Monday, 30 June

21:35

Joe Marshall: You Are The Compiler [Planet Lisp]

Consider a complex nested function call like

(foo (bar (baz x)) (quux y))

This is a tree of function calls. The outer call to foo has two arguments, the result of the inner call to bar and the result of the inner call to quux. The inner calls may themselves have nested calls.

One job of the compiler is to linearize this call tree into a sequential series of calls. So the compiler would generate some temporaries to hold the results of the inner calls, make each inner call in turn, and then make the outer call.

  temp1 = baz(x)
  temp2 = bar(temp1)
  temp3 = quux(y)
  return foo (temp2, temp3)

Another job of the compiler is to arrange for each call to follow the calling conventions that define where the arguments are placed and where the results are returned. There may be additional tasks done at function call boundaries, for example, the system might insert interrupt checks after each call. These checks are abstracted away at the source code level. The compiler takes care of them automatically.

Sometimes, however, you want to want modify the calling conventions. For example, you might want to write in continuation passing style. Each CPS function will take an additional argument which is the continuation. The compiler won't know about this convention, so it will be incumbent on the programmer to write the code in a particular way.

If possible, a macro can help with this. The macro will ensure that the modified calling convention is followed. This will be less error prone than expecting the programmer to remember to write the code in a particular way.

The Go language has two glaring omissions in the standard calling conventions: no dynamic (thread local) variables and no error handling. Users are expected to impose their own calling conventions of passing an additional context argument between functions and returning error objects upon failures. The programmer is expected to write code at the call site to check the error object and handle the failure.

This is such a common pattern of usage that we can consider it to be the de facto calling convention of the language. Unfortunately, the compiler is unaware of this convention. It is up to the programmer to explicitly write code to assign the possible error object and check its value.

This calling convention breaks nested function calls. The user has to explicitly linearize the calls.

temp1, err1 := baz(ctx, x)
  if err1 != nil {
    return nil, err1
  }
  temp2, err2 := bar(ctx, temp1)
  if err2 != nil {
    return nil, err2
  }
  temp3, err3 := quux(ctx, y)
  if err2 != nil {
    return nil, err2
  }
  result, err4 := foo(ctx, temp2, temp3)
  if err4 != nil {
    return nil, err4
  }
  return result, nil

Golang completely drops the ball here. The convention of returning an error object and checking it is ubiquitous in the language, but there is no support for it in the compiler. The user ends up doing what is normally considered the compiler's job of linearizing nested calls and checking for errors. Of course users are less disciplined than the compiler, so unconventional call sequences and forgetting to handle errors are common.

21:00

Stranger Suggests: Tender and Strange Art, Soft Serve That’ll Make You Scream, and an Anti-Fourth of July Celebration [The Stranger]

One Really Great Thing to Do Every Day of the Week
by Audrey Vann MONDAY 6/30  

Pride: The Ric Weiland Collection

(VISUAL ART) If you didn’t know already, Ric Weiland was a software developer and programmer who was hired as the second employee for a little company called Microsoft. Given his early involvement at the tech giant, Weiland was able to retire at the young age of 35 to dedicate his life to philanthropy and LGBTQ advocacy. Sadly, Weiland died at just 53, but his legacy lives on through the $65 million he left to queer rights organizations (such as the Pride Foundation). The MOHAI will honor Pride Month with a small-scale exhibit of photographs, letters, ephemera, and artifacts from Weiland’s estate that reflect his enduring fight for equality. While you’re there, be sure to check out the Collections Spotlight: Denim, which showcases artifacts from the MOHAI collection that tell the history of your ol’ blue jeans. (Museum of History & Industry, through Oct 5, all ages) AUDREY VANN

TUESDAY 7/1  

Nina Katchadourian: ‘Origin Stories

Nina Katchadourian's show 'Origin Stories' is on display through October 26. PHOTO BY DAMIEN GIFFITHS, COURTESY OF NATIONAL NORDIC MUSEUM

(VISUAL ART) In Origin Stories, artist Nina Katchadourian unpacks the quirks, rituals, and memories that shaped her creative world, from family summers in Finland to shipwreck obsessions and childhood games gone existential. Installed across the National Nordic Museum, the show blends humor, nostalgia, and tender strangeness. (For instance, there's a bronze sculpture of a stick-cow in the mix, as well as a six-channel video about her parents’ accents.) Go forth for a reminder that personal history is messy, mythic, and often hiding in plain sight. (National Nordic Museum, through Oct 26, all ages) LINDSAY COSTELLO

WEDNESDAY 7/2  
          View this post on Instagram                      

A post shared by The Stranger 🗞 (@thestrangerseattle)

Ballard FC vs. Tacoma Stars

(SPORTS) USL League Two champions Ballard FC are back this season to defend their title as NW division champs. The team returns to Interbay Stadium this year, bringing them closer to their namesake and adoring fans. Fanfare at the games includes Dick's burgers thrown into the crowd after every goal, half-time shenanigans, and high school bands. Even without all that hullabaloo, I would recommend a game to anyone as cheap, entertaining, family-friendly fun. It doesn't get much more local than being sponsored by Reuben's Brews and having "Up the bridges!" as the team’s main chant. (Interbay Stadium, 7 pm, all ages) SHANNON LUBETICH

THURSDAY 7/3  

Humaira Abid

"Shape of War: First Series - 1 (Story of Rasha and Ahmed, Gaza)," by Humaira Abid, 2025. COURTESY OF GREG KUCERA GALLERY

(VISUAL ART) Each time I walk into the Greg Kucera Gallery, I stumble upon a crowd around Humaira Abid’s wood-carved blouses, oohing and aahing at their delicacy and realism. Through her sculptures and paintings, the Lahore-born, Pakistani American artist depicts ordinary objects like clothing, shoes, purses, and letters in an extraordinary way—by meticulously carving them out of pinewood and often adorning them with exquisite miniature paintings. The pieces don’t just display jaw-dropping craftsmanship, but also share powerful stories related to violence against women, refugees, and displacement. (Opening reception. July 3, 6–8 pm; artist’s talk, July 5, noon, Greg Kucera Gallery, free) AUDREY VANN

FRIDAY 7/4  

F#CK the Fourth!

Bring snacks to share!

(COMMUNITY) Predictably, I am not feeling very patriotic this Fourth of July. I think many of us are in the same boat, sneering at American flags and scoffing when we hear “God Bless America.” Well, fear not! There’s an event for you and other skeptics, and it’s one that encourages you to DO SOMETHING on a local level for your community and your country. Take the time to register to vote and help others do the same, write postcards to government officials, create zines, and have a little catharsis with your fellow firework-hating neighbors. Organizers are inviting folks to “hang out among us, your local artists that support trans rights, immigrants, rights to protest, bodily autonomy, and all the good stuff.” Hell yeah, pals. That’s what I call America. (Push/Pull, 1–4 pm, free, all ages) BRI BREY

SATURDAY 7/5  

TARBOO

(MUSIC) Back for its second year, TARBOO returns to the Olympic Peninsula on Fourth of July weekend with three days of top quality music at Quilcene Lantern, which has become a hub for live music and community in recent years. The fun kicks off Thursday with an evening show featuring three local artists that's totally free and open to the public, followed by two ticketed days with a stellar lineup. Two of my top Pacific Northwest music-makers headline: Seattleite Chong the Nomad crafts the most danceable beats, and Portland-based Blind Pilot has been one of my favorite indie folk bands for over 15 years. Other standouts include Seattle grunge pop bands Great Grandpa and Mt. Fog, and California-based soulful folk songstress Uwade (she's toured with Fleet Foxes). I recommend grabbing a camping pass and staying onsite at their 53 acres of "rolling farm fields" for maximum granola vibes. (Quilcene Lantern, July 3–5, all ages) SHANNON LUBETICH

SUNDAY 7/6  
          View this post on Instagram                      

A post shared by The Stranger 🗞 (@thestrangerseattle)

Pastry Project’s Soft Serve Window

(FOOD) The Pastry Project’s soft-serve window is only open for the summer, and it offers three flavors—purple vanilla, chocolate, and twist. While the ice cream is decadent enough to enjoy on its own—no cheap, icy mix here—the true magic is in the toppings. The aforementioned hard shell dip is available in butterscotch, chocolate, and strawberry passionfruit, and you’re gonna definitely want to add their rainbow peanut crunch. That’s housemade honeycomb-esque peanut brittle that has been smashed to bits and mixed with chopped peanuts and rainbow sprinkles. Nut-Blasting Crispy Magic Rainbow Crunch Fuck Yeah is what they should call it. That on a twist cone with the strawberry passionfruit dip tastes like a PB&J turned up to 11. (The Pastry Project, Thurs–Fri, 3–8 pm; Sat–Sun, noon–8 pm) MEGAN SELING

20:14

David Bremner: Hibernate on the pocket reform 1/n [Planet Debian]

Configuration

  • script: https://docs.kernel.org/power/basic-pm-debugging.html

  • kernel is 6.15.4-1~exp1+reform20250628T170930Z

State of things

  • normal reboot works

  • Either from the console, or from sway, the intial test of reboot mode hibernate fails. In both cases it looks very similar to halting.

    • the screen is dark (but not completely black)
    • the keyboard is still illuminated
    • the system-controller still seems to work, althought I need to power off before I can power on again, and any "hibernation state" seems lost.

Running tests

  • this is 1a from above
  • freezer test passes

  • devices test from console

    • console comes back (including input)
    • networking (both wired and wifi) seems wedged.
    • console is full of messages from mt76x2u about vendor request 06 and 07 failing. This seems related to https://github.com/morrownr/7612u/issues/17
    • at some point the console becomes non-responsive, except for the aforementioned messages from the wifi module.

  • devices test un

    • display comes back
    • keyboard/mouse seem disconnected
    • network down / disconnected?

19:28

Link [Scripting News]

If the Dems were competitive they would run ads now with Senator Tillis talking about the damage the new Repub bill will do to Americans, emphasizing this is a Republican speaking, taking one for the country.

Do a backup now [Scripting News]

Advice from a longtime developer.

  • If you think "I should do a backup," do it. Now, don't wait.
  • Make it really easy to do a backup. Choose a menu item that's always available when you're working.

The reason is karma. God hears all your thoughts. When that thought pops into your head and you don't do a backup, or don't do it soon enough, He crashes your data, and you think "I should have done a backup when I thought of doing it." Even this doesn't please Him. At that moment it's even more urgent that you do a backup.

My hippie uncle taught me this. God has a terrible sense of humor, and thinks it's really funny when you have a good thought and ignore it. When something didn't work he would say that's God goofing on me.

In this case, we're talking about is the Programmer God. There are all kinds of gods, a baseball god, a basketball god, and very specifically a Knicks god. That god has the absolutely worst sense of humor of them all and by worst I mean best.

2025 mid-year link clearance [The Old New Thing]

¹ The gong shot was so popular that a decade later, they brought back three of the original golfers to do it again [YouTube] (with floating golf balls to allow subsequent retrieval).

The post 2025 mid-year link clearance appeared first on The Old New Thing.

Embracing the power of the empty set in API design: Requesting zero items [The Old New Thing]

A team was proposing a method that was at its essence a Read(n) that takes the maximum number of items to read. The reality was more complicated than that: The parameter n was really a configuration property on an operation, but it had the same meaning: It set the maximum number of items to return.

The team said that their method returns E_INVALID­ARG if you pass n = 0.

I argued that this is an incorrect design: If somebody asks for “at most zero items”, then you should succeed and give them zero items. Zero is at most zero.

For example, maybe the program calculates the size of its window, divides by the height of an item, and requests only as many items as fit in the window without overflowing. After all, there’s no point fetching data that you never use.

And then the user resizes the window so small that no items fit, so the division rounds down to zero, and the program asks for zero items and crashes because “somebody” decided that it was wrong to ask for zero items.

Let them ask for zero items. Give them nothing.

Edge cases are hard, so remove edge cases from the interface.

Related reading: Embracing the power of the empty set in API design (and applying this principle to selectors and filters).

The post Embracing the power of the empty set in API design: Requesting zero items appeared first on The Old New Thing.

Combat Fatigues – DORK TOWER 30.06.25 [Dork Tower]

This or any DORK TOWER strip is now available as a signed, high-quality print, from just $25!  CLICK HERE to find out more!

HEY! Want to help keep DORK TOWER going? Then consider joining the DORK TOWER Patreon and ENLIST IN THE ARMY OF DORKNESS TODAY! (We have COOKIES!) (And SWAG!) (And GRATITUDE!)

Gabe's Reading List [Penny Arcade]

I start tons of books using the Kindle preview but end up actually buying and finishing far fewer. I lean towards hard Sci-Fi. I like inscrutable alien artifacts and massive jumps through time. If I’m not reading about spaceships I’m reading history books for some reason. I think because the good ones at least are sort of like time travel books. I’ve managed to finish a bunch of great books recently from both these genres and I wanted to share my finds here for those of you with similar reading interests.

 

18:49

Senator Chides FBI for Weak Advice on Mobile Security [Krebs on Security]

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate’s most tech-savvy lawmakers says the feds aren’t doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

A screenshot of the first page from Sen. Wyden’s letter to FBI Director Kash Patel.

On May 29, The Wall Street Journal reported that federal authorities were investigating a clandestine effort to impersonate Ms. Wiles via text messages and in phone calls that may have used AI to spoof her voice. According to The Journal, Wiles told associates her cellphone contacts were hacked, giving the impersonator access to the private phone numbers of some of the country’s most influential people.

The execution of this phishing and impersonation campaign — whatever its goals may have been — suggested the attackers were financially motivated, and not particularly sophisticated.

“It became clear to some of the lawmakers that the requests were suspicious when the impersonator began asking questions about Trump that Wiles should have known the answers to—and in one case, when the impersonator asked for a cash transfer, some of the people said,” the Journal wrote. “In many cases, the impersonator’s grammar was broken and the messages were more formal than the way Wiles typically communicates, people who have received the messages said. The calls and text messages also didn’t come from Wiles’s phone number.”

Sophisticated or not, the impersonation campaign was soon punctuated by the murder of Minnesota House of Representatives Speaker Emerita Melissa Hortman and her husband, and the shooting of Minnesota State Senator John Hoffman and his wife. So when FBI agents offered in mid-June to brief U.S. Senate staff on mobile threats, more than 140 staffers took them up on that invitation (a remarkably high number considering that no food was offered at the event).

But according to Sen. Ron Wyden (D-Ore.), the advice the FBI provided to Senate staffers was largely limited to remedial tips, such as not clicking on suspicious links or attachments, not using public wifi networks, turning off bluetooth, keeping phone software up to date, and rebooting regularly.

“This is insufficient to protect Senate employees and other high-value targets against foreign spies using advanced cyber tools,” Wyden wrote in a letter sent today to FBI Director Kash Patel. “Well-funded foreign intelligence agencies do not have to rely on phishing messages and malicious attachments to infect unsuspecting victims with spyware. Cyber mercenary companies sell their government customers advanced ‘zero-click’ capabilities to deliver spyware that do not require any action by the victim.”

Wyden stressed that to help counter sophisticated attacks, the FBI should be encouraging lawmakers and their staff to enable anti-spyware defenses that are built into Apple’s iOS and Google’s Android phone software.

These include Apple’s Lockdown Mode, which is designed for users who are worried they may be subject to targeted attacks. Lockdown Mode restricts non-essential iOS features to reduce the device’s overall attack surface. Google Android devices carry a similar feature called Advanced Protection Mode.

Wyden also urged the FBI to update its training to recommend a number of other steps that people can take to make their mobile devices less trackable, including the use of ad blockers to guard against malicious advertisements, disabling ad tracking IDs in mobile devices, and opting out of commercial data brokers (the suspect charged in the Minnesota shootings reportedly used multiple people-search services to find the home addresses of his targets).

The senator’s letter notes that while the FBI has recommended all of the above precautions in various advisories issued over the years, the advice the agency is giving now to the nation’s leaders needs to be more comprehensive, actionable and urgent.

“In spite of the seriousness of the threat, the FBI has yet to provide effective defensive guidance,” Wyden said.

Nicholas Weaver is a researcher with the International Computer Science Institute, a nonprofit in Berkeley, Calif. Weaver said Lockdown Mode or Advanced Protection will mitigate many vulnerabilities, and should be the default setting for all members of Congress and their staff.

“Lawmakers are at exceptional risk and need to be exceptionally protected,” Weaver said. “Their computers should be locked down and well administered, etc. And the same applies to staffers.”

Weaver noted that Apple’s Lockdown Mode has a track record of blocking zero-day attacks on iOS applications; in September 2023, Citizen Lab documented how Lockdown Mode foiled a zero-click flaw capable of installing spyware on iOS devices without any interaction from the victim.

Earlier this month, Citizen Lab researchers documented a zero-click attack used to infect the iOS devices of two journalists with Paragon’s Graphite spyware. The vulnerability could be exploited merely by sending the target a booby-trapped media file delivered via iMessage. Apple also recently updated its advisory for the zero-click flaw (CVE-2025-43200), noting that it was mitigated as of iOS 18.3.1, which was released in February 2025.

Apple has not commented on whether CVE-2025-43200 could be exploited on devices with Lockdown Mode turned on. But HelpNetSecurity observed that at the same time Apple addressed CVE-2025-43200 back in February, the company fixed another vulnerability flagged by Citizen Lab researcher Bill Marczak: CVE-2025-24200, which Apple said was used in an extremely sophisticated physical attack against specific targeted individuals that allowed attackers to disable USB Restricted Mode on a locked device.

In other words, the flaw could apparently be exploited only if the attacker had physical access to the targeted vulnerable device. And as the old infosec industry adage goes, if an adversary has physical access to your device, it’s most likely not your device anymore.

I can’t speak to Google’s Advanced Protection Mode personally, because I don’t use Google or Android devices. But I have had Apple’s Lockdown Mode enabled on all of my Apple devices since it was first made available in September 2022. I can only think of a single occasion when one of my apps failed to work properly with Lockdown Mode turned on, and in that case I was able to add a temporary exception for that app in Lockdown Mode’s settings.

My main gripe with Lockdown Mode was captured in a March 2025 column by TechCrunch’s Lorenzo Francheschi-Bicchierai, who wrote about its penchant for periodically sending mystifying notifications that someone has been blocked from contacting you, even though nothing then prevents you from contacting that person directly. This has happened to me at least twice, and in both cases the person in question was already an approved contact, and said they had not attempted to reach out.

Although it would be nice if Apple’s Lockdown Mode sent fewer, less alarming and more informative alerts, the occasional baffling warning message is hardly enough to make me turn it off.

18:42

Slog AM: Senate Votes on the Big Beautiful Bill, Gunman Ambushes Firefighters, Democrats Aren't Proud to Be American [The Stranger]

The Stranger's morning news roundup by Hannah Murphy Winter

Good morning! It’s the hottest day of the week already. Highs in the mid-80s without a cloud in the sky. So consider this your monthly reminder that street end parks are open to the public. Go find one.

Until then, let’s do the news.

Here’s What’s Getting More Expensive Tomorrow: Heads up, drivers. Both the gas tax and the toll rate on the State Route 99 tunnel are going up tomorrow. Toll rates are increasing five and ten cents for off-peak morning and peak evening hours, respectively, and the gas tax is going up six cents per gallon.

Remember the Tree Protestors? Back in May, environmentalists moved into a big ol’ fir tree to block an old forest near Port Angeles from being logged. Well, ICYMI (like we did), the protestors were forced out of the tree on the 40th night of their protest when two people began to dismantle parts of the protestors’ platform. “One activist present said the driver of the Jeep screamed death threats at him, including vowing to gut him like an animal. He and another activist, who spoke on the condition of anonymity to avoid legal consequences, said they did not know who the people were in the Jeep.”

Seattle 1, NIMBYs 0: Starting today, a new state law allows developers to build up to four homes on city lots that are zoned for single family housing. The Seattle Times reported that generally, new construction is lagging, so we’re not likely to see a huge boom in new housing immediately, but we’ll take the W. 

Shooting in Idaho: A gunman set a brush fire to lure first responders to Canfield Mountain in Northern Idaho, and then shot at them when they arrived at the scene. Two firefighters were killed and one was seriously injured. The standoff lasted several hours, until authorities were able to use cellphone signals to track the shooter. He was dead when they found him.

BBB Marathon: After fighting about it all weekend, the Senate is set to vote on Trump’s Big Beautiful Bill today. There are a huge slate of amendments to consider, so it’s expected to be a long one, and it’s definitely not guaranteed to make it through. Republicans only need a simple majority, but that still means they can only afford to lose three votes. Two GOP senators have already said they won’t vote for it (including Senator Thom Tillis, who said he wouldn’t run for reelection after he announced his opposition to the bill, because that’s the sign of a healthy democracy). In case you’ve forgotten amongst all the other chaos, this bill sucks. It extends $4 trillion in tax cuts, and to pay for them, includes almost $1 trillion in cuts to Medicaid, defunds federal nutrition programs, and restricts trans healthcare. It’s such trash even Republicans hate it.

When ordinary Republicans understand how Trump’s “One Big Beautiful Bill” would affect the after-tax incomes of American families, it turns out they don’t find it beautiful at all.

“I was really shocked."

[image or embed]

— Mother Jones (@motherjones.com) June 29, 2025 at 3:32 AM

Housing Not Handcuffs: In legislative news that doesn’t make you want to scratch your eyes out, Representative Pramila Jayapal introduced a bill that would make it illegal for federal agencies to remove homeless people from federal land if they don’t have another place to go. She introduced the bill just before the anniversary of Grants Pass v. Johnson, the Supreme Court decision that said it was constitutional to criminalize camping—which some South King County cities have really run with. Immediately after the decision, Auburn eliminated the need to offer people overnight shelter before charging them with a misdemeanor for sleeping on public land. And Burien enacted an outright ban on living outside. 

Tariff Threats, Again: Trump’s back on his geopolitical nonsense. Apparently our negotiator-in-chief is sick and tired of negotiating trade deals, and he told Fox News yesterday that he’d prefer to just send every country a letter. "We made deals, but I'd rather just send them a letter, a very fair letter, saying 'congratulations, we're going to allow you to trade in the United States of America, you're going to pay a 25 percent tariff, or 20 percent, or 40 or 50,'" Trump said, like someone who totally understands how trade deals work. He’s made the same threat twice before and never followed through. Let’s see if he does this time!

Gallup Figures Out What We Already Knew: A new Gallup poll found that Democrats aren’t proud to be American. Unsurprisingly, 92 percent of Republicans are “very” or “extremely” proud to be from the US, but Democrats come in at a cool 36 percent. No one asked that 36 percent what they found to be proud of.

The Fuck? Police are investigating performances by Bob Vylan and Kneecap from this weekend’s Glastonbury festival. They must’ve done something super fucked up, right? Like, sacrificed a sheep or kicked a baby or something? Bob Vylan allegedly criticized the Israel Defense Forces by chanting "death, death to the IDF [Israel Defense Forces],” and Kneecap allegedly called Israel war criminals and led a “Free Palestine” chant. Glastonbury organizers have said they were "appalled.” Both groups have a history of political, and pro-Palestine commentary, so we’re not sure what they expected? Unclutch your pearls, Glastonbury. 

It’s the Last Day of Pride Month: And we had 30 days of recommendations for Big Gay Shit to do all month. But today? Today is for a big, gay nap.

View this post on Instagram

A post shared by The Stranger 🗞 (@thestrangerseattle)

18:07

[$] Fedora's i686 support gets a reprieve [LWN.net]

A change proposal to end support for 32-bit x86 (i686) applications on the x86_64 architecture with the Fedora 44 release has been withdrawn after significant pushback. As proposed, the change could have had a significant impact on gamers, compiler development, and the Bazzite project, which uses Fedora as a base for a gaming-focused distribution. While i686 gets a reprieve for now, the question still lingers: who is going to keep the necessary i686 packages in working order when few upstream maintainers or volunteer packagers care about the architecture?

16:35

Security updates for Monday [LWN.net]

Security updates have been issued by AlmaLinux (mod_proxy_cluster), Debian (catdoc, chromium, nagvis, and sudo), Fedora (chromium, gum, kubernetes1.32, moodle, podman, python3-docs, python3.13, salt, and tigervnc), Mageia (x11-server, x11-server-xwayland & tigervnc), Oracle (apache-commons-beanutils, exiv2, expat, firefox, git, git-lfs, gstreamer1-plugins-bad-free, ipa, java-21-openjdk, kea, kernel, libarchive, libblockdev, libsoup3, libvpx, libxslt, mod_auth_openidc, nodejs22, osbuild-composer, perl, perl-File-Find-Rule, php, python-jinja2, python-tornado, sqlite, thunderbird, valkey, varnish, weldr-client, xorg-x11-server-Xwayland, xz, and yggdrasil), Red Hat (apache-commons-beanutils, javapackages-tools:201801, kernel, and python3.11), SUSE (apache-commons-fileupload, gimp, glib2, himmelblau, nvidia-open-driver-G06-signed, sqlite3, thunderbird, yelp, and yelp-xsl), and Ubuntu (samba).

16:21

Russell Coker: Links June 2025 [Planet Debian]

Jonathan McDowell wrote part 2 of his blog series about setting up a voice assistant on Debian, I look forward to reading further posts [1]. I’m working on some related things for Debian that will hopefully work with this.

I’m testing out OpenSnitch on Trixie inspired by this blog post, it’s an interesting package [2].

Valerie wrote an informative article about creating mesh networks using LORA for emergency use [3].

