• in a browser tab,
• or on the desk in front of you.

It’s hard to believe that there was once a time when consumer technology solved problems we actually had.

You know, one of the reasons we started doing this [was] we could see that we were getting better and better at iPods, and we could see that there was an opportunity to maybe do the next thing—and what should it be?

And it wasn’t driven by a bunch of market research or financial spreadsheets about how big certain markets were. It wasn’t driven by that at all. It was driven by the fact that we all hated our phones. We talked to all of our friends and all the people we knew, and they all hated their phones.

I first noticed it with IT specialists and programmers in Russia.

Their success in one field - and the high salaries that came with it - made them believe they knew better than everyone else. Soon, they started teaching others how to do things in completely unrelated areas, often ones they knew little or nothing about. It’s almost like the Dunning–Kruger effect, but not quite: these people are genuinely competent in their own field; they just overgeneralize that competence to other domains.

Now this intellectual imperialism is spilling everywhere, amplified by AI.

Programming and writing code stand apart when it comes to AI. They have none of the copyright and ownership issues found elsewhere, and nowhere else is its usefulness so obvious, adoption so widespread, or the stigma around using it so minimal. In most other fields, AI is still treated with caution or defensiveness; in programming, it is simply another tool. Perhaps that normalization is precisely what creates the illusion that similar gains must exist everywhere else.

All those AI bros have found a hammer that works great for their nails, and now they’re trying to apply it to every other use case imaginable - even the ones that require a more nuanced approach.

It all reminds me of the square hole meme, where every block is forced into the same square hole. The square hole is generative AI and LLMs, and the AI bros keep trying to fit everything into it. Even if it technically works the first time, that doesn’t mean it’s the right hole for other blocks. The same goes for AI and LLMs: they are not optimal for everything, and the chat interface is not always the best way to interact with computers.

And in this analogy, we’re all Alison on the left - watching, increasingly frustrated, as everything goes into the square hole because those guys “know better.”

This is a nerdy one.

As someone who spends a lot of time reading compliance documents and thinking about GDPR, I decided to see what would happen if I treated governance like a knowledge management problem.

Is a more flexible, lightweight world outside of spreadsheets even possible?

There are plenty of governance solutions out there. Big players like Vanta and Drata are great and all, but a) they cost a lot of money, and b) they’re mostly focused on automation, broader frameworks, and c) they're not really GDPR-specific. They’re also US-based, which means adding yet another processor outside of the EU. And who knows what happens to the Data Privacy Framework in the future.

At the same time, local files are back in fashion. After thinking a lot about Obsidian following my last two posts, I had an idea: what if you could maintain your GDPR compliance documentation entirely in local .md files?

It sounds like the dream of a very particular kind of nerd (me). But could it actually survive real compliance challenges - and the inevitable clash with legal teams who live in Microsoft files? I don’t know, but that didn’t stop me.

So I built a proof-of-concept vault in Obsidian with that goal in mind. This is an exploration of what's possible there right now, and for security reasons I used Restricted mode and core plugins only.

Vault template

1. Download the compliance vault or clone it from the Github repo.
2. Unzip the .zip file to a folder of your choosing.
3. In Obsidian open the folder as a vault.

It’s not as deep as the enterprise solutions mentioned above. There are no mapped controls, no automations, no pie charts or completion dashboards. But the local, interconnected files with backlinks - and the new Obsidian Bases - work surprisingly well for this particular case (take the RoPA base, for example, which pulls in the properties from individual Business Function files). And, the bases also can be exported to .CSV files for audit purposes, when needed.

There’s also a lot more that can be done: local evidence files with structured properties, AI agents with access to local files, and probably a few other things I haven’t even explored yet.

This is a cool little project, and I think it might actually work - if you have enough background in governance and GDPR.

Compliance ≠ complicated tooling.

After my previous post about software, Harrison got in touch to tell me about how he uses Obsidian:

I like using the daily notes plugin to write about what I do every day. There may not always be something significant, but I think it'll be neat to be able to look back on these notes years from now. Plus, everything is stored locally in Markdown files, so it's guaranteed to be future-proof.

And I totally understand why Obsidian is mentioned first. It is a great piece of software, and I really like Kepano’s - now the CEO of Obsidian - philosophy behind it, especially the idea of “file over app.” I use Obsidian myself, in a way very similar to Harrison, although I’m not always consistent enough to keep daily notes.

I’ve also always liked the metaphor behind its name and logo. You start with a raw shard of volcanic glass and slowly shape it into something that fits you alone - a bladelet made by your own hands. There’s a quiet beauty in that idea.

But in our age when people outsource their opinions and decision-making to Reddit and AI, that blade(let) is double-edged.

Obsidian’s greatest strength - its customizability - is also its biggest flaw. It's a classic case of overchoice or analysis paralysis: when there are too many options (plugins, themes, workflows, endless ways to tweak and refine), you end up spending more time sharpening the blade than actually using it.

That’s why I’m drawn to opinionated software. When you find something made by someone else that truly fits, it fades into your daily routine and quietly lets you get on with your life.

Right now, more and more people are building their own tools with the help of AI agents, chasing the idea of something perfectly tailored to them. But I have a feeling that journey has no real destination.

I am large, I contain multitudes.

Apple has created the ideal location for the mini music player on macOS:

But then, they went ahead and made the Mini Player in Apple Music look like this:

Crazy stuff.

Social media platforms are going to come under increasing pressure to identify and label AI-generated content as such. All the major platforms will do good work identifying AI content, but they will get worse at it over time as AI gets better at imitating reality. There is already a growing number of people who believe, as I do, that it will be more practical to fingerprint real media than fake media. Camera manufacturers could cryptographically sign images at capture, creating a chain of custody.

NetNewsWire is saying goodbye to Slack and bringing its community to Discourse:

Slack’s been pretty great for us, but it does have some limitations: conversations are automatically deleted and they’re not findable on the web in the first place.

I've been saying the same thing for a while already (1, 2). Closed chat communities are bad, and I will stand my ground:

Messages disappear into the scroll, and good answers get buried in the side threads. It’s like a never-ending group chat - great for real-time energy, but terrible for knowledge that needs to stick around.

That’s why forums still matter.

Forums and comments create structure. They’re searchable, linkable, and persistent. A thoughtful post from three years ago can still help someone today. A conversation can grow over time. And when people contribute there, they’re not just answering a question - they’re building something others can return to.

I noticed Cooked.wiki in Olly's App Defaults and decided to give it a try, but quickly realized that I won’t be using the service.

Don’t get me wrong -- it looks like a good tool for recipes, and I’ve been cooking quite a lot recently, much more than before -- but there’s one thing that rubbed me the wrong way.

It feels really weird to me to paywall the privacy of your account. Not privacy in a data protection and regulatory sense, but in the sense that your account is public by default, and there’s no way to change that setting without paying.

One could argue that recipes aren’t personal information and that a throwaway nickname would suffice, but it feels like a strange decision.

They’re committed to never running ads, and I respect that, yet this particular choice is… strange.

Imagine if Google didn’t show you ads, but your search activity was public instead. Or if your email provider were free and ad-free, but your emails were publicly visible. Would you use it then?

Maybe it’s just me. It probably is.

I can’t see how this could have happened without AI:

How do you paste another company’s email address into your reply if you’re an actual human composing that response? And if it’s a canned answer, the correct email address would already be pre-saved.

The reply from Obsidian didn’t make things any clearer and failed to refute the AI allegations, so I’ll apply a familiar maxim:

If it looks like AI, swims like AI, and quacks like AI, then it probably is AI.