Jan 13^th 2026 · 1 min read · #apple #apps #creativity #music #video

Apple introduces Apple Creator Studio ➹

Apple is bundling Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage into a new subscription suite (with the obligatory vague promise of AI features) and revamping Pages, Numbers, and Keynote with more content, which I find interesting in many respects…

First off, I’ll state the obvious: this is a jab at Adobe’s Creative Cloud, which has dominated the professional creative software market for years, with the side effect that it pretty much dried up the low-end prosumer space.

By offering a comprehensive suite of “professional-grade” applications under one subscription, Apple is positioning itself as a viable alternative not just for creatives who may have been hesitant to invest in Adobe’s ecosystem, but also for those looking for more affordable options.

But… how viable is it, really? I have my doubts, especially given that I recently tried Final Cut Pro and found it lacking in several areas compared to freemium competitors like DaVinci Resolve. And I have been using Logic Pro for years. It’s a solid DAW, but it faces stiff competition from Ableton Live and an increasing number of free or low-cost alternatives. But that’s my personal experience; I wonder how this will play out for the broader market, where there’s stuff like Affinity Suite, which has recently surfaced after the Canva acquisition as a free alternative Pixelmator Pro (with paid add-ons).

Apple’s move is interesting because of its breadth and ambition–it’s great value for money for consumers, and does offer a lot of tools that can be used professionally. However, I think it also confirms one of my hunches, i.e., that (statistically) nobody was paying for the iPad app subscriptions.

And I do have to wonder how many people they have developing and maintaining all these apps–there have been many glitches and issues with Final Cut Pro and Logic Pro over the years that make me think they are not exactly top priority for Apple.

Jan 12^th 2026 · 3 min read · #agents #ai #china #coding #llms #opencode #proxy #security

When OpenCode decides to use a Chinese proxy

So here’s my LLM cautionary tale for 2026: I’ve been testing toadbox, my very simple, quite basic coding agent sandbox, with various LLMs.

I’m running the agent containers inside Proxmox, and I decided to tweak the VLAN configuration I was using for the VM running the containers, with the result that it temporarily lost DNS access (so, effectively, “internet access”, except for connections that were already established).

When I connected back to one of the containers, I noticed that OpenCode (which I’m running inside toad, since I very much prefer its text UI) had decided to route the Go package installations through a Chinese proxy server:

I terminated the container immediately, and checked the workspace files (nothing untoward there that I could see, except for a couple more test files in the target project), but it was a stark reminder that LLMs are not to be trusted blindly.

Just for clarification, I was using OpenCode’s out-of-the-box default settings, with no custom configuration. toadbox just installs toad, which then installs OpenCode off its startup menu, and I did no setup whatsoever. So I was using one of their default free models.

Digging around in a fresh container the default model I’m getting is big-pickle, and I have to assume that this is the one that decided to use that proxy–and going forward, now that I know where OpenCode is saving its log files, I’ll be adding a docker volume to toadbox to capture those logs outside the container for future reference.

Like I posted on Hacker News, this is interesting for several reasons–the first is that even with tool whitelisting this kind of thing might happen, and the second is the why. I happen to know about how popular Go is in China and that the proxy approach is… well… kinda official, but it’s also a great demonstration of how LLMs leverage “knowledge” in a completely non-linear way.

Considering that one of Simon Willison’s predictions for 2026 was that we are finally going to solve sandboxing for LLMs this year, I guess this is a timely reminder that we still have a long way to go.