Interesting article about Signal and Windows Recall. That gives us some things to consider regarding ML features on Linux systems [4].

Insightful article about AI and the end of prestige [5]. We should all learn about LLMs.

Jonathan Dowland wrote an informative blog post about how to manage namespaces on Linux [6].

The Consumer Rights wiki is a great resource for raising awareness of corporations exploiting their customers for computer related goods and services [7].

Interesting article about Schizophrenia and the cliff-edge function of evolution [8].

Related posts:

  1. Links May 2025 Christopher Biggs gave an informative Evrything Open lecture about voice...
  2. Links April 2025 Asianometry has an interesting YouTube video about elecrolytic capacitors degrading...
  3. Links February 2025 Oliver Lindburg wrote an interesting article about Designing for Crisis...

15:35

Link [Scripting News]

Advice from a longtime developer. 1. If you think "I should do a backup," do it. Now, don't wait. 2. Make it really easy to do a backup. Choose a menu item that's always available when you're working.

15:07

Kernel prepatch 6.16-rc4 [LWN.net]

Linus has released 6.16-rc4 for testing. "Despite a fairly large merge window, things continue to look fairly calm on the rc front".

14:21

CodeSOD: A Highly Paid Field [The Daily WTF]

In ancient times, Rob's employer didn't have its own computer; it rented time on a mid-range computer and ran all its jobs using batch processing in COBOL. And in those ancient times, these stone tools were just fine.

But computing got more and more important, and the costs for renting time kept going up and up, so they eventually bought their own AS/400. And that meant someone needed to migrate all of their COBOL to RPG. And management knew what you do for those kinds of conversions: higher a Highly Paid Consultant.

On one hand, the results weren't great. On the other, the code is still in use, though has been through many updates and modernizations and migrations in that time. Still, the HPC's effects can be felt, like this block, which hasn't been touched since she was last here:

// CHECK FOR VALID FIELD
IF FIELD1 <> *BLANKS AND FIELD1 < '1' AND FIELD1 > '5';
    BadField1 = *ON;
    LEAVESR;
ENDIF;

This is a validation check on a field (anonymized by Rob), but the key thing I want you to note is that what the field stores are numbers, but it stores those numbers as text- note the quotes. And the greater-than/less-than operators will do lexical comparisons on text, which means '21' < '5' is true.

The goal of this comparison was to require the values to be between 1 and 5. But that's not what it's enforcing. The only good(?) news is that this field also isn't used. There's one screen where users can set the value, but no one has- it's currently blank everywhere- and nothing else in the system references the value. Which raises the question of why it's there at all.

But those kinds of questions are par for the course for the HPC. When they migrated a bunch of reports and the users compared the results with the original versions, the results didn't balance. The HPC's explanation? "The users are changing the data to make me look bad."

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

13:21

Link [Scripting News]

I needed a tiny feed reader for an app I was working on.

Link [Scripting News]

Another criticism of the Bluesky API. They make each developer do the support for Open Graph metadata, when it would be much more efficient for them to support it on their end. I would be happy to give them the code. It's not that complicated. But translating the OG format, which for crying out loud is a huge standard, into their arcane format which is only supported by Bluesky, is going in the wrong direction, and frankly is ridiculously arrogant. Show a little humility. Facebook is huge, and the format isn't just used by Facebook, everyone uses it.

13:14

12:35

Link [Scripting News]

When I was having trouble getting into my AWS account last week, I ordered a Yubikey, which everyone says is the best way to go. I thought I'd set it up first thing Monday morning (ie now) but it turns out it's a major undertaking? Why does this have to be so hard? I guess I'll find out, but not today. I want to make some progress on my development project first. Maybe later.

12:07

How Cybersecurity Fears Affect Confidence in Voting Systems [Schneier on Security]

American democracy runs on trust, and that trust is cracking.

Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn’t just political polarization—it’s a creeping erosion of trust in the machinery of democracy itself.

Commentators blame ideological tribalism, misinformation campaigns and partisan echo chambers for this crisis of trust. But these explanations miss a critical piece of the puzzle: a growing unease with the digital infrastructure that now underpins nearly every aspect of how Americans vote.

The digital transformation of American elections has been swift and sweeping. Just two decades ago, most people voted using mechanical levers or punch cards. Today, over 95% of ballots are counted electronically. Digital systems have replaced poll books, taken over voter identity verification processes and are integrated into registration, counting, auditing and voting systems.

This technological leap has made voting more accessible and efficient, and sometimes more secure. But these new systems are also more complex. And that complexity plays into the hands of those looking to undermine democracy.

In recent years, authoritarian regimes have refined a chillingly effective strategy to chip away at Americans’ faith in democracy by relentlessly sowing doubt about the tools U.S. states use to conduct elections. It’s a sustained campaign to fracture civic faith and make Americans believe that democracy is rigged, especially when their side loses.

This is not cyberwar in the traditional sense. There’s no evidence that anyone has managed to break into voting machines and alter votes. But cyberattacks on election systems don’t need to succeed to have an effect. Even a single failed intrusion, magnified by sensational headlines and political echo chambers, is enough to shake public trust. By feeding into existing anxiety about the complexity and opacity of digital systems, adversaries create fertile ground for disinformation and conspiracy theories.

Testing cyber fears

To test this dynamic, we launched a study to uncover precisely how cyberattacks corroded trust in the vote during the 2024 U.S. presidential race. We surveyed more than 3,000 voters before and after election day, testing them using a series of fictional but highly realistic breaking news reports depicting cyberattacks against critical infrastructure. We randomly assigned participants to watch different types of news reports: some depicting cyberattacks on election systems, others on unrelated infrastructure such as the power grid, and a third, neutral control group.

The results, which are under peer review, were both striking and sobering. Mere exposure to reports of cyberattacks undermined trust in the electoral process—regardless of partisanship. Voters who supported the losing candidate experienced the greatest drop in trust, with two-thirds of Democratic voters showing heightened skepticism toward the election results.

But winners too showed diminished confidence. Even though most Republican voters, buoyed by their victory, accepted the overall security of the election, the majority of those who viewed news reports about cyberattacks remained suspicious.

The attacks didn’t even have to be related to the election. Even cyberattacks against critical infrastructure such as utilities had spillover effects. Voters seemed to extrapolate: “If the power grid can be hacked, why should I believe that voting machines are secure?”

Strikingly, voters who used digital machines to cast their ballots were the most rattled. For this group of people, belief in the accuracy of the vote count fell by nearly twice as much as that of voters who cast their ballots by mail and who didn’t use any technology. Their firsthand experience with the sorts of systems being portrayed as vulnerable personalized the threat.

It’s not hard to see why. When you’ve just used a touchscreen to vote, and then you see a news report about a digital system being breached, the leap in logic isn’t far.

Our data suggests that in a digital society, perceptions of trust—and distrust—are fluid, contagious and easily activated. The cyber domain isn’t just about networks and code. It’s also about emotions: fear, vulnerability and uncertainty.

Firewall of trust

Does this mean we should scrap electronic voting machines? Not necessarily.

Every election system, digital or analog, has flaws. And in many respects, today’s high-tech systems have solved the problems of the past with voter-verifiable paper ballots. Modern voting machines reduce human error, increase accessibility and speed up the vote count. No one misses the hanging chads of 2000.

But technology, no matter how advanced, cannot instill legitimacy on its own. It must be paired with something harder to code: public trust. In an environment where foreign adversaries amplify every flaw, cyberattacks can trigger spirals of suspicion. It is no longer enough for elections to be secure – voters must also perceive them to be secure.

That’s why public education surrounding elections is now as vital to election security as firewalls and encrypted networks. It’s vital that voters understand how elections are run, how they’re protected and how failures are caught and corrected. Election officials, civil society groups and researchers can teach how audits work, host open-source verification demonstrations and ensure that high-tech electoral processes are comprehensible to voters.

We believe this is an essential investment in democratic resilience. But it needs to be proactive, not reactive. By the time the doubt takes hold, it’s already too late.

Just as crucially, we are convinced that it’s time to rethink the very nature of cyber threats. People often imagine them in military terms. But that framework misses the true power of these threats. The danger of cyberattacks is not only that they can destroy infrastructure or steal classified secrets, but that they chip away at societal cohesion, sow anxiety and fray citizens’ confidence in democratic institutions. These attacks erode the very idea of truth itself by making people doubt that anything can be trusted.

If trust is the target, then we believe that elected officials should start to treat trust as a national asset: something to be built, renewed and defended. Because in the end, elections aren’t just about votes being counted—they’re about people believing that those votes count.

And in that belief lies the true firewall of democracy.

This essay was written with Ryan Shandler and Anthony J. DeMattee, and originally appeared in The Conversation.

11:56

Urgent: Censure Senator Mike Lee [Richard Stallman's Political Notes]

US citizens: call on the Senate to censure Senator Mike Lee for his contempt towards the assassinated Democrats in Minnesota.

11:49

Grrl Power #1369 – Battle Arena Omega Super Explosion [Grrl Power]

By “side-missions,” Cora obviously means bulletstorm fueled escalations that leave yawning power vacuums in the criminal underworld. Cause, you know, you take out some sub-boss who’s looking to carve out some corner of his organization, and his crime-sempais are glad to see him go, but the “insult to the family” can’t go unanswered, and before you know it, 600 crime-bois are dead and the “condemned” space station the group headquartered out of is rapidly deorbiting its moon to a catastrophic but satisfying conclusion.

Like you do.

Basically there are a lot of parts of the galaxy that are necessarily okay with frontier/vigilante justice. For what it’s worth, Cora and Co. are licensed bounty hunters and are deputized in several jurisdictions. By the same token, they are disinvited from or even wanted in some places because the local authorities are a lot more strict about who gets to do the law enforcement – whether or not they were actually doing a good job of it or were even wildly apathetic or corrupt in some cases doesn’t matter, as anyone “doing their job for them” erodes their power/ego/income base.

The vote incentive is finally done!

The update to the TWC image is pretty minor, but the Patreon version has the bonus comic as well as nude versions. I will strive to make the next one more timely.

 

 

 

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:35

10:14

Daydream fatigue [Seth's Blog]

Spend enough time inventing possible futures in your head and you won’t have any time to build the future we will all share.

Time to get to work.

08:49

28 Decades Later [Penny Arcade]

New Comic: 28 Decades Later

08:35

07:00

Otto Kekäläinen: Corporate best practices for upstream open source contributions [Planet Debian]

Featured image of post Corporate best practices for upstream open source contributions

This post is based on presentation given at the Validos annual members’ meeting on June 25th, 2025.

When I started getting into Linux and open source over 25 years ago, the majority of the software development in this area was done by academics and hobbyists. The number of companies participating in open source has since exploded in parallel with the growth of mobile and cloud software, the majority of which is built on top of open source. For example, Android powers most mobile phones today and is based on Linux. Almost all software used to operate large cloud provider data centers, such as AWS or Google, is either open source or made in-house by the cloud provider.

Pretty much all companies, regardless of the industry, have been using open source software at least to some extent for years. However, the degree to which they collaborate with the upstream origins of the software varies. I encourage all companies in a technical industry to start contributing upstream. There are many benefits to having a good relationship with your upstream open source software vendors, both for the short term and especially for the long term. Moreover, with the rollout of CRA in EU in 2025-2027, the law will require software companies to contribute security fixes upstream to the open source projects their products use.

To ensure the process is well managed, business-aligned and legally compliant, there are a few do’s and don’t do’s that are important to be aware of.

Maintain your SBOMs

For every piece of software, regardless of whether the code was done in-house, from an open source project, or a combination of these, every company needs to produce a Software Bill of Materials (SBOM). The SBOMs provide a standardized and interoperable way to track what software and which versions are used where, what software licenses apply, who holds the copyright of which component, which security fixes have been applied and so forth.

A catalog of SBOMs, or equivalent, forms the backbone of software supply-chain management in corporations.

Identify your strategic upstream vendors

The SBOMs are likely to reveal that for any piece of non-trivial software, there are hundreds or thousands of upstream open source projects in use. Few organizations have resources to contribute to all of their upstreams.

If your organization is just starting to organize upstream contribution activities, identify the key projects that have the largest impact on your business and prioritize forming a relationship with them first. Organizations with a mature contribution process will be collaborating with tens or hundreds of upstreams.

An upstream contribution policy typically covers things such as who decides what can be contributed upstream from a business point of view, what licenses are allowed or to avoid, how to document copyright, how to deal with projects that require signing copyright assignments (e.g. contributor license agreements), other potential legal guidelines to follow. Additionally, the technical steps on how to prepare a contribution should be outlined, including how to internally review and re-review them, who the technical approvers are to ensure high quality and good reputation and so on.

The policy does not have to be static or difficult to produce. Start with a small policy and a few trusted senior developers following it, and update its contents as you run into new situations that need internal company alignment. For example, don’t require staff to create new GitHub accounts merely for the purpose of doing one open source contribution. Initially, do things with minimal overhead and add requirements to the policy only if they have clear and strong benefits. The purpose of a policy should be to make it obvious and easy for employees to do the right thing, not to add obstacles and stop progress or encourage people to break the policy.

Appoint an internal coordinator and champions

Having a written policy on how to contribute upstream will help ensure a consistent process and avoid common pitfalls. However, a written policy alone does not automatically translate into a well-running process. It is highly recommended to appoint at least one internal coordinator who is knowledgeable about how open source communities work, how software licensing and patents work, and is senior enough to have a good sense of what business priorities to optimize for. In small organizations it can be a single person, while larger organizations typically have a full Open Source Programs Office.

This coordinator should oversee the contribution process, track all contributions made across the organization, and further optimize the process by working with stakeholders across the business, including legal experts, business owners and CTOs. The marketing and recruiting folks should also be involved, as upstream contributions will have a reputation-building aspect as well, which can be enhanced with systematic tracking and publishing of activities.

Additionally, at least in the beginning, the organization should also appoint key staff members as open source champions. Implementing a new process always includes some obstacles and occasional setbacks, which may discourage employees from putting in the extra effort to reap the full long-term benefits for the company. Having named champions will empower them to make the first few contributions themselves, setting a good example and encouraging and mentoring others to contribute upstream as well.

Avoid excessive approvals

To maintain a high quality bar, it is always good to have all outgoing submissions reviewed by at least one or two people. Two or three pairs of eyeballs are significantly more likely to catch issues that might slip by someone working alone. The review also slows down the process by a day or two, which gives the author time to “sleep on it”, which usually helps to ensure the final submission is well-thought-out by the author.

Do not require more than one or two reviewers. The marginal utility goes quickly to zero beyond a few reviewers, and at around four or five people the effect becomes negative, as the weight of each approval decreases and the reviewers begin to take less personal responsibility. Having too many people in the loop also makes each feedback round slow and expensive, to the extent that the author will hesitate to make updates and ask for re-reviews due to the costs involved.

If the organization experiences setbacks due to mistakes slipping through the review process, do not respond by adding more reviewers, as it will just grind the contribution process to a halt. If there are quality concerns, invest in training for engineers, CI systems and perhaps an internal certification program for those making public upstream code submissions. A typical software engineer is more likely to seriously try to become proficient at their job and put effort into a one-off certification exam and then make multiple high-quality contributions, than it is for a low-skilled engineer to improve and even want to continue doing more upstream contributions if they are burdened by heavy review processes every time they try to submit an upstream contribution.

Don’t expect upstream to accept all code contributions

Sure, identifying the root cause of and fixing a tricky bug or writing a new feature requires significant effort. While an open source project will certainly appreciate the effort invested, it doesn’t mean it will always welcome all contributions with open arms. Occasionally, the project won’t agree that the code is correct or the feature is useful, and some contributions are bound to be rejected.

You can minimize the chance of experiencing rejections by having a solid internal review process that includes assessing how the upstream community is likely to understand the proposal. Sometimes how things are communicated is more important than how they are coded. Polishing inline comments and git commit messages help ensure high-quality communication, along with a commitment to respond quickly to review feedback and conducting regular follow-ups until a contribution is finalized and accepted.

Start small to grow expertise and reputation

In addition to keeping the open source contribution policy lean and nimble, it is also good to start practical contributions with small issues. Don’t aim to contribute massive features until you have a track record of being able to make multiple small contributions.

Keep in mind that not all open source projects are equal. Each has its own culture, written and unwritten rules, development process, documented requirements (which may be outdated) and more. Starting with a tiny contribution, even just a typo fix, is a good way to validate how code submissions, reviews and approvals work in a particular project. Once you have staff who have successfully landed smaller contributions, you can start planning larger proposals. The exact same proposal might be unsuccessful when proposed by a new person, and successful when proposed by a person who already has a reputation for prior high-quality work.

Embrace all and any publicity you get

Some companies have concerns about their employees working in the open. Indeed, every email and code patch an employee submits, and all related discussions become public. This may initially sound scary, but is actually a potential source of good publicity. Employees need to be trained on how to conduct themselves publicly, and the discussions about code should contain only information strictly related to the code, without any references to actual production environments or other sensitive information. In the long run most employees contributing have a positive impact and the company should reap the benefits of positive publicity. If there are quality issues or employee judgment issues, hiding the activity or forcing employees to contribute with pseudonyms is not a proper solution. Instead, the problems should be addressed at the root, and bad behavior addressed rather than tolerated.

When people are working publicly, there tends to also be some degree of additional pride involved, which motivates people to try their best. Contributions need to be public for the sponsoring corporation to later be able to claim copyright or licenses. Considering that thousands of companies participate in open source every day, the prevalence of bad publicity is quite low, and the benefits far exceed the risks.

Scratch your own itch

When choosing what to contribute, select things that benefit your own company. This is not purely about being selfish - often people working on resolving a problem they suffer from are the same people with the best expertise of what the problem is and what kind of solution is optimal. Also, the issues that are most pressing to your company are more likely to be universally useful to solve than any random bug or feature request in the upstream project’s issue tracker.

Remember there are many ways to help upstream

While submitting code is often considered the primary way to contribute, please keep in mind there are also other highly impactful ways to contribute. Submitting high-quality bug reports will help developers quickly identify and prioritize issues to fix. Providing good research, benchmarks, statistics or feedback helps guide development and the project make better design decisions. Documentation, translations, organizing events and providing marketing support can help increase adoption and strengthen long-term viability for the project.

In some of the largest open source projects there are already far more pending contributions than the core maintainers can process. Therefore, developers who contribute code should also get into the habit of contributing reviews. As Linus’ law states, given enough eyeballs, all bugs are shallow. Reviewing other contributors’ submissions will help improve quality, and also alleviate the pressure on core maintainers who are the only ones providing feedback. Reviewing code submitted by others is also a great learning opportunity for the reviewer. The reviewer does not need to be “better” than the submitter - any feedback is useful; merely posting review feedback is not the same thing as making an approval decision.

Many projects are also happy to accept monetary support and sponsorships. Some offer specific perks in return. By human nature, the largest sponsors always get their voice heard in important decisions, as no open source project wants to take actions that scare away major financial contributors.

Starting is the hardest part

Long-term success in open source comes from a positive feedback loop of an ever-increasing number of users and collaborators. As seen in the examples of countless corporations contributing open source, the benefits are concrete, and the process usually runs well after the initial ramp-up and organizational learning phase has passed.

In open source ecosystems, contributing upstream should be as natural as paying vendors in any business. If you are using open source and not contributing at all, you likely have latent business risks without realizing it. You don’t want to wake up one morning to learn that your top talent left because they were forbidden from participating in open source for the company’s benefit, or that you were fined due to CRA violations and mismanagement in sharing security fixes with the correct parties. The faster you start with the process, the less likely those risks will materialize.

06:14

Girl Genius for Monday, June 30, 2025 [Girl Genius]

The Girl Genius comic for Monday, June 30, 2025 has been posted.

05:07

Comic Strip for Monday, June 30, 2025 [General Protection Fault: Comic Updates]

Current Story: Surreptitious Machinations II: Ashes to Ashes

01:35

GNU Health Hospital Information System 5.0 series released [Planet GNU]

Dear community:

I am very happy to announce the release 5.0 series of the GNU Health Hospital Information System (HIS). This release it's the result of a tremendous amount of work that spanned for almost the last two years!

Series 5.0 represent a major leap in functionality, the underlying technology & project development.

Currently we have the vanilla version ready to be downloaded, via gnuhealth-control (see https://docs.gnuhealth.org/his/techguide/installation/vanilla.html#installation-with-gnu-health-control)

Specific GNU/Linux and FreeBSD packages, Ansible packages for HIS 5.0 and virtual machines images will come in the coming days / weeks.

The following paragraphs summarize the changes and features included in GNUHealth HIS 5.0. There are more features and information that has been left outside this document for the sake of brevity. You can look consult the Changelog at Codeberg.


New Functionality Features


Some of the new features include:

In the Laboratory Information System (Occhiolino)

  • New visual aids for out-of-range results
  • Create individual test directly w/o orders
  • Include testing for veterinary context
  • Analyte code harmonization
  • Test sources for patient & non-patients
  • Enhanced report formats


Focus on Social Diseases

  • Check for uninsured population
  • Enhanced data entry for socioeconomic status and family functionality
  • Add homeless status
  • Link with International Classification of Functionality, Health and Disability (ICF)
  • Epidemiological report takes into account the socioeconomic status of the population


Medical Imaging

  • Extensive package refactoring
  • health_imaging
  • health_imaging_worklist (DICOM patient worklists)
  • health_imaging_orthanc
  • Better integration with Orthanc PACS server
  • Work from Wei Thao, University of Louvain and the Orthanc community


Patient Medication

  • Accessible from the main menu
  • Report at population level


Allergic status validation

  • Automatically check the patient allergic status
  • Patient level
  • Prescription level
  • Sets 'Focus on allergy' automatically


Demographics

  • Enhanced demographics information
  • Insurance validity check
  • Record Homeless status
  • Ethnicity and proclaimed ethnicity
  • Improved socioeconomic assessments


Insurances

  • Enhanced demographics
  • Warning on expired insurances
  • Insurance policies and pricing for procedures
  • Linked to medical evaluations, surgeries, ...


Obstetrics

  • Enhanced obstetric history
  • Link newborn with pregnancy result
  • General population report
  • Detailed information about multiple-pregnancy for each fetus


Medical Genetics

  • Include family history in core package
  • Patient family tab (members, history ...)
  • Mutation zygosity
  • Improved data entry and view


  • Updated genes and proteins datasets (2023 → 2025)
  • Genes: 44056 (+348)
  • UniProt Natural variants: 82581 (+1422)
  • Protein related diseases: 6740 (+300)
  • HGNC: 80 gene symbols renamed



Summary of new features


  • New functionality for patient procedures and medical interventions
  • Improved reporting and analytics
  • New features on patient obstetric history and pregnancy related evaluations
  • Improved ergonomics and views on demographics and patient related information.
  • Enhanced socioeconomic and family functionality assessment
  • Extensively revised Medical Imaging, DICOM worklists and Orthanc packages
  • Reorganize nursing and ambulatory care packages
  • Enhanced patient body composition and anthropometrics
  • Enhanced “Focus on” patient section, including automated settings and mental health
  • New insurance and billing features for medical interventions and insurance plans.
  • Improved patient safety and allergic conditions checks and prescription writing


Technology


The development environment is now at Codeberg


GNUHealth-Control as a single point for sysadmin tasks


  • GNU Health control will install, update and backup the instances
  • Removed gnuhealth-setup



GNU Health HIS 5.0 uses Tryton 7.0 LTS framework

  • Support until end of 2028
  • Full refactoring of packages
  • Support of Python 3.13
  • Native GNU Health GTK Client
  • Development web client


Gunicorn as WSGI server

  • Gunicorn is now the default WSGI server for GNUHealth HIS
  • For production / large deployments
  • Can be coupled with Nginx
  • Used already in Thalamus and the GNU Health Federation
  • Replaces uWSGI


Increased Modularity

  • Reduced Package inter-dependency, mainly in:

- Nursing & Ambulatory care
- Crypto
- Lab
- Clinical History
- Stock management

  • Removed health_profile


Packages are in the GNU Health Organization at PyPI

  • wheel and source (sdist) distributions
  • Installation of individual health packages via gnuhealth-control
  • Much lighter, simple installations and implementations
  • Specific for user and health institution needs
  • Reduced complexity
  • Improved performance and security


Minor number / patches at individual package level

  • The patch level version is at package level instead of the whole GNU Health. This provides greater modularity and improves system administration tasks.
  • gnuhealth-control detects which packages need to be updated, from gnuhealth and its dependencies.



Source code of GNU Health HIS and gnuhealth-control at GNU.org

  • GNU Health HIS sourced code will be packaged as a bundle with a date format when any of the resources is updated.
  • gnuhealth-control source will also be at GNU.org 



Thank you to the GNU and GNU Health community, for delivering freedom, privacy and equity in healthcare around the world ♥

You can find short PDF presentation I made some weeks ago at the University of Entre Ríos, Argentina, about the new features in GNU Health HIS 5.0.

https://www.gnuhealth.org/downloads/media/new_features_gnuhealth_50.pdf

PS: In the coming days / weeks, we'll be polishing the documentation for this release. If you have any question or issue in the installation and/or upgrade, don't hesitate to send us a note at health @ gnu.org . Make sure you suscribe to the list ( https://savannah.gnu.org/mail/?group=health), otherwise your email will be automatically discarded to avoid spam.

