From Wikipedia: “The Time Cube website did not have a navigation structure such as a menu or a central home page; instead, it was one long continuous page.”

What in the name of Timecube is that webpage.

And to put the pets dot com thing in context a bit, you have to remember that pets dot com was basically offering to ship pet food and pet furniture (notoriously voluminous and heavy objects) to people at a time when courier and direct-to-consumer freight services were still slow, insanely expensive and unreliable, the contemporary joke was that Fedex parcels would arrive looking like they had been run over (or even worse if they were marked fragile). This was before Amazon was doing free 2-day shipping and all the consequences that had in transforming the logistics market.

So you have to realize that the world was a different place back then, and expectations were different, and the realities of doing business online were different, so when pets dot com said they were going to make a business out of selling notoriously voluminous and heavy objects online with no brick-and-mortar locations to customers who would then have to wait for it and be prepared for disruption in the shipping process while their animals starved, reasonable people thought they were completely fucking unhinged. But business people thought it was fucking genius.

And it turns out they were in fact completely unhinged, and it was not genius, their failure ended up being emblematic for the complete insanity and detachment from reality that was going on while the “dot com” bubble was inflating, and represented the failure of the false idea that if you slapped a “dot com” on any particular industry you would capture and revolutionize that industry automatically, which is what pets dot com thought they were going to do. At the time everyone thought brick and mortar was so expensive and online was so cheap they were all going to be Netflix and completely kill their respective industry’s Blockbuster overnight. They were very wrong. Turns out you can’t just go ahead and start selling pet food online and replace all pet food stores and nobody had really thought that through, they were so overconfident that success was assured because they were doing it online and online is obviously better than brick-and-mortar in every way, right? Right?

It is a very similar kind of insanity and a very similar breathless fascination with AI’s imagined potential to replace every job and be used in every business that is propelling the AI bubble. They will inevitably find out they are wrong too but they can stay irrational about it for a very long time before reality catches up with them and we don’t know exactly how harmful it is going to be when it finally does, other than “probably a lot”.

In that case I’d definitely recommend taking a look at pi, it’s a fairly minimal and controllable starting point where you’re in the driver’s seat at all times and most “features” are opt-in and handled responsibly. And since it’s extensible you can even use plugins like the ones here to do things like add more protections against undesired actions if you want and if that is too minimal and you eventually realize you want something a little bit more like OpenClaw you might want to look into Hermes-Agent, which has similar comprehensiveness to OpenClaw but seems to be a lot more responsibly designed. I don’t have any personal experience with it but that seems to be what most of the “security-thoughtful AI keeners” (which I feel is a bit of a contradiction but people seem to be having some success with it) are using these days.

Part of what big tech has done is to divide us from one another and “curate” our information spaces to make it feel like we’re the only ones experiencing these feelings, like we are the only ones who are actually as desperate for change as we are, when the reality is that I think everyone is actually on pretty close to the same page for a lot of the same reasons. Believe it or not, we do all inhabit the same reality, we have just been made to feel that that reality is itself fictional. It does not serve big tech or big media or big government’s interests for us to know exactly how much we have in common, because they don’t want us to find a common purpose.

Wheee, polycrisis is such a fun way to describe the modern world. Let’s just have every possible crisis all at once.

Absolutely. There are tons of open-licenced, open-weight (the equivalent of open-source for AI models) models capable of what is called “tool usage”. The key thing to understand is that they’re never quite perfect, and they don’t all “use tools” quite as effectively or in the same way as each other. This is common to LLMs and it is critical to understand that at the end of the day they are just text generators, they do not “use tools” themselves. They create specific structured text that triggers some other software, typically called a harness but could also be called a client or frontend, to call those tools on your system. Openclaw is an example of such a harness (and not a great or particularly safe one in my opinion but if you want to be a lunatic and give an AI model free reign it seems to be the best choice) You can use commercial harnesses too by configuring or tricking them into connecting to a local model instead of their commercial one, although I don’t recommend this for a variety of reasons if you really want to use claude code itself people have done it but I don’t find it works very well since all its prompts and tool calling is optimized for Claude models. Besides OpenClaw, Other popular harnesses for local models include OpenCode (as close as you’re going to get to claude for local models) or Cursor, even Ollama has their own CLI harness now. Personally I use OpenCode a lot but I am starting to lean towards pi-mono (it’s just called pi but that’s ungoogleable) it is very minimal and modular, making it intentionally easy to customize with plugins and skills you can automatically install to make it exactly as safe or capable or visual as you wish it to be.