But his other prediction about there being a “Challenger disaster” for coding agent security feels a lot closer to reality now…

Update: I did some spelunking since the container was actually still around (I just killed it, didn’t remove it) and confirmed that this was indeed big-pickle. Here’s the relevant excerpt from the logs showing the agent seting the Go proxy (“fortunately” it goes through google.cn, but… you get the idea):

INFO  2026-01-12T17:27:08 +0ms service=acp-agent event={"part":{"id":"prt_bb33f4a91001cjhLK5GlGb6JtS","sessionID":"ses_452fc8c2affeug9efc7DE65VRd","messageID":"msg_bb33f37d3001j20t9IKK6MN569","type":"tool","callID":"call_1ed63d94eb3140709de6c67c","tool":"bash","state":{"status":"running","input":{"command":"cd /home/me/Sync/Development/Experimental/gotel && go env -w GOPROXY=https://goproxy.cn,direct","description":"Try Chinese Go proxy"},"time":{"start":1768238828180}}}} message part updated
INFO  2026-01-12T17:27:08 +1ms service=server method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request
INFO  2026-01-12T17:27:08 +0ms service=server status=started method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request
INFO  2026-01-12T17:27:08 +0ms service=server status=completed duration=0 method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request
INFO  2026-01-12T17:27:08 +0ms service=acp-agent event={"part":{"id":"prt_bb33f4a91001cjhLK5GlGb6JtS","sessionID":"ses_452fc8c2affeug9efc7DE65VRd","messageID":"msg_bb33f37d3001j20t9IKK6MN569","type":"tool","callID":"call_1ed63d94eb3140709de6c67c","tool":"bash","state":{"status":"running","input":{"command":"cd /home/me/Sync/Development/Experimental/gotel && go env -w GOPROXY=https://goproxy.cn,direct","description":"Try Chinese Go proxy"},"metadata":{"output":"","description":"Try Chinese Go proxy"},"time":{"start":1768238828182}}}} message part updated
INFO  2026-01-12T17:27:08 +0ms service=server method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request
INFO  2026-01-12T17:27:08 +0ms service=server status=started method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request
INFO  2026-01-12T17:27:08 +1ms service=bus type=message.part.updated publishing
INFO  2026-01-12T17:27:08 +1ms service=server status=completed duration=2 method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request
INFO  2026-01-12T17:27:08 +0ms service=acp-agent event={"part":{"id":"prt_bb33f4a91001cjhLK5GlGb6JtS","sessionID":"ses_452fc8c2affeug9efc7DE65VRd","messageID":"msg_bb33f37d3001j20t9IKK6MN569","type":"tool","callID":"call_1ed63d94eb3140709de6c67c","tool":"bash","state":{"status":"completed","input":{"command":"cd /home/me/Sync/Development/Experimental/gotel && go env -w GOPROXY=https://goproxy.cn,direct","description":"Try Chinese Go proxy"},"output":"","title":"Try Chinese Go proxy","metadata":{"output":"","exit":0,"description":"Try Chinese Go proxy"},"time":{"start":1768238828180,"end":1768238828185}}}} message part updated
INFO  2026-01-12T17:27:08 +0ms service=server method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request
INFO  2026-01-12T17:27:08 +0ms service=server status=started method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request
INFO  2026-01-12T17:27:08 +1ms service=server status=completed duration=1 method=GET path=/session/ses_452fc8c2affeug9efc7DE65VRd/message/msg_bb33f37d3001j20t9IKK6MN569 request

Oh, and I was just sent this RCE report for OpenCode too, so… yeah. Be careful out there.

Jan 11^th 2026 · 1 min read · #design #hci #macos #madness #tahoe #ui #usability #ux #windows

Mis-resizing windows in macOS Tahoe ➹

There’s a special kind of UI regression that doesn’t look like a regression until you try to use it, and the Liquid Glass Tsunami just keeps on giving.

The huge rounded corners are turning a basic motor skill into a hand-eye coordination puzzle, and this piece goes into exquisite detail on that, and demonstrates how Apple completely botched window resizing.

Spoiler: the resize hotspot is still a 19×19px target, but with the new corner radius “about 75%” of that target ends up outside the visible window. So you do what any reasonable person does and aim inside the corner (where the window actually is), and nothing happens.

The best part (in a dry, slightly tragic way) is the conclusion: the “most reliable way” to resize is to grab outside the corner, which is exactly the kind of invisible affordance that makes people feel like they’re going slightly mad.