We also invite you to join us at Mastodon for the latest news in about the GNU Health ecosystem.

https://mastodon.social/@gnuhealth


Happy hacking
Luis

01:21

Things I Was Not Expecting Outside My Hotel Window Last Night, Fireworks Edition [Whatever]

July 4 is most of a week away, so I was not anticipating that outside my hotel window last night would be a full-fledged professional fireworks display. But it turns out the hotel I was at, was next door to a Masonic Temple compound, and I guess they had some premature patriotic fervor. Inasmuch as I got a free fireworks show I didn’t even need to leave my hotel room for (and it ended early enough that I didn’t lose any sleep over it), I suppose I can’t complain.

Back at home now. Not anticipating a fireworks display tonight. We’ll see if that prediction holds.

— JS

00:28

A tough place to govern [Scripting News]

Benjamin Wittes: "It’s remarkable how many non-New Yorkers seem to care who the mayor of New York City is."

They do and they're right to, the same way we were concerned how the Governor of California and Mayor of Los Angeles would react to the invasion of the Marines and hijacking of the National Guard.

Right now the NYC mayor is a hostage of the US govt. Not in a position to help. An inexperienced first term NY mayor, have we seen that before? How does the NYPD respond to that?

Then there was the snowstorm that derailed John V Lindsay, a heroic and transformative mayor. NY is a tough place to govern even when the US government isn't aiming to regime change the place.

NY is a tough place to govern even when the US government isn't aiming to regime change the place.

Local government is our last line of defense.

"Think of voting as a chess move, not a valentine."

You all fell in love with a candidate, I do it too.

But think about the context the next mayor will govern in.

The thing about NY that people might not understand is that the politics are dirty and fucked up. Dems tend to elect handsome young heros who when they have to deal with NYPD and the sanitation workers, the teachers union, and the federal government, also the ancient infrastructure, melt.

Urgent: US troops VS US protesters [Richard Stallman's Political Notes]

US citizens: call on Congress to denounce [the repressor]'s illegal, unprecedented deployment of troops against U.S. protesters.

If you phone, please spread the word! Main Switchboard: +1-202-224-3121

Sunday, 29 June

22:28

Wayback: experimental layer to run X desktop environments on Wayland [OSnews]

With X.org being in maintenance mode, with the process of replacing it with Wayland accelerating pretty quickly now, a lot of projects using X.org are looking for ways to prepare for the future. Alpine Linux, a distribution focused on musl, BusyBox, and OpenRC, also wants to reduce its maintenance burden for X11 applications, and so Alpine Linux maintainer Ariadne Conill has come up with something interesting.

Wayback is an experimental X compatibility layer which allows for running full X desktop environments using Wayland components. It is essentially a stub compositor which provides just enough Wayland capabilities to host a rootful Xwayland server.

It is intended to eventually replace the classic X.org server in Alpine, thus reducing maintenance burden of X applications in Alpine, but a lot of work needs to be done first.

↫ Wayback GitHub page

It’s nowhere near done and most likely contains massive amounts of bugs and issues, but the seed has been planted. Wayback will make it possible to keep running X11-based desktop environments even in a full-Wayland environment. This may be necessary in case you need a specific feature not yet available in the Wayland version of your desktop environment, or if your desktop environment of choice simply isn’t going to move to Wayland at all (due to lack of maintainers or whatever).

It’ll also be a boon for retrocomputing, especially as over the coming years and decades unmaintained X11 desktop environments become become ever harder to keep running on modern Linux distributions. While X.org as it exists today certainly isn’t going anywhere any time soon, it will, eventually, stop working properly on Linux distributions who don’t ship it by default anymore, and it’s awesome to already have the beginnings of a project to address this problem.

21:42

Microsoft to remove all but the latest versions of drivers from Windows Update [OSnews]

This blog post is intended to notify all Windows Hardware program partners that Microsoft has taken a strategic initiative to clean up legacy drivers published on Windows Update to reduce security and compatibility risks. The rationale behind this initiative is to ensure that we have the optimal set of drivers on Windows Update that cater to a variety of hardware devices across the windows ecosystem, while making sure that Microsoft Windows security posture is not compromised. This initiative involves periodic cleanup of drivers from Windows Update, thereby resulting in some drivers not being offered to any systems in the ecosystem.

↫ Microsoft’s Hardware Dev Center

The general gist is that Microsoft is going to remove all drivers from Windows Update for which newer versions exist – or, to put it in a different way, only the latest versions of a driver are going to remain available on Windows Update. It’s effectively a clean-up of Windows Update, and the only way older versions of drivers will remain available on Windows Update is if the manufacturer in question can make a “business justification” to keep them around.

Some of this may sound surprising, since many people assume Windows Update only offers the latest versions of drivers – annoyingly so, sometimes – but this isn’t the case. Corporations with fleets of devices can actually determine exactly which drivers get sent to their devices, including opting for older versions in case newer versions have regressions or otherwise cause issues. Sometimes you just don’t have a choice.

According to Adam Demasi, the creator and maintainer of the amazing Legacy Update service, Microsoft hasn’t deleted a single driver or update from Windows Update since 2001 (save for problematic updates). This results in a truly massive collection of updates and drivers, and that’s causing real problems for Microsoft.

Windows Update has a pretty cool system of describing whether an update is necessary to be installed on the current system, or if it is already installed. It also builds a relationship graph between updates, to indicate when they have been replaced by a newer update that includes all changes from the previous update. That system is also its downfall, causing the Windows Update service to be incredibly slow in checking for updates, possibly never completing the check at all. This issue also applies to WSUS, which despite being based on the very robust SQL Server, struggles with the number of drivers Microsoft hosts on Windows Update. As of April, we know that Windows Update hosts 1,799,339 drivers, and this creates a 138 GB database that requires almost 16 days to synchronise down from the main servers. The WSUS server is brought to its knees, with frequent timeouts while it furiously tries to complete database queries. (The PC used is a Ryzen 5700G with 32 GB of 3600 MHz RAM and 500 GB of NVMe, running Windows Server 2025 and SQL Server 2022.)

↫ Adam Demasi

From this, it’s easy to understand why Microsoft would want to perform some housekeeping, followed by a new set of rules around only keeping the latest versions of drivers around in Windows Update. Demasi also notes that these plans by Microsoft won’t affect drivers for old devices, since they will still be served their “newest” driver version, and it won’t affect Legacy Update either.

20:56

“I want a good parallel computer” [OSnews]

The GPU in your computer is about 10 to 100 times more powerful than the CPU, depending on workload. For real-time graphics rendering and machine learning, you are enjoying that power, and doing those workloads on a CPU is not viable. Why aren’t we exploiting that power for other workloads? What prevents a GPU from being a more general purpose computer?

↫ Raph Levien

Fascinating thoughts on parallel computation, including some mentions of earlier projects like Intel’s Larabee or the Connection Machine with 64k processors the ’80s, as well as a defense of the PlayStation 3’s Cell architecture.

20:21

17:28

Neil Munro: Ningle Tutorial 8: Mounting Middleware [Planet Lisp]

Contents

Introduction

Welcome back to this Ningle tutorial series, in this part we are gonna have another look at some middleware, now that we have settings and configuration done there's another piece of middleware we might want to look at; application mounting, many web frameworks have the means to use apps within other apps, you might want to do this because you have some functionality you use over and over again in many projects, it makes sense to make it into an app and simply include it in other apps. You might also might want to make applications available for others to use in their applications.

Which is exactly what we are gonna do here, we spent some time building a registration view, but for users we might want to have a full registration system that will have:

  • Register
  • Login
  • Logout
  • Account Verification
  • Account Reset
  • Account Deletion

Creating the auth app

We will begin by building the basic views that return a simple template and mount them into our main application, we will then fill the actual logic out in another tutorial. So, we will create a new Ningle project that has 6 views that simply handle get requests, the important thing to bear in mind is that we will have to adjust the layout of our templates, we need our auth app to use its own templates, or use the templates of a parent app, this means we will have to namespace our templates, if you have use django before this will seem familiar.

Using my project builder set up a new project for our authentication application.

    (nmunro:make-project #p"~/quicklisp/local-projects/ningle-auth/")

This will create a project skeleton, complete with an asd file, a src, and tests directory. In the asd file we need to add some packages (we will add more in a later tutorial).

  :depends-on (:cl-dotenv
               :clack
               :djula
               :envy-ningle
               :mito
               :ningle)

In the src/main.lisp file, we will add the following:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

(defpackage ningle-auth
  (:use :cl)
  (:export #:*app*
           #:start
           #:stop))

(in-package ningle-auth)

(defvar *app* (make-instance 'ningle:app))

(djula:add-template-directory (asdf:system-relative-pathname :ningle-auth "src/templates/"))

(setf (ningle:route *app* "/register")
    (lambda (params)
        (format t "Test: ~A~%" (mito:retrieve-by-sql "SELECT 2 + 3 AS result"))
        (djula:render-template* "auth/register.html" nil :title "Register")))

(setf (ningle:route *app* "/login")
    (lambda (params)
        (djula:render-template* "auth/login.html" nil :title "Login")))

(setf (ningle:route *app* "/logout")
    (lambda (params)
        (djula:render-template* "auth/logout.html" nil :title "Logout")))

(setf (ningle:route *app* "/reset")
    (lambda (params)
        (djula:render-template* "auth/reset.html" nil :title "Reset")))

(setf (ningle:route *app* "/verify")
    (lambda (params)
        (djula:render-template* "auth/verify.html" nil :title "Verify")))

(setf (ningle:route *app* "/delete")
    (lambda (params)
        (djula:render-template* "auth/delete.html" nil :title "Delete")))

(defmethod ningle:not-found ((app ningle:<app>))
    (declare (ignore app))
    (setf (lack.response:response-status ningle:*response*) 404)
    (djula:render-template* "error.html" nil :title "Error" :error "Not Found"))

(defun start (&key (server :woo) (address "127.0.0.1") (port 8000))
    (djula:add-template-directory (asdf:system-relative-pathname :ningle-auth "src/templates/"))
    (djula:set-static-url "/public/")
    (clack:clackup
     (lack.builder:builder (envy-ningle:build-middleware :ningle-auth/config *app*))
     :server server
     :address address
     :port port))

(defun stop (instance)
    (clack:stop instance))

Just as we did with our main application, we will need to create a src/config.lisp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

(defpackage ningle-auth/config
  (:use :cl :envy))

(in-package ningle-auth/config)

(dotenv:load-env (asdf:system-relative-pathname :ningle-auth ".env"))
(setf (config-env-var) "APP_ENV")

(defconfig :common
  `(:application-root ,(asdf:component-pathname (asdf:find-system :ningle-auth))))

(defconfig |test|
  `(:debug T
    :middleware ((:session)
                 (:mito (:sqlite3 :database-name ,(uiop:getenv "SQLITE_DB_NAME"))))))

Now, I mentioned that the template files need to be organised in a certain way, we will start with the new template layout in our auth application, the directory structure should look like this:

➜  ningle-auth git:(main) tree .
.
├── ningle-auth.asd
├── README.md
├── src
│   ├── config.lisp
│   ├── main.lisp
│   └── templates
│       ├── ningle-auth
│       │   ├── delete.html
│       │   ├── login.html
│       │   ├── logout.html
│       │   ├── register.html
│       │   ├── reset.html
│       │   └── verify.html
│       ├── base.html
│       └── error.html
└── tests
    └── main.lisp

So in your src/templates directory there will be a directory called ningle-auth and two files base.html and error.html, it is important that this structure is followed, as when the app is used as part of a larger app, we want to be able to layer templates, and this is how we do it.

base.html

1
2
3
4
5
6
7
8
9
10
11
12
13
14

<!doctype html>
<html lang="en">
    <head>
        <title>{{ title }}</title>
        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
    </head>
    <body>
        <div class="container mt-4">
            {% block content %}
            {% endblock %}
        </div>
        <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
    </body>
</html>

error.html

1
2
3
4
5
6
7
8
9
10
11

{% extends "base.html" %}

{% block content %}
<div class="container">
    <div class="row">
        <div class="col-12">
          <h1>{{ error }}</h1>
        </div>
    </div>
</div>
{% endblock %}

Now the rest of the html files are similar, with only the title changing. Using the following html, create files for:

delete.html

1
2
3
4
5
6
7
8
9
10
11

{% extends "base.html" %}

{% block content %}
<div class="container">
    <div class="row">
        <div class="col-12">
            <h1>Delete</h1>
        </div>
    </div>
</div>
{% endblock %}

login.html

1
2
3
4
5
6
7
8
9
10
11

{% extends "base.html" %}

{% block content %}
<div class="container">
    <div class="row">
        <div class="col-12">
            <h1>Login</h1>
        </div>
    </div>
</div>
{% endblock %}

logout.html

1
2
3
4
5
6
7
8
9
10
11

{% extends "base.html" %}

{% block content %}
<div class="container">
    <div class="row">
        <div class="col-12">
            <h1>Logout</h1>
        </div>
    </div>
</div>
{% endblock %}

register.html

1
2
3
4
5
6
7
8
9
10
11

{% extends "base.html" %}

{% block content %}
<div class="container">
    <div class="row">
        <div class="col-12">
            <h1>Register</h1>
        </div>
    </div>
</div>
{% endblock %}

reset.html

1
2
3
4
5
6
7
8
9
10
11

{% extends "base.html" %}

{% block content %}
<div class="container">
    <div class="row">
        <div class="col-12">
            <h1>Reset</h1>
        </div>
    </div>
</div>
{% endblock %}

verify.html

1
2
3
4
5
6
7
8
9
10
11

{% extends "base.html" %}

{% block content %}
<div class="container">
    <div class="row">
        <div class="col-12">
            <h1>Verify</h1>
        </div>
    </div>
</div>
{% endblock %}

There is one final file to create, the .env file! Even though this application wont typically run on its own, we will use one to test it is all working, since we did write src/config.lisp afterall!

1
2

APP_ENV=test
SQLITE_DB_NAME=ningle-auth.db

Testing the auth app

Now that the auth application has been created we will test that it at least runs on its own, once we have confirmed this, we can integrate it into our main app. Like with our main application, we will load the system and run the start function that we defined.

(ql:quickload :ningle-auth)
To load "ningle-auth":
  Load 1 ASDF system:
    ningle-auth
; Loading "ningle-auth"
..................................................
[package ningle-auth/config].
(:NINGLE-AUTH)
(ningle-auth:start)
NOTICE: Running in debug mode. Debugger will be invoked on errors.
  Specify ':debug nil' to turn it off on remote environments.
Woo server is started.
Listening on 127.0.0.1:8000.
#S(CLACK.HANDLER::HANDLER
   :SERVER :WOO
   :SWANK-PORT NIL
   :ACCEPTOR #<BT2:THREAD "clack-handler-woo" {1203E4E3E3}>)
*

If this works correctly, you should be able to access the defined routes in your web browser, if not, and there is an error, check that another web server isn't running on port 8000 first! When you are able to access the simple routes from your web browser, we are ready to integrate this into our main application!

Integrating the auth app

Made it this far? Congratulations, we are almost at the end, I'm sure you'll be glad to know, there isn't all that much more to do, but we do have to ensure we follow the structure we set up in the auth app, which we will get to in just a moment, first, lets remember to add the ningle-auth app to our dependencies in our project asd file.

:depends-on (:cl-dotenv
               :clack
               :djula
               :cl-forms
               :cl-forms.djula
               :cl-forms.ningle
               :envy
               :envy-ningle
               :ingle
               :mito
               :mito-auth
               :ningle
               :ningle-auth) ;; add this

Next, we need to move most of our template files into a directory called main, to make things easy, the only two templates we will not move are base.html and error.html; create a new directory src/templates/main and put everything else in there.

For reference this is what your directory structure should look like:

➜  ningle-tutorial-project git:(main) tree .
.
├── ningle-tutorial-project.asd
├── ntp.db
├── README.md
├── src
│   ├── config.lisp
│   ├── forms.lisp
│   ├── main.lisp
│   ├── migrations.lisp
│   ├── models.lisp
│   ├── static
│   │   ├── css
│   │   │   └── main.css
│   │   └── images
│   │       ├── logo.jpg
│   │       └── lua.jpg
│   └── templates
│       ├── base.html
│       ├── error.html
│       └── main
│           ├── index.html
│           ├── login.html
│           ├── logout.html
│           ├── people.html
│           ├── person.html
│           └── register.html
└── tests
    └── main.lisp

With the templates having been moved, we must find all areas in src/main.lisp where we reference one of these templates and point to the new location, thankfully there's only 4 lines that need to be changed, the render-template* calls, below is what they should be changed to.

(djula:render-template* "main/index.html" nil :title "Home" :user user :posts posts)
(djula:render-template* "main/people.html" nil :title "People" :users users)
(djula:render-template* "main/person.html" nil :title "Person" :user user)
(djula:render-template* "main/register.html" nil :title "Register" :form form)

Here is a complete listing of the file in question.

(defpackage ningle-tutorial-project
  (:use :cl :sxql)
  (:import-from
   :ningle-tutorial-project/forms
   #:email
   #:username
   #:password
   #:password-verify
   #:register)
  (:export #:start
           #:stop))

(in-package ningle-tutorial-project)

(defvar *app* (make-instance 'ningle:app))

(setf (ningle:route *app* "/")
      (lambda (params)
        (let ((user  (list :username "NMunro"))
              (posts (list (list :author (list :username "Bob")  :content "Experimenting with Dylan" :created-at "2025-01-24 @ 13:34")
                           (list :author (list :username "Jane") :content "Wrote in my diary today"  :created-at "2025-01-24 @ 13:23"))))
          (djula:render-template* "main/index.html" nil :title "Home" :user user :posts posts))))

(setf (ningle:route *app* "/people")
      (lambda (params)
        (let ((users (mito:retrieve-dao 'ningle-tutorial-project/models:user)))
          (djula:render-template* "main/people.html" nil :title "People" :users users))))

(setf (ningle:route *app* "/people/:person")
      (lambda (params)
        (let* ((person (ingle:get-param :person params))
               (user (first (mito:select-dao
                              'ningle-tutorial-project/models:user
                              (where (:or (:= :username person)
                                          (:= :email person)))))))
          (djula:render-template* "main/person.html" nil :title "Person" :user user))))

(setf (ningle:route *app* "/register" :method '(:GET :POST))
    (lambda (params)
        (let ((form (cl-forms:find-form 'register)))
          (if (string= "GET" (lack.request:request-method ningle:*request*))
            (djula:render-template* "main/register.html" nil :title "Register" :form form)
            (handler-case
                (progn
                    (cl-forms:handle-request form) ; Can throw an error if CSRF fails
                    (multiple-value-bind (valid errors)
                        (cl-forms:validate-form form)

                      (when errors
                        (format t "Errors: ~A~%" errors))

                      (when valid
                        (cl-forms:with-form-field-values (email username password password-verify) form
                          (when (mito:select-dao 'ningle-tutorial-project/models:user
                                 (where (:or (:= :username username)
                                             (:= :email email))))
                            (error "Either username or email is already registered"))

                          (when (string/= password password-verify)
                            (error "Passwords do not match"))

                          (mito:create-dao 'ningle-tutorial-project/models:user
                                           :email email
                                           :username username
                                           :password password)
                          (ingle:redirect "/people")))))

                (error (err)
                    (djula:render-template* "error.html" nil :title "Error" :error err))

                (simple-error (csrf-error)
                    (setf (lack.response:response-status ningle:*response*) 403)
                    (djula:render-template* "error.html" nil :title "Error" :error csrf-error)))))))

(defmethod ningle:not-found ((app ningle:<app>))
    (declare (ignore app))
    (setf (lack.response:response-status ningle:*response*) 404)
    (djula:render-template* "error.html" nil :title "Error" :error "Not Found"))

(defun start (&key (server :woo) (address "127.0.0.1") (port 8000))
    (djula:add-template-directory (asdf:system-relative-pathname :ningle-tutorial-project "src/templates/"))
    (djula:set-static-url "/public/")
    (clack:clackup
     (lack.builder:builder (envy-ningle:build-middleware :ningle-tutorial-project/config *app*))
     :server server
     :address address
     :port port))

(defun stop (instance)
    (clack:stop instance))

The final step we must complete is actually mounting our ningle-auth application into our main app, which is thankfully quite easy. Mounting middleware exists for ningle and so we can configure this in src/config.lisp, to demonstrate this we will add it to our sqlite config:

1
2
3
4
5
6

(defconfig |sqlite|
  `(:debug T
    :middleware ((:session)
                 (:mito (:sqlite3 :database-name ,(uiop:getenv "SQLITE_DB_NAME")))
                 (:mount "/auth" ,ningle-auth:*app*) ;; This line!
                 (:static :root ,(asdf:system-relative-pathname :ningle-tutorial-project "src/static/") :path "/public/"))))

You can see on line #5 that a new mount point is being defined, we are mounting all the routes that ningle-auth has, onto the /auth prefix. This means that, for example, the /register route in ningle-auth will actually be accessed /auth/register.

If you can check that you can access all the urls to confirm this works, then we have assurances that we are set up correctly, however we need to come back to the templates one last time.

The reason we changed the directory structure, because ningle-auth is now running in the context of our main app, we can actually override the templates, so if we wanted to, in our src/templates directory, we could create a ningle-auth directory and create our own register.html, login.html, etc, allowing us to style and develop our pages as we see fit, allowing complete control to override, if that is our wish. By NOT moving the base.html and error.html files, we ensure that templates from another app can inherit our styles and layouts in a simple and predictable manner.

Conclusion

Wow, what a ride... Thanks for sticking with it this month, although, next month isn't going to be much easier as we begin to develop a real authentication application for use in our microblog app! As always, I hope you have found this helpful and you have learned something.

In this tutorial you should be able to:

  • Explain what mounting an application means
  • Describe how routes play a part in mounting an application
  • Justify why you might mount an application into another
  • Develop and mount an application inside another

Github

  • The link for this tutorials code is available here.
  • The link for the auth app code is available here.

Resources

16:00

Link [Scripting News]

A case study in APIs. Creating a new post via Bluesky's API.

14:28

The best job in the world [Scripting News]

Now that we know the outcome of the 2024 election, not just in numbers but in what it's doing to our beloved country and the rest of the world, it's interesting to revisit the campaign that journalism ran last year to force President Biden to step aside. That's one of the functions of Facebook, they play back your posts from years ago, so you can see how things changed, or didn't.

Anyway, last year on this day I wrote this on Facebook: "Why don't journalists cover the Biden base? Do they even consider the possibility that there is one? Or do they think they are the base? I thought they weren't supposed to care who the nominees are? Why do they feel entitled to say one candidate should withdraw but not the other? Have any of them even thought this through?"

Nick Arnett, a former tech journalist, said in a comment: "Until I read this, the madness of the Times calling on Biden, but not Trump, to withdraw didn't dawn on me."

I had followed his metamorphosis over years from a journalist to a worker who goes where there are fires or other natural disasters, for the government, to support the effort to save people's homes and lives. I watched him via Facebook, in awe, as he went around the country, not being paid very much I imagine, but doing good.

I learned something important when my father was in the hospital many years ago, in a coma, after losing a lot of blood and being unconscious for hours before he was found. He was in a ward in Flushing Hospital, along with a lot of other comatose people. All were unconscious, unable to feed themselves. Hard to know if they had any awareness. From an outside perspective they, and my father included, were lost. Some had been there for years, probably weren't ever going to come out of it. We were lucky, my father survived, after a month, and had seven more years to live.

I visited him every day, and got to know the flow of the hospital. Workers came in and out of the room to attend to these comatose people. Imagine the kind of support they needed just to keep their bodies functioning and not wasting away for lack of movement. I thought these people must have the worst jobs imaginable, imagining myself in their shoes.

I got to know them, asked about what else they do, how they got here, where they live, etc. Somehow I got up the courage to ask one of them if they liked their job, imagining I'd get a New Yorker comment like "You know, it's a living." But what I heard was a complete surprise. "It's the best job in the world," he said, because I can see so clearly how my work helps real people. He was looking right at me. It hit me, this man is doing what I can't do, what my father's parents, who were long gone, couldn't do. Caring. Caring for my dad. Then I got it.

Back to Nick, who was and still is, and probably always will be doing things to help other people, no matter what he does.

He was canned in one of the DOGE purges this spring.

Now you tell me whether the "Trump base" deserved a chance you wouldn't let us have with Biden? Why journalism felt entitled to make this decision for all of us? When are you going to get the idea that you're supposed to help us. Do the right thing. I get so angry at journalism for getting in the way. Once informed of the facts, it was their job to get out of the way and let us, the voters, make the decision.

PS: In the very next post on FB, I wrote an HTML hack that makes the same point, more concisely.

12:14

Internet shutdown, Iran [Richard Stallman's Political Notes]

Iran's government has blocked international communication by internet for most people, which has made it hard for Iranians in Iran to communicate securely with each other.

Reportedly the state fears a student uprising.

Socialist in NYC mayoral race with Adams [Richard Stallman's Political Notes]

Progressive candidate Zohran Mamdani won the Democratic primary to run for mayor of New York City, defeating plutocratist Democratic Andrew Cuomo, who conceded.

Bernie Sanders, who campaigned for Mamdani, is triumphant.

Cuomo was governor of New York State, then was compelled to resign over sexual improprieties whose details I don't recall. The principal reason he was a bad governor is that he harmed all non-rich citizens of New York State by favoring the rich. This year, rich people tried to parachute him in as mayor, so it is good that he lost.

In the final election, Mamdani will run against Night-Mayor Adams, who stands for being harsh on crime except when committed by him.

