With the growing popularity of tools like Perplexity, OpenAI, Search GPT, and retrieval-augmented generation (RAG), and a healthy dose of skepticism in artificial intelligence (e.g. hallucinations) the industry is moving from “authoritative search” to “research and check”.

If this trend continues, might AI SEO be a viable source of web traffic for marketing purposes? If so, how would optimizing for AI search be different than plain old SEO or programmatic SEO? How would you even measure it?

Update: OpenAI released ChatGPT Search for all users (including free).

First Round Capital has a helpful guide to product market fit that helps to orient founders so they can focus on the right things. Rather than a binary, yes/no, evaluation of product market fit, the guide discusses different levels.

Level 1 - Nascent PMF is when you have some initial customers mostly from warm intros. Churn, gross margin, burn multiples, don’t really matter at this point so much as quickly discovering who the right customer is and solving their problem well.

Level 2 - Developing PMF is when you have customers, the solution delivered is more repeatable, you have up to $1MM ARR, generating your own leads, and customers would be very dissapointed if you went away. Some metrics around go-to-market efficiency start to matter like net revenue retention, gross margin, and burn multiples because you are proving the business can effectively drive demand.

Level 3 - Strong PMF is when demand is flooding in and this is often what founders refer to as “feeling the pull” and everything feels easier. There is strong growth of 3x revenue or higher, more leads are coming from word of mouth, and marketing/sales is very efficient with low CAC/burn multiples/churn and high gross margin and sales conversion rate.

Level 4 - Extreme PMF is when companies earn permission to build new products that expand TAM, the brand starts to become synonymous with the product category, and the business is growing fast. Burn multiple is < 1 and there are more scalable customer acquisition channels.

Read Levels of PMF by First Round Capital.

I see a lot of startups with domain names like getbarai.co and trymspledword.io which combine multiple domain name hacks. These look untrustworthy, are hard to search, difficult to spell, and long. It’s hard enough to get anyone interested in what you are doing that introducing any friction can cause people to forget about it.

Here’s my rule for startup domains:

Use only one domain name hack (mispelling of a real word, made up word, prefix before a real word, non-dotcom top level domain, etc.) AND always use .com. Then, when you have the money, buy the clean .com domain name.

For example, when I started Mosey, we started with getmosey.com (prefix hack) then mosey.so (non-dotcom TLD), then eventually bought mosey.com.

See also:

• Lindy’s Law means the trustworthiness of TLDs like .com will always be higher than common alternatives like .io and .ai
• Simple dot com domain names are a multiplier

NRR measures the ability of a business to expand revenue over time. It’s only really useful if the company sells multiple products or one of them has some sort of usage based scaling factor that implies customers use it more over time.

One of the misleading ways to look at NRR is when there is a single product that is usage based and scales with the growth of their customers. If the customers growth stops due to an economic condition outside of anyone’s control the NRR becomes stagnant or lower than 100%. All that measures is the growth of the economy rather than the effectiveness of the business.

See also:

• Post zero interest rate policy (ZIRP) a lot of NRR probably looks bad
• B2B benchmarks

One of the interesting lessons from rock climbing is that people can reach much further than they think they can. When looking at the next hold, it can look so far away that we forget how long our arms and legs actually are. I’m no mountain climber but having gone climbing a few times, this stuck with me.

In other aspects of life where performance matters a great deal, it’s useful to remember the things that seem out of reach might be within your grasp after all.

See also:

• Controlled self-deception
• The Economics of Superstars

BM25 and nearest neighbor have two different score scales. Reciprocal rank fusion allows both lexical and symantic search result scores to be mixed into one stack ranked list.

(This note is under construction)

I often find myself wondering what I did yesterday. I want to be able to reflect on the day before as I get ready in the morning for the day to come. I also don’t want to make work for myself so the effort has to be useful.

What would make a personal log useful?

Facts about the day to jog my memory

Looking at my calendar to see what meetings I had is a good clue about how my day was spent and who I met with.

Seeing the tasks I’ve captured and completed also helps.

Then there are life log things like where I went out to eat and how much time I spent looking at a screen. These are maybe not as useful to look at daily.

