sholladay (u/sholladay)

sholladay commented on The Anatomy of a macOS App eclecticlight.co/2025/12/... · Posted by u/elashri

mitchellh · 12 days ago

> while that shown in blue is the stapled notarisation ticket (optional)

This is correct, but practically speaking non-notarized apps are pretty terrible to use for a user enough so that this isn't optional and you're going to pay your $99/yr Apple tax.

(This only applies to distributed software, if you are only building and running apps for your own personal use, its not bad because macOS lets you do that without the scary warnings)

For users who aren't aware of notarization, your app looks straight up broken. See screenshots in the Apple support site here: https://support.apple.com/en-us/102445

For users who are aware, you used to be able to right click and "run" apps and nowadays you need to actually go all the way into system settings to allow it: https://developer.apple.com/news/?id=saqachfa

I'm generally a fan of what Apple does for security but I think notarization specifically for apps outside the App Store has been a net negative for all parties involved. I'd love to hear a refutation to that because I've tried to find concrete evidence that notarization has helped prevent real issues and haven't been able to yet.

sholladay · 12 days ago

I’m only aware of two times that Apple has revoked certificates for apps distributed outside of the App Store. One was for Facebook’s Research App. The other was for Google’s Screenwise Meter. Both apps were basically spyware for young teens.

In each case, Apple revoked the enterprise certificate for the company, which caused a lot of internal fallout beyond just the offending app, because internal tools were distributed the same way.

Something may have changed, though, because I see Screenwise Meter listed on the App Store for iOS.

https://www.wired.com/story/facebook-research-app-root-certi...

https://www.eff.org/deeplinks/2019/02/google-screenwise-unwi...

sholladay commented on Collaboration sucks newsletter.posthog.com/p/... · Posted by u/Kinrany

sholladay · a month ago

This sounds like a really good excuse to not bear any responsibility for anything other than what you want to work on. PR reviews will mean nothing; they will all be rubber stamps or style nits because no one else will understand the code other than the owner. Your bus factor will be crazy low.

Collaboration sucks because of the way it is done, not because it has to. Pointless meetings for decision making that should be async. Brainstorming over Slack when that's what a meeting is actually good for. Looping people in to collaborate at the end instead of at the beginning. This is all possible to fix.

What I do is have everyone work in pairs. Pairs are small enough that communication is easy and there's no design-by-committee. But there's always someone to have your back and help when you get stuck or bogged down (e.g. decision fatigue), which happens plenty even to senior engineers. The pair starts and finishes work together, which mostly eliminates the need to loop someone else in randomly and needing to explain the thinking and background context, because they can bounce ideas off of each other and leverage each other's different areas of expertise. Whatever the end result is of that collaboration is treated as a finished unit of work, it's already been looked at closely by two people, it doesn't need a complicated approval process. The automated tests run, the release manager looks for any obvious mistakes, and then it ships.

The hardest nut to crack is the "who is the driver and who is the navigator" problem. I find that it is best to leave that up to the pair to work out for themselves, since it depends on the personalities involved. But with some guidance to not step on each other's toes. Working on the same line of code at the same time constantly is clearly the "too much collaboration" extreme that the article's author dreads. It's better if one person designs while the other codes, or one works on the logic while the other does the TypeScript types, etc. Usually the pair struggles with this for a week or two and then they develop a groove and it's rarely a problem after that. Spontaneous or infrequent collaborators never reach that groove, hence it can be inefficient and frustrating. Long-term pairs get to know each other and then work fast and smooth.

sholladay commented on Ask HN: How do you get over the fear of sharing code? · Posted by u/sodokuwizard

sholladay · a month ago

If someone else steals your work, you should be proud. They found it to be valuable. If they managed to sell it or build something with it, they’ve demonstrated that you can do the same. Use it as a learning experience.

Keep in mind that you are in control of what people are allowed to do with your software. By default, your code is unlicensed even if it is public, which means no one else can distribute it or change it or do much of anything with it. Thus, if someone uses it and claims it to be theirs, you can sue them if you want to.

However, instead of leaving your code unlicensed, I would recommend choosing an open source license and applying it to your code when you make it public. There are many to choose from!

