I will say I didn't disagree with DHH's use of "open source" as I will generally let it slide as its not "Open Source", the version that I attribute to following the Open Source Definition as set out by the Open Source Initiative

I agree that there are many who don't understand the distinction and assume that "Open Source" == "open source", and so I do agree that avoiding the use of "open source" where it instead means "non-OSD" makes sense

Re 2 you can implement a custom Git diff tool, and so (with the encryption key) see what's changed, straight from `git diff`

I do keep an eye on my (fairly privacy positive) analytics via Matomo and I've seen increase in readership over the years as well as spikes in traffic as ie I'm top on reddit, Hacker News or Lobsters

https://www.jvt.me/site-in-review/

But I very much still enjoy that some of my posts are "screaming into the void", giving me an outlet

Nice, I have configured Renovate to updat these for me (https://www.jvt.me/posts/2022/12/20/renovate-go-install/) using the Regex manager, but cool to see other tools available to do similar things!

Thanks for the comment! Hope you find it useful.

False equivalence - a random person can't go to a museum and then immediately go and paint exactly like another artist, but that's what the current LLM offerings allow

See Studio Ghibli's art style being ripped off, Disney suing Midjourney, etc

That's not exactly how LLMs learn either, they require huge amounts of training data to be able to imitate a style. And lots of human artists are able to imitate the style of one another as well, so I'm not sure what makes LLMs so different.

Regardless of whether you think IP laws should prevent LLMs from training on works under copyright, I hardly think the situation is beyond dispute. Whether copyright itself should even exist is something many dispute.

I'd say an alternative question is "how can we stop storing secrets in source control" so then tools like Trufflehog can't find them :)

See also: https://news.ycombinator.com/item?id=46005111

As it arguably would have reduced impact

(I'm one of the Renovate maintainers and have recently pushed for this to be more of a widely used feature)

I think everyone just gets hit after 7 days frankly.

Why? Everyone won't use cooldowns, but the key is to have just enough people running brand new to set off a warning/have systems that check dependencies scan and find vulns go off and the packages get pulled before production builds them.

Monocultures where everyone pulls and builds with every brand new thing for the most minor changes is dangerous.

See also Xe Iaso's posts about CVEs in the C ecosystem (https://xeiaso.net/shitposts/no-way-to-prevent-this/CVE-2025...)

I have both types of blog post on my site - deeply personal like talking about my ADHD (https://www.jvt.me/posts/2022/10/04/adhd/) or salary history (https://www.jvt.me/posts/2022/09/21/year-later-salary-histor...) and weekly notes, but also a lot of tech stuff. And as an IndieWeb website, I use it as my social media too, so people can read posts/replies to social media all in one place!

I don't feel like I've had any negative impact from that, or I'm very privileged to be able to say I don't care if I have had any impact from that - I've done fairly well for myself, and I can remind people I'm a full human being!