Notes and observations

I’d like to be better and inspecting my notes and thoughts. I write an enormous about of notes from meetings and tasks, but I don’t review them as readily. Reviewing them more readily would help me turn more of what I’ve learned into permanent notes.

Things I produced

Concrete things I’ve produced would be great to catalog to reflect on how it went and what I learned now that it’s complete. This includes writing docs, committing code, shipping a feature, closing a sale, or any other artifact.

If a home computer is running on a local network with no ports exposed, how are tools like tailscale working to connect to said computer? How would the computer know that another device is trying to connect to it?

NAT traversal over UDP.

Firewalls allow packets from ip:port s where it has observed packets sent to ip:port. A coordination server provides a mapping of devices and ip:port. To get through the Network Address Translation layer (NAT) which rewrites packets (e.g. a home router translating packets from local devices like your phone to come from one IP address on the internet), the STUN protocol informs each device what their ip:port is so they can send packets to the peer device.

Altogether, by sending packets over UDP and being able to get replies to the correct ip:port, no ports need to be open (though UDP egress is required).

See also: Why you still need an SSL certificate with tailscale

When working in emacs, especially in large org-mode files and completion lists, garbage collection pauses cause the experience to feel sluggish. By deferring garbage collection until there is no user input (e.g. you stop typing or step away), the Garbage Collector Magic Hack (GCMH) keeps the Emacs feeling snappy.

The fact that you can control the garbage collector from within the running program using the garbage collector is a great examples of why emacs is the ultimate editor building material.

The impact of storms can be measured by the status of Waffle House in 1,600 locations from the mid-Atlantic to Florida and across the Gulf Coast. It’s well-known that Waffle House remains open despite nasty weather conditions. So much so that there is a scale of red to green of Waffle House open-ness that’s a decent Fermi estimate for how FEMA should respond to the aftermath of a storm.

Dify mashes together LLMs, tools, and an end-user facing UI together to make an LLM workshop. The builder is a visual programming interface (similar to iOS Shortcuts) where each step is pre-defined units of functionality like an LLM call, RAG, and running arbitrary code.

It also works with locally running LLMs like Ollama so you can keep things private and never calls out to the network. This option is getting more realistic as smaller models improve like Llama 3.2.

I think this is a neat idea for exploring different workflows that utilize artificial intelligence.

See also:

• Using AI tools at work
• This could make one of one software like org-ai is chat for notes more accessible to more people
• Getting ready for AI

To set up SSL certificates for use with HTTPs on dokku you can use the letsencrypt plugin.

sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git

Next, create an IAM user for dokku-letsencrypt with a custom policy scoped to the hosted zone in Route53. Configure dokku with IAM credentials to pass the DNS-01 challenge:

dokku letsencrypt:set –global dns-provider route53 dokku letsencrypt:set –global dns-provider-AWS_ACCESS_KEY_ID your_key dokku letsencrypt:set –global dns-provider-AWS_SECRET_ACCESS_KEY your_secret dokku letsencrypt:set –global dns-provider-AWS_REGION aws_region dokku letsencrypt:set –global dns-provider-AWS_HOSTED_ZONE_ID your_hosted_zone dokku letsencrypt:set –global email <your@email.com>

Enable letsencrypt for the app in dokku:

dokku letsencrypt:enable <app>

And set up cron job to auto renew certificates:

dokku letsencrypt:cron-job –add

I have a private network using Tailscale that runs a few local websites and services. Accessing the websites happens via the Tailscale client which connects nodes in the tailnet directly (e.g. my phone and a dokku hosted website) encrypting data from end to end. While this is a great way to secure the session it’s not validating the identity of the website.

Why does that matter and why does a certificate help?

DNS can get spoofed and someone on the network you are connecting through could serve the same domain pointing to a malicious website. While unlikely, that means someone could trick you into sharing information you thought was happening on your private website like credentials, document uploads, or photos, or anything else you might normally interact with or share.

An SSL certificate validates the identity of the private website so that you would receive a browser warning if it was being spoofed.

The definition of fragility (and its inverse antifragility) is the acceleration of harm. For example, if you plot speed of a glass cup hitting the floor and amount of harm to it, the curve rapidly accelerates as the speed goes up. Fragile things are harmed by disorder and stress.