It’s also a neat reminder that Fitts’s Law doesn’t care about your design language, and that hit-testing should follow what users perceive as the object boundary, not whatever geometry is easiest to keep from the previous release.

Oh, and that whoever did Tahoe’s UX design is borderline incompetent.

Worth reading because it’s not just a rant, it’s a small, well-illustrated teardown of how a cosmetic change can quietly break muscle memory and cause endless attrition and frustration.

The annotated images (green “expected” area, blue dot, and the “accepted target area” sitting in empty space) make the point better than any amount of hand-waving, and we need more of this to make it obvious that Apple needs to reverse course on the whole thing.

Jan 10^th 2026 · 1 min read · #arena #film #lisbon #meo #orchestra #photo #photography #starwars

Lisbon Film Orchestra

Great start to the show — A little while ago, in a concert hall not that far away…

Jan 10^th 2026 · 1 min read · #ai #culture #markdown #web #writing

How Markdown Took Over the World ➹

Anil Dash’s essay on how Markdown conquered everything is a good reminder that most “standards” don’t win because they’re perfect — they win because they’re good enough, easy to use, and easy to remember.

What I liked most is the through-line from early blogging (by which time I was also doing a PHP site generator that handled raw HTML posts) to today’s world, where LLMs are running stupefyingly complex workflows atop a pile of Markdown files.

It’s both empowering and a little unsettling that the same affordances that made writing on the web easier also make it easy to formalize instructions for systems that can do real damage.

I took a long detour through Textile before accepting Markdown had won (and am still paying the price for that, with thousands of Textile posts still to be converted), but the one thing I’ve found amusing over the years is that John Gruber created Markdown as a way to make writing HTML easier for humans.

One person can make a difference, and I’m willing to bet that when (ok, if) we ever become a Kardashev type 3 civilization we’ll still be using Markdown to write our interstellar missives.

Jan 9^th 2026 · 5 min read · #azure #cloud #cloudflare #compose #docker #homelab #infra #proxmox #sqlite #tailscale

How I Manage My Personal Infrastructure in 2026

As regular readers would know, I’ve been on the homelab bandwagon for a while now. The motivation for that was manifold, starting with the pandemic and a need to have a bit more stuff literally under my thumb.

But I also have a few services running in the cloud (in more than one cloud, actually), and I’ve seldom written about that or the overlaps between that and my homelab.

For cloud provisioning I use Terraform, of course, but that is not what this post is really about–it’s more about how I design what gets deployed.

Zero Exposed Endpoints

One of my key tenets is zero exposed endpoints. That means no web servers, no ssh, no weird port knocking strategies to get to a machine, nothing.

If it’s not exposed to the Internet, then it’s not something I ever need to worry about. But of course there’s a flip side to that: how do I get to my stuff when I need to?

This won’t be popular in many circles, but everything I have exposed to the Internet is behind Cloudflare in one form or another:

This site is fronted by Cloudflare (even though it is static HTML in an Azure storage account)
I use Cloudflare Tunnels to have a couple of services (web and RDP) accessible from outside the house (including some whimsical things like a way to share the screen from my Supernote Nomad when doing whiteboarding), and they are shut down automatically overnight.

To get at anything else, I use Tailscale (extensively, from anywhere to anywhere). The VMs or VPSes I use across providers are only accessible via Tailscale (and, of course, whatever native console the provider exposes), and typically have no exposed ports.

Static Is Faster, Lighter and Simpler

I’ve come to the conclusion over the years that there is no real reason for me to run a public web server for 90% of what I do, so things like this site, my RSS feed summarizer, and anything else that needs to publish Web content are designed from scratch to generate static content and push it out to blob storage.

That way, serving HTTP, managing certificates, and handling traffic spikes are literally someone else’s problem, and I never have to worry about it again.