Effective US public resistance [Richard Stallman's Political Notes]

Robert Reich reposts a call to effective resistance from Liz Cheney.

11:21

A billion choices [Seth's Blog]

Game theory has a lousy name.

When most people think of games, they think of commercial stuff for kids, like Chutes and Ladders or possibly Monopoly.

But a game is simply a system where humans, facing scarcity, make choices. Scarcity leads to choices and to competition.

It turns out that our culture, our commerce and our lives are simply the result of billions of people making billions of choices. Choices that have costs and rewards, and choices that effect other people.

If you want your idea to spread…

If you want your product to sell…

If you want to change a system…

Then beginning by understanding the game theory involved is essential.

Your job is not to “get the word out.” Nor are you likely to be able to get others to know what you know, see what you see and admit that they were wrong.

Instead, the best we can do is create great work that fits into a system where voluntary choices, made by diverse individuals, leads to the change we seek to make.

What’s the game theory of lobbying the city council? The game theory of launching a new jazz record?

It starts by acknowledging that different people have different lenses, different desires, different stories they tell themselves about what they want and how the world works.

The geeks and the nerds and the early adopters have self selected as the people who like to go first. So if you bring them something new, they might choose to be curious.

Then… what do they tell the others? Why would telling other people about your new thing help them win the game they’re playing? What’s in it for them…

And then, those people, the ones that heard about it from the first group, did they take action? How does the change or opportunity or threat you offer interact with the strategy they have about how they will spend their precious time and resources?

And on and on it goes.

10:42

Books I will not Write: this time, a movie [Charlie's Diary]

(This is an old/paused blog entry I planned to release in April while I was at Eastercon, but forgot about. Here it is, late and a bit tired as real world events appear to be out-stripping it ...)

(With my eyesight/cognitive issues I can't watch movies or TV made this century.)

But in light of current events, my Muse is screaming at me to sit down and write my script for an updated re-make of Doctor Strangelove:

POTUS GOLDPANTS, in middling dementia, decides to evade the 25th amendment by barricading himself in the Oval Office and launching stealth bombers at Latveria. Etc.

The USAF has a problem finding Latveria on a map (because Doctor Doom infiltrated the Defense Mapping Agency) so they end up targeting the Duchy of Grand Fenwick by mistake, which is in Transnistria ... which they are also having problems finding on Google Maps, because it has the string "trans" in its name.

While the USAF is trying to bomb Grand Fenwick (in Transnistria), Russian tanks are commencing a special military operation in Moldova ... of which Transnistria is a breakaway autonomous region.

Russia is unaware that Grand Fenwick has the Q-bomb (because they haven't told the UN yet). Meanwhile, the USAF bombers blundering overhead have stealth coatings bought from a President Goldfarts crony that even antiquated Russian radar can spot.

And it's up to one trepidatious officer to stop them ...

10:35

Saturday, 28 June

23:28

Link [Scripting News]

With any luck this will be the final test. Hahaha.

22:42

Fast & easy Open Social Web [Scripting News]

You hear the term Open Social Web used in places where things that are social are neither open or web. They aren't that far, and here today I'm going to give you a fast and easy recipe for linking the collection of social twitter-like sites into a real honest to goodness open social web

  1. Add inbound RSS feeds. The social site allows a user to specify an RSS feed that represents their posts. When a new one shows up, it appears in the timelines of people who are following the user. They can add items to that feed however they like. It can come from anywhere. That's 1/2 of "open."
  2. Add outbound RSS feeds. This gives you the other half. When a new item shows up in a users feed, however it got there, it appears in their outbound feed, which can be tied into the input feed of one or more other sites.
  3. Support links in users' posts. You really can't claim to be part of the web if you don't implement this core feature of the web.

That's all there is, except this: The feeds have to be good. Don't be cheap with the information they contain. Work with other developers to make sure all the information they need that you have is present in the outbound feeds you generate. Same with the inbound feeds, be reasonable, if you can accept certain information and match it up with your service, then you should do it. Think of the users first.

You could try to use ActivityPub or AT Proto to play the role of RSS. I think you'll find that's more work, and not that many people have mastered these formats. RSS is simple and lightweight and has had 20+ years of burn in. Lots of familiarity, lots of working code.

It's time to stop claiming you are the open social web when it's so easy to be the open and on the web.

22:14

View From a Hotel Window, 6/28/25: Medina, OH [Whatever]

Very different from the last View From a Hotel Window I posted, seeing that one was from Venice, Italy. This one is greener, though. And has a parking lot! Very few of those in Venice, I have to say.

Why am I here? Because of the Big Ohio Book Con, where Tochi Onyebuchi and I are in conversation tomorrow at 12:30, followed by us both signing books. If you are in the vicinity of Medina, OH tomorrow, come down and see us (the book festival is also happening today! Right now! As I write this!). If you’re not in the vicinity of Medina, Ohio today or tomorrow, well, try to have a good time anyway.

— JS

18:07

Link [Scripting News]

We live in interesting times. Never a dull moment! 😄

17:21

Link [Scripting News]

The latest David Frum podcast is about crazy tech billionaires. Once again he talks about who he's willing to listen to. He's really smart, thinks about things, and speaks brilliantly, but cultivates his ignorance and seems somewhat proud of it. In contrast, I listened to Jon Stewart's weekly podcast yesterday and it was as usual outstanding. Like Frum he thinks and speaks brilliantly, with the addition of being hilarious at times. In this episode he talks to an Iranian friend, a new perspective we don't hear often, but fits in with what I had understood about Iran. It's a highly educated country, a good standard of living and are mired with a repressive government and no options for regime change. When you hear that talked about on other podcasts and cable news shows, remember -- it's impossible to change regimes unless the country has prepared for that. There is no regime-in-waiting in Iran, hasn't been one since the 1979 revolution. This is the next danger in the US. Will there be anything remaining of our political system? It's almost all gone now. Funny to listen to the people on TV about surviving the next 3.5 years -- what do they think will happen then? Nothing will happen, that's the most likely thing. Back to Frum, what a shame there's such a smart guy, so cloistered, and boastful about it. That's not a good way to proceed now imho.

Link [Scripting News]

Net-net: I would pay money to hear a podcast with Frum and Stewart interviewing each other. That would be very powerful stuff imho, and probably very funny, and respectful.

Link [Scripting News]

I'm working on the next part of linkblogging in WordLand. I want to really switch over to the new routine. There was a question of whether I wanted to push the links to the social sites, Bluesky, Mastodon, etc. I've decided I do, but for the moment only to push to Bluesky. It's the only one with a simple enough-enough API or feels worth the effort to me. I'm basically focusing my politics on Bluesky these days. Also seems there are people there who are interested in the development I do. I have far more "followers" on Twitter, but at this point I think most of them are gone. And Threads dropped off my radar a while back. I'm just not interested. For me now it's mostly Bluesky and Facebook.

16:35

Link [Scripting News]

I've been looking for hard-hitting stories about yesterday's Supreme Court decision that gives Trump far more power than any American president has ever had. And unlike military power, which they are clearly not very good at using, the people running the show in the White House are very much prepared for how they will use the new power, which appears to be unlimited.

14:21

Link [Scripting News]

Fixed the images that broke on morningcoffeenotes.com, a site that dates back to 2003, when it transitioned to https in 2024.

Pluralistic: Antitrust defies politics' law of gravity (28 Jun 2025) [Pluralistic: Daily links from Cory Doctorow]


Today's links


An inflatable pig balloon against a blue sky, bearing the Zohran for Mayor logo. The Chrysler Building sits to one side.

Antitrust defies politics' law of gravity (permalink)

In 2014, I read a political science paper that nearly convinced me to quit my lifelong career as an activist: "Testing Theories of American Politics: Elites, Interest Groups, and Average Citizens," published in Perspectives on Politics:

https://www.cambridge.org/core/journals/perspectives-on-politics/article/testing-theories-of-american-politics-elites-interest-groups-and-average-citizens/62327F513959D0A304D4893B382B992B

The paper's authors are Martin Gilens, a UCLA professor of Public Policy; and Northwestern's Benjamin Page, a professor of Decision Making. Gilens and Page studied a representative sample of 1,779 policy issues, analyzing the effect that the preferences of different groups of people had on the outcome. They wanted to find out what drove policy: money, or popularity?

It's money. It's totally, utterly money. When billionaires want something, it literally doesn't matter how much the rest of us hate it, they're gonna get their way. When billionaires hate something, it doesn't matter how popular it is with the rest of us, we're not gonna get it. As Gilens and Page put it:

economic elites and organized groups representing business interests have substantial independent impacts on U.S. government policy, while average citizens and mass-based interest groups have little or no independent influence.

I know the cynics out there are hollering "no duh" at their computers right now, but bear with me here. Gilens and Page's research shows that you and I have no voice in policy outcomes. Based on these findings, the only way we can change society is to try and woo oligarchs so they champion our cause. This reduces democracy to a competition to see who can pour the most honey into a plutocrat's ear. Mass mobilizations – millions of people in the streets – only matter to the extent that they bring a tear to a billionaire's eye.

This just shattered me. I've been haunted by it ever since. I've tried some tactical gambits based on this data, but honestly, I don't want to improve the world by swaying the ultra-rich. Mostly, I've spent the decade since I read the Gilens/Page paper working on mass mobilizations and mass opionion-influencing. I reasoned (or maybe rationalized) that while oligarchs were running the nation now, that was subject to change, and that was a change that I was sure wouldn't come from America's plutocrats committing mass class-suicide.

Then, something incredible happened. All this decade, a tide of antitrust vigor has swept the planet. The EU has passed big, muscular tech competition laws like the Digital Markets Act and the Digital Services Act, and has by God enforced them, and have patched the enforcement weaknesses in the GDPR. EU member-states – France, Germany, Spain – have passed their own big, ambitious national laws that go further than DSA/DMA. Even Ireland – a country that deliberately prostrated itself to US Big Tech – is getting in on the act, with the country's Social Media Czar railing against the "enshittification" of tech:

https://www.independent.ie/business/technology/chairman-of-irish-social-media-regulator-says-europe-should-not-be-seduced-by-mario-draghis-claims/a526530600.html

Not just the EU, of course. Australia and Canada have taken some big swings at Big Tech, and Canada is pressing ahead with its digital services tax of 3% for onshore earnings of tech companies with more than CAD20m in annual turnover, despite the fact that Trump has promised to end all trade talks with Canada in retaliation:

https://financialpost.com/technology/canadas-digital-services-tax-g7

Antitrust fever has swept both of the world's superpowers. Under Trump I, the DOJ and FTC brought key cases against Facebook and Google, and then Biden's antitrust enforcers went to town on all forms of monopoly, carrying on the Trump cases and reviving some of the law's most elegant weapons from a more civilized age, like the Robinson-Patman Act:

https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-sues-pepsico-rigging-soft-drink-competition

Admittedly, Trump's FTC and DOJ have carried on some of Biden's work, even as they've killed some of the Biden era's most important cases, and made a general Trumpian mockery of the idea that antitrust law is a tool for economic justice:

https://economicpopulist.substack.com/p/weekly-rewind-62725

Trump killing antitrust law is normal. That's what politics have been like for this whole century, and it's what politics are like in every other domain: billionaires get their way on climate, on labor, on whatever bullshit they get into their fool fucking heads:

https://www.usatoday.com/story/entertainment/celebrities/2025/06/27/jeff-bezos-lauren-sanchez-married-wedding-venice/84349820007/

But it's a mistake to think that Trump killed antitrust enforcement in the USA out of a special conservative deference to millionaires and enthusiasm for corrosive and predatory monopolies. In the UK, four consecutive Conservative Prime Ministers presided over the best competition law enforcement in British history – and it was Labour's Keir Starmer who fired the head of the UK Competition and Markets Authority and replaced him with the ex-head of Amazon UK:

https://pluralistic.net/2025/01/22/autocrats-of-trade/#dingo-babysitter

It is completely normal for both "progressive" and "conservative" parties to wield the entire apparatus of state to the benefit of powerful monopolists. The antitrust enforcement – in the US, the UK, the EU, Australia, Germany, France and Spain – are totally aberrant. And it's not just in these countries where political science's law of gravity reversed itself: there've been giant, brutal antitrust cases in Japan and South Korea, and China has passed aggressive tech antitrust laws that strike directly at the giant Chinese tech companies that Cold War 2.0 creeps insist are just branches of the Chinese Communist Party:

https://pluralistic.net/2020/12/07/backstabbed/#big-data-backstabbing

This is fucking wild.

This is water flowing uphill.

This is pigs flying.

This is hell freezing over.

There is no billionaire constituency for antimonopoly work. Oligarchs aren't funneling dark money to trustbuster orgs. Antimonopoly work strikes at the beating heart of the system that creates and sustains billionaires.

This is a political outcome that the people want, and that billionaires hate, and billionaires are losing.

How is this happening? Why is this happening? I don't know, exactly. I suspect that some of this is related to Stein's Law: "anything that can't go on forever eventually stops." Monopolists corrupt our political system, maim and impoverish workers, gouge their customers on enshittified, overpriced garbage. They are an existential threat to the survival of the human species.

The system is so broken and the mainstream of politics endlessly gaslights us, telling us that corrupt and degraded institutions are either just fine ("America Was Always Great" -H. Clinton) or need to be destroyed, rather than redeemed ("Delete CFPB" -E. Musk). People know that the system only caters to the whims of billionaires and tells the rest of us to eat shit. They hate the fucking system.

Over and over again, we've seen outbreaks of furious, joyous, uncompromising leftist activism: Occupy, Bernie 2016, Bernie 2020, George Floyd, the Women's March, No Kings, Climate Strikes, on and on. Over and over, liberal "centrists" have joined with the right to crush these movements.

Meanwhile, the right has only moved from strength to strength by offering a libidinal, furious promise of root-and-branch change. The only team that's promising radical change is the right. Parties like UK Labour and the Democrats offer austerity and genocide with slightly more polite aesthetics ("[If I'm elected], fundamentally nothing will change" -J. Biden).

I think that centrist suppression of the left has pushed 90 percent of the energy for major change into right wing nihilist movements, but the anti-corporate, anti-monopolist energy has not dissipated. It's formed a kind of invisible political wind that has filled the sails of these antimonopoly projects all over the world.

But anything that can't go on forever eventually stops. Zohran Mamdani just won the NYC Democratic mayoral primary election. That wasn't supposed to happen. The worst people on Earth showered the hereditary King of New York with so much money it was coming out of his fucking pores and he still ate shit. Guys who've got so much money they were able to get Columbia University to collude in shipping its students off to gulags for having the temerity to oppose genocide tried to do it to Mamdani and we kicked their teeth in.

The world is organized around the whims of billionaires, but it doesn't have to be. Most of us are not esoteric authoritarian freaks pining for a CEO of America who'll track us all using mandatory Fitbits and assign us jobs based on an AI's estimation of our cranial geometry. Those ideas are not popular. Now, it's true that this century has been defined by extremely unpopular ideas winning the day. But anything that can't go on eventually stops.

Sure, they smeared Jeremy Corbyn and replaced him with Austeritybot 3000, and Labour is collapsing as a result, and if an election were called today, Nigel Farage would sweep the board, assuming the PM's seat ahead of a Ba'ath Party style majority.

But on today's Trashfuture podcast, I learned about the leadership contest for the Green Party, in which genuinely progressive candidate, Zack Polanski, is running:

https://backzack.com/

Labour has walked away from voters. The Tories are in chaos. The Libdems permanently discredited themselves in the coalition government. The youthquake that buoyed up Corbyn was driven by a desperate hunger for change. The party grandees that purged Labour of everyone who wanted a better country have created a massive constituency that's up for grabs.

I'm desperate for change, too. I've joined the Greens, and I'll be voting for Polanski in the leadership race:

https://join.greenparty.org.uk/join-us/

(Image: Frank Vincentz, Petri Krohn, CC BY-SA 3.0, modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Secret Congressional policy reports published https://web.archive.org/web/20050629020405/http://www.opencrs.com/

#20yrsago Brazil to US pharma co: slash AIDS drug prices or lose patent https://web.archive.org/web/20190918065156/https://www.ft.com/content/816699fe-e50a-11d9-95f3-00000e2511c8

#20yrsago Hilary Rosen: Killing Napster didn’t bring market control https://web.archive.org/web/20050629010724/http://www.huffingtonpost.com/theblog/archive/hilary-rosen/the-wisdom-of-the-court-_3259.html

#15yrsago Canadian cops’ history of agents provocateurs and the G20 https://memex.craphound.com/2010/06/27/canadian-cops-history-of-agents-provocateurs-and-the-g20/

#15yrsago Stiglitz: spending cuts won’t cure recession https://www.independent.co.uk/news/uk/politics/osborne-s-first-budget-it-s-wrong-wrong-wrong-2011501.html

#5yrsago Snowden on tech's Oppenheimers https://pluralistic.net/2020/06/27/belated-oppenheimers/#oppenheimers

#5yrsago Santa Cruz bans predictive policing https://pluralistic.net/2020/06/27/belated-oppenheimers/#banana-slugs

#1yrago Copyright takedowns are a cautionary tale that few are heeding https://pluralistic.net/2024/06/27/nuke-first/#ask-questions-never

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • Enshittification: Why Everything Suddenly Got Worse and What to Do About It, Farrar, Straus, Giroux, October 7 2025
    https://us.macmillan.com/books/9780374619329/enshittification/

  • Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026

  • The Memex Method, Farrar, Straus, Giroux, 2026


Colophon (permalink)

Today's top sources:

Currently writing:

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

13:35

Hallucinating myths into fact [Scripting News]

I have a Google Alerts query for my own name, just to see if any journalism outlets mention me. When it happens, it's often to give me credit for co-creating an app called iPodder, which they say was where podcasting started. None of that is true. But that's what journalism says about me.

On the other hand if you ask ChatGPT what role I played in developing podcasting it gives a more accurate answer.

So tell me what the role of journalism is. Hallucinating myths into fact? That would be my estimate.

Here's the ChatGPT result. I actually did a bit more than that, but what they say is closer to the truth and gives an idea of how things like podcasting come into existence. A lot of work and struggle against people's disbelief, and most of the time it doesn't work -- podcasting is one of the successes.

BTW, the second item in ChatGPT's list is not true. Adam's Daily Source Code came after my own podcast Morning Coffee Notes. I was urging him to do a podast but he didn't get one going until after I went first, proving the old adage "People don't listen to their friends, they listen to their competitors." So somewhere along the line it got confused and it hallucinated just like the journalists. The actual first podcast was a Grateful Dead song in 2001 which I used to test Radio UserLand which was the first software to implement podcasting. There's a documentary coming out soon and I believe they have a bit about that, so maybe that'll get on the record.

If this is how history is written btw, I wouldn't trust anything in the history books. ;-)

10:42

Education is free, learning is expensive [Seth's Blog]

That’s a complete reversal of how it used to be.

Colleges used to be measured by how many books they had in the library. Access to courses was restricted. If knowledge was power, controlling access was essential.

They even call it the ‘admissions office.’

Part of the status that comes from higher education is that they controlled who could find the information and who was left behind.

Today, of course, all of the information is there, a click away. Billions of people have a smartphone with access to everything ever recorded and written, but also to a trillion dollar AI system that can offer informed guidance.

So why hesitate? Why do we get stuck or avoid even acknowledging that it’s possible?

Because learning is hard. It creates tension. It takes time. Most of all, it requires a commitment to becoming someone else, a bet we’re making that might not turn out the way we hope.

The system has called our bluff. If you want to learn, learn.

But we pay for it with effort.

10:35

03:42

Junichi Uekawa: MiniDebconf in Japan. [Planet Debian]

MiniDebconf in Japan. Seems like we are having a MiniDebconf in Japan. wiki.

02:07

00:14

Average person 40% poorer if world warms by 4C [Richard Stallman's Political Notes]

*Average person will be 40% poorer if world warms by 4C, new research shows.* Experts say previous economic models underestimated impact of global heating — as well as likely ‘cascading supply chain disruptions’.

If they have estimated well the effect of those cascades, maybe this estimate will be on target. But I doubt that is even possible. With globalized production, it is easy for even a local disaster to make a crucial component totally unavailable for years. Maybe there would be no new computers, or no new cars.

Mahmoud Khalil freed by a judge [Richard Stallman's Political Notes]

Mahmoud Khalil has been freed by a judge, and has returned to New York to appear at a rally for *Palestinian freedom and opposition to both the university and the [bully].*

I also advocate for a free state of Palestine, but I partly disagree with Khalil. I am careful to make it clear that Palestine would be alongside Israel, not a replacement for Israel.

Kilmar Ábrego García's case has become complex and paradoxical [Richard Stallman's Political Notes]

Kilmar Ábrego García's case has become complex and paradoxical, as different parts of the US government demand to do different things to him. The consequence is that he can't be released on bail lest that put him in danger of precipitous deportation.

This shows there is a dangerous flaw in the current law. The criminal charges were created as a justification for deporting him; even if they were true, it is an obvious injustice to use them to deport him before those charges are adjudicated.

UK government labels activist group as "terrorist" [Richard Stallman's Political Notes]

The UK government has labeled an activist group as "terrorist" for a peaceful protest, and plans to abolish its existence. That is such contempt for human rights that it reminds me of the bully.

*Israel kills innocent Palestinians. Activists spray-paint a plane. Guess which the UK government calls terrorism.*

Journalists have had difficulty knowing how to present Kilmar Ábrego's name [Richard Stallman's Political Notes]

Kilmar Ábrego, victim of an unjust deportation, has been much in the news, and journalists have had difficulty knowing how to present his name.

The Hispanic naming system gives Kilmar Armando Ábrego Garcia (like almost everyone else) two apellidos (family names): his are Ábrego and Garcia. It is helpful, in an article which discusses a person at length, to present per name in full form (as in this paragraph) at least once, for completeness. But mostly one uses only the first apellido.

Some writers in English seem to think that the two apellidos are equivalent to a hyphenated double name in English, but that is not so. An English hyphenated name is just one name, and it is incorrect to omit part of it.

Excuse for repression in universities [Richard Stallman's Political Notes]

Rep. Nadler condemned the weaponization of a supposed fight against antisemitism into an excuse for repression in universities.

ChatGPT lowers subjects' capacity to think [Richard Stallman's Political Notes]

Preliminary results from an experiment suggest that using ChatGPT lowers subjects' capacity to think while writing essays.

Law requiring display of Ten Commandments in schools [Richard Stallman's Political Notes]

*Court strikes down Louisiana law requiring display of Ten Commandments in schools.* Texas is on the verge of passing a similar law.

Common for thugs to attack and accuse victims of "assault" [Richard Stallman's Political Notes]

It is commonplace for thugs to attack people and then accuse their victims of "assaulting" them. Usually they do that to people with little influence, such as poor young black men.

Now they are doing it to Democratic elected officials, which is a terrorist/intimidation tactic.

Call for armed aid convoys to deliver food [Richard Stallman's Political Notes]

The UN special rapporteur on the right to food calls for armed aid convoys to deliver food, where that is necessary.

I think this might be successful in places such as Sudan, where the enemies are not powerful enough to crush the arms of he aid convoys from a distance. But I think they would be ineffective in Gaza, because Israel would kill the armed UN guards from the air.

Republican congresscritters who say they would have voted against Big Bad Bill [Richard Stallman's Political Notes]

At least two Republican congresscritters said they would have voted against the Big Bad Bill if they had known it said X or Y.

For the bill to pass, the House will have to approve the final version. If that final version still contains X and Y, will they vote to defeat it? Their majority is so small that Just a couple of Republicans voting no would be enough to defeat it.

UK proposes prohibiting online commercial advertising of sexual services [Richard Stallman's Political Notes]

The UK proposes to prohibit online commercial advertising of sexual services, and the wording makes it clear that the motive of this campaign is based on rigid conservative ideas of right and wrong in sex.

The author rigidly presumes that doing sex work is "being exploited". Women who are trafficked are being exploited. Women who do sex work by choice, and there are many of those, are doing business for their benefit.

In a better world, the traffickers would be punished, the trafficked women would be freed, and the self-employed sex workers would not have to hide or be ashamed. We cannot get there without recognizing all of these groups.

PEN America concerned by deportation of Australian writer [Richard Stallman's Political Notes]

*PEN America "gravely concerned" by deportation of Australian writer critical of Trump administration.*

"Predictive policing" is disguided excuse for harassment of black males [Richard Stallman's Political Notes]

"Predictive policing" often amounts to a disguided excuse for systematic harassment of black males.

The article raises the possibility that it could be better if it is "more transparent", but no actual results of trying.

CDC invited anti-vaxxer to present report on thimerosal [Richard Stallman's Political Notes]

The CDC has invited an anti-vaxxer to present a report containing disinformation about thimerosal. It contains a mistaken citation that seems intended to report a real study, but cites that study's results exactly wrong.

Friday, 27 June

23:56

[1261] Uncovering the Truth [Twokinds]

Comic for June 27, 2025

Distracted – DORK TOWER 27.06.27 [Dork Tower]

This or any DORK TOWER strip is now available as a signed, high-quality print, from just $25!  CLICK HERE to find out more!

HEY! Want to help keep DORK TOWER going? Then consider joining the DORK TOWER Patreon and ENLIST IN THE ARMY OF DORKNESS TODAY! (We have COOKIES!) (And SWAG!) (And GRATITUDE!)

