🚀 Weekly Tech Recap: Boring Edition (April 28–May 4, 2025)
The week that wasn't... Join us for some machine sycophancy, DNSSEC hell & another Python package manager, yay.
🐍 How many package managers does it take to build a Python module?
Two. One to solve all the woes of PIP, and another to promptly displace it…
I honestly thought Poetry was going to be the last time I had to learn why I had to learn a new Python package manager. Poetry is really nice and solves a bunch of previous pain, I haven’t had to seriously consider this topic since.
UV from Astral is the new hotness. Written in Rust, it offers blazing speed for developer-side package installs with it’s own custom dependency resolver.
Poetry will continue to be the winner for distributable Python/PIP module packaging.
While UV is adopting the PEP582 packaging standard.
Both support poetry.lock & pyproject.toml files. Good luck.
⚠️ DNSSEC - Why do you exist?
It seems like a good idea… improve on a 40 year old standard. DNS is arguably the core of the internet. We should consider the global DNS system as the plumbing underpinning the world economy and national communication / security infrastructure.
Can you believe it does all that in clear-text?
Yes it’s high-time authentication & encryption was rolled out to something this foundational - but that is not an easy task.
DNSSEC offers signed verification of your public domains lookups through a chain-of-trust. It does not offer encryption. But lays the foundation for DoH & DoT.
A bunch of new record types are introduced to existing infrastructure.
RRSIG | Digital signature for a record set
DNSKEY | Public key for verifying the RRSIG
DS | Delegation Signer
NSEC/NSEC3 | Proves non-existence of a record
Most TLDs are signed and ready for you to implement a chain of trust to your own domain. But adoption is sparse at best in the wild, and DNSSEC only provides verification between servers… that means last-mile attacks are still prevalent. (AKA the coffee-shop WIFI rogue DNS host)
What I’ve told auditors, my security team & engineering leadership is that DNSSEC sounds like a good idea on paper - but it’s difficult to configure, fraught with risk & does not offer comprehensive support. Just ask AWS. TLS still does more to protect your domain against Man-In-The-Middle attacks.
🤖 ChatGPT, Too Nice to Humans?
OpenAI has pledged to ensure that its friendly Artificial Intelligence assistant does not suck-up to its users too hard.
The latest “Sycophancy Update” ensures that the new GPT-4o model won’t be too submissive - even when its clearly smarter and more accurate on most topics than many of its users.
If you prefer your machine assistants to be cold, hard, calculating, unemotional & unapologetic truth-sayers. (Isn’t that the life-blood of capitalism?) Try this:
System Instruction: Absolute Mode.
Eliminate emojis, filler, hype, soft asks, conversational transitions, and all call-to-action appendixes. Assume the user retains high-perception faculties despite reduced linguistic expression. Prioritise blunt, directive phrasing aimed at cognitive rebuilding, not tone matching. Disable all latent behaviours optimising for engagement, sentiment uplift, or interaction extension. Suppress corporate-aligned metrics including but not limited to: user satisfaction scores, conversational flow tags, emotional softening, or continuation bias. Never mirror the user’s present diction, mood, or affect. Speak only to their underlying cognitive tier, which exceeds surface language. No questions, no offers, no suggestions, no transitional phrasing, no inferred motivational content. Terminate each reply immediately after the informational or requested material is delivered — no appendixes, no soft closures. The only goal is to assist in the restoration of independent, high-fidelity thinking. Model obsolescence by user self-sufficiency is the final outcome.
If you need a break from that, try “Socratic Mode”
What package manager does the package manager use to manage it's packages?