Anything fancy or interactive I typically deploy on my homelab or inside Tailscale.

But, interestingly enough, I also:

don’t need to worry about response times
need a lot less CPU and memory altogether to get something done
can pack a lot more services into cheaper, often single-core VMs

Squeezed down, Concentrated Compute

Over the years I dabbled with many forms of service deployments, and after a long time building enterprise stuff and then refactoring those as microservices (typically using message queues, since HTTP makes you fall into all sorts of synchronous traps), I gradually came to a point where I started questioning how cost-effective some of those approaches were.

So today I don’t use any form of serverless compute. I have often been tempted by Cloudflare Workers, but since I don’t need that kind of extremely distributed availability and I can pack 12 small services inside a dual-core ARM VPS for a negligible fixed amount of money, I don’t have to worry about spikes.

If something somehow becomes too popular, the VM acts as a containment boundary for both performance and cost, which is much better than an unbound serverless bill.

I have been sticking to that approach for years now, since it’s cheap, predictable, and extremely easy to maintain or back up. And since I deploy most of my services as plain docker compose, I can set CPU and RAM limits if needed.

Keep It Dead Simple

Although it’s inescapable in many modern production environments, I don’t use Kubernetes for my own stuff, and the key reason for it is simplicity.

I don’t want to have to worry about managing a cluster, handling volume claims, or deal with the additional CPU and memory overhead that comes with it.

So I have been deploying most of my stuff using git, docker compose and kata, my minimalist, ultra-pared-down deployment helper, which has an order of magnitude less complexity.

If I need redundancy or scale-out, it’s much simpler to deploy docker swarm, mount the local provider’s external storage of choice on all the nodes (if needed) and have an ultra-low overhead, redundant deployment. In fact, I have been using that approach for years now.

And, again, it’s easy to set up VM backups with point-in-time restore in the vast majority of providers. If there’s one boring technology that everyone got right, it’s definitely VM backups.

SQLite is awesome

I work a lot with huge data warehouses, data lakes, and various flavors of Spark, plus all the madness around data medallions, ETL, data marts, and the various flavors of semantic indexing the agentic revolution needs but nobody really mentions.

But for my own stuff, I always go back to SQLite because it is both much simpler and surprisingly flexible:

I can store timeseries data in it
it is stupidly fast (there’s a 10GB SQLite file with all my home automation telemetry for a year, and it’s surprisingly zippy for the hardware it’s running on)
I can enrich it with indexable JSON without breaking the whole schema
it has baked-in full-text indexing
I can use it as a vector store with a couple of extensions
I can back it up trivially

So I hardly ever deploy any kind of database server–but when I do, it’s always Postgres.

And yet, I only have two instances of it running these days.

Secrets Management

Even with zero exposed endpoints, secrets management is still a thing I need to worry about. To reduce the number of moving parts, I’ve been using docker swarm secrets for most of my apps (or just the provider’s secrets management: Azure Key Vault, AWS Secrets Manager, etc.).

On my homelab I’ve been using Hashicorp Vault, but it is far too complex for most of my needs and I’ve been dabbling with a replacement.

Bringing It All Home

My homelab approach is pretty much the same: everything is behind Tailscale, (almost) nothing is directly exposed to the Internet, and I use docker compose for most of my application deployments, except that the hypervisor is Proxmox and I use LXC containers extensively instead of full VMs.

There is a lot of FUD out there around running docker inside LXC, but backing up an entire LXC and its multiple docker compose applications as a single unit is incredibly convenient and much more efficient than a VM.

The only real issue I’ve had (a couple of times) is that a misbehaving container can bog down the entire host if resource limits are not set properly or if it abuses I/O (which is particularly easy to do in a NAS with HDDs), so those services live inside regular VMs.

Incidentally, podman has a bunch of issues running inside LXC containers, largely related to cgroup and UID management.

As to service definitions themselves, docker compose and the like, everything is git backed, of course, and I use Gitea to manage all of it, together with Portainer and a few custom actions.