22:35

Friday Squid Blogging: What to Do When You Find a Squid “Egg Mop” [Schneier on Security]

Tips on what to do if you find a mop of squid eggs.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

22:14

Progressive Revenue Is Not Dead in Seattle [The Stranger]

And the Business Associations Are Pissed
by Nathalie Graham

Seattle electeds have finally realized that they can’t simply rely on the Jumpstart Tax, a progressive (but fluctuating) payroll tax, to backfill budget shortfalls in perpetuity, and they are pursuing new progressive revenue options. I know, I know, this city council and this mayor finding new revenue methods? Our financial outlook is that bad.

The Seattle Shield Initiative united an odd duo, Councilmember Alexis Mercedes Rinck and Mayor Bruce Harrell. Together, they proposed the initiative to help alleviate the financial stress that a $251 million deficit across all fund balances—and Trump in the White House—will put on the city.

The initiative will temporarily raise business and occupation (B&O) taxes to fund programs threatened by the Donald Trump administration such as investments in housing vouchers, shelters, food and nutrition access, resources for survivors of gender-based violence, and affordable housing. But it gets better. The initiative doesn’t raise the B&O tax for all businesses, only some. Under the initiative, to help bolster struggling mom and pop shops, many small businesses which actually stop paying B&O tax. Sounds pretty good, right?

Not if you’re part of a big business organization. The Downtown Seattle Association (DSA, but not the cool one) and the Seattle Chamber of Commerce have already poo-poo’d the proposed initiative.

Jon Scholes, the president and CEO of the DSA (derogatory) and frequent bad-opinion columnist at the Seattle Times, said in a statement that the Trump tariffs are already bad for business and city leaders are about to “make things worse on local companies” with this new tax.

“This proposal is a tax on downtown Seattle’s revitalization and a self-inflicted wound to the progress we’ve been making to attract more businesses downtown and strengthen the city’s tax base. It will make it harder to fill empty tall office buildings and storefronts with companies, which will threaten the commercial tax base and shift more of the tax burden to residents,” Scholes wrote.

The Seattle Shield Initiative will raise the B&O tax threshold exemption from $100,000 to $2,000,000 in gross revenue, which means 76 percent of small businesses won’t pay any B&O tax at all. Meanwhile, only businesses earning more than $2 million in revenue will have to pay a higher tax than they did before. According to a press release from the city, “approximately 90% of businesses would owe less than they do today.”

Of course, that means those high-earners would shoulder the B&O tax. This is unfair, according to Scholes.

“City leaders should heed the lessons from the past and reject boneheaded ideas solely concocted in the name of fighting President Trump,” Scholes wrote. “This rushed tax proposal is bad fiscal policy that will set Seattle back and raise costs for residents.”

He had some big, weird feelings (“It’s the fiscal policy version of Seattle’s defund the police movement and if passed will ultimately result in Seattle defunding its tax base,” he wrote on LinkedIn. “This idea should be thrown in the trash bin next to the remnants of defund the police, CHOP/CHAZ, legalizing drugs, etc”) and I’m sure we’ll hear more from him in a forthcoming Seattle Times editorial. But, I must say, this is pretty funny outrage coming from the organization that just pushed policy through the Seattle City Council to put eyesore digital advertising kiosks on Seattle streets. The money earned from those kiosks will go right back into DSA coffers. Maybe they can use some of that money to help their struggling big businesses pay the B&O tax increase.

In response to these comments, at a press conference, Harrell said, “We think it’s good policy, and we would disagree [with the DSA].”

Remember, this is from longtime DSA (again, not the socialist one) ally Harrell. Do we… gotta hand it to him?

“We are not trying to run business out of Seattle, we are open for business,” Harrell, newly anointed fan of progressive revenue (or just a man worried about being another one-term mayor) continued. “So as we look at dealing with a $250 million deficit… The fact is that the state legislature only gives us so many tools, and this is a tool we think along the lines of progressive revenue that is a smart policy to adopt...We will do everything possible to continue to have a healthy business environment, but we stand behind this policy.”

In a statement to The Stranger, Mercedes Rinck said, "It’s true. This proposal progressively shifts B&O tax burden to the largest businesses in Seattle. The top 10 percent will pay more, and the bottom and middle will pay less. I think we can all see that as a worthwhile investment in the local community, workforce, and economy. What will actually set Seattle back is doing nothing while thousands in our community are on the brink of food insecurity and homelessness due to draconian federal cuts."

Wealthy business owner grips aside, this initiative is a boon for small businesses, according to Jeanie Chunn, community activist, longtime small business advocate, and current candidate for City Council District 2.

Chunn, who helped engage small business owners on this initiative for Rinck's office, described how paying fewer B&O taxes will make a huge difference. Especially for businesses operating on the margins like restaurants, having extra funds could pay for much-needed new equipment, new benefits for employees, or repairs. The initiative will provide “much welcomed relief,” she wrote in an email.

According to Chunn, most restaurants fall under the $2 million revenue threshold. Even for those who rake in over $2 million annually, they’ll still pay less in local B&O taxes than they do currently because “it's only on sales over $2M.”

The Seattle Metropolitan Chamber of Commerce jumped to its usual excuses for the reasons we can’t raise taxes: it has some “interesting ideas,” but it’s “rushed,” and companies just can’t afford it right now.

“I think the Chamber of Commerce's outrage over this initiative shows that they have and will always represent the interests of large corporations and not locally-owned businesses, small business owners, or the workers of Seattle,” Chunn wrote.

"If the Seattle Metropolitan Chamber of Commerce only wants to advocate for the preferences of their Emerald and Platinum members, that is their prerogative," Mercedes Rinck told The Stranger. "Local government has responsibility to step up in this moment, and our proposal gives Seattle residents that choice."

However, the Seattle Shield Initiative is not law yet. Rinck will need to curry favor with the other members of the council. They will have to vote on the initiative by Aug. 5. If approved, we the people will get to have our say in the November election.

Editor's Note: This story has been updated since it's original publication to include comments from City Councilmember Alexis Mercedes Rinck. 

21:35

New Books and ARCs, 6/27/25 [Whatever]

I was traveling much of June, and as a result we have an extra-large collection of new books and ARCs to consider here at the end of the month. What in this double stack of reading goodness would you like to take on in this final weekend of the first half of the year? Share in the comments!

20:42

Aegis Fires Two Workers for Sharing Stranger Article, Union and Employees Say [The Stranger]

Aegis Living fired two two staffers after sharing a Stranger article about their business practices. by Conor Kelley

Imagine getting fired for sharing an article with your co-workers. Not porn, not political commentary, not raunchy jokes. A news article, just like this one. According to two employees at Aegis Living, it just happened in King County twice.

Jason Bova-Havers says that on their day off on May 27th, a former co-worker sent him something to read: a story published last month in The Stranger titled,  “What’s Behind the Gilded Doors of Aegis Living?” The article contained allegations against the senior living chain Aegis Living from employees, former employees, and families of residents, ranging from shady business practices to illegal anti-union actions, discrimination, elder neglect, and more.

Bova-Havers had worked for Aegis for the past five years, so naturally they were curious. They told The Stranger that they weren't all that surprised about what was reported in the article, but still felt like it was worth passing along. Maybe this is something my boss should see, they remember thinking, and dropped a link to the story in a group chat he had going with a co-worker and his immediate boss.

Two days later, during their shift as a line cook at Aegis Living Shoreline, Bova-Havers was called into the General Manager’s office, their boss’ boss. “You’re going to want to sit down,” Bova-Havers says a Human Resources rep told them. “You recently sent a text message to your coworkers that was seen as ‘below board.’ So we’re letting you go.”

That was it.

Will Hudson read that same article, also passed to him by a friend. It was about the company he’d worked for the past two and a half years, first as care staff then recently as a member of the maintenance team at Aegis Living Madison. While he was at work the next day he printed the article off in the employee break room so his co-workers could read it, too. “I just wanted to inform them, see what their opinions and takes around it were,” Hudson says. Then he went back to work. “Didn’t think nothing of it.”

When Hudson came into work on June 9th, he was called into his boss’s office and questioned. He says they’d interviewed a couple of his co-workers already before he was called in to his boss’s office. “Are you the one who printed off this paper?” he says he was asked.

“Yes,” Hudson says he replied.

“We don’t allow that here. We have to let you go,” he says he was told.

Aegis did not respond to The Stranger’s request for comment about the two fired workers. They also did not respond to repeated requests for comment over months of reporting for the original article, and in the month since publication has not issued any public statement refuting the article’s wide-ranging allegations.

Since these firings, SEIU 775 has filed Unfair Labor Practice charges with the National Labor Relations Board against Aegis Living, alleging the company “unlawfully terminated” the two workers for “concerted, protected activities” covered by the National Labor Relations Act.

The complaint states “due to the egregious and hallmark nature of this violation” the union is seeking injunctive relief that would allow these workers to be reinstated with back pay. Even though Bova-Havers and Hudson weren’t members of the union, SEIU sees their firings as an attempt by Aegis to cool pro-union activity. “We're going to push as hard as we can to get them to take action on these complaints,” says Adam Glickman, the Secretary Treasurer of SEIU 775.

He sees this as a first-amendment fight, made even more important in the current political climate.

“It's just outrageous that in the middle of a workforce crisis where long-term care facilities are struggling to hire caregivers, particularly this company Aegis that pays less than most other employers, that they would fire workers for sharing newspaper articles,” Glickman says. “It seems like a slap in the face to their residents that they care so little about their care that they would fire workers for such an absurd reason. They're so afraid, so anti-union, so afraid of their workers organizing, that they would endanger the care of their residents by firing people for sharing a news article. It's just shocking.”

But no matter how it happened, Bova-Havers and Hudson are out of their jobs.

Luckily, both Bova-Havers and Hudson have been able to find work since. Bova-Havers is happy at his new full-time job as a pastry chef, which was his original job at Aegis. “I do miss my crew in the kitchen,” he says. “I worry about them. I hope they get better pay and protections. Or, hell, just jobs that appreciate them.”

Will has found some work dog sitting and dog walking, but he’s still looking for something long-term. And he’s still upset about what happened.

“After being fired, I was devastated,” Will says. “The residents that’d see me every day, now I don’t get to see them anymore. All because Aegis doesn’t want people to know the truth: that Aegis is corrupt.”

Have a tip about Aegis Living? Reach out at editor@thestranger.com.

20:00

Link [Scripting News]

Glossary: Tiny Little Textbox. (An idea I might try, coupled with Daytona, I should be able to build a glossary of terms I want in my official vocabulary. Ideas that have stood the test of time, that mean something now, but eventually will be set aside and no one will know what a TLTB was.)

Link [Scripting News]

I'm working my way through The Bear, and it's great because you remember that you love all these characters and you can immediately start living the ongoing drama of their lives. I feel like a cat perched on a window watching everyone doing their daily stuff. Looking forward to going back to the beginning and starting over.

Link [Scripting News]

BTW, I think the right way to read Scripting News is getting the nightly email. That's the pulse. I jot stuff down during the day, mostly in the morning, and later add links and finish stuff up. The scripting.com feed is updated in realtime. So you may get many versions of an item over the day, which might be a problem with feed readers that don't watch for changes. I noticed that my changes to a recent podcast shownotes page don't flow back out to my podcast client app on Android. FeedLand btw, records changes, and they flow through to the timeline. Coupled with rssCloud, which is supported in every WordPress site, makes the whole thing realtime. People assume that feeds have to perform like a feed reader. But if you have a component running on the open internet, hooked up via websockets to the client, you get the flow they get in twitter-like systems. And we didn't have to invent anything that didn't already exist in 2009.

19:56

I, Anonymous: Ice Scream [The Stranger]

Do you need to get something off your chest? Submit an I, Anonymous and we'll illustrate it! by Anonymous

As a cis woman living in post-Roe America, I didn’t think my feelings of patriotism had any farther to fall, but your latest “loss prevention” measure has surprised me by alienating me yet further from the AmeriCone Dream®️.

Yesterday I swung by your store on my way home, hoping to pick up fixings for a quick dinner and ice cream for dessert. Imagine my confusion when I tried the handle on the freezer case door only to find it locked—and taped to the door beside it, a sign instructing me to push a red button for assistance accessing the ice cream pints within. 

I dutifully pushed the button and waited for about ten minutes, shivering in the cold of the frozen aisle, before finally shaking the icicles from my nose hairs and accepting that nobody in your chronically understaffed store was coming to help me. I proceeded to check out without the Cherry Garcia I had come for. 

You successfully deterred an ice cream seeker, but not the one you probably wanted to deter. 

As I understand it, the cost to you of the predicted rate of shoplifting is already factored into the prices your customers pay. I can imagine why ice cream might be one of the most pilfered items—it’s calorically dense, sweet enough to take the edge off for someone who’s withdrawing from an illicit substance, and refreshingly cool. So, as far as I’m concerned, just let the poor people and the addicts steal the ice cream.

In fact, you sort of already do: one cold case out of eight was left unlocked, the one containing the larger quantities of ice cream. A few pints could even be accessed by reaching one’s arm into the next case over via the opening for the 1.5-quart and 1-gallon tubs. So those least able to afford to be sticklers for specific brands and flavors—i.e., those not planning to stop by the register on the way out—can still grab a good-enough option to fulfill their needs. It’s only customers like me—people with the intention of paying and the privilege of pickiness—who are likely to be meaningfully deterred from leaving your stores with ice cream. What a stupid, annoying self-own! Get it together.

Do you need to get something off your chest? Submit an I, Anonymous and we'll illustrate it! Send your unsigned rant, love letter, confession, or accusation to ianonymous@thestranger.com. Please remember to change the names of the innocent and the guilty.

19:07

Reproducible Builds (diffoscope): diffoscope 300 released [Planet Debian]

The diffoscope maintainers are pleased to announce the release of diffoscope version 300. This version includes the following changes:

[ "Alex" ]
* Fix a regression and add a test so that diffoscope picks up differences
  in metadata for identical files again. (Closes: reproducible-builds/diffoscope#411)

You find out more by visiting the project homepage.

The Best Bang for Your Buck Events in Seattle This Weekend: June 27–29, 2025 [The Stranger]

Seattle Pride Parade, Trans Pride, and More Cheap & Easy Events Under $15
by EverOut Staff

Gear up for a gorgeous Pride Weekend with our cheap and easy guide, which features events from Seattle PrideFest and the Pride Parade to the Indigiqueer Festival and Trans Pride Seattle. If you're looking to escape the city this weekend, we're also pointing you toward the evo Trailgate Festival and Bremerton's Bridge Blast. For more suggestions, check out our top event picks of the week.

FRIDAY PRIDE

Indigiqueer Festival
Quileute drag artist Hailey Tayathy co-founded the Indigiqueer Festival in 2022 because they felt that "a gay-friendly city named for a Suquamish and Duwamish Chief deserved the big Indigenous Pride event it didn’t have." Taking place at Pier 62 against the backdrop of the Salish Sea, this fest marks the start of Pride weekend with a stacked lineup of performers including rocking drag queen Holli B. Sinclair, food from traditional Indigenous chef Natoncks Metsu, and a host of art vendors and community workshops. SHANNON LUBETICH
(Pier 62, Downtown, free)

18:28

Urethral Rifling [Penny Arcade]

I haven't played a Kojima game all the way through since Metal Gear Solid 2, and that was before he started getting truly wild with the cutscenes. I love to watch them though, which is fully in-line with the profound, unique spectacle they offer. 2 Live Crew's third album was entitled "As Nasty As They Wanna Be," and there is a version of this principle in place for Hideo Kojima - very, very few people are allowed by the universe to be this true to their instincts, to "shock the world" as Silkk The Shocker put it. I'm trying to figure out another old school hip hop reference but I think this paragraph is essentially spent. Everything that we say in the strip is true, though.

18:07

[$] How to write Rust in the kernel: part 2 [LWN.net]

In 2023, Fujita Tomonori wrote a Rust version of the existing driver for the Asix AX88796B embedded Ethernet controller. At slightly more than 100 lines, it's about as simple as a driver can be, and therefore is a useful touchstone for the differences between writing Rust and C in the kernel. Looking at the Rust syntax, types, and APIs used by the driver and contrasting them with the C version will help illustrate those differences.

17:35

Why do I get errors or warnings about some weird symbol called ?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform…, part 3 [The Old New Thing]

We have been investigating why a project is getting an error about a weird C++/CX symbol, and we tracked it down to three things:

  • If you compile with C++/CX, the compiler injects vccorlib.lib as a default library.
  • The vccorlib.lib library provides a definition of main.
  • The linker special rule for resolving references introduced by a library causes the search for main to look in vccorlib.lib ahead of the fuzzer library that contains the main we want.

To get the linker to find the intended main, we need to take away one of the conditions.

For the first item, we could take away all the components that use C++/CX. But presumably they are there because we need to test them, so that’s not an option.

Another possibility is to remove vccorlib.lib from the default library list. The library is still needed, but we can add it back as an explicit library.

link /out:fuzzer.exe /subsystem:console fuzzer.obj cx.obj lib.lib vccorlib.lib /NODEFAULTLIB:vccorlib.lib

The avoids the problem with the special rule: The reference to main came from libcmt.lib, so the search proceeds through the rest of the default libs, and then wraps around back to the explicit libraries. In the list of explicit libraries, we have been careful to put lib.lib ahead of vccorlib.lib, so that the main in lib.lib gets found first.

For the second item, there’s not much we can do because the vccorlib.lib is provided as part of the toolchain, so we are not at liberty to modify it.

For the third item, we can try to avoid the linker special rule by making sure that the reference to main does not come from a library in the first place. That ensures that the search starts with the first explicitly library rather than doing the weird wraparound thing.

One way to force it is to have another object file that contains an explicit reference to main

rem new! An object file that requests main.                              
>forcemain.cpp echo int __cdecl main(int, char**); auto forcemain = main;
cl /c forcemain.cpp                                                      

rem Add it as the first object file.
link /out:fuzzer.exe /subsystem:console forcemain.obj fuzzer.obj cx.obj lib.lib

rem success!

The first reference to main comes from forcemain, which is not a library, so the special library search rule does not come into play.

I put forcemain.obj first to increase the likelihood that it will provide the first reference to main. If it came second, then maybe resolving a symbol from the first object file leads to a reference that is resolved by a library, and that in turn requests a reference to main, and now the special library search rule kicks in.

It may be difficult to ensure that forcemain.obj comes first. For example, some tooling might sort the object files alphabetically, or somebody might just decide to sort them alphabetically as part of just making things more tidy,¹ causing forcemain.obj to lose its special place at the front of the object list.

Therefore, I like to use the /INCLUDE trick.

link /out:fuzzer.exe /subsystem:console fuzzer.obj cx.obj lib.lib /INCLUDE:main

rem success!

The compiler team tells me that references injected via /INCLUDE get ushered to the front of the line, so they get resolved before any references that come from the object files themselves. In this case, it means that /INCLUDE:main ensures that main is resolved before any symbols from object files, thereby removing the dependency on the order of object files.

My colleague Martyn Lovell noted that even though you can cobble together something that works, he considers it generally a mistake to put your entry point in a library. Libraries generally carry the meaning of “Use this only if necessary,” but in the case of the fuzzing library, their specific main function is mandatory, not a fallback. This is a problem I discussed earlier in the context of choosing between WinMain and wWinMain.

The entry point should be in an explicit object file that is added to the project, or (my preferred option) the library should provide its main function under a name like fuzzer_main which programs are expected to forward to.

// fuzzer.cpp
#include <fuzzerlibrary.h>
int __cdecl main(int argc, char** argv)
{
    return fuzzer_main(argc, argv);
}

bool fuzzer_callback(void* data, int length)
{
    ⟦ ... ⟧
}

This also allows you to do things like choose between two fuzzers at runtime, or run multiple fuzzers from a single binary or run the same fuzzer twice.

// fuzzer.cpp
#include <fuzzerlibrary1.h>
#include <fuzzerlibrary2.h>
int __cdecl main(int argc, char** argv)
{
    // If run with no arguments, then provide
    // some defaults.
    if (argc == 1) {
        static char arg1[] = "default-argument1";
        static char arg2[] = "default-argument2";
        static char* args[] = { argv[0], arg1, arg2 };
        argc = 3;
        argv = args;
    }

    // Run it through both fuzzers
    int result = fuzzer1_main(argc, argv);
    if (result == 0) {
        result = fuzzer2_main(argc, argv);
    }
}
    return result;
}

bool fuzzer_callback(void* data, int length)
{
    ⟦ ... ⟧
}

Now, for convenience, the fuzzer library could also provide the main function that we put into fuzzer.cpp. But even so, there should be a separate name (like fuzzer_main) that can be used to invoke it explicitly.

¹ For example, keeping lists in alphabetical or numeric order reduces the likelihood of bad merges.

The post Why do I get errors or warnings about some weird symbol called ?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform…, part 3 appeared first on The Old New Thing.

Slog AM: Supreme Court Bans National Injunctions, SeaTac Cancels Fourth of July, Bezos and Bride Ready to Tie the Knot [The Stranger]

The Stranger's morning news roundup. by Nathalie Graham

SCOTUS Rules on Birthright Citizenship Case: But not on birthright citizenship. The six hollowed out corpses of the nine-justice Supreme Court ruled that federal judges had overstepped when temporarily pausing the enforcement of Trump's executive order. The court will allow Trump's executive order restricting birthright citizenship can go into effect in 30 days. BUT, they did not rule on the constitutionality of upending birthright citizenship... which seems like an important thing to do, especially in this context. But what do I know? I'm no ghoul in a black robe with unfettered power. Justice Sonia Sotomayor called the decision, “a travesty for the rule of law.”

Sotomayor issues a blistering dissent that states plainly that this decision renders constitutional protections meaningless.

[image or embed]

— Alejandra Caraballo (@esqueer.net) June 27, 2025 at 7:14 AM

This Is a Huge Deal: No more nationwide injunctions? This SCOTUS ruling limits the main legal tool judges had to resist Trump and stall executive orders. Now, only class action lawsuits can challenge these orders.  

all of the Supreme Court’s jurisprudence about executive power - all of it - can be replaced with a simple flow chart. is the president a Republican? if so it’s ok. if not, it’s presumptively not ok.

— Peter (@notalawyer.bsky.social) June 27, 2025 at 7:18 AM

In Other SCOTUS News: A 4-4 decision upheld a block prohibiting Oklahoma from using government money for a religious charter school, and rejected Texas's effort to limit kids' access to porn, but they did allow parents to pull their children from classes that teach LGBTQ books. And in the usual 6-3 split, they ruled that Planned Parenthood can't use Medicaid laws to fight state-level efforts to defund them. In her dissent, Justice Ketanji Brown Jackson wrote: “Today’s decision is likely to result in tangible harm to real people... At a minimum, it will deprive Medicaid recipients in South Carolina of their only meaningful way of enforcing a right that Congress has expressly granted to them. And, more concretely, it will strip those South Carolinians—and countless other Medicaid recipients around the country—of a deeply personal freedom: the ‘ability to decide who treats us at our most vulnerable.’”

Fourth of July Cancelled in SeaTac: No, no, this isn't some commentary on the state of the world. The city is cancelling any and all festivities at Angle Lake Park due to public safety concerns. Last year, Angle Lake's Fourth of July shindig drew more than 10,000 people. That's three times the capacity than the park should safely hold. And, only 10 officers were on duty. This year, the threat of overcrowding complicated by understaffing of first responders means no party. Officials say last year's drone show debacle, where 55 of 200 drones dropped like stones into the lake, is not the reason for the cancellation. You can swim at the lake on Independence Day this year, but that's it. 

More Measles in King County: Public Health – Seattle & King County identified two more measles cases in the region, this time in an adult and child. Washington has now seen 10 confirmed cases of measles this year. Get vaccinated, guys.

The Weather: Another day of clouds and then the sun and summer returns. Not for good, though. Never for good.

Grocery Workers Might Strike: A few weeks ago, 97 percent of the union representing 30,000 grocery employees from stores like QFC, Fred Meyer, and Safeway voted to authorize a strike due to dissatisfaction with wages, working conditions, and staffing. The threat of such a massive strike seems to have been a wakeup call for the companies, because this week, they're voting on their latest contract proposal and the union is recommending that their members vote "yes." We'll see! The final tally should be in late tonight.

It's Supervillain Wedding Weekend: Ah, look, St. Mark's Square in Venice, Italy is already celebrating Jeff Bezos and Lauren Sanchez's cursed wedding. Celebrities like "Tom Brady, Leonardo DiCaprio, Orlando Bloom, Oprah Winfrey, Usher Raymond, and a raft of Kardashians" according to the New York Times, have already arrived. The whole thing is shrouded in secrecy. For now. 

Meanwhile auf dem Markusplatz in Venedig.

[image or embed]

— DennisKBerlin (@denniskberlin.bsky.social) June 27, 2025 at 5:52 AM

Looking for a new place to bike ride? Try under the freeway! No, really. The Seattle Parks Department just unveiled its $314,000 overhaul of the mountain bike skills park underneath the I-5 colonnade on the downslope between Capitol Hill and Eastlake. 

Sore Loser Alert: You already conceded, Andrew Cuomo, just go away. If only it were that simple. Giant sore loser Cuomo will register as an independent and run against democratic socialist Zohran Mamdani in the general election for mayor of New York. Does he have a humiliation kink? What's even funnier is incumbent NYC mayor and friend of Turkey Eric Adams is also running in the general as an independent. These two will surely split the clown vote and hurt their chances of winning even more. 