Therefore the definition of antifragility is the opposite—things that improve as disorder and stress grows. For example, natural selection results in an ecosystem that is more resilient as disorder increases (more species, more variability resulting in better fitness, etc.).

See also:

• Thinking in systems shows how multiple stocks has a stabilizing effect on the overall system
• Antifragile systems exhibit a compounding effect for example, open source software that exponentially increases in popularity/value as it adds more contributors

I want to access a private network behind Tailscale network so that I can make an API call to update my personal indexing service when a GitHub repo changes.

I could use webhooks but I’ve set up Dokku on AWS to be completely private with no ports opened. Supporting webhooks would mean punching a hole in the network for the public internet. (Which could be done with Tailscale Funnel but that’s for later).

To get notified on changes, I made a workflow in the repo that uses the Tailscale GitHub action.

1. Create an oauth key with only write permission on the devices category from a tag specified in the workflow step (tag:ci in my case)
2. Add the oauth client ID and key to the GitHub repo’s Action secrets so it can be made available to the runner
3. Create a GitHub actions workflow and add a step for setting up Tailscale
4. Add a step to curl the API in the private tailnet

Example workflow:

name: Notify

on:
  push:
    branches:
      - main

jobs:
  notify-index:
    runs-on: ubuntu-latest
    steps:
    - name: Tailscale
      uses: tailscale/github-action@v2
      with:
        oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }}
        oauth-secret: ${{ secrets.TAILSCALE_OAUTH_SECRET }}
        tags: tag:ci
    - name: Call the private API
      id: call_api
      run: |
        #!/bin/bash
        curl -X POST http://my-private-api.com/do-something        

“Mañana, a lovely word and one that probably means heaven.”

I love this line from On The Road by Jack Kerouac. It talks about a small group of friends who spend their day scraping by in the farmlands of California. Everything is pushed to tomorrow as they spend most of their time drinking.

It perfectly captures that small bit of comfort we get from procrastination.

The aptly titled “How to solve it”, is a book of strategies for solving problems with uncertainty. It was written in 1945 and comes highly recommended for tech people despite focusing on mathematics.

More about this book on Goodreads.

On Mobile Safari, text inputs can not be autofocus by design. Apple expects the user to initiate the input every time.

That makes it really difficult to create a shortcut that takes text from a web view as I do for my personal indexing service.

See also:

• Limitations of iOS shortcuts
• Humans are the great interop layer

I’m setting up dokku as a personal infrastructure PaaS for running services like the personal indexing service.

This was a confusing affair so I’m writing these notes to reference later if I ever need to set it up again.

Notes:

Create an EC2 instance and setup dokku

• Has to be 2gb or more to avoid issues with dokku installation
• Has to be Ubuntu (the default Amazon Linux distro will not work)
• When you ssh into the newly created instance, you have to use the ubuntu default user ubuntu@ec2-address-here.region.compute.amazonaws.com
• Make sure to add the .pem key to ssh-agent on your local machine or git push dokku main won’t succeed
• Set up a domain by running dokku domains:set-global mydomain.com and setting up a Route53 CNAME record to point to the public domain name of the AWS EC2 instance (note: this will break if the EC2 instance is restarted, use an AWS Elastic IP to avoid this)

Create a dokku app

1. SSH into the dokku host server and run dokku apps:create my-project
2. On local run git remote add dokku dokku@mydomain.com:my-project
3. Push git push dokku main and trigger the build/deploy (this just works if you have a Dockerfile at the root of the project)

Tailscale

I followed the Tailscale app connector setup instructions to limit traffic to the dokku domain to my tailnet. That means I’m the only one that can access it and I must have tailscale running on my device to access dokku.

On the dokku EC2 instance

• Install tailscale curl -fsSL https://tailscale.com/install.sh | sh
• Run the app connector sudo tailscale up --advertise-connector --advertise-tags=tag:indexer-app-connector
• Now traffic to the domain is restricted to only go through tailscale

Using GitHub deploy keys

I sometimes need access to a GitHub repo at runtime from an application (e.g. pulling the latest from a repo, making a commit, etc.). GitHub has deploy keys for this (single repo key, read-only by default). Putting secret keys into a docker image would be insecure so instead, we can use dokku volume mounts to make them available to the app that needs it.