By applying a license to your code, you are establishing a clear framework for what other people are and aren’t allowed to do with it. And it’s legally enforceable. In fact, there are organizations that may step in to help you if someone violates your license or challenges it in court. For example, my preferred license is the Mozilla Public License. If someone tried to challenge me on any part of that license, Mozilla would have a vested interest in defending it, since it’s their license and they use it, too. Their lawyer is even available to chat with over email. I once reached out to ask if I could make a small tweak to the license without causing headaches. They got back to me within a few days and said it would be fine. That gave me a lot of confidence to continue using it.

Some licenses are very permissive, such as MIT. Others are much more restrictive, such as GPL. The MPL, which I use, is somewhere in between.

What’s right for you really just depends on what you consider to be fair. And every project can be different. Maybe you build some small tools that you release under MIT, essentially donating them to all of humanity. Meanwhile, you create a startup and build a product where you keep some of it private and release parts of it publicly, licensed under the GPL, because you don’t want huge corporations stealing the work for your day job without reciprocating. That’s a relatively common approach.

Whatever you decide, just make some of your code public. The feedback and experience will be well worth it. Good luck!

sholladay commented on I took all my projects off the cloud, saving thousands of dollars rameerez.com/send-this-ar... · Posted by u/sebnun

sholladay · a month ago

I think the main thing holding people back from leaving the cloud is simple inertia. There was a time when the cloud was obviously the right choice. Static IPv4 addresses were becoming scarce, IPv6 had not been deployed widely enough, and cloud providers made it easy to stand up a server and some storage with high speed links on the cheap. But over time, things have changed. Rate limits, data caps, and egress fees are now normal (and costly). IPv6 is now deployed widely enough that you might be willing to just run an IPv6-only stack, which greatly simplifies running a server on-premise. And of course, we've all seen time and again how providers will carelessly lock out your cloud account for arbitrary reasons with little to no recourse. The time has come to own your infrastructure again. But that won't happen until people realize it's easy to do.

sholladay commented on Sustainable memristors from shiitake mycelium for high-frequency bioelectronics journals.plos.org/plosone... · Posted by u/PaulHoule

reactordev · 2 months ago

So sci-fi isn’t far off after all.

War of the Worlds.

The last of us.

Battlestar Galatica.

All had some fungi/organic hook (ok, last of us is about zombies but still).

Curious if we could mux them into something faster at a higher order or something. The idea that organics can be used for electronics is so wild.

sholladay · 2 months ago

Star Trek has a number of organic computing examples, too. Species 8472, Data, and the Borg all use varying degrees of organic components.

There's also the bio-neural gel packs on Voyager and the unnamed 31st century Earth vessel discovered by Archer and the NX-01 Enterprise.

New Trek even has a mycelial network in space.

sholladay commented on Grokipedia by xAI grokipedia.com... · Posted by u/thsName

roryirvine · 2 months ago

I've spotted surprising amounts of confidently-stated nonsense even in fairly neutral articles where Elon / xAI is unlikely to have a particular political slant.

Many of the most glaring errors are linked to references which either directly contradict Grokipedia's assertion or don't mention the supposed fact one way or the other.

I guess this is down to LLM hallucinations? I've not used Grok before, but the problems I spotted in 15 mins of casual browsing made it feel like the output of SoA models 2-3 years ago.

Has this been done on the cheap? I suspect that xAI should probably have prioritised quality over quantity for the initial launch.

sholladay · 2 months ago

Some time ago, there was a project called Citizendium that aimed for quality over quantity, with articles written and peer-reviewed by subject matter experts who had to use their real names and working email addresses, among other requirements. I always thought that was interesting, since the main critique of Wikipedia is its open editing model.