As a minor diversion we should also discuss what a “tool” is, in this context there are some common basic tools that some or most tool-use models will have or understand some variation of, out of the box. Things like editing files, running command-line tools, opening documents, searching the web, are common built-in skills that pretty much any model advertising itself capable of “tool use” or “tool calling” will support, although some agents will be able to use these skills more capably and effectively than others. Just like some people know the Linux commandline fluently and can completely operate their system with it, while others only know basic commands like ls or cat and need a GUI or guidance for anything more complex, AI models are similar, some (and the latest models in particular) are incredibly capable with even just their basic built-in tools. However they’re not limited by what’s built in, as like I said, they can accept guidance on what to use and how to use it. You can guide them explicitly if you happen to be fluent in their tools, but there are kind of two competing models for how to give them that guidance automatically. These are MCP (model context protocol) which is a separate server they can access that provides structured listings of different kinds of tools they can learn to use and how they work, basically allowing them to connect to a huge variety of APIs in almost any software or service. Some harnesses have an MCP built-in. The other approach is called “skills” and seems to be (to me) a more sensible and flexible approach to giving the AI model enough understanding to become more capable and expand the tools it can use. Again, providing skills is usually something handled by the harness you’re using.

To make this a little less abstract you can put it in perspective of Claude: Anthropic provides several different Claude models like Haiku, Sonnet, and Opus. These are the text-generation models and they have been trained to produce a particular tool usage format, but Opus tends to have more built-in capability than something like Haiku for example. Regardless of which model you choose though (and you can switch at any time) you’ll be using a harness, typically “claude code” which is typically the CLI tool most people use to interact with Claude in an agentic, tool calling capacity.

On the open and local side of the landscape, we don’t have anything quite as fast or capable as Claude code unfortunately, but we can do surprisingly okay considering we’re running small local models on consumer hardware, not massive data center farms being enticingly given away or rented for pennies on the dollar of what they’re actually costing these companies on the hopes of successful marketshare-capture and vendor-lock-in leading to future profits.

Here are some pretty capable tool-use models I would recommend (most should be available for download through ollama and other sources like huggingface)

• gemma4 (the latest and greatest hotness, MIT licensed using TurboQuant to deliver pretty incredible capability, performance and results even with limited VRAM)
• qwen3.5 (from Alibaba, a consistent and traditional leader in open models so far with good capability and modest performance)
• qwen3-coder-next (a pretty huge coding-focused model you might struggle to run unless you have a very beefy system and GPU)
• glm4.7-flash (a modestly capable and reasonably fast option)
• devstral-small-2 (an older, not-so-small variant of mistral, the French open-weight AI model if you’re looking for a non-Chinese, non-US based model which are few and far between)

Not enough, obviously, because they’re baaaack.

Pugilism and strength training are not things I usually associate with progressive politics, but maybe he’s practicing punching nazis, which is always acceptable, and unfortunately badly needed nowadays.

And so many of these “common men” still seem to really believe that no matter what he actually says or does, all that matters is that he talks like the person they imagine him to be, which they believe means he unequivocally understands and cares about them and can do no wrong. He really does love the poorly educated, and you can see why.

The reality distortion field Trump supporters seem to be trapped in is rapidly approaching the strength of a black hole. I’m not sure what happens when it all collapses and they all fall into the event horizon but I’ll certainly be glad if they can’t escape and we never have to hear from most of them ever again.

Go ahead, tell us how you really feel about the crusades. I’m not saying I disagree, but I think the church he’s leading still has a lot of reconciliation to do with its past. No better time to start than now. They need to start being honest with themselves before anyone else should bother to take them seriously.

Genocide, forced displacement, and ethnic cleansing are also some words nobody likes. I wonder why people don’t like those words. Maybe they have a good reason.

