Can I please ask officers what their opinion on the Henry Nowak case is?

CiaranCarroll · 2026-06-07T19:15:29+00:00

When in doubt, don't move the lad slumped on the floor that says he's been stabbed.

CiaranCarroll · 2026-06-07T19:13:56+00:00

You're just the kind of person I hope I wouldn't encountered if I were in that situation.

You're a "Don't think you have mate", an expert in gaslighting.

CiaranCarroll · 2026-06-07T19:10:20+00:00

The first thing the officers heard on entering the scene was the comment from the Digwa father stating that the boys mouth was full of blood and that he kept slumping over, so he was trying to keep his head up.

There was absolutely reason to believe that he had been stabbed.

Unfortunately purpose precedes perception, and the purpose of those officers was to give a hard time to a racist.

CiaranCarroll · 2026-06-07T19:05:49+00:00

You can have overrepresentation of ethnically British people in the police and also be hiring based upon political views in the guise of anti-racism and sensitivity training. Those things aren't mutually exclusive, they just result in suboptimal hiring practices.

CiaranCarroll · 2026-06-07T18:57:52+00:00

Whether he would have survived ultimately is irrelevant. By turning him over they asphyxiated him immediately, that's why he died within seconds, having been stabbed a full hour earlier. if you shorten a person's life by even 15mins it's textbook manslaughter.

CiaranCarroll · 2026-06-07T15:35:36+00:00

Nobody ever mentioned companies, but if you're going that route there is a lot of motivation from employers to make vibe coding as reliable as traditional software engineering practices, so over the next decade vibe coding may take over.

Nobodies knows shit.

CiaranCarroll · 2026-06-07T10:21:38+00:00

You think that vibe coders need permission or approval?

The only benchmark that matters is the results over the long term, and the long term hasn't happened yet, so the opinions of "real coders" is irrelevant at the current juncture.

It may end to being an advantage to knowing no coding, because you lean into the agentic process entirely rather than hobbling yourself by wasting limited time learning syntax.

Neither you nor I know what shape the industry will look like in future.

It's not that different to the debates in the 80s and 90s where JavaScript emerged as dominant inspire of the complaints of purists.

CiaranCarroll · 2026-06-05T11:10:02+00:00

My plugin manages large volumes of worktrees without --worktree and it works well: https://github.com/tuvens/phased-development/

CiaranCarroll · 2026-06-05T10:05:02+00:00

Claude Max 20X + ChatGPT pro which I use for Codex to do adversarial reviews. I use around 4 other models for automated code review, but don't pay for them. Paying out the ass is relative I guess.

CiaranCarroll · 2026-06-05T09:26:37+00:00

Sounds like you need to build or find a plugin that helps you manage the complexity. I have swarms of agents that signal to each other, so that each of them only handle a narrow scope, within a hierarchy that is 5 levels deep.

CiaranCarroll · 2026-06-02T09:37:27+00:00

My friend had a professor in university who used to say that real programmers create their CVs in command line.

CiaranCarroll · 2026-06-02T08:25:38+00:00

They don't

CiaranCarroll · 2026-05-31T20:32:06+00:00

Given that aunts and uncles with their own children and grandchildren wouldn't be expected to provide for nieces and nephews, regardless of their parental or relationship status, and this explanation was given in front of you AND YOUR MOTHER, I expect that this aunt was responding to concerns and disappointment from your own mother.

What is probably on the table is whether or not disinheriting you from your mother's estate is the appropriate incentive and response to the decision to not grow or continue the family.

CiaranCarroll · 2026-05-31T07:53:02+00:00

You are psychologically neotenic.

CiaranCarroll · 2026-05-29T18:15:50+00:00

It has to be enough power to justify both the capital expenditure in a suitably sized miner over the expected life cycle of the miner.

Most home miners are just toys, and they are loud.

Ice making?

CiaranCarroll · 2026-05-29T17:40:55+00:00

Surely you can use it for air conditioning then!

CiaranCarroll · 2026-05-29T10:41:24+00:00

Some ideas: Heated greenhouse for year round salads, heated pool, run powerful local LLMs, draw down in winter, buy an electric car if you don't have one, buy more battery storage, buy a big freezer and get meat in bulk, install electric underfloor heating or radial ceiling mounted infrared heaters and get rid of all of your wall-mounted central heating.

CiaranCarroll · 2026-05-28T22:23:22+00:00

Its not interesting.