Meanwhile, Mamdani Keeps Inspiring a Movement: The young people are inspired. 

Generational change is coming: Since Zohran Mamdani won on Tuesday night, more than 1100 young people have reached out to @runforsomething.net to explore a run for local office — one of our biggest spikes of the year yet.

— Amanda Litman (@amandalitman.bsky.social) June 26, 2025 at 7:32 AM

Another Bling Ring Is Definitely a Recession Indicator: Brad Pitt is the latest in the string of celebrity robberies around Los Angeles. This week burglars broke into his $5 million Los Feliz home and ransacked it. He's been off in Europe promoting some movie I won't see. In recent months, burglars have hit the LA homes of Nicole Kidman and Keith Urban, Austin Butler, and Olivier Giroud of the Los Angeles Football Club.

Death for Blue Screen of Death: Microsoft will discontinue the "blue screen of death" its used for error messages for 40 years. Instead, it will now use a "black screen of death." Revolutionary.    A song for your Friday: It's Pride weekend! Shake off the bad news for a few days and also shake your ass.

16:35

Bcachefs may be headed out of the kernel [LWN.net]

The history of the bcachefs filesystem in the kernel has been turbulent, most recently with Linus Torvalds refusing a pull request for the 6.16-rc3 release. Torvalds has now pulled the code in question, but also said:

I think we'll be parting ways in the 6.17 merge window.

You made it very clear that I can't even question any bug-fixes and I should just pull anything and everything.

Honestly, at that point, I don't really feel comfortable being involved at all, and the only thing we both seemed to really fundamentally agree on in that discussion was "we're done".

Bcachefs developer Kent Overstreet has his own view of the situation. Both Torvalds and Overstreet refer to a seemingly private conversation where the pull request (and other topics) were discussed.

Pluralistic: Bill Griffith's 'Three Rocks' (27 Jun 2025) [Pluralistic: Daily links from Cory Doctorow]


Today's links


The Abrams' Books cover for Bill Griffith's 'Three Rocks.'

Bill Griffith's 'Three Rocks' (permalink)

What better format for a biography of Ernie Bushmiller, creator of the daily Nancy strip, than a graphic novel? And who better to write and draw it than Bill Griffith, creator of Zippy the Pinhead, a long-running and famously surreal daily strip?

https://store.abramsbooks.com/products/three-rocks

Three Rocks: The Story of Ernie Bushmiller, the Man Who Created Nancy is more than a biography, though. Griffith is carrying on the work of Scott McCloud, whose definitive Understanding Comics used the graphic novel form to explain the significance and method of sequential art, singling out Nancy for special praise:

https://en.wikipedia.org/wiki/Understanding_Comics

For Griffith – and a legion of comics legends who worship Bushmiller – the story of Bushmiller's life and the story of Nancy and its groundbreaking methodology are inseparable. We watch as Bushmiller starts out as a teenaged dropout copy-boy in the bullpen at a giant news syndicate, running errands for the paper's publisher and, eventually, its cartoonists. Bushmiller burns to get into the funnies, and he's got a good head for gags, but his draftsmanship needs work. He secretly enrolls in a life-drawing class, which does him little good, but he applies himself and applies himself, and eventually is given his big break: taking over Fritzi Ritz, a daily cartoon serial about a sexy flapper.

Bushmiller's run on Fritzi Ritz outlasts flappers, and, as he struggles to keep the character relevant amidst changing times, he eventually hits on a "Cousin Oliver" gambit: adding in a sassy niece named Nancy:

https://tvtropes.org/pmwiki/pmwiki.php/Main/CousinOliver

Cousin Oliverae are rarely successful, but Nancy turned out to be the exception that proved the rule. Nancy took over the strip, and "Aunt Fritzi" receded in importance, taking a backstage to Nancy and her pal Sluggo.

As Nancy came into her own, so did Bushmiller. Bushmiller combined an impeccable sense of the gag (he started with his punchline panel – "the snapper" – and worked backwards) with a visual style that he refined to something so pure and refined that it inspired generations of comics creators.

Bushmiller was the master of simplifying, and then simplifying more, and then simplifying even more. Visually, his characters and his furniture (especially the iconic "three rocks" of the title) are refined to something so iconic they're practically ideograms. While some accused Bushmiller of re-using a small set of drawings, Griffith makes the convincing case that Bushmiller perfected a small number of icons, and repeated them as motifs. Indeed, these characters are so perfect and finely tuned that when Griffith inserts Nancy, Sluggo and other characters from Bushmillerville into his graphic novel, he doesn't re-draw them – rather, Griffith carefully crops these characters out and collages them into his own panels. Every image of Nancy in this book was drawn by Ernie Bushmiller.

This pared-down, severely restricted graphic style provides the perfect toolkit for the Bushmiller gag, which, at its best, is profoundly surrealistic, often playing on the form of the comic itself (for example, when Nancy asks Sluggo to give her a push on a bicycle, Sluggo obliges by stepping out of the comic and tipping the final panel at 45 degrees, sending Nancy rolling "downhill"). These meta-humorous gags give rise to Griffith's key insight: that Nancy isn't a comic about what it's like to be a kid – it's a comic about what it's like to be a cartoon character.

This is such a good organizing principle for understanding Nancy's staying power and influence. Other cartoons like Peanuts are nominally about being a kid, but are actually about being a small adult. Nancy, meanwhile, shares a lineage with, say, Animaniacs and Bugs Bunny and Groucho Marx (who, we learn, wore out his welcome with Bushmiller and his wife by relentlessly hitting on the latter at celebrity dinners at the Brown Derby). It's no wonder that Scott McCloud, the prophet-explainer of sequential art, loves Nancy: she practically invented stepping outside the frame and making us think about how these pictures and words worked, and why, and she made us laugh the whole time.

Bushmiller had a unique mind. He was a workaholic, turning out a 7-day/week strip for decades, even as he shouldered a variety of side-projects and other strips. Once he started making money, he moved to the Connecticut suburbs where he could have a work-room big enough to accommodate four drafting boards, so he could work on four strips at once. He would sometimes get a year ahead of schedule with his publishers. It was only very late in his life that Bushmiller took on any kind of assistants, and even then, he obsessively supervised them, counting the spikes in every depiction of Nancy's hair to ensure that they fell within the regulation 69-107 spikes.

Despite his massive following among artists, hipsters and intellectuals, Bushmiller insisted that the secret to his success was in his devotion to simplicity and the universality it brought. Bushmiller's editorial process seems to have consisted almost entirely of his removing words, images and lines from his panels, paring them down further and further until they became, essentially, narrated pictograms – almost funny Ikea assembly instructions.

Griffith – a daily cartoonist workaholic who has been turning out Zippy strips since 1971 – bursts with admiration for Bushmiller, and this biography saves a lot of space for Bushmiller himself, with long sections given over to reproductions of some of Nancy's best outings. Griffith has had more than half a century to think about what makes surreal comic-strips tick, and, like McCloud, he pours these out on the page, but largely confines himself to illustrating his insights with Bushmiller strips and panels. The result is a heady volume: a great biography and a great book of literary criticism and comic arts theory.

Nancy is still around, written and drawn by the amazing Olivia Jaimes, whose first collection of new Nancy comics I called "incredibly, fantastically, impossibly great":

https://memex.craphound.com/2019/10/17/the-first-book-collecting-the-new-nancy-comic-is-incredibly-fantastically-impossibly-great/

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#15yrsago Adventurer’s Club from Walt Disney World recreated in painstaking detail with Half-Life engine https://insidethemagic.net/2010/06/walt-disney-worlds-adventurers-club-virtually-recreated-for-fans-to-once-again-explore/

#15yrsago Texas GOP comes out against oral sex, the UN, and the Supreme Court https://web.archive.org/web/20100626003418/https://www.nydailynews.com/news/2010/06/22/2010-06-22_texas_gop_platform_criminalize_gay_marriage_and_ban_sodomy_outlaw_strip_clubs_an.html

#15yrsago Monkey-Pirate-Robot-Ninja-Zombie: Rock Paper Scissors 9.0 https://web.archive.org/web/20100625003931/http://markarayner.com/blog/archives/1613

#10yrsago Harry Reid tells BLM’s Burning Man squad to suck it up https://web.archive.org/web/20150628195105/http://hoh.rollcall.com/harry-reid-to-burning-man-rescue/

#10yrsago Supreme Court upholds marriage equality! https://www.theguardian.com/law/live/2015/jun/26/supreme-court-rules-same-sex-marriage

#10yrsago Wil Wheaton on depression https://www.youtube.com/watch?v=K6ACzT6PCDw

#10yrsago 2.5 million data points show: America’s ISPs suck, and AT&T sucks worst https://www.measurementlab.net/blog/interconnection_and_measurement_update/

#5yrsago Microcontent guidelines for 2020 https://pluralistic.net/2020/06/26/police-riots/#nielsen-98

#5yrsago "Violent protests" vs "violent police" https://pluralistic.net/2020/06/26/police-riots/#police-riot

#5yrsago Sympathy for the mask-shy https://pluralistic.net/2020/06/26/police-riots/#harm-reduction

#5yrsago Let's get rid of nursing homes https://pluralistic.net/2020/06/26/police-riots/#nursing-homes

#5yrsago Splash Mountain to purge Song of the South https://pluralistic.net/2020/06/26/police-riots/#minstrelsy

#5yrsago Copyright keeps police use-of-force training a secret https://pluralistic.net/2020/06/26/police-riots/#post-due

#1yrago Cleantech has an enshittification problem https://pluralistic.net/2024/06/26/unplanned-obsolescence/#better-micetraps

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • Enshittification: Why Everything Suddenly Got Worse and What to Do About It, Farrar, Straus, Giroux, October 7 2025
    https://us.macmillan.com/books/9780374619329/enshittification/

  • Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026

  • The Memex Method, Farrar, Straus, Giroux, 2026


Colophon (permalink)

Today's top sources:

Currently writing:

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

15:21

Link [Scripting News]

The longest continuously updated RSS feed in the known universe.

15:14

Jonathan Dowland: Viva [Planet Debian]

On Monday I had my Viva Voce (PhD defence), and passed (with minor corrections).

Post-viva refreshment

Post-viva refreshment

It's a relief to have passed after 8 years of work. I'm not quite done of course, as I have the corrections to make! Once those are accepted I'll upload my thesis here.

15:07

Seven more stable kernel updates [LWN.net]

Kernel versions 6.15.4, 6.12.35, 6.6.95, 6.1.142, 5.15.186, 5.10.239, and 5.4.295 have all been released.

Security updates for Friday [LWN.net]

Security updates have been issued by Debian (freeradius and icu), Fedora (clamav, glow, libssh, perl-Crypt-OpenSSL-RSA, perl-CryptX, podman, trafficserver, and xorg-x11-server), Mageia (gdk-pixbuf2.0 and thunderbird), Red Hat (osbuild-composer and weldr-client), SUSE (afterburn, google-osconfig-agent, libblockdev, pam, python-tornado6, screen, and yelp-xsl), and Ubuntu (libxslt and python-pip).

12:56

Windows gets new “blue” screen of death and automated boot recovery [OSnews]

The blue screen of death has been such a core part of Windows that’s it’s become part of humanity’s collective consciousness. They’re not nearly as common anymore as they used to be back in the Windows 9x and early Windows XP days, but they do still occasionally when dealing with broken hardware, shoddy drivers, or other such faults.

Well, the blue screen of death is losing its eponymous blue colour, and will now clearly mention the stop code and where – in which driver – the kernel panic occurred.

The Windows 11 24H2 release included improvements to crash dump collection which reduced downtime during an unexpected restart to about two seconds for most users. We’re introducing a simplified user interface (UI) that pairs with the shortened experience. The updated UI improves readability and aligns better with Windows 11 design principles, while preserving the technical information on the screen for when it is needed.

↫ David Weston at the Windows Blogs

This is part of a new feature in Windows 11 called quick machine recovery, or QMR. If a Windows PC gets stuck in a boot loop, ending up in the Windows Recovery Environment, Microsoft can now deploy fixes and remediations through WinRE. This feature will become available later this year by default on Windows 11 Home, while on Windows 11 Pro and Enterprise, administrators can control how this feature works.

So far, it seems QMR is only intended to be used for widespread outages, but I wonder if it would be possible to eventually use QMR locally. It would be pretty neat if Microsoft released the server-side component of QMR so individuals can run and (ab)use it locally for their own machines.

12:21

Error'd: Button, button, who's got the button? [The Daily WTF]

Wikipedia describes the (very old) English children's game. I wonder if there's a similar game in Germany. In any case, the Worcester News is definitely confused about how this game is played.

Martin I. explains "This is a cookie acceptance dialog. It seems to struggle with labeling the buttons when the user's browser is not set to English ..."

2

 

In Dutch, Robert R. is playing a different game. "Duolingo is teaching users more than just languages - apparently web development fundamentals are included when HTML entities leak into the user interface. That's one way to make " " part of your vocabulary!" We wonder why the webdev would want to use a nbsp in this location.

1

 

Ninja Squirrel shares a flubstitution nugget. "Since I've been waiting a long time for a good deal on a new gaming keyboard and the Logitech Play Days started today, I thought I'd treat myself. I wasn't prepared for what Logitech then treated me to - free gifts and wonderful localization errors in the productive WebShop. What started with a simple “Failed to load resource [Logitech.checkout.Total]” in the order overview ended with this wonderful total failure after the order was placed. What a sight to behold - I love it! XD"

4

 

David P. imagines that Tesla's web devs are allowed near embedded systems. "If Tesla can't even do dates correctly, imagine how much fun Full Self Driving is." Given how often FSD has been promised imminently, I conclude that date confusion is simply central to the corporate culture. Embrace it.

3

 

But it's not only Tesla that bungles whens. Neil T. nails another big name. "Has Google's Gemini AI hallucinated a whole new calendar? I'm pretty sure the Gregorian calendar only has 30 days in June."

0

 

And that's it for this week. Next Friday is definitely not June

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

As hot as possible [Seth's Blog]

At sea level, water boils at 100 degrees C. It doesn’t matter how much more heat you use, steam is what you get.

It turns out that water this hot makes lousy coffee. Tea too.

And an amp turned up to 11 doesn’t sound that good.

Just because we can send more emails, hustle a bit harder or run the machine until it is at capacity doesn’t mean we should.

12:07

The Age of Integrity [Schneier on Security]

We need to talk about data integrity.

Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks.

More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and eventually deleted. Integrity-related incidents include malicious actions, but also inadvertent mistakes.

We tend not to think of them this way, but we have many primitive integrity measures built into our computer systems. The reboot process, which returns a computer to a known good state, is an integrity measure. The undo button is another integrity measure. Any of our systems that detect hard drive errors, file corruption, or dropped internet packets are integrity measures.

Just as a website leaving personal data exposed even if no one accessed it counts as a privacy breach, a system that fails to guarantee the accuracy of its data counts as an integrity breach – even if no one deliberately manipulated that data.

Integrity has always been important, but as we start using massive amounts of data to both train and operate AI systems, data integrity will become more critical than ever.

Most of the attacks against AI systems are integrity attacks. Affixing small stickers on road signs to fool AI driving systems is an integrity violation. Prompt injection attacks are another integrity violation. In both cases, the AI model can’t distinguish between legitimate data and malicious input: visual in the first case, text instructions in the second. Even worse, the AI model can’t distinguish between legitimate data and malicious commands.

Any attacks that manipulate the training data, the model, the input, the output, or the feedback from the interaction back into the model is an integrity violation. If you’re building an AI system, integrity is your biggest security problem. And it’s one we’re going to need to think about, talk about, and figure out how to solve.

Web 3.0 – the distributed, decentralized, intelligent web of tomorrow – is all about data integrity. It’s not just AI. Verifiable, trustworthy, accurate data and computation are necessary parts of cloud computing, peer-to-peer social networking, and distributed data storage. Imagine a world of driverless cars, where the cars communicate with each other about their intentions and road conditions. That doesn’t work without integrity. And neither does a smart power grid, or reliable mesh networking. There are no trustworthy AI agents without integrity.

We’re going to have to solve a small language problem first, though. Confidentiality is to confidential, and availability is to available, as integrity is to what? The analogous word is “integrous,” but that’s such an obscure word that it’s not in the Merriam-Webster dictionary, even in its unabridged version. I propose that we re-popularize the word, starting here.

We need research into integrous system design.

We need research into a series of hard problems that encompass both data and computational integrity. How do we test and measure integrity? How do we build verifiable sensors with auditable system outputs? How to we build integrous data processing units? How do we recover from an integrity breach? These are just a few of the questions we will need to answer once we start poking around at integrity.

There are deep questions here, deep as the internet. Back in the 1960s, the internet was designed to answer a basic security question: Can we build an available network in a world of availability failures? More recently, we turned to the question of privacy: Can we build a confidential network in a world of confidentiality failures? I propose that the current version of this question needs to be this: Can we build an integrous network in a world of integrity failures? Like the two version of this question that came before: the answer isn’t obviously “yes,” but it’s not obviously “no,” either.

Let’s start thinking about integrous system design. And let’s start using the word in conversation. The more we use it, the less weird it will sound. And, who knows, maybe someday the American Dialect Society will choose it as the word of the year.

This essay was originally published in IEEE Security & Privacy.

10:35

08:49

08:28

Urethral Rifling [Penny Arcade]

New Comic: Urethral Rifling

08:14

Driving Us Mad [George Monbiot]

A massive new road scheme will solve precisely nothing, while costing the Earth.

By George Monbiot, published in the Guardian 24th June 2025

There appear to be two main determinants of what infrastructure gets built. The first is whether it provides large and lucrative contracts for powerful corporations. The second is whether ministers can pose beside it in hard hats and yellow jackets. Otherwise, it is hard to explain the decisions made.

Both determinants favour large and spectacular schemes. Big corporations don’t want to dabble in minor improvements: real money comes from prestige projects over which governments cannot afford to lose face, ensuring that they keep throwing cash, however high the budget spirals. And few ministers want to pose beside a new bus stop: a grand ego demands a grand setting.

Last week, the government quietly flicked another £590m at the planned Lower Thames Crossing, to the east of London. That’s the kind of money other public services must beg for. Compare it, for example, with the funding allocated in this month’s spending review for local amenities such as parks, libraries and swimming pools. Across the whole of England, they received £350m. But the extra money for the Lower Thames Crossing buys less than a mile of road. It means that the total costs of the scheme, according to the government, have risen to £9.2bn, for 14 miles of road.

Even this is a major underestimate. As the Transport Action Network (Tan) points out, several aspects of the project, such as necessary upgrades to junctions and connecting roads, to take the extra traffic, have been excluded from the total, disguising the full cost. TAN estimates it at £16bn. That’s more than all the new money (£15bn) trumpeted by Rachel Reeves this month for buses, trains and trams in England, outside London. It’s seven times as much as the Treasury allocated to fixing England’s school classrooms. Or the government could use it to double the amount invested in the National Housing Bank, to build social and affordable homes: which, by contrast, we need.

The benefit-cost ratio (BCR) is shocking, whichever way you slice it. Using the official figure for costs, the government body National Highways estimated the BCR at 0.48: in other words, a net loss of 52 pence for every pound spent. It then threw in some vaguely defined “wider economic benefits” to deliver an “adjusted BCR” of 1.22. That’s still low value for money. Compare it with fixing potholes and maintaining local roads, which has a BCR of 7, officially “very high” value for money. Oh, and guess what? The maintenance backlog for England’s local roads is just over £16bn.

I asked the Campaign for Better Transport to estimate what else might be done with the official figure of £9.2bn. It told me the money would enable every community in England to have what the government defines as a “reasonable level” of bus services for the next nine years. Or it could pay for 11,400 miles (18,400km) of cycle lanes, or 5,700 miles (9,200km) of bus lanes.

So why is this vastly expensive white elephant endlessly inflated while crucial services and benefits are cut? The clue is the “vastly expensive” bit: a single project on this scale can be extremely lucrative for large corporations, and they will lobby for it with commensurate vigour.

The government insists the new road will relieve congestion. But even 30 years ago, official assessments showed that new roads generate new traffic, a phenomenon called “induced demand”. They shift congestion to the next pinch point, which becomes another issue for the government to solve: jobs-for-life for the construction industry. Using modelling data from National Highways, Thurrock council estimates that traffic on the Dartford crossing, which the new road is supposed to relieve, will return to current levels in just five years. Given that the Lower Thames Crossing will take at least seven years to build, with massive disruption throughout, it’s hard to detect the public benefit. It will also funnel more traffic on to the M25, A13 and M2, greatly increasing congestion.

TAN has done what successive governments, astonishingly, have failed to do: commissioned a report on how demand for freight and passenger transport in the region and on the wider network might best be met. It found that new heavy freight and passenger rail connections would provide a far more effective solution, at roughly a quarter of the price. Even with added rail loading gauge upgrades and electrification, bus routes, ferries and trams, this approach would remain far cheaper, while meeting public need, reducing pollution and social exclusion and catalysing the long-overdue transition to rail freight in the UK.

But neither successive governments nor National Highways have seriously examined such alternatives to the crossing. For the past 60 years, the answer has been roads, regardless of the question. Not only has National Highways ignored other means of solving the problem, it has become promoter as well as planner of the scheme, engaging in a public relations offensive that looks to me like a crashing conflict of interest. If you want what transport planners call a “modal shift” from one kind of travel to another, first you need a conceptual shift. But we won’t get it from existing agencies. National Highways is a relic of another age, unfit for purpose, driving us towards disaster. It should be scrapped.

The greatest costs of schemes such as this are felt not in our tax bills, but in our bodies, minds and surroundings. The government estimates the new road will generate 6.6m tonnes of carbon dioxide. It would greatly increase both air pollution and traffic noise, and commit us to an even greater extent to car driving, with all its destructive implications for health, fitness and mental wellbeing, community cohesion and social attitudes.

As a rule, though there are exceptions, what improves our lives are multiple small interventions, tailored to local needs and responsive to local democracy. What damages our lives are prestige projects tailored to the demands of big finance and corporate shareholders. The capital behind them, that sometimes seems more powerful than governments, treats democracy and public need as traffic engineers treat pedestrians – obstacles to be designed out of the way.

Sometimes big infrastructure is necessary, but at all times it is a threat to democracy. This is why governments should approach it with caution and scepticism. Instead, they act as hucksters for corporate boondoggles. Such schemes allow politicians to stamp their mark on the nation, to don the hard hat and announce: “I did this.” Look on my works, ye mighty …

One measure of a nation’s success is the extent to which it can reduce its dependence on road transport, in favour of inclusive, low-impact travel. Our government seems committed to failure.

www.monbiot.com

05:56

Girl Genius for Friday, June 27, 2025 [Girl Genius]

The Girl Genius comic for Friday, June 27, 2025 has been posted.

03:35

No Hugging [QC RSS]

MEANWHILE:

01:14

00:28

Bits from Debian: AMD Platinum Sponsor of DebConf25 [Planet Debian]

amd-logo

We are pleased to announce that AMD has committed to sponsor DebConf25 as a Platinum Sponsor.

The AMD ROCm platform includes programming models, tools, compilers, libraries, and runtimes for AI and HPC solution development on AMD GPUs. Debian is an officially supported platform for AMD ROCm and a growing number of components are now included directly in the Debian distribution.

For more than 55 years AMD has driven innovation in high-performance computing, graphics and visualization technologies. AMD is deeply committed to supporting and contributing to open-source projects, foundations, and open-standards organizations, taking pride in fostering innovation and collaboration within the open-source community.

With this commitment as Platinum Sponsor, AMD is contributing to the annual Debian Developers’ Conference, directly supporting the progress of Debian and Free Software. AMD contributes to strengthening the worldwide community that collaborates on Debian projects year-round.

Thank you very much, AMD, for your support of DebConf25!

Become a sponsor too!

DebConf25 will take place from 14 to 20 July 2025 in Brest, France, and will be preceded by DebCamp, from 7 to 13 July 2025.

DebConf25 is accepting sponsors! Interested companies and organizations may contact the DebConf team through sponsors@debconf.org, and visit the DebConf25 website at https://debconf25.debconf.org/sponsors /become-a-sponsor/.

Thursday, 26 June

22:56

Ticket Alert: Maroon 5, Adam Sandler, and More Seattle Events Going On Sale This Week [The Stranger]

Plus, Burna Boy and More Event Updates for June 26
by EverOut Staff

Get your credit cards ready ’cause these tickets are comin’ in hot. Frontman Adam Levine and the Maroon 5 crew will return to Seattle on the heels of their eighth studio album, Love Is Like. Basketball shorts enthusiast and comedy icon Adam Sandler embarks on a new tour this fall. “African Giant” Burna Boy will show no sign of weakness when he stops by Climate Pledge in November. Plus, Neil Young and the Chrome Hearts have been added to Chateau Ste. Michelle’s summer concert series. Read on for details on those and other newly announced events, plus some news you can use.

ON SALE FRIDAY, JUNE 27

MUSIC

Between the Buried and Me & Hail The Sun
The Crocodile (Mon Oct 13)

Boris: Pink 20th Anniversary Tour
The Crocodile (Mon Nov 17)

Burna Boy: No Sign Of Weakness Tour
Climate Pledge Arena (Sun Nov 16)

22:07

Snow, a new classic Macintosh emulator [OSnews]

The world isn’t short of classic Macintosh emulators, but one more certainly cannot hurt.

