The idea is to die young as late as possible

Distributing Rust crates via git URLs instead of crates.io

Encryption is only a first step: there are others in order to control the devices we use daily. "Sovereign control" means answering yes to each of the following:

• Do you own the encryption keys — not the platform provider?
• Are backups protected end-to-end, by default, without manual configuration?
• Is metadata shielded from external observation, including communication patterns, timing, and participant identity?
• Do you control who can access message content, with no external request system that can override that?
• Do you govern which devices, users, and integrations can access sensitive channels?
• Can the platform be deployed on infrastructure you control, in jurisdictions that meet your data residency requirements?

Vendor the dependencies in the project directly. It will avoid to install the dependencies every time.

So just by not updating dependencies automatically, you turn every single package in an ecosystem into a fire-break for supply chain attacks.

100%

The harder a piece of code is to parse, the more you will tend to rely on LLM-based analysis and generation to maintain and build from it. Illegibility to humans is vendor lock-in. That's the business model.

The enclosure of the FOSS commons may seem like a programmer-specific problem, but it really affects everyone. Privacy-preserving apps like Signal, for example, serve a purpose precisely because they're open and can be audited. Take away that ability to verify the developer's claims by parsing the code, and all guarantees are lost. The more that AI vendors succeed in locking in the FOSS commons, the less transparency we'll have into what our software actually does.

It is 0% coincidence that these technologies are being pushed by some of the least transparent companies on the planet.

Un article à charges montrant que la Silicon Valley a perdu son rôle d'innovation suite à la concentration du pouvoir et de la richesse

Stop complaining, build as much as possible while you can do it for (almost) free, and enjoy the assets for the rest of your life. Code that you build today will still be usable and valuable in 10 years, and if you build stuff that let you reduce your expenses, you could retire early.

Not the mainstream privacy-focused tools like AdGuard, uBlock Origin or Ghostery, but the others having audiences numbering in the millions

That is why transparency should be one of the first things users evaluate before installing any browser extension.

Streaming related extensions under the "dogooodapp" brand

Before installing an extension, it’s worth running through a quick checklist:

• search in the privacy policy for phrases like:
  • “may share”
  • “business partners”
  • “analytics purposes”
  • “commercial purposes”
  • “affiliates and third parties”
• Be wary of extensions with no privacy policy at all
• Check who developed the extension
• Read reviews critically
• Avoid installing unnecessary extensions entirely
• Go for well-established open-source privacy tools when possible

Utiliser les IA et leurs MCP, c'est effectivement donner l'accès total des données utilisées par l'IA aux États-Unis.

De ce fait, le département d’Indre-et-Loire illustre le paradoxe français en matière de numérique. On parle de souveraineté à longueur de discours, mais quand vient le moment d’acheter, l’habitude et la facilité l’emportent. Le réflexe Microsoft est ancré depuis trente ans dans toutes les administrations. De plus, personne ne semble vouloir prendre le risque politique de basculer.

D'autres comme l'Île-de-France utilise cependant déjà des infrastructures européennes.

Pas bête la remarque: un système de DNS européen est primordial pour assurer la sécurité de l'accès à Internet.

dickover n. : a modal panel, popover, or curtain presented by a website or app, deliberately obscuring its own content to frustrate the user with an unwanted, unnecessary, mandatory interaction; e.g. asking the user to accept “cookies”, subscribe to a newsletter, install the website’s mobile app, agree to terms of service, or anything else that the user couldn’t give two shits about.

Similarly there are the dickbar

Implementing raw text is hard on native

Adding query string for a referral (with ?via for example)

1. can broke the URL such as https://int10h.org/oldschool-pc-fonts/fontlist/?foo. Altering a URL gives you a new URL. The new URL could point to a completely different resource, or to no resource at all, even if the alteration is as small as adding a seemingly harmless query string.
2. There is already the HTTP Referrer header for that. It's governed by the Referrer-Policy

Another post describe this problem: https://chrismorgan.info/no-query-strings

s’il y a une chose que j’ai apprise dans cette recherche, c’est ceci : la plupart des trajets ne déraillent pas sur de la mauvaise technologie. Ils déraillent sur l’absence d’une réponse partagée à la question : qu’est-ce qu’on veut réellement atteindre ?

Suite au mail qui faisait perdre 2-3h par semaine aux

Et puis le ministre a fait quelque chose que je reconnais dans chaque trajet de transformation que j’ai étudié. En pleine crise, il a dit : on n’apprend pas à faire du vélo en regardant.

Le Schleswig-Holstein a économisé 15 millions d'euros sur les licences Microsoft, entre autres grâce à ce choix.

The native applications lost the battle.
Windows is not able to offer a consistent native UI over a decade.

The UI inconsistency in Linux was created by design.

MacOS is no longer the safe heaven where designers can work peacefully.

Electron Apps have , but they also lack off visual consistency and keyboard-driven workflows.

Some restartet from scratch with Dart and Flutter UI to replace Android legacy things. Google gave up because they needed a monopoly or a large enough market to succeed.

Zed did the same thing in Rust: they designed their own cross-platform GPU-renderer library. It lacks integration with the host OS on itself though.

On the contrary, TUIs are fast, easy to automate and work reasonably well in different operating systems.

À propos des archétypes des utilisateurs de logiciels libres

• not memory safe (thread access, ...)
• error handling
• garbage collected
• used to directly call sys calls
• can trigger MTE on Android because Go reads the whole page of memory to access a string

It's not a bad language: It's often easy to write a full production ready server using only the standard library. In 2026 this is becoming more of a feature due to the ongoing supply chain attacks. Go itself also has some great technologists working on the project who are extremely responsive and care very deeply.

An app on the web performs better on many points. Definitely.

• distribution
• maintenance
• releases
• adoption (shareware funnel to get the desktop app running)