Beatrix’s school has an art gallery and today was the opening of the fall show for student work. Beatrix’s photography project was one of the works featured. Very proud of her!
Page 9 of 9
#
Cloudflare outage on November 18, 2025
File under: How To Write A Corporate Appology
Podcast Notes: Feross Aboukhadijeh on The Changelog
I enjoyed listening to Feross Aboukhadijeh, founder and CEO of the security firm Socket, on the Changelog podcast “npm under siege”. The cat-and-mouse nature of security is a kind of infinite source of novel content, like a series of heist movies that never produces the same plot so you can never quite guess what happens next.
I like how succintly Feross points out the paradox of trying to keep your software safe by upgrading packages on npm:
The faster you upgrade your packages, the safer you are from software vulnerabilities. But then the faster you upgrade the more vulnerable you are to supply chain attacks
He points out (and I learned) that pnpm has a feature called minimumReleaseAge that lets you avoid installing anything super new. So you can, for example, specify: “Don’t install anything published in the last 24 hours.”
In other words: let’s slow down a bit. Maybe we don’t need immediacy in everything, including software updates. Maybe a little friction is good.
And if security vulnerabilities are what it took to drive us to this realization, perhaps it’s a blessing in disguise.
(Until the long running cat-and-mouse game of security brings us a bad actor who decides to exercise a little patience and creates some kind of vulnerability whose only recourse requires immediate upgrades and disabling the minimumRelaseAge flag, lol.)
Later in the podcast Feross is asked whether, if he was the benevolent dictator of npm, he would do things the same. He says “yes”. Why? Because the trade-offs of “trust most people to do the right thing and make it easy for them” feels like the better decision over “lock it down and make it harder for everyone”. He’s a self proclaimed optimist:
There’s so much good created when you just trust people and you hope for the best.
Obviously Feross has an entire business based on the vulnerabilities of npm, so his incentives are such that if he did change things, he might not exist ha. So read that how you will.
But I like his optimistic perspective: try not to let a few bad actors ruin the experience for everyone. Maybe we can keep the levers where they are and try to clean up what remains.
#
Bluesky is expanding their moderation tools and the granularity of reporting. Sounds like good changes:
Not every violation leads to immediate account suspension - this approach prioritizes user education and gradual enforcement for lower-risk violations. But repeated violations escalate consequences, ensuring patterns of harmful behavior face appropriate accountability.
#
Congrats to Gus Mueller on Acorn's recognition as a finalist in the App Store Awards! I use Acorn pretty much every day, sometimes for design or mockups, and sometimes just as a scratchpad of screenshots and other graphics that need a quick crop or edit before uploading to my blog.
#
Love the covers on these special TikTok editions of a few of Brandon Sanderson's books. Might've ordered a set for gifts. And I'll keep The Emperor's Soul, which I don't have in print. 📚
#
After a rocky bit early in the year, I feel that Micro.blog is in a really good place right now. New users are joining and the features are the best they've ever been. So now I'm nervous that something else is about to go wrong. 🤪
#
This report from Matthew Prince about Cloudflare's outage yesterday shows the mind-boggling scale of their network. The graph has 25 million HTTP 500 errors per second.
Blinking fuel lights
I recently launched a new theme for Bear. After that, I created scripts for photo galleries and a few other things. Somewhere in between, I also started moving old posts to my new blog.
Shortly after, I hit the brakes.
That happens to me a lot. I want too much, too soon. I love what I’m doing, and that gives me extra energy, which makes me want to do even more.
It’s been like that my whole life.
But there’s one important change these days compared to just a few years ago. I don’t ignore the blinking low on fuel light anymore.
These days, I notice it before running on fumes. I catch myself before getting completely stalled. Not always, but most of the time.
Being able to do that doesn’t require any new knowledge. That’s the beauty of it. We’re born with it.
Our body and mind make an impressive and intelligent piece of machinery. They tell us when it’s time to pull over and fuel up.
We just need to pay attention.
Blink, blink, blink...