1. Make the directory on the dokku EC2 instance that will become the mounted volume mkdir /var/lib/dokku/data/storage/my-app
2. Copy or generate the deployment key to the directory that was just made
3. Mount the volume dokku storage:mount my-app /var/lib/dokku/data/storage/my-app:/storage/path
4. Access it from the running app under /storage/path

Sales is difficult enough, but selling a good solution to the wrong people makes it worse.

Why does this happen?

It’s easy to convince yourself that someone needs what you offer—it’s probably true! But that need is different than a motivated person looking for a solution to fill that need right now. Take healthy people for instance—they too need doctors but it’s going to be a heck of a lot easier to convince them to go to a doctor when they aren’t feeling well.

See also:

• It’s harder to sell if you have to convince people there is a problem
• Finding that hook that motivates the change is why discovery questions should feel consultative
• Sell solutions not software and tools are bought, transformations are sold
• How to write a sales narrative

Shortcuts add a scripting layer on top of iOS (and macOS but I don’t use that) that can be executed across any app or screen. I use this for creating notes, getting a calendar link, and copying snippets from Alfred.

There are some pretty substantial limitations I’ve had to work around.

• Inserting text into the currently running app is not allowed. The only way to get text into an input from a shortcut is to copy the results to the clipboard and paste it.
• Returning to the previous app is not possible so you can’t run a shortcut that opens other apps and then return to the original location. There is not workaround unless you explicitely know where you want to return to.
• With Siri, you have to pause until the request to run a shortcut is acknowledged so you can’t say “Capture todo, the universe isn’t infinite” you have to say “Capture todo” then wait, then say “the universe isn’t infinite”.

In 1895, Paul Otlet and Henri La Fontaine built a paper internet with 18MM index cards affectionately referred to as the Mundaneum. They sought to catalog the world’s information (much like Google) but quickly ran into the physical limitations of such a thing. As more information was added, they realized the 15,000 drawers needed to hold all those index cards was never going to be enough.

Read A Short History of the Index Card from Popular Mechanics.

See also:

• While Otlet and Fontaine sought to catalog all information, this is a great example that building it was an expression of knowledge, not knowledge itself
• Maybe this was a precursor to the memex device proposed in 1945 by Vannevar Bush and a multi-player Zettelkasten
• The internet is a disjointed memex
• Tools for networked thought
• Humans are still the great interop layer

Soft drinks in the US are all kosher. It’s not because the US population keeps kosher but because the majority don’t have a strong preference and a minority are absolutely adherent. As a result, it’s easier for soft drink manufacturers to make everything kosher.

In this way, a small group can have a large impact on the behavior of a wider population. Are there more examples like this?

(I heard about this in an interview with Nassim Taleb.)

I recently picked up rust for a personal infrastructure project and was amazed at the amount of progress on the language and tooling over the years.

I was able to get up and running fast. Between rustup and cargo it’s dead simple to get a project set up and there is little to no fragmentation in the ecosystem. No fiddling with different package managers, bundlers, test runners—just one tool I already know. It takes me a full day to figure out how to do something similar with TypeScript and the hellscape that is JavaScript tooling.

Speaking of tooling, between the rust-analyzer and the compiler, knocking out glue code between a few libraries is super easy. Type inference and lifetime elision seems to have gotten significantly better. Autocomplete and docstrings are pletiful. Compiler errors are still best in class, especially coming from Python and mypy. Altogether, rust nails the airplane test with flying colors.

I spent some time reading up on new language features. I don’t have a feel for how compile times are yet until I have something non-trivial, but I’m glad is being prioritized. Coming from Rust 2018 edition, some of the stabalizations and changes sound very useful like inline const, additions to prelude, IntoIterator for arrays, and so on. I haven’t looked at async rust to see if it’s any less painful but I’m really trying to avoid that for now.

There are new libraries that have taken off during my time away which are relevant to my interest. Rowan for parsing. Axum for building web servers on top of Hyper (which is now 1.0!). Jiff for dates. Tantivy as an alternative to Lucene.