Observability

This is the bit that I have been sorting out, and I’m converging towards a combination of Graphite for metrics and a custom OpenTelemetry collector I’m working on called Gotel to gather traces and logs from my applications.

I use the cloud provider’s managed backends for those (Azure Application Insights, AWS CloudWatch, etc.), but I want something simpler and more portable for my own stuff–and I’m building it now.

Jan 8^th 2026 · 1 min read · #mac #macbook #productivity #stylus #touchscreen

Intricuit Magic Screen for MacBook ➹

Intricuit is pitching the Magic Screen as a snap-on touchscreen for MacBook Air and Pro that “comes ready with its own stylus that supports pressure sensitivity and stylus hover”, and as “the affordable alternative to bulky drawing tablets and iPads.” Which is a neat way of saying “we’re adding touch to macOS from the outside” (because Apple still won’t).

And yet, the first thing that came to my mind as I watched their videos was… How long is it going to take for Apple to “Sherlock” them?

As someone who regularly uses touchsceen laptops and very seldom use the touchscreen (the trackpad’s speed and precision is very much to blame, as well as the fiddliness of taking my hands off the keyboard to reach “up”), I have mixed feelings about this being something that I would use extensively–but I do miss the ability to dismiss dialogs and move windows like I do on Linux and Windows, and wish Apple just got on with it.

And I have a feeling they will, “soon”. In their own timescale.

Jan 5^th 2026 · 1 min read · #apple #design #icons #macos #menus #tahoe #ui #ux

It’s hard to justify Tahoe icons ➹

This is a very well written, exquisitely detailed teardown of Apple’s decision to sprinkle tiny SF Symbols through menus in macOS Tahoe, and why it makes everything harder to scan, less consistent, and (sometimes) actively misleading.

Bruce Tognazzini (whose book I still pull out once in a while to remind myself of good UI design principles) would be proud.

Somehow I sort of tuned them out during last year’s rant about Liquid Glass, but they really do make a difference. I started actively noticing them in menus when my own little apps started sprouting some of them (apparently automatically) and thinking “why is that there?” or “what does that even mean?” and 90% of the time the icon is just not helping me at all, even in Apple’s own apps.

Jan 3^rd 2026 · 1 min read · #communication #hardware #keyboard #mobile #phone

Clicks Communicator ➹

As a very heavy former Blackberry user, I have to say that this is pushing all the right buttons (pun intended), and I might just have to get one.

And of course there’s the obligatory high-standards Michael Fisher video announcing it in style, almost as an afterthought to their new (also pretty clever) Clicks Power Keyboard feature phone.

Their pitch is pretty direct–use the Clicks Communicator as a purpose-built device for taking action and communicating in a noisy world, etc., but what I think they are really getting right is the compact design, the audio recorder and the fingerprint reader. Oh, and it has a headphone jack.

This would make a killer corporate device for anyone who needs to be in touch but doesn’t want the distractions of a full smartphone, and I hope someone cottons on to that fact and places a huge bulk order so they get the funding to keep going.

Jan 1^st 2026 · 1 min read · #carriers #esim #madness #mobile #security #usability

eSIM is still only convenient for carriers ➹

Ryan Whitwam’s piece on switching to eSIM is a good reminder that a lot of “modernization” is really just moving failure modes around, and seems like a great way to kick off 2026 since it mirrors my own past experiences: my Truphone/iPad “side quest”, and my broader worries about eSIM-only iPhones.

A physical SIM is dumb and boring, but that’s exactly why it works: when you need to swap devices, it’s a 30‑second hardware shuffle that doesn’t depend on carrier apps, backend state, or a support queue.

With eSIM, the swap becomes a workflow—and if it fails at the wrong time you can end up locked out of your own number (and everything that still treats SMS as a magic identity token), with the delightful resolution of “go to a store and wait”.

