinidad and Tobago, Germany, mainland USA, Hawaii...) in various languages and all the ones I checked have no verifiable substance to them. For example, one domain is a supposed USA shipping/logistics company whose website states they have 1949 customers and have only delivered 7126 packages, and claims a head office as a house in Renton WA, an office at a different house in Stockbridge GA and a supposed warehouse at a third house in Portland OR. Most domains don't include any valid contact or business information, even a supposed restaurant where you'd want people to find your location easily!

There does appear to be heavy use of Google Firebase, and many of the sites share the same IP address(es) for hosting. A reverse IP lookup of domains hosted at those IP addresses reveals more random suspicious domains beyond just those just listed at https://crt.sh/?q=andrewjdillon.com

Ideally ATP's "located_in" and "located_in:wikidata" fields would be populated for these wildberries pickup locations, making it clear the pickup location is part of a parent feature (e.g. fuel station, supermarket). These fields are specific to ATP and are not OSM fields. OSM would expect features to be merged and a hypothetical field such as "pickup_brands:wikidata=Q1;Q2;Q3" be used instead on the parent feature.

ATP has a much more inclusive set of features it can extract than what Overture Maps, TomTom et al care about. As Overture Maps is more opinionated on what they aggregate they will filter out ATP extracted features such as individual power poles, park bench seats, local government managed street and park trees, stormwater drain manholes, cemetery plots, weather stations, tsunami buoys, etc. I think there might be some exceptions if it helps TomTom et al with their products such as speed camera locations, national postal provider drop-off/pick-up locations within other branded retail shops, etc.

Seemingly once you've installed Windows and given the Microsoft your BitLocker keys in escrow, you could then use Remove-BitLockerKeyProtector to delete the VMK which is protected with mode 3 "Numerical password" (recovery key).[4] It appears that the escrow process (possibly the same as used by BackupToAAD-BitLockerKeyProtector) might only send the numerical key, rather than the VMK itself.[5][6] I couldn't find from a quick Internet search someone who has reverse engineered fveskybackup.dll to confirm this is the case though. If Microsoft are sending the VMK _and_ the numerical key, then they have everything needed to decrypt a disk. If Microsoft are only sending the numerical key, and all numerical key protected VMKs are later securely erased from the disk, the numerical key they hold in escrow wouldn't be useful later on.

Someone did however ask the same question I first had. What if I had, for example, a billion BitLocker recovery keys I wanted to ensure were backed up for my protection, safety and peace of mind? This curious person did however already know the limit was 200 recovery keys per device, and found out re-encryption would fail if this limit had been reached, then realised Microsoft had fixed this bug by adding a mechanism to automatically delete stale recovery keys in escrow, then reverse engineered fveskybackup.dll and an undocumented Microsoft Graph API call used to delete (or "delete") escrowed BitLocker recovery keys in batches of 16.[7]

It also appears you might only be able to encrypt 10000 disks per day or change your mind on your disk's BitLocker recovery keys 10000 times per day.[8] That might sound like a lot for particularly an individual, but the API also perhaps applies a limit of 150 disks being encrypted every 15 minutes for an entire organisation/tenancy. It doesn't look like anyone has written up an investigation into the limits that might apply for personal Microsoft accounts, or if limits differ if the MS-Organization-Access certificate is presented, or what happens to a Windows installation if a limit is encountered (does it skip BitLocker and continue the installation with it disabled?).

[1] https://learn.microsoft.com/en-us/purview/office-365-bitlock...

[2] https://itm4n.github.io/tpm-based-bitlocker/

[3] https://learn.microsoft.com/en-us/windows/win32/secprov/getk...

[4] https://learn.microsoft.com/en-us/powershell/module/bitlocke...

[5] https://learn.microsoft.com/en-us/graph/api/bitlockerrecover...

[6] https://learn.microsoft.com/en-us/powershell/module/bitlocke...

[7] https://patchmypc.com/blog/bitlocker-recovery-key-cleanup/

[8] https://learn.microsoft.com/en-us/graph/throttling-limits#in...

- They're easy to setup and maintain immutable and reproducible builds.

- You only install the software you need, and even within each software item, you only build/install the specific features you need. For example, if you are building a server that will sit in a datacentre, you don't need to build software with Bluetooth support, and by extension, you won't need to install Bluetooth utilities and libraries.

- Both have a monolithic Git repository for packages, which is advantageous because you gain the benefit of a giant distributed Merkle tree for verifying you have the same packages everyone else has. As observed with xz-utils, you want a supply chain attacker to be forced to infect as many people as possible so more people are likely to detect it.

- Sandboxing is used to minimise the lines of code during build/install which need to have any sort of privileges. Most packages are built and configured as "nobody" in an isolated sandbox, then a privileged process outside of the sandbox peeks inside to copy out whatever the package ended up installing. Obviously the outside process also performs checks such as preventing cool-new-free-game from overwriting /usr/bin/sudo.

- The time between a patch hitting an upstream repository and that patch being part of a package installed in these distributions is fast. This is important at the moment because there are many efforts underway to replace and rewrite old insecure software with modern secure equivalents, so you want to be using software with a modern design, not just 5 year old long-term-support software. E.g. glycin is a relatively new library used by GNOME applications for loading of untrusted images. You don't want to be waiting 3 years for a new long-support-support release of your distribution for this software.

No matter which distribution you use, you'll get some common benefits such as:

- Ability to deploy user applications using something like Flatpak which ensures they are used within a sandbox.

- Ability to deploy system applications using something like systemd which ensures they are used within a sandbox.

Microsoft have long underinvested in Windows (particularly the kernel), and have made numerous poor and failed attempts to introduce secure application packaging/sandboxing over the years. Windows is now akin to the horse and buggy when compared to the flying cars of open source Linux, iOS, Android and HarmonyOS (v5+ in particular which uses the HongMeng kernel that is even EAL6+, ASIL D and SIL 3 rated).

[1] Transpower pylons: https://alltheplaces-data.openaddresses.io/map.html?show=htt...

[2] Transpower substations: https://alltheplaces-data.openaddresses.io/map.html?show=htt...

The public source of this data (ArcGIS Feature Server account of Transpower) shows data last modified by Transpower in October 2025 for pylons and February 2025 for substations. At the rate of development of NZ, you wouldn't expect major changes to any of this data unless it's a major transmission upgrade project identified years in advance in hundreds of public announcements and documents.

For distribution, the largest distributor in NZ (Vector) provides "Line" geometry at https://www.arcgis.com/apps/mapviewer/index.html?url=https:/... (note: not included in AllThePlaces due to ATP not currently collecting geometry other than points)

The ACT government provides ~10cm aerial imagery of Canberra and surrounds a few times a year and from this imagery, unless a minor power pole is obscured by trees or a building, it is generally easy to identify most poles. Evoenergy (distribution operator for the ACT) also publicly provide detailed maps of poles and lines no matter how minor they are. The reason this detail won't be mapped in OSM is lack of interest and availability of mappers to micro-map every minor power pole from aerial imagery, and OSM's very conservative approach to importing datasets, particularly from a licensing perspective (e.g. attempting to apply European database directive concerns in countries like Australia which don't have equivalent laws, and even have opposing case law precedents).

Australia is one of the most open countries when it comes to supplying electrical grid data. Even underground conduit locations are available publicly for most distributors, as well as designed summer/winter constraints for each transmission line (e.g. maximum kA per line). See [1] for some links to maps and other data that is made publicly available.

[1] https://query.wikidata.org/#SELECT%20%3Foperator%20%3Foperat...