Just as a counterpoint, to avoid people getting the wrong idea about the complexity involved - I use it and it took literally minutes. The most confusing part was that the sync settings in Ankidroid referred to Ankiweb.
It's mostly due to time/resource/technical constraints [some of our strings come from a shared backend], but we can do better here, especially if there's now a lot more community interest in the feature.
Pull requests welcome! Do feel free to get in touch on the issue/Discord.
Was about to do that, but it turned out it's already fixed in the current version - so literally the only minor issue I hit on my way to a custom sync server is resolved already :)
The pip instructions are bad. Typical Python things: Non-reproducible, not involving a proper lock file. Cargo instructions seem not much better, since they are only referring to a tag in the git repo. The installation from "package build" leak user and password in shell history.
Overall this doesn't inspire much confidence in how solid and tested the procedure is.
I see. I am not claiming, that it is your job to fix that.
On that page though, the same issues are present. The pip install does not make use of any lock file.
pip install anki
Isn't a command we should be seeing in 2026. Unless it is a one-off experiment setup. There should be proper lock files, not just version numbers, especially in the Python and JS ecosystems this has become less and less acceptable.
Leaks username and password to shell command history. Again, can be fine for a one-off quick hack, but is not a great practice, since the shell command history is not the most secure place to store ones credentials in. This could be easily mitigated by adding leading " " (space), at least in environments I am familiar with, but better would probably be putting the credentials in a config file, so that they never hit the shell command history.
The repo already has a lock file for uv. It would be better to make use of that lock file, when using Python to install. And in fact, when one downloads a release of Anki for desktop and runs it the first time, it does make use of uv, creating a venv, and (unconfirmed) hopefully makes use of the uv lock file.
I see these kinds of issues very frequently in Python projects. As someone, who has previously worked on providing docker images for data science workflows, enabling reproducible research, I am quite sensitive to this. But also I hear from friends, that they are traumatized by Python projects installing things in system python and other shenanigans. In general there seem to be tons of people doing Python projects, who don't have a clear idea of how to make things safe and reproducible, which is giving Python projects in general a bad reputation. All while good solutions to these problems exist and existed for years.
In fairness, Python as an ecosystem doesn't make it clear, either. I used to write a ton of Python back in the v2 days. I came back to Python to write a web crawler in summer 2025 and couldn't believe how it was still a bunch of arcane commands to create a virtual environment and install dependencies and capture the dependencies. Yes, an IDE like Pycharm handles this (thank goodness), but jiminy crickets, why doesn't "pip" refuse to even work until you've done "pip init" which generates a requirements.txt and then every pip install should check for a requirements.txt in the PWD. If it doesn't exist, refuse to install the dep. If the file does exist, append the version of the dep to that file.
It's 2026. Even JavaScript can do this.
pip is the de facto manager for the entire language. It should be better. With Node Package Manager for JS, the installation default is at the project level. You have to do a command line override to install globally.
PIP is the opposite. In fact, the only way to install at the project level is to create a virtual environment and trick PIP into thinking it's installing at the global level!
What language operates like this in 2026? Maven installs at the project level. Unison at the project level. Haskell at the project level. JS/TS at the project level.
> Apple now continues to support older operating systems with security updates, allowing users to remain on iOS 18 without immediate pressure to update or forfeit critical patches. This makes it much easier for users to remain on older software.
This is an incredible untruth to end this article on. MacRumors' own reporting (https://www.macrumors.com/2025/12/19/ios-18-forced-ios-26-up...) showed Apple denying the existing iOS 18.7.3 security update to iPhones, and then shutting down the beta channel workaround the same day that MR drew attention to it, leaving iOS 26.2 as the only option.
> For CLIs - most reasonable commands either have a `-h`, `--help`, `-help`, `/?`, or what have you. And manpages exist. Hunt the verb isn't really a problem for CLIs.
"Hunt the verb" means that the user doesn't know which commands (verbs) exist. Which a neophyte at a blank console will not. This absolutely is a problem with CLIs.
Discoverability is quite literally the textbook problem with CLIs, in that many textbooks on UI & human factors research over the last 50 years discuss the problem.
"Hunt the verb" can be alleviated to some degree for programs that require parameters by just showing the manpage when invalid or missing parameters are specified. It's highly frustrating when programs require you to go through every possible help parameter until you get lucky.
Per the thread OP, nobody pretends that CLIs do not need a manual.
Many users like myself enjoy a good manual and will lean into a CLI at every opportunity. This is absolutely counter to the value proposition of a natural language assistant.
I think this is a naming problem. CLI is usually the name for the interface to an application. A Shell is the interface to the OS. Nonetheless agree with your post but this might be part of the difficulty in the discussion
that’s the ambiguity that I think is tripping the discussion up a little. Also the idea of a CLI/Shell/Terminal is also quite coupled to a system, rather than services. Hence the whole ‘web service’ hope to normalise remote APIs that if you squint hard enough become ‘curl’ on the command line
But the point is none of that is intrinsic or interesting to the underlying idea, it’s just of annoying practical relevance to interfacing with APIs today
Yes. But I think the point is a good one. With CLI there is a recognition that there must be a method of learning what the verbs are. And there are many traditions which give us expectations and defaults. That doesn’t exist in the chat format.
Every time I try to interact with one of these llm gatekeepers I just say what I want and hope it figures out to send me to a person. The rest of the time I’m trying to convince the Taco Bell to record a customer complaint about how its existence itself is dystopian.
One thing I really like is that it won't MITM any requests that use TLS 1.3 or HTTP2. Since Mavericks doesn't support these protocols natively, the proxy knows this traffic must be coming from a relatively-modern app that ships its own TLS implementation and doesn't need any help.
> Can you touch on how some of these patches were made/backported from and to closed-source binaries?
The Mail plugin just disables a feature via Objective-C swizzling. Swizzling is fun, you can replace any method in any app with your own version. I usually use class-dump to get a list of methods in the original app, read the method names to guess at what each one does, and try the ones that look promising. More recently I've begun using Hopper (a proper decompiler/disassembler) more heavily, particularly because Claude is very good at reading both assembly and decompiler babble and can direct me.
The font patch is just a hex edit. To quote the readme:
>> The patch removes the `fnt_adjust` TrueType instruction from Apple's font rendering code. This instruction has not been used by legitimate fonts since the 90s. After CVE-2023-41990 was published, Apple responded by removing this instruction from modern macOS. This patch merely does the same on Mavericks.
The patched library replaces the vulnerable instruction with a no-op.
> Tai disagreed that Tai's model is simply the trapezoidal rule, on the basis that her model uses the summed areas of rectangles and triangles rather than trapezoids.