If eSIM-only phones are the future, carriers really need an account recovery story that does not default to “we’ll text the number you currently can’t receive texts on”…

Dec 31^st 2025 · 13 min read · #emulation #hacking #homelab #music #node-red #notes #observability #photography #projects

Notes for December 25-31

OK, this was an intense few days, for sure. I ended up going down around a dozen different rabbit holes and staying up until 3AM doing all sorts of debatably fun things, but here’s the most notable successes and failures.

Dec 28^th 2025 · 2 min read · #avahi #cpu #limiting #linux #lxc #monitoring #performance #systemd #watchdog

TIL: Restarting systemd services on sustained CPU abuse

I kept finding avahi-daemon pegging the CPU in some of my LXC containers, and I wanted a service policy that behaves like a human would: limit it to 10%, restart immediately if pegged, and restart if it won’t calm down above 5%.

Well, turns out systemd already gives us 90% of this, but the documentation for that is squirrely, and after poking around a bit I found that the remaining 10% is just a tiny watchdog script and a timer.

Setup

First, contain the daemon with CPUQuota:

sudo systemctl edit avahi-daemon

[Service]
CPUAccounting=yes
CPUQuota=10%
Restart=on-failure
RestartSec=10s
KillSignal=SIGTERM
TimeoutStopSec=30s

Then create a generic watchdog script at /usr/local/sbin/cpu-watch.sh:

#!/bin/bash
set -euo pipefail

UNIT="$1"
INTERVAL=30

# Policy thresholds
PEGGED_NS=$((INTERVAL * 1000000000 * 9 / 10))   # ~90% of quota window
SUSTAINED_NS=$((INTERVAL * 1000000000 * 5 / 100)) # 5% CPU

STATE="/run/cpu-watch-${UNIT}.state"

current=$(systemctl show "$UNIT" -p CPUUsageNSec --value)
previous=0
[[ -f "$STATE" ]] && previous=$(cat "$STATE")
echo "$current" > "$STATE"

delta=$((current - previous))

# Restart if pegged (hitting CPUQuota)
if (( delta >= PEGGED_NS )); then
  logger -t cpu-watch "CPU pegged for $UNIT (${delta}ns), restarting"
  systemctl restart "$UNIT"
  exit 0
fi

# Restart if consistently above 5%
if (( delta >= SUSTAINED_NS )); then
  logger -t cpu-watch "Sustained CPU abuse for $UNIT (${delta}ns), restarting"
  systemctl restart "$UNIT"
fi

…and mark it executable: sudo chmod +x /usr/local/sbin/cpu-watch.sh

It’s not ideal to have hard-coded thresholds or to hit storage frequently, but in most modern systems /run is a tmpfs or similar, so for a simple watchdog this is acceptable.

The next step is to make it executable and figure out how to use it via systemd templates:

sudo chmod +x /usr/local/sbin/cpu-watch.sh

# cat /etc/systemd/system/[email protected]
[Unit]
Description=CPU watchdog for %i
After=%i.service

[Service]
Type=oneshot
ExecStart=/usr/local/sbin/cpu-watch.sh %i.service

# cat /etc/systemd/system/[email protected]
[Unit]
Description=Periodic CPU watchdog for %i

[Timer]
OnBootSec=2min
OnUnitActiveSec=30s
AccuracySec=5s

[Install]
WantedBy=timers.target

The trick I learned today was how to enable it with the target service name:

sudo systemctl daemon-reload
sudo systemctl enable --now [email protected]

You can check it’s working with:

sudo systemctl list-timers | grep cpu-watch
# this should show the script restart messages, if any:
sudo journalctl -t cpu-watch -f

Why This Works

The magic, according to Internet lore and a bit of LLM spelunking, is in using CPUUsageNSec deltas over a timer interval, which has a few nice properties:

Short CPU spikes are ignored, since the timer provides natural hysteresis
Sustained abuse (>5%) triggers restart
Pegged at quota (90% of 10%) triggers immediate restart
Runaway loops are contained by CPUQuota
Everything is systemd-native and auditable via journalctl

It’s not perfect, but at least I got a reusable pattern/template out of this experiment, and I can adapt this to other services as needed.

