July 2025 – Will Chatham's Blog

July 20, 2025August 9, 2025

Obsidian.md and Plugin Security

Obsidian.md is an awesome note taking system. However, any third party plugin you install has access to all the files on your computer. You must hope the developer is nice or that their GitHub credentials don’t get compromised by a bad actor who then pushes out a malicious update.

The barrier to entry to get a plugin added to the Obsidian marketplace is low, and performed only once. There is not follow-up security review.

Common retorts to these statements, and my replies:

It’s the same thing as X app (VS Code, e.g.)
My reply: Yes, and that is also bad.
Plugins with many users are safer because they have more eyes reviewing the code
My reply: Yes, and they are the more attractive targets. A contributor need only enough time to push a bad update no one notices to infect thousands of computers. So like, 20 minutes?
I don’t put anything valuable or private in my notes anyway
My reply: How about the rest of your computer? Because that’s what they have access to.

In summary, if you use Obsidian, don’t use plugins until or unless they improve this situation.

July 19, 2025August 8, 2025

Building Fully Remote Team Communication

I lead a team of eleven fully remote people, most of whom have never met in person, so I am always on the lookout for ways to build relationships, strengthen how we communicate with each other, and maintain some of the lost “water cooler chat” you get in an office environment.
I stumbled on this Gitlab Handbook that has some great tips for building what they call Informal Communication.

https://handbook.gitlab.com/handbook/company/culture/all-remote/informal-communication/

I really like the idea of postcard swapping, which uses something tangible you can hold in your hand to build connection across distributed teams.
Another team-building strategy we used when I worked at CNN were weekly co-working sessions, where we’d meet online for an hour while doing our normal work. This would facilitate all types of discussion, learning, and cross-collaboration. Sometimes, when conversation waned, just being quite and listening to the clacking of each others’ mechanical keyboards was enough to create a sense of belonging. Writing this article reminds me that I want to implement that on my current team!

July 11, 2025August 8, 2025

Getting out of it what you put into it

It’s been difficult to make myself come here and blog.

Somewhere along the way, things on the internet changed. I used to enjoy writing updates in a blog post, letting friends and family know what had been going on around here, what I was up to, or even just what I was thinking. I knew that there were certain people who followed my blog pretty frequently and would often comment or even just acknowledge that I had posted something. It was a nice community feeling, and I would read other people’s blogs as well. Somewhere along the way this all shifted. I think it probably had something to do with Facebook becoming the predominant platform for people posting updates and being able to keep up with many more people in that format.

It’s a real shame though, because now I’ve gotten myself off of Facebook, off of Instagram, off of Twitter, and I’m largely just biding my time here and on Bluesky.

I find myself not wanting to share content or updates or news or anything like that. I definitely feel more more guarded about what I share online.

Perhaps it’s because of all the horror stories I’ve read about people getting stalked or swatted or whatever, just because they said something someone else didn’t like or disagreed with. I’ve been thinking often about how the internet really has precipitated the downfall of humanity. It’s pretty sad because I thought it was going to be an awesome thing for quite a while.

It definitely had an un-jaded, innocent adolescence phase. However, what happened was that once the World Wide Web became more and more accessible and was starting to be carried around in everyone’s pockets, everything started to change for the worse.

I remember back in college I took a class on how to use the World Wide Web. It was a great introduction into internet culture, what it meant to have a flame war, what spam was, and what good netiquette was.

That’s a word you don’t really hear anymore. Netiquette. It’s a shame. Everyone thinks they have the right to just get very angry at everyone else now, and it’s taken a lot of the fun out of the whole thing.

Maybe if people had been required to take lessons about the internet in order to access it, and had to learn how easily you can be fooled by misinformation and how you need to be able to discern between what’s real and what’s not, we might not be in the predicament we’re in today.

So I don’t know, maybe I’ll take this blog down in the near future. Is anyone reading it? My web statistics say “no”. So this is pretty much an exercise in talking into the ether. I’m putting things into it, but getting out nothing.