Citizendium is still around, though they've loosened some of the requirements in order to encourage more contributions, which seems self-defeating to me. I think they should have tried to cooperate with Wikipedia instead. The edits and opinions of subject matter experts could be a special layer on top of existing Wikipedia articles. Maybe there could be a link for various experts with highlights of sections they have peer-reviewed and a diff of what they would change about the article if those changes haven't been accepted. There could also be labels for how much expert consensus and trust there is on a given snapshot of an article or how frozen the article should be based on consensus and evidence provided by the experts. This would help users delineate whether an article contains a lot of common knowledge or whether it's more speculative or controversial.

sholladay commented on When 'perfect' code fails marma.dev/articles/2025/w... · Posted by u/vinhnx

sholladay · 2 months ago

This is why you should:

- Write functional tests, not unit tests

- Not use compilers or other systems that do a lot of black magic (like changing the type signature of your functions (!))

sholladay commented on Tags to make HTML work like you expect blog.jim-nielsen.com/2025... · Posted by u/FromTheArchives

eska · 2 months ago

I’m not a blind person but I was curious about once when I tried to make a hyper-optimized website. It seemed like the best way to please screen readers was to have the navigation HTML come last, but style it so it visually comes first (top nav bar on phones, left nav menu on wider screens).

sholladay · 2 months ago

Props to you for taking the time to test with a screen reader, as opposed to simply reading about best practices. Not enough people do this. Each screen reader does things a bit differently, so testing real behavior is important. It's also worth noting that a lot of alternative input/output devices use the same screen reader protocols, so it's not only blind people you are helping, but anyone with a non-traditional setup.

Navigation should come early in document and tab order. Screen readers have shortcuts for quickly jumping around the page and skipping things. It's a normal part of the user experience. Some screen readers and settings de-prioritize navigation elements in favor of reading headings quickly, so if you don't hear the navigation right away, it's not necessarily a bug, and there's a shortcut to get to it. The most important thing to test is whether the screen reader says what you expect it to for dynamic and complex components, such as buttons and forms, e.g. does it communicate progress, errors, and success? It's usually pretty easy to implement, but this is where many apps mess up.

sholladay commented on What happened to Apple's legendary attention to detail? blog.johnozbay.com/what-h... · Posted by u/Bogdanp

wpm · 2 months ago

This implies that no young people can get past the gate.

Sure, they lack wisdom, but that doesn't mean they aren't smart, it just means they're young.

Gatekeeping doesn't have to mean "Don't hire anyone under 35" it means "Don't hire people who are bozos" and "don't hire people who don't give a shit"

sholladay · 2 months ago

Obviously you should set standards for your company. I’m not saying just hire anyone and be done with it. But I am saying that hiring is a long-term project. And I am saying that many people could meet your standards if you meet them half-way by giving them all of the information they need, holding their hand a bit at the beginning, and giving them time to figure everything out.

I’ve worked at places that have the opposite philosophy - hire quickly and fire quickly. That works in terms of hiring people who already happen to be what you want them to be. It just leaves no room for anyone who could be, but isn’t yet, what you want them to be. It also leaves no room for anyone who is different from what you are looking for but who could still bring a lot to the table if you just take the time to figure out what that is, which I think describes a lot of people. You might have hired a mediocre programmer who would be a rockstar at documentation, for example. That kind of thing happens all the time, yet workplace culture and practices tend not to accommodate that. By all means have standards, but put in some effort to help your people reach them in their own way.

sholladay commented on What happened to Apple's legendary attention to detail? blog.johnozbay.com/what-h... · Posted by u/Bogdanp

FredPret · 2 months ago

But do monocultures always stagnate?

If Apple was made up of only top-end engineers led by a quality-obsessed maniac, would they put out better or worse products?

Of course, not everyone can follow this philosophy, but they don't have to, and most don't want to anyway.

sholladay · 2 months ago

Monocultures can avoid stagnating if they occasionally accept fresh blood from the outside. But hardline stances don’t allow for that. My point is, even if you only want to work with the best of the best, and you’re willing to ignore underprivileged groups with tons of potential, you still need an on-ramp if you want it to be sustainable.

The great engineers don’t graduate from college knowing everything they need to know, nor are they born with that knowledge. It takes time and help from other people to get them there. Even if they were already a top performing engineer at Netflix, that doesn’t mean they can smoothly transition into a role at your company and perform well with zero assistance. The on-ramp matters and has a huge impact on how they will perform. Some people will require more investment than others, but that’s true regardless of whether you stubbornly try to maintain your existing monoculture. And I firmly believe that everyone brings something different to the table. It’s mostly a matter of figuring out what that is for each person.