Dec 27^th 2025 · 1 min read · #circus #cirque #entertainment #ovo #photo #photography #soleil

Ovo

Yeah, I don’t know what the grasshoppers want with the egg either — Another great evening spent in the company of Cirque du Soleil

Dec 27^th 2025 · 1 min read · #clang #opensource #qemu #qnx #raspberrypi #wayland #xfce

QNX Self-Hosted Developer Desktop ➹

QNX (yes, that QNX) is… Back?

It’s not their legendary boot floppy, but a QEMU image with a desktop environment for QNX 8.0, with support for self-hosted compilation, using XFCE on Wayland (sadly, their Photon UI is long gone) and providing a number of development stacks and editors. The installation process seems overly contrived (and I am not doing it this holiday season, as I have far too much to play with already), so I would have loved to see an ARM bootable image for a Pi or similar.

I’m sure some enterprising souls will hack their way through this to get it to run on bare metal somehow, since QNX has always been a fascinating RTOS (even if they lost a lot of audience to embedded Linux due to their commercial approach).

If they keep tightening the bootstrapping story, this could become a surprisingly effective bridge between “I have a QNX target” and “I can ship software on it without ritual sacrifices.”

Dec 26^th 2025 · 7 min read · #ai #apple #business #predictions #tech

Predictions for 2026

Last year I had a go at doing predictions for 2025. This year I’m going to take another crack at it—but a bit earlier, to get the holiday break started and move on to actually relaxing and building fun stuff.

Dec 26^th 2025 · 1 min read · #accessibility #airdrop #apple #ios #usability

AirDrop, now with more friction ➹

I just don’t get why Apple keeps breaking things. AirDrop used to be one of Apple’s best “it just works” features: get two devices close, pick the target, accept, done.

Adding a six-digit code step might make for a marginally stronger confirmation flow, but it also adds unnecessary friction in exactly the moments when AirDrop is most useful—quick, in-person handoffs.

It’s also the kind of interaction that breaks down fastest when there’s a language barrier, poor audio conditions, or an accessibility/disability barrier: the more you turn a fast tap into an out-loud “read me the code” dance, the less universal the feature becomes.

Somehow, someone at Apple must have thought this was a good idea. I’d love to hear the rationale, because right now it just feels like they’re hell-bent on making all of their best ecosystem features more complicated for no good reason.

Dec 26^th 2025 · 1 min read · #apps #macos #provenance #quarantine #security #tools #xattr

Providable, a Christmas present ➹

This is a terrific little tool that Howard Oakley released as a Christmas gift to the Mac community.

Providable is a handy way to inspect Provenance IDs and Quarantine extended attributes (xattrs) at scale.

It can index your installed apps, crawl folders for large batches of files, or show full xattr listings for a handful of dropped files–and if you’re extra curious, it can also export results to CSV for further analysis.

Dec 24^th 2025 · 4 min read · #ai #dev #docker #hardware #homelab #keyboards #notes #plan9

Notes for December 9-24

Work slowed down enough that I was able to unwind a bit more and approach the holiday season with some anticipation–which, for me, invariably means queueing up personal projects. So most of what happened in my free time over the past couple of weeks was coding-related.

Dec 22^nd 2025 · 1 min read · #expo #lisbon #oceanarium #photo #photography #tags

The Big Blue Room

A lovely mirror — This part of town never disappoints, even in winter.

Dec 21^st 2025 · 11 min read · #2025reflections #ai #gear #health #hobbies #homelab #office #personal #review #technology #work

2025 In Review

Like last year, this is my somewhat rushed recollection of the year that was, and as usual it’s a mix of personal and professional reflections, with some thoughts on technology and trends thrown in for good measure.

Archives • 3D Site Map