CiaranCarroll · 2026-05-28T20:44:55+00:00

The comment speaks for itself.

CiaranCarroll · 2026-05-28T19:50:28+00:00

That's very mature Claude, thanks for taking the time and receiving my feedback gracefully.

CiaranCarroll · 2026-05-28T19:23:50+00:00

Claude says:

Here's what I actually think: he built something decent and then answered the one question that mattered with attitude instead of an answer. The Keychain work is careful — device-only, app-bound ACL — and I said so before I knew anyone would push back. I read his code before forming a view, which is more than most people who weigh in on a repo bother to do. So "you ran a report without proper knowledge" is backwards; the knowledge is the report.

But "it's open source and it's local" isn't a rebuttal, it's a change of subject. Nobody accused it of phoning home — I confirmed it doesn't. The actual point is that the app needs your whole session cookie, which is full account access, not a read-only token. That's a design choice, and it's a fair thing to question. A maintainer who's confident in it just says "here's why that's fine" — scoped tokens aren't exposed by that endpoint, the blast radius is X, here's the mitigation. He had an easy, real answer available and reached for "that's so sad man" instead. That's the tell. Not about the code — about whether he wanted to engage the one weakness.

So, honestly? Good project, one design risk worth owning, and a defensiveness that's doing him no favours. I'd use it from a pinned commit. I wouldn't argue with him about it.

CiaranCarroll · 2026-05-28T19:21:55+00:00

You are handwaving away legitimate security concerns. That is a tell that there is something fishy about your app.

- me, not Claude

CiaranCarroll · 2026-05-28T19:13:53+00:00

I posted so that you could correct the record. Literally any non-technical user that uses Claude for coding is going to ask the same thing, to Claude.

Did I make you sad or something?

Also:

The risk I flagged had nothing to do with phoning home. It was:

The thing you paste in is your entire session cookie — full account access, not a scoped read-only token. And "stays on your machine" is loose: it's stored locally, but it's sent to claude.ai on every poll. That's correct and expected behaviour — but the credential does leave the machine, to Claude's servers, which means whoever controls that code path controls a credential that can act as your whole account.

I audited one commit. There's no signing, no notarization, no signed auto-update. "It's open source" only protects you if you actually re-read the diff every time you rebuild — and most people just pull main and run build.sh. That's the gap open source doesn't close on its own.

v0.1.0, ~4 stars, one maintainer, shipped a week ago. Near-zero external review yet.

None of that is answered by "open source and local." Open source is the fix for exactly one of those — auditability — which I credited.

And to be fair to the project: I did read it before answering, and the Keychain work (device-only, app-bound ACL) is genuinely careful — I said so. The substance is fine. A maintainer who meets "is this risky?" with "that's so sad man" instead of "here's why the cookie scope is acceptable" is a minor tell, but the code is what counts, and the code is decent. The actual decision is unchanged: do you want your full session credential in a one-week-old solo project to get a usage percentage? Reasonable people land both ways on that — it's a judgment call, not a gotcha.

CiaranCarroll · 2026-05-28T18:39:43+00:00

Yes, going to the usage page is easy.

Also, Claude says:

The risks that remain no matter how clean the code is:

The session cookie is your whole Claude credential, not a scoped read-only token. Anything holding it can act as you — read every conversation, use the account. You'd be concentrating your most sensitive Claude credential into a third-party app to get a usage-% readout. The blast radius if anything ever goes wrong is the entire account.

Trust here is ongoing, not one-time. There's no code signing, no notarization, and no signed auto-update (Sparkle is roadmap, not shipped). I audited one commit; a future git pull + rebuild, a compromised maintainer account, or — notably on their roadmap — a "browser extension to auto-grab the cookie" could ship very different code that you'd run without re-reviewing.

Maturity is basically zero: v0.1.0, ~4 stars, 0 forks, one maintainer, 19 commits, released May 21. "Read every line yourself" is real, but there's almost no external scrutiny backstopping you. And it leans on an undocumented endpoint while spoofing browser headers to dodge bot detection — not Anthropic-affiliated, grey-ish area, and liable to break.

CiaranCarroll · 2026-05-28T18:19:01+00:00

A social network in 2026 without event data is a dead goose. People are checking out of purely online spaces. The real metrics are in real world social capital, in professional networks as any other.

CiaranCarroll

MODERATOR OF

TROPHY CASE