Babe, wake up, the new Nazi memorabilia just dropped!

… this is going to age like unpasteurized milk in an outhouse. I hope most of them end up in landfill where they belong.

Great news! Also thanks for providing the follow-up, hopefully it helps people who use Unraid in the future.

As a professional software developer, I truly hope that is the case (and I plan to charge at least 10x my current rate after the AI bubble pops when I’m looking for my next job as I expect there to be a massive shortage of people skilled enough to actually deal with the nightmare spaghetti AI code bases)

Fun times ahead.

No, I think you do get it. That’s exactly right. Everything you described is absolutely valid.

Maybe the only piece you’re missing is that “almost right, but critically broken in subtle ways” turns out to actually be more than good enough for many people and many purposes. You’re describing the “success” state.

/s but also not /s because this is the unfortunate reality we live in now. We’re all going to eat slop and sooner or later we’re going to be forced to like it.

You can do all those things with proper routing and there is no difference from mobile devices (as long as they use DHCP and what mobile device wouldn’t?). What I’m suggesting does not change anything on the public side. You still authenticate publicly to renew your certificates. You still give the same certificates to both public and local networks. They’re still valid. Nothing changes.

The only difference is that when you’re local, your DNS gives you the correct local IP address where that service is hosted, say, 192.168.12.34 instead of using public DNS, getting an external IP that’s on the wrong side of the router, and having to go outside your own network and come back in. Hairpin is like that simpsons episode where Abe goes in the revolving door, takes off his hat, puts his hat back on, and goes back out the same revolving door in the span of 2 seconds. It’s pointless, why are you doing that? If you didn’t want to be on the outside of the network, why are you going to the outside of the network first? Just stay inside the network. Get the right IP. No hairpin routing needed. No certificate madness needed. Everything just works the way its supposed to (because this is in fact the way it’s supposed to work)

Convenience is great until it becomes inconvenient. But that’s a journey we all make :)

I’m not too familiar with unraid but from a little research I just did it seems like you’re right. That does seem like a really unfortunate design decision on their part, although it seems like the unraid fans defend it. Obviously, I guess I cannot be an unraid fan, and I probably can’t help you in that case. If it were me, I would try to move unraid to its own port (like all the other services) and install a proxy I control onto port 443 in its place, and treat it like any other service. But I have no idea if that is possible or practical in unraid. I do make opinionated choices and my opinion is that unraid is wrong here. Oh well.

I’d argue that your internally hosted site should not be published on ports other than 80/443. Published is the key word here, because the sites themselves can run on whatever port you want and if you want to access them directly on that port you can, but when you’re publishing them and exposing them to the public you don’t want to be dealing with dozens of different services each implementing their own TLS stack and certificate authorities and using god-knows-what rules for security and authentication. You use a proxy server to publish them properly. And there’s no reason you can’t or shouldn’t use that same interface internally too. Even though you technically might be able to directly access the actual ports the services are running on on your local network, you really probably shouldn’t, for a lot of reasons, and if you can, maybe consider locking that down and making those services ONLY listen on 127.0.0.1 or isolated docker networks so nothing outside the proxy host itself can reach them.

If you don’t want your services to listen on 80/443 themselves that’s reasonable and good practice, but something should be, and it should handle those ports responsibly and authoritatively to direct incoming traffic where it needs to go no matter the source. Even if (or especially if) you need to share that port with various other services for some reason, then either way you need it to operate that port as a proxy (caddy, nginx, even Apache can all do this easily). 443 is the https port, and in the https-only world we should all be living in, all https traffic should be using that port at least in public, and the https TLS connection should be properly terminated at that port by a service designed to do this. This simplifies all sorts of things, including domain name management and certificate management.

tl;dr You should have a proxy that publishes all your services on port 443 according to their domain name. When https://photos.mydomain.com/ comes in, it hits port 443 and the service on port 443 sees it’s looking for “photos”, handles the certificates for photos, and then decides that immich is where it is going and proxies it there, which is none of anyone else’s business. Everyone, internal or external, goes through the same, consistent, and secure port 443 entrance to your actual web of services.