Snow emulates classic (Motorola 680×0-based) Macintosh computers. It features a graphical user interface to operate the emulated machine and provides extensive debugging capabilities. The aim of this project is to emulate the Macintosh on a hardware-level as much as possible, as opposed to emulators that patch the ROM or intercept system calls.

It currently emulates the Macintosh 128K, Macintosh 512K, Macintosh Plus, Macintosh SE, Macintosh Classic and Macintosh II.

↫ Snow’s homepage

Snow is written in Rust and open source under the MIT license.

Microsoft is moving antivirus providers out of the Windows kernel [OSnews]

It’s been nearly a year since a faulty CrowdStrike update took down 8.5 million Windows-based machines around the world, and Microsoft wants to ensure such a problem never happens again. After holding a summit with security vendors last year, Microsoft is poised to release a private preview of Windows changes that will move antivirus (AV) and endpoint detection and response (EDR) apps out of the Windows kernel.

↫ Tom Warren at The Verge

After the CrowdStrike incident, one of the first things Microsoft hinted as was moving antivirus and EDR applications out of the kernel, building an entirely new framework for these applications instead. The company has been working together with several large security vendors on these new frameworks and APIs, and it’s now finally ready to show off this new work to the outside world. Instead of designing the new frameworks and APIs in-house and just dumping them on the security vendors, Microsoft requested the security vendors send them detailed documentation on how they want the new frameworks and APIs to work.

This first preview of the new implementation will be private, and will allow security vendors to request changes and additional features. Microsoft states it will take a few iterations before it’s ready for general availability, and on top of that, security software is only the first focus of this new effort. It turns out Microsoft wants to move more stuff out of the kernel, with anti-cheat software – more accurately described as rootkits, like Riot’s Vanguard – being an obvious next target.

Perhaps this effort could have some beneficial side effects for gaming on Linux, which you should be doing anyway if you want better performance, because Windows games seem to perform better on Linux than they do on Windows.

21:56

Link [Scripting News]

I, like a lot of other people, assumed that Americans would be terrible at authoritarianism. Shows we have a lot to learn. Americans are pretty good at it it turns out.

Link [Scripting News]

Krugman doesn’t understand what’s coming for NYC. And doesn’t understand the leadership Cuomo uniquely provided at the height of Covid. It’s pretty likely what’s starting in NYC will be worse than Covid or 9-11. Funny thing is Krugman did get it, a few weeks ago when the crisis in Los Angeles was peaking. He wrote a piece that was terrified, and realistic. The National Guard had been nationalized. Marines were invading California. But now that Calif hasn't been in the news, it's easy to swing back. I bet if the election had happened during the worst of it, Cuomo would've won.

21:21

PNG gets its first specification update in 20 years [OSnews]

Jokes aside, this is exciting news. PNG is back to its former glory after its progress stalled for over two decades. Did you know the U.S. Library of Congress, Library and Archives Canada, and the National Archives of Australia recommend PNG? It is important that we keep PNG current and competitive. After 20 years of stagnation, PNG is back with renewed vigor!

[…]

With these titans behind it, the image format is back with full momentum. Work has already begun on the next two PNG spec updates.

↫ Chris Blume

The new PNG specification update adds proper HDR support, which is probably its most important new features. Chris Lilly, one of the original creators of PNG and actively involved in these new updates as well, has a detailed blog post diving into how HDR in PNG works. Other changes include officially adding Mozilla’s animated PNG implementation to PNG, support for EXIF data, and a ton of smaller changes and cleanups.

20:35

06/26/25 [Flipside]

Gonna be at Akai Con artist alley this weekend, in Lebanon Tenessee!

20:21

Rust 1.88.0 released [LWN.net]

Version 1.88.0 of the Rust language has been released. Changes include the ability to chain let expressions, "naked" functions that have no compiler-generated prologue or epilogue, automatic garbage collection in cargo, a set of stabilized APIs, and more.

20:07

The Big Idea: Kelli Estes [Whatever]

When strangers meet on the road, can lives change? What if those strangers are something other than just strangers? With Smoke on the Wind, author Kelli Estes has a chance encounter for the ages… in more ways than one.

KELLI ESTES:

When I started writing my novel, Smoke on the Wind, I thought it would be just like my last two: a dual timeline where the present-day protagonist learns about history taking place in the historical storyline and it changes her life in some way. But then, wouldn’t you know it, my historical protagonist ends up seeing my present-day characters walking past her on the road and her journey alters because of it.

Wait. What? I reached for the delete key but then stopped. What if I left that in? What if she – a woman in 1801 Scotland – really does see a woman and her son from 2025? What would that mean to her? What would that mean to the story?

Now, before we go any further, let me explain that I do not write science-fiction or fantasy. I write historical fiction, dual narrative, sometimes referred to as women’s fiction. We in this genre tend to stick to historical facts and realism. Readers will light our inboxes on fire if we alter history or get too, as one reader put it, “woo-woo.” (She was referring to a harbor seal that keeps reappearing to my character in a previous novel. Something tells me she really won’t like what’s happening in Smoke on the Wind!)

But, reservations aside, the idea felt exciting. And, even more, it felt possible. I don’t know about you, but I’ve seen ghosts. I’ve recalled past life memories. I’ve seen movement out of the corner of my eye when no one was there and known I was seeing the lingering energy of someone who’d been there before me.

Even more, this book is set in Scotland, a place that feels mysterious and magical, where generations of people believed that Fairy Folk helped keep their livestock safe and peering through a hole in a stone could show you the future. When I’m in Scotland walking the hills and glens, especially when I know the history of what once occurred on that land, I can feel the spirits of the people who came before me as though they are standing right beside me. In other words, the veil is thin in Scotland and it wouldn’t surprise me one bit to find myself touching a standing stone and traveling back in time or turning a corner and bumping into someone who’d lived three hundred years in the past.

Smoke on the Wind is set on Scotland’s most popular long-distance hiking trail, the West Highland Way. It is dual timeline meaning that there is a historical story interwoven with a present-day story and, together, they address themes such as identity, what makes a home, and the bond between mothers and sons. Because both stories occupy the same geographic space, they rub up against each other even though they are separated by over 200 years.

My present-day character, Keaka, learns about the historical character’s life which influences the trajectory of her own life. But, also, my historical character, Sorcha, sees glimpses of Keaka, which in turn, affects her life and the decisions she makes. I stuck to the facts of history – the Highland Clearances and Scotland in 1801 – but I allowed a bit of magic to come through, and I think the story works as a result. After all, we don’t really know if our own decisions are being influenced by whispers from the past, or even from the future.

As I wrote, I intended to stick with vague connections between the two women that could easily be explained away – a glimpse here and there, a whispered voice on the wind, a carving on a stone. But then I reached a scene near the midpoint of the story when, suddenly, the two women are standing face-to-face. I won’t spoil the book, so I’ll leave this vague and simply say that it’s not time-travel, but the women do see each other and communicate. I feel excited every time I think back to that scene because it feels so possible to me. Surely if I just squint hard enough, someone from another time period will appear to me, right?

It’s that sense of possibility that makes me love this story so much. Well, that and all the other things woven through the story that I equally love – the Highland Clearances, moms and sons, long-distance hiking, slow travel, visiting historic sites and feeling the weight still present, personal reinvention, the Scottish Gaelic language. Smoke on the Wind blurs time just enough that all things seem possible. History is relevant to our lives today, but maybe we’re relevant to it, too.

Smoke on the Wind: Amazon|Barnes & Noble|Bookshop|Powell’s

Author Socials: Web site|Facebook|Instagram

Read an excerpt here.

19:00

Slog AM: Councilmember Rinck Pulls Off a Progressive Tax Miracle, SCOTUS Allows States to Defund Planned Parenthood, and Dolly Parton Is a Gift to Us All [The Stranger]

The Stranger's morning news roundup. by Hannah Murphy Winter

Rinck Pulls Off a Miracle: We might get some progressive revenue in the ass-backward city, and Mayor Harrell is actually on board. (Look at him talking about progressive taxation at the podium!) Yesterday afternoon, Councilmember Alexis Mercedes Rinck introduced a plan to restructure Seattle’s tax code. Called the Seattle Shield Initiative, it would shift one of our key business taxes (the B&O tax) so it only taxes the highest-grossing companies in the city, at a higher rate. It manages to do two essential things at once: reduce the tax burden on small businesses that are likely to struggle more as Trump sows more chaos, and raises more tax dollars from our bigger businesses, bringing in an extra $90 million to our struggling city budget. The Chamber of Commerce is already mad about it, which is usually a good sign. Changing the tax code isn’t a fast process, though, especially if we don’t want it to turn into a slush fund. To move forward, the City Council will have to vote to approve it before the primary on August 5. If they do, we’ll get to vote to implement it in the November election. 

Wilson Claps Back: Mayoral candidate Katie Wilson won’t give Harrell the win here—and for good reason. As part of her work with the Seattle Revenue Stabilization Workgroup, Wilson had proposed a similar progressive revenue option in 2023, but the Mayor never acted on it. “In the absence of leadership from Mayor Harrell, Seattle is lucky that Councilmember Rinck has stepped up to propose new progressive revenue to help sustain vital services that our residents depend on,” she wrote in a press release. “It’s disappointing that it takes the threat of being unseated for our mayor to do the right thing. We need a mayor who will responsibly manage the city budget and lead on progressive revenue every year they are in office, not just in an election year.” 

The Weather: We’ve got some clouds and a little rain. It’s just Seattle getting it all out of her system so she doesn’t dump on us over the weekend. 

Reykdal Saves Dolly’s Library: Did you know that Dolly Parton founded a project called the Imagination Library that mails children a book a month for the first five years of their lives for free? We didn’t either! Until the state legislature slashed the state funding for it in the last budget. But never fear, Chris Reykdal, the state Superintendent of Public Instruction, swooped in with funding, so 120,000 kids will still get to participate in this literacy program. I’m glad someone had the good sense to not fuck with Dolly during Pride month. 

SCOTUS Disappoints, Again: This morning, the Supreme Court ruled that it was constitutional for states to cut off Medicaid funding from Planned Parenthood. To be clear: no federal dollars have ever gone to abortion care, because our pearl-clutching representatives can’t bear to be implicated in reproductive healthcare. These are public dollars that would go to spooky scary things like cancer screening, pregnancy and STI testing, and birth control. The ruling determined that patients can’t sue over a key provision in Medicaid law that allows patients to choose their own qualified provider. 

Brace Yourself for More: We’re coming to the end of the Supreme Court’s term, and they still have six cases left to decide, including Trump’s challenge to birthright citizenship, a Texas case trying to ban kids from seeing online porn, and a religious freedom case that could allow bans on LGBTQ books in public schools. They’re all coming in tomorrow. Let’s fucking go.

Speaking of SCOTUS: It’s the tenth anniversary of Obergefell v. Hodges, which made same-sex marriage the law of the land. Just in time for the Christian Evangelical Right to start gunning for it again

Family Sues SPS: The parents of a former Nathan Hale High School student are suing Seattle Public Schools, alleging the district failed to protect her from months of antisemitic harassment. The lawsuit, filed this month, shows photos of swastikas drawn around campus, and says that students told her “Hitler’s plan should have worked.” Meanwhile, they claim, the school didn’t even send out a building-wide email addressing the swastikas popping up all over the building. The school didn’t respond to the Seattle Times, saying they would address all of the claims in court filings. 

Melt ICE: Federal employees picketed outside the federal building yesterday, demanding that ICE get the hell out of their workplace. “I’ve been very disturbed to see my workplace turned into a war zone by ICE,” Caroline McConnell, who works at the federal building, told KIRO Newsradio. “A federal building is supposed to be a safe place where the people can come and receive services and be treated with respect. It should not be a place of terror, but ICE has turned my workplace into a place of terror.” According to their union, federal employees reported being shoved, intimidated, harassed, and stared down by ICE agents. Who put that in their job description?

I Hate Us Sometimes: Since the November election, Democrats have argued that Trump won because we had such low voter turnout. But new data from Pew Research has some bad news: if more people had showed up, Trump would have done even better. Turns out, Kamala lost because millions of young, nonwhite voters who historically would have voted for the Dem in the race, voted for Trump. We’ve got a year until the midterms, so the party needs to get their shit together, and fast. 

Pete Hegseth Is Mad: After the media criticized Donald Trump’s strikes on Iranian nuclear sites—and multiple outlets and officials doubted their success—Defense Secretary Hegseth, who insists the strikes were “the most complex and secretive military operation in history” and a “resounding success,” lashed out at the media during a press conference and read aloud quotes from sources that news outlets did not include in their coverage like a disappointed Dad chiding his son about his report card. Not how journalism works, Pete-O! 

The Space Curse Continues: Katy Perry and Orlando Bloom have broken up. Space changes people. 

Go Do Something Gay Today: Specifically, go to the Perfume Genius show at Showbox. Mike Hadreas is a Seattle native and he and his partner Alan Wyffels have been making beautiful gay shit together for 15 years. “I'm looking forward to seeing this album performed live because, in my head, people dance to it like the girl in Sia's "Chandelier" video,” EverOut staff writer Shannon Lubetich writes. “Get there early, the show opens with Gothic-inspired rock artist Storefront Church, who's a friend of Phoebe Bridgers.” Want a taste before you go? Try this delightfully unhinged music video from their single with Aldous Harding. 

18:49

Oracle Linux 10 released [LWN.net]

Version 10 of the Oracle Linux distribution has been released.

Oracle Linux 10 is now generally available for 64-bit Intel and AMD (x86_64) and 64-bit Arm (aarch64) platforms. Oracle Linux 10 delivers robust security and exceptional performance for business agility and demanding workloads at cloud scale. Key features include modernized cryptographic capabilities, advancements in developer tooling, and innovations for resilient infrastructure.

Pluralistic: Surveillance is inequality's stabilizer (26 Jun 2025) [Pluralistic: Daily links from Cory Doctorow]


Today's links


A set of antique brass scales. In one is the staring red eye of HAL 9000 from Stanley Kubrick's '2001: A Space Odyssey.' In the other is a chibi guillotine character. In the foreground are the backs of a crowd of Victorian onlookers. The background is a tangled forest of Trump's hair.

Surveillance is inequality's stabilizer (permalink)

The "dictator's dilemma" pits a dictator's desire to create social stability by censoring public communications in order to prevent the spread of anti-regime messages with the dictator's need to know whether powerful elites are becoming restless and plotting a coup:

https://pluralistic.net/2023/07/26/dictators-dilemma/#garbage-in-garbage-out-garbage-back-in

Closely related to the dictator's dilemma is "authoritarian blindness," where an autocrat's censorship regime keeps them from finding out about important, socially destabilizing facts on the ground, like whether a corrupt local official is comporting themself so badly that the people are ready to take to the streets:

https://pluralistic.net/2020/02/24/pluralist-your-daily-link-dose-24-feb-2020/#thatswhatxisaid

The modern Chinese state has done more to skillfully navigate the twin hazards of the dictator's dilemma and authoritarian blindness than any other regime in history. Take Xi Jinping's 2012-2015 anticorruption purge, which helped him secure another ten year term as Party Secretary. Xi targeted legitimately corrupt officials in this sweeping purge, but – crucially – he only targeted corrupt officials in the power-base of his rivals for Party leader, while leaving corrupt officials in his own power base unscathed:

https://web.archive.org/web/20181222163946/https://peterlorentzen.com/wp-content/uploads/2018/11/Lorentzen-Lu-Crackdown-Nov-2018-Posted-Version.pdf

How did Xi accomplish this feat? Through intense, fine-grained surveillance, another area in which modern China excels. Chinese online surveillance is often paired with censorship, both petty (banning Winnie the Pooh, whom Xi is often mocked for resembling) and substantial (getting Apple to modify Airdrop for every user in the world in order to prevent the spread of anti-regime messages before a key Party leadership contest).

But there are a lot of instances where China spies on its people but doesn't censor them, even if they are expressing dissatisfaction with the government. Chinese censors allow a surprising amount of complaint about official incompetence, overreach and corruption, but they completely suppress any calls for mobilization to address these complaints. You can be as angry as you want with the government online, but you can't call for protests to do something about it:

https://www.science.org/doi/10.1126/science.1251722

This makes perfect sense in the context of "authoritarian blindness": by allowing online complaint, an autocrat can locate the hot-spots where things are reaching a boiling-over point, and by blocking public manifestations, the autocrat can prevent the public from turning their failings into a flashpoint that endangers the autocracy.

In other words, autocrats can reserve to themselves the power to decide how to defuse public anger: they can suppress it, using surveillance data about the people who led the online debate about official failures to figure out who to intimidate, arrest, or disappear. Or they can address it through measures like firing corrupt local officials or funding local social programs (toxic waste cleanups, smokestack regulation, building schools and hospitals, etc) that make people feel better about their government.

Autocracy is an inherently unstable social situation. No society can deliver everything that everyone in it desires: if you tear down existing low-density housing and build apartment blocks to decrease a housing shortage, you'll delight people who are un- or under-housed, and you'll infuriate people who are happily housed under the status quo. In every society, there's always someone getting their way at the expense of someone else.

Obviously, widespread unhappiness is inherently socially destabilizing. After all, no society can police every action of every person. From littering to parking in disabled parking spots, from paying your taxes to washing your hands before serving food, a society relies primarily on people following the rules even though they face little to no risk of being punished for breaking them. The easiest way to get people to follow the rules is to foster a sense of the rules' legitimacy: people may not agree with or understand the rationale for a rule, but if they view the process by which the rule was decided on as a legitimate one, then they may follow it anyway.

This legitimacy is a source of social stability. Sure, your candidate might lose the election, or the government might enact a policy you hate, but if you think the election was fair and you believe that you can change the policy through democratic means, then you will be on the side of preserving the system, rather than overturning it.

A democracy's claim to legitimacy lies in its popular mandate: "Sure, I don't like this decision, but it was fairly made." By contrast, a dictator's legitimacy comes from their claims to wisdom: "Sure, I don't like this decision, but the Supreme Generalissimo is the smartest man in history, and he says it was the right call."

You can see how this is a brittle arrangement, even if the dictator is a skilled autocrat who makes generally great decisions: even a great decision is going to have winners and losers, and it might be hard to convince the losers that they keep losing because they deserve to lose. And that's the best outcome, where an autocrat is right. But what about when the autocrat is wrong? What about when the autocrat makes a bunch of decisions that make nearly everyone consistently worse off, either because the autocrat is a fool, or because they are greedy and are stealing everything that isn't nailed down?

Every society needs stabilizers, but autocracies need more stabilizers than democracies, because the story about why you, personally, are getting screwed is a lot less convincing in an autocracy ("The autocrat is right and you are wrong, suck it up") than it is in a democracy ("This was the fairest compromise possible, and if it wasn't, we need to elect someone new so it changes").

The Snowden revelations taught us that there is no distinction between commercial surveillance and government surveillance. Governments spy, sure, but the most effective way for governments to spy on us is by raiding the data troves assembled by technology companies (for one thing, these troves are assembled at our own expense – we foot the bill for this spying whenever we send money to a phone or tech company). The tech companies were willing participants in this process: the original Snowden leak, about the "PRISM" program, showed how tech companies made millions of dollars by siphoning off user data to the NSA on demand:

https://en.wikipedia.org/wiki/PRISM

It was only later that we learned about another NSA program, "Upstream," through which the NSA was wiretapping the tech companies' data-centers, acquiring all of their user data, and then requesting the data that interested them through PRISM, as a form of "parallel construction," which is when an agency learns a fact through a secret system, and then uses a less-secret system to acquire the same fact, in order to maintain the secrecy of the first system:

https://www.eff.org/pages/upstream-prism

Upstream really pissed off the tech companies. After all, they'd been dutifully rolling over and handing out their users' data in violation of US law, risking their businesses to help the NSA do mass spying, and the NSA paid them back by secretly spying on the tech companies themselves! That's a hell of a way to say thank you to your co-conspirators. After Upstream, the tech companies finally started encrypting the links between their data-centers, which made Upstream-style collection infinitely harder:

https://arstechnica.com/information-technology/2013/11/yahoo-will-encrypt-between-data-centers-use-ssl-for-all-sites/

But that hardly ended the mass surveillance private-public partnership. Congress continued to do nothing about privacy (the last federal consumer privacy law Congress gave Americans is 1988's Video Privacy Protection Act, which bans video store clerks from telling newspapers about the VHS cassettes you take home) (we used to be a country). That meant that tech companies could collect our data will-ye or nil-ye, and that data brokers could buy and sell that data without any oversight or limitation:

https://pluralistic.net/2025/02/20/privacy-first-second-third/#malvertising

There's many reasons that Congress failed to act on privacy. Obviously, they face immense pressure from lobbyists for the commercial surveillance industry – but they also face covert and powerful pressure from public safety agencies, cops, and spies, who rely on private sector data as a source of off-the-books, warrantless, ubiquitous surveillance.

Why does America need so much spying? Well, because America has always been imperfectly democratic, from its inception as a enslaving nation where millions of people were denied both the ballot and personhood; and as a patriarchal nation where half of the remaining people were also denied the franchise; and as a colonialist nation where an entire culture of people had been subject to genocide, land theft, and systematic oppression. This is an obviously unstable arrangement. Whether in chains, on a reservation, or under the thumb of a husband or father, there were plenty of Americans who had no reason to buy into the system, accept its legitimacy, or follow its rules. To keep the system intact, it wasn't enough to terrorize these populations – America's rulers had to know where to inflict terror, which is to say, where order was closest to collapsing.

Some of America's first spies were private sector union-busters, the Pinkerton agency, who served as a private spy army for bosses who wanted to find the leverage points in the worker uprisings that swept the country. The Pinkertons' pitch was that it was cheaper to pay them to figure out who the most important union leaders were and target them for violence, kidnapping, and killing than it was to give all your workers a raise.

This is an important aspect of the surveillance project. Spying is part of a broader class of activities called "guard labor" – anything you might pay someone to do that results in fewer guillotines being built on your lawn. Guard labor can be paying someone to build a wall around your estate or neighborhood. It can be paying security guards to patrol the wall. It can be paying for CCTV operators, or drone operators. It can be paying for surveillance, too.

Guard labor isn't free. The pitch for guard labor is that it is a cheaper way to get social stability than the alternative: building schools and hospitals, paying a living wage, lowering prices, etc. It follows that when you make guard labor cheaper, you can build fewer schools and hospitals, pay lower wages, and raise prices more, and buy more guard labor to counter the destabilizing effect of these policies, and still come out ahead.

American politics have been growing ever more unstable since the 1970s, when the oil crisis gave way to the Reagan revolution and its raft of pro-oligarch, anti-human policies. Since then, we've seen an unbroken trend to wage stagnation and widening inequality. As a new American oligarch class emerged, they gained near-total control over the levers of power. In a now-famous 2014 paper, political scientists reviewed 1,779 policy fights and found that the only time these cashed out in a way that reflected popular will is when elites favored them, too. When elites objected to something, it literally didn't matter how popular it was with everyone else, it just didn't happen:

https://www.cambridge.org/core/journals/perspectives-on-politics/article/testing-theories-of-american-politics-elites-interest-groups-and-average-citizens/62327F513959D0A304D4893B382B992B

It's pretty hard to make the case that the system is legitimate when it only does things that rich people want, and never does things the vast majority of people want when these conflict with rich peoples' desires. Some of these outcomes are merely disgusting and immoral, like abetting genocide in Gaza, but more frequently, the policies elites favor are ones that make the rich richer: climate inaction, blocking Medicare for All, smashing unions, dismantling anti-corruption and campaign finance laws.

I don't think it's a coincidence that America's democracy has become significantly less democratic at the same time that mass surveillance has grown. Mass surveillance makes guard labor much cheaper, which means that the rich can make their lives better at all of our expense and still afford the amount of guard labor it takes to keep the guillotines at bay.

Cheap guard labor also allows the rich to strike devil's bargains that would otherwise be instantaneously destabilizing. For example, the second Trump election required an alliance between the tiny minority of ultra-rich with the much larger minority of virulent racists who were promised the realization of their psychotic fantasy of masked, armed goons snatching brown people off the streets and sending them to offshore slave labor camps. That alliance might be a good way to elect a president who'll dismantle anticorruption law and slash taxes, but it won't do you much good if the resulting ethnic cleansing terror provokes a popular uprising. But what if ICE can rely on Predator drones and cell-site simulators to track the identities of everyone who comes out to a protest:

https://www.wired.com/story/cbp-predator-drone-flights-la-protests/

What if ICE can buy off-the-shelf facial recognition tools and use them to identify people who are brave enough to step between snatch-squads and their neighbors?

https://www.404media.co/ice-is-using-a-new-facial-recognition-app-to-identify-people-leaked-emails-show/?ref=daily-stories-newsletter

Each advance in surveillance tech makes worse forms of oppression, misgovernance and corruption possible, by making it cheaper to counter the destabilizing effect of destroying the lives of the populace, through identifying the bravest, angriest, and most effective opposition figures so they can be targeted for harassment, violence, arrest, or kidnapping.

America's private sector surveillance industry has always served as a means of identifying and punishing people who fought for a better country. The first credit reporting bureau was the Retail Credit Company, which used a network of spies and paid informants to identify "race mixers," queers, union organizers and leftists so that banks could deny them credit, landlords could deny them housing, and employers could deny them jobs:

https://jacobin.com/2017/09/equifax-retail-credit-company-discrimination-loans/

Retail Credit continued to do this until 1975, when, finally, popular opinion turned against the company, so it changed its name…

…to Equifax.

Today, Equifax is joined by a whole industry of elite enforcers who use spying, legal harassments, mercenaries and troll armies to offset the socially destabilizing effects of the wealthy's misrule:

https://pluralistic.net/2023/08/23/launderers-enforcers-bagmen/#procurers

But despite centuries of American mass surveillance, America's oligarchs keep finding themselves in the midst of great existential crises. That's because guard labor – even surveillance-supercharged guard labor – is no substitute for policies that make the country better off. Oligarchs may want to tend the nation like a shepherd tends its flock, leaving enough lambs around to grow next year's wool. But they're all competing with one another, and they understand that the sheep they spare will like as not end up on a rival's dinner table. Under those circumstances, every oligarch ends up in a race to see who can turn us into lambchops first.

This is the dictator's dilemma, American style. The rich always overestimate how much social stability their guard labor has bought them, and they're easy marks for any creepy, malodorous troll with a barn full of machine-gun equipped drones:

https://twitter.com/postoctobrist/status/1909853731559973094

They accumulate mounting democratic debts, as destabilizing rage builds in the public, erupting in the Civil War, in the summer of 68, in the Battle of Seattle, in the Rodney King uprising, in the George Floyd protests, in Los Angeles rebellion. They think they can spy their way into a country where they have everything and we have nothing, and we like it (or at least, never dare complain about it).

They're wrong.

(Image: Cryteria, CC BY 3.0, modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#15yrsago Adventurer’s Club from Walt Disney World recreated in painstaking detail with Half-Life engine https://insidethemagic.net/2010/06/walt-disney-worlds-adventurers-club-virtually-recreated-for-fans-to-once-again-explore/

#15yrsago Texas GOP comes out against oral sex, the UN, and the Supreme Court https://web.archive.org/web/20100626003418/https://www.nydailynews.com/news/2010/06/22/2010-06-22_texas_gop_platform_criminalize_gay_marriage_and_ban_sodomy_outlaw_strip_clubs_an.html

#15yrsago Monkey-Pirate-Robot-Ninja-Zombie: Rock Paper Scissors 9.0 https://web.archive.org/web/20100625003931/http://markarayner.com/blog/archives/1613

#10yrsago Harry Reid tells BLM’s Burning Man squad to suck it up https://web.archive.org/web/20150628195105/http://hoh.rollcall.com/harry-reid-to-burning-man-rescue/

#10yrsago Supreme Court upholds marriage equality! https://www.theguardian.com/law/live/2015/jun/26/supreme-court-rules-same-sex-marriage

#10yrsago Wil Wheaton on depression https://www.youtube.com/watch?v=K6ACzT6PCDw

#10yrsago 2.5 million data points show: America’s ISPs suck, and AT&T sucks worst https://www.measurementlab.net/blog/interconnection_and_measurement_update/

#5yrsago Microcontent guidelines for 2020 https://pluralistic.net/2020/06/26/police-riots/#nielsen-98

#5yrsago "Violent protests" vs "violent police" https://pluralistic.net/2020/06/26/police-riots/#police-riot

#5yrsago Sympathy for the mask-shy https://pluralistic.net/2020/06/26/police-riots/#harm-reduction

#5yrsago Let's get rid of nursing homes https://pluralistic.net/2020/06/26/police-riots/#nursing-homes

#5yrsago Splash Mountain to purge Song of the South https://pluralistic.net/2020/06/26/police-riots/#minstrelsy

#5yrsago Copyright keeps police use-of-force training a secret https://pluralistic.net/2020/06/26/police-riots/#post-due

#1yrago Cleantech has an enshittification problem https://pluralistic.net/2024/06/26/unplanned-obsolescence/#better-micetraps

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • Enshittification: Why Everything Suddenly Got Worse and What to Do About It, Farrar, Straus, Giroux, October 7 2025
    https://us.macmillan.com/books/9780374619329/enshittification/

  • Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026

  • The Memex Method, Farrar, Straus, Giroux, 2026


Colophon (permalink)

Today's top sources:

Currently writing:

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

18:14

Page 39 [Flipside]

Page 39 is done.

Page 38 [Flipside]

Page 38 is done.

17:28

Why do I get errors about some weird symbol called ?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform…, part 2 [The Old New Thing]

We are investigating why a project is getting an error about a weird C++/CX symbol, and we thought we had figured it out, but our attempt to replicate the problem with a minimal example failed. So we must have removed something important from the example.

Since the problem occurred when the project involved C++/CX, let’s add C++/CX to our minimal example. Maybe that will tell us something.

rem create a minimal fuzzer library
>lib.cpp echo void fuzzme(); int __cdecl main(int, char**) { fuzzme(); return 42; }
cl /c lib.cpp
lib /out:lib.lib lib.obj

rem create our fuzzer plugin
>fuzzer.cpp echo void fuzzme() {}
cl /c fuzzer.cpp

rem new! Add a superfluous C++/CX component
>cx.cpp echo ref class Dummy {};           
cl /c /EHsc /ZW cx.cpp                     

rem Try to link them all together
link /out:fuzzer.exe /subsystem:console fuzzer.obj cx.obj lib.lib

Output:

vccorlib.lib(climain.obj) : error LNK2019: unresolved external symbol "?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform@@$00@Platform@@@Z" (?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform@@$00@Platform@@@Z) referenced in function "int __cdecl _main(void)" (?_main@@YAHXZ)

Okay, now we get the error.

So the presence of cx.obj introduces the problem.

Let’s go back to the verbose log to see where cx.obj enters the picture.

Actually, something interesting jumps out right at the start.

Starting pass 1
Processed /DEFAULTLIB:LIBCMT
Processed /DEFAULTLIB:OLDNAMES
Processed /DEFAULTLIB:vccorlib.lib
Processed /DEFAULTLIB:MSVCRT

These two libraries got added as default libraries, and that’s how vccorlib.lib became one of the libraries participating in the module.

If we dig into cx.obj, we can see where it requests those libraries.

link /dump /all cx.obj | findstr /i defaultlib

Output:

   /DEFAULTLIB:vccorlib.lib
   /DEFAULTLIB:MSVCRT
   /DEFAULTLIB:OLDNAMES

The compiler injects requests for three default libraries into cx.obj, so that’s how vccorlib.lib joins the set of default libraries.

This explains why cx.obj is essential to the repro: It is cx.obj that pulls in vccorlib.lib, which means that a search for main finds the version in vccorlib.lib before it finds the one we want in lib.lib.

Now that we understand the source of the problem, we’ll look at trying to fix it. Next time.

The post Why do I get errors about some weird symbol called ?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform…, part 2 appeared first on The Old New Thing.

16:42

16:35

Link [Scripting News]

Masked secret police is pure terrorism. We should ask NYPD what we have to do to protect ourselves from them, and then do it.

Coccinelle for Rust progress report (Collabora blog) [LWN.net]

Over on the Collabora blog, Tathagata Roy has an update on the progress of targeting the Coccinelle tool for matching and transforming source code to Rust. The Coccinelle for Rust project, which we covered in a 2024 talk by Roy at Kangrejos, is adding the ability to transform Rust programs and the goal is "to bring Coccinelle For Rust at par with Coccinelle For C in terms of basic functionalities". There is still work to be done to get there, but progress is being made in various areas.

Computational Tree Logic (CTL) is the heart of Coccinelle, which takes semantic patches and generalizes them over Rust files. Prior to using this engine, CfR used an ad-hoc method for matching patterns of code. This engine is the same as the one used for Coccinelle for C, with a few minor changes. Most of the changes were idiomatic but to the same effect. More information on the engine and its language (CTL-VW) can be found in the POPL Paper. With a standard engine, each step of the matching process can be logged, allowing us to learn and reuse the same design patterns from Coccinelle for C, including critical test cases.

15:49

Link [Scripting News]

WordLand v0.5.15 is out.

[$] Supporting kernel development with large language models [LWN.net]

Kernel development and machine learning seem like vastly different areas of endeavor; there are not, yet, stories circulating about the vibe-coding of new memory-management algorithms. There may well be places where machine learning (and large language models — LLMs — in particular) prove to be helpful on the edges of the kernel project, though. At the 2025 North-American edition of the Open Source Summit, Sasha Levin presented some of the work he has done putting LLMs to work to make the kernel better

Security updates for Thursday [LWN.net]

Security updates have been issued by Debian (firefox-esr and libxml2), Fedora (firefox, libtpms, and tigervnc), Mageia (chromium-browser-stable and nss & firefox), Oracle (emacs, iputils, kernel, krb5, libarchive, mod_proxy_cluster, pam, perl-File-Find-Rule, perl-YAML-LibYAML, and qt5-qtbase), Red Hat (opentelemetry-collector, osbuild-composer, and weldr-client), SUSE (clamav, firefox, go1.24-openssl, and helm), and Ubuntu (libarchive, linux-azure, linux-azure-5.4, linux-azure-fips, linux-fips, linux-azure-nvidia, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-xilinx-zynqmp, and python-urllib3).

14:49

In Which I am Super Lazy and Embed a Bluesky Post About a “Shattering Peace” Goodreads Giveaway Rather Than Rewrite It Here, Oh, What Is the World Coming To, I Used to Have Standards, Man [Whatever]

Anyway, here’s that post.

Oh, hey, there is an ARC giveaway of The Shattering Peace (my upcoming novel in the Old Man's War universe) happening on Goodreads, through July 7. If you want to get in on the action, go here:www.goodreads.com/giveaway/sho…

John Scalzi (@scalzi.com) 2025-06-26T13:39:11.415Z

— JS

14:28

Classic WTF: NoeTimeToken [The Daily WTF]

Maybe we'll just try and read a book. That's a good way to spend your vacation. This can't possibly go badly! Original --Remy

Bozen 1 (201)

"Have you had a chance to look at that JIRA ticket yet?"

Marge debated pretending she hadn't seen the Slack message yet—but, if she did, she knew Gary would just walk over to her desk and badger her further. In truth, she didn't want to look at the ticket: it was a low priority ticket, and worse, it only affected a small fraction of one client's customers, meaning it was likely to be some weird edge case bug nobody would ever run into again. Maybe if I ignore it long enough, it'll go away on its own, she thought.

The client was a bookseller with a small but signifigant-to-them online presence; the software they used to sell books, including your standard e-commerce account functionality, was made by Marge's company. The bug was somewhere in the password reset feature: some customers, seemingly at random, were unable to use the password reset link the software emailed out.

Marge pulled up the ticket, looking over the half-hearted triage work that had been done before it landed on her desk to solve. The previous guy had pulled logs and figured out that all the customers who were complaining were using the same ISP based out of Germany. He'd recommended reaching out to them, but had been transferred to another division before he'd gotten around to it.

When Marge realized that the contact information was all in German, she almost gave up then and there. But with the magic of Google Translate, she managed to get in touch with a representative via email. After a bit of back and forth, she noticed this gem in one of his (translated) replies:

We want to display mails in our webmail client as close to the original as possible. Since most mails are HTML formatted, the client supports the full HTTP protocol and can display (almost) all HTML tags. Unfortunately, this means that "evil" JS-Content in such mails can do all kinds of stuff in the browser and therefore on the customer's PC.

To avert this, all mails are processed by a "SafeBrowsing"-module before they are displayed, to recognize and circumvent such manipulations. One of those security measures is the recognition of js-modules that begin with "on...", since that are mostly js functions that are triggered by some event in the browser. Our "countermeasure" is to just replace "on..." with "no..." before the HTML content is sent to the rendering process.

Marge frowned at the answer for a bit, something nagging at her mind. "There's no way," she murmured as she pulled up the access logs. Sure enough, the url for the reset link was something like https://bookseller.com?oneTimeToken=deadbeef ... and the customers in question had accessed https://bookseller.com?noeTimeToken=deadbeef instead.

A few lines of code and it was resolved: a conditional would check for the incorrect query string parameter and copy the token to the correct query string parameter instead. Marge rolled her eyes, merged her change into the release branch, and finally, at long last, closed that annoying low-priority ticket once and for all.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

13:35

Link [Scripting News]

Bernie Sanders asks what the Democrats should learn from Mr. Z's victory in the NYC primary this week. Here's what I say. Forget about ever rising from the ashes of what remains of the party. Right now, the issue is how to defend the city from the coming war with the US government. They're already holding the current mayor hostage. This will be worse than 9-11 and Covid. We have no leadership. We're totally fucked, what the Democratic Party does or doesn't do, at this point, simply doesn't matter.

12:07

White House Bans WhatsApp [Schneier on Security]

Reuters is reporting that the White House has banned WhatsApp on all employee devices:

The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.”

TechCrunch has more commentary, but no more information.

12:00

Generative AI in the Real World: Stefania Druga on Designing for the Next Generation [Radar]

How do you teach kids to use and build with AI? That’s what Stefania Druga works on. It’s important to be sensitive to their creativity, sense of fun, and desire to learn. When designing for kids, it’s important to design with them, not just for them. That’s a lesson that has important implications for adults, too. Join Stefania Druga and Ben Lorica to hear about AI for kids and what that has to say about AI for adults.

About the Generative AI in the Real World podcast: In 2023, ChatGPT put AI on everyone’s agenda. In 2025, the challenge will be turning those agendas into reality. In Generative AI in the Real World, Ben Lorica interviews leaders who are building with AI. Learn from their experience to help put AI to work in your enterprise.

Check out other episodes of this podcast on the O’Reilly learning platform.

Timestamps

  • 0:00: Introduction to Stefania Druga, independent researcher and most recently a research scientist at DeepMind.
  • 0:27: You’ve built AI education tools for young people, and after that, worked on multimodal AI at DeepMind. What have kids taught you about AI design?
  • 0:48: It’s been quite a journey. I started working on AI education in 2015. I was on the Scratch team in the MIT Media Lab. I worked on Cognimates so kids could train custom models with images and texts. Kids would do things I would have never thought of, like build a model to identify weird hairlines or to recognize and give you backhanded compliments. They did things that are weird and quirky and fun and not necessarily utilitarian.
  • 2:05: For young people, driving a car is fun. Having a self-driving car is not fun. They have lots of insights that could inspire adults.
  • 2:25: You’ve noticed that a lot of the users of AI are Gen Z, but most tools aren’t designed with them in mind. What is the biggest disconnect?
  • 2:47: We don’t have a knob for agency to control how much we delegate to the tools. Most of Gen Z use off-the-shelf AI products like ChatGPT, Gemini, and Claude. These tools have a baked-in assumption that they need to do the work rather than asking questions to help you do the work. I like a much more Socratic approach. A big part of learning is asking and being asked good questions. A huge role for generative AI is to use it as a tool that can teach you things, ask you questions; [it’s] something to brainstorm with, not a tool that you delegate work to. 
  • 4:25: There’s this big elephant in the room where we don’t have conversations or best practices for how to use AI.
  • 4:42: You mentioned the Socratic approach. How do you implement the Socratic approach in the world of text interfaces?
  • 4:57: In Cognimates, I created a copilot for kids coding. This copilot doesn’t do the coding. It asks them questions. If a kid asks, “How do I make the dude move?” the copilot will ask questions rather than saying, “Use this block and then that block.” 
  • 6:40: When I designed this, we started with a person behind the scenes, like the Wizard of Oz. Then we built the tool and realized that kids really want a system that can help them clarify their thinking. How do you break down a complex event into steps that are good computational units? 
  • 8:06: The third discovery was affirmations—whenever they did something that was cool, the copilot says something like “That’s awesome.” The kids would spend double the time coding because they had an infinitely patient copilot that would ask them questions, help them debug, and give them affirmations that would reinforce their creative identity. 
  • 8:46: With those design directions, I built the tool. I’m presenting a paper at the ACM IDC (Interaction Design for Children) conference that presents this work in more detail. I hope this example gets replicated.
  • 9:26: Because these interactions and interfaces are evolving very fast, it’s important to understand what young people want, how they work and how they think, and design with them, not just for them.
  • 9:44: The typical developer now, when they interact with these things, overspecifies the prompt. They describe so precisely. But what you’re describing is interesting because you’re learning, you’re building incrementally. We’ve gotten away from that as grown-ups.
  • 10:28: It’s all about tinkerability and having the right level of abstraction. What are the right Lego blocks? A prompt is not tinkerable enough. It doesn’t allow for enough expressivity. It needs to be composable and allow the user to be in control. 
  • 11:17: What’s very exciting to me are multimodal [models] and things that can work on the phone. Young people spend a lot of time on their phones, and they’re just more accessible worldwide. We have open source models that are multimodal and can run on devices, so you don’t need to send your data to the cloud. 
  • 11:59: I worked recently on two multimodal mobile-first projects. The first was in math. We created a benchmark of misconceptions first. What are the mistakes middle schoolers can make when learning algebra? We tested to see if multimodal LLMs can pick up misconceptions based on pictures of kids’ handwritten exercises. We ran the results by teachers to see if they agreed. We confirmed that the teachers agreed. Then I built an app called MathMind that asks you questions as you solve problems. If it detects misconceptions; it proposes additional exercises. 
  • 14:41: For teachers, it’s useful to see how many people didn’t understand a concept before they move on. 
  • 15:17: Who is building the open weights models that you are using as your starting point?
  • 15:26: I used a lot of the Gemma 3 models. The latest model, 3n, is multilingual and small enough to run on a phone or laptop. Llama has good small models. Mistral is another good one.
  • 16:11: What about latency and battery consumption?
  • 16:22: I haven’t done extensive tests for battery consumption, but I haven’t seen anything egregious.
  • 16:35: Math is the perfect testbed in many ways, right? There’s a right and a wrong answer.
  • 16:47: The future of multimodal AI will be neurosymbolic. There’s a part that the LLM does. The LLM is good at fuzzy logic. But there’s a formal system part, which is actually having concrete specifications. Math is good for that, because we know the ground truth. The question is how to create formal specifications in other domains. The most promising results are coming from this intersection of formal methods and large language models. One example is AlphaGeometry from DeepMind, because they were using a grammar to constrain the space of solutions. 
  • 18:16: Can you give us a sense for the size of the community working on these things? Is it mostly academic? Are there startups? Are there research grants?
  • 18:52: The first community when I started was AI for K12. There’s an active community of researchers and educators. It was supported by NSF. It’s pretty diverse, with people from all over the world. And there’s also a Learning and Tools community focusing on math learning. Renaissance Philanthropy also funds a lot of initiatives.
  • 20:18: What about Khan Academy?
  • 20:20: Khan Academy is a great example. They wanted to Khanmigo to be about intrinsic motivation and understanding positive encouragement for the kids. But what I discovered was that the math was wrong—the early LLMs had problems with math. 
  • 22:28: Let’s say a month from now a foundation model gets really good at advanced math. How long until we can distill a small model so that you benefit on the phone?
  • 23:04: There was a project, Minerva, that was an LLM specifically for math. A really good model that is always correct at math is not going to be a Transformer under the hood. It will be a Transformer together with tool use and an automatic theorem prover. We need to have a piece of the system that’s verifiable. How quickly can we make it work on a phone? That’s doable right now. There are open source systems like Unsloth that distills a model as soon as it’s available. Also the APIs are becoming more affordable. We can build those tools right now and make them run on edge devices. 
  • 25:05: Human in the loop for education means parents in the loop. What extra steps do you have to do to be comfortable that whatever you build is ready to be deployed and be scrutinized by parents.
  • 25:34: The most common question I get is “What should I do with my child?” I get this question so often that I sat down and wrote a long handbook for parents. During the pandemic, I worked with the same community of families for two-and-a-half years. I saw how the parents were mediating the use of AI in the house. They learned through games how machine learning systems worked, about bias. There’s a lot of work to be done for families. Parents are overwhelmed. There’s a constant feel of not wanting your child to be left behind but also not wanting them on devices all the time. It’s important to make a plan to have conversations about how they are using AI, how they think about AI, coming from a place of curiosity. 
  • 28:12: We talked about implementing the Socratic method. One of the things people are talking about is multi-agents. At some point, some kid will be using a tool that orchestrates a bunch of agents. What kinds of innovations in UX are you seeing that will prepare us for this world?
  • 28:53: The multi-agent part is interesting. When I was doing this study on the Scratch copilot, we had a design session at the end with the kids. This theme of agents and multiple agents emerged. Many of them wanted that, and wanted to run simulations. We talked about the Scratch community because it’s social learning, so I asked them what happens if some of the games are done by agents. Would you like to know that? It’s something they want, and something they want to be transparent about. 
  • 30:41: A hybrid online community that includes kids and agents isn’t science fiction. The technology already exists. 
  • 30:54: I’m collaborating with the folks who created a technology called Infinibranch that lets you create a lot of virtual environments where you can test agents and see agents in action. We’re clearly going to have agents that can take actions. I told them what kids wanted, and they said, “Let’s make it happen.” It’s definitely going to be an area of simulations and tools for thought. I think it’s one of the most exciting areas. You can run 10 experiments at once, or 100. 
  • 32:23: In the enterprise, a lot of enterprise people get ahead of themselves. Let’s get one agent working well first. A lot of the vendors are getting ahead of themselves.
  • 32:49: Absolutely. It’s one thing to do a demo; it’s another thing to get it to work reliably.

11:14

Grrl Power #1368 – Reasonably petition it up the chain [Grrl Power]

When Max shows up at Faulk’s office in her dress purps outside of “the usual times,” he knows there’s going to be an ask. And in this case, the ask is “me fight big danger, friend gets paid.” I’m sure there’s officially military rules about gambling, certainly in uniform, though I’m not sure about while on leave. I imagine it’s probably fine as long as it doesn’t ultimately bring disgrace to your branch, or missing going back on duty because the Thailand version of Fat Guido broke your knees backwards over gambling debts. Come to think of it, I don’t think I know a single Thai name off the top of my head. Except for… Sagat. Which I assume is about as typically Thai as Guile is an American name. Technically Max herself wouldn’t be gambling, though, so… it’s probably fine?

Any sensory organ is technically a scanning device. Although to me “device” implies something that is either detachable or self-contained. And yes, a tongue is technically detachable. But usually “detachable” implies “retachable.”

I had Cora call out the galaxy/universe thing, not because I think Faulk and Max would confuse them. Well, Faulk obviously doesn’t care about the distinction. It’s not relevant for his purposes – especially as Cora points out, intergalactic travel is uncommon at best. I guess I drew attention to it because, as I’ve said before, I watch a lot of MST3K, and a lot of old sci-fi movies do one of two things. One, space consists of the solar system. Attack of the Neptune Men. Mars, mars, mars, martians, Attack from Mars, Santa Clause Conquers the Martians. First Spaceship on Venus, etc. Two, space consists of the entire universe. Which, yes, is correct, but old movies treated it too casually, like “The zabvronians have invented a bomb that can blow up the universe!” or “Let’s fly to my starbase, it’s just on the other side of the universe!”

Anyway, Faulk is incorrect in saying that the universe (or even just the galaxy) has only seen that one demonstration of Max’s power. You can bet they’ve scoured Earth’s media for every single scrap of information about Max and Supers in general. So they know what the public knows, and if we’re being honest, Terran information security probably isn’t up to defeating determined alien hackers, so quite a bit of classified stuff in in their hands as well. But not everything. Early on in the information age, several nerds working with classified information about Supers realized that the breadth of powers meant that electronic systems probably had some unforeseeable vulnerabilities, and now, most of the most super-duper classified stuff was never committed to computer. And then someone saw Read or Die, and decided to transfer most of that stuff to sheets of plastic, because weirdly, no one has discovered a Superpower that directly manipulates plastic. Unless it’s being worn as clothing, and then someone like Ashly the clothing-kinetic. Or if it’s being used as armor or a weapon. There are powers that can manipulate categorized things like that. But just sheets of plastic sitting in a filing cabinet? Not saying the Power doesn’t exist, just that it’s not been discovered yet.

Oh, and I’m sure very few people noticed, but the pictures in the frames aren’t my art, so credit where credit is due: The Ship, The Horse.

The vote incentive is finally done!

The update to the TWC image is pretty minor, but the Patreon version has the bonus comic as well as nude versions. I will strive to make the next one more timely.

 

 

 

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:35

10:21

Use a lot of words [Seth's Blog]

Verbosity is the new brevity.

Google felt like a miracle. We could type just a word or two (“blog“) and it would magically guess what we wanted and take us there.

This shortcut spread from Google to the search built into online shopping as well. How convenient. A few words and done.

AI isn’t like that. In fact, our concision is getting in the way of the insight we’re looking for.

Go to Etsy and search for “white pants” and you’ll get more than 10,000 matches, most of them useless. Instead, type “white pants to wear to a wedding in July in lower michigan for a 30 year old woman” and you’ll get this.

AI systems like Claude and ChatGPT let you attach a PDF or text file to your query. Here’s the useful hack:

Create a document that has pages of background.

Your medical history for example. Include your age and every interaction you’ve had with the medical system, including illnesses and drugs and outcomes. Now, every time you ask a health question, attach the document.

Or, a copy of your resume, work history, letters of recommendation and career goals, all in a PDF. Upload it every time you’re asking for career advice.

It works for business plans, for customer lists and even legal documents. Upload an entire email correspondence, or a fifty page wine list.

AI isn’t impatient, easily bored or distracted.

It’s insatiable.

PS chat GPT knows a shocking amount about you, while Claude starts over every time. Neither promises airtight security, but then again, neither does American Express, Visa or Google…

05:00

03:07

[$] LWN.net Weekly Edition for June 26, 2025 [LWN.net]

Inside this week's LWN.net Weekly Edition:

  • Front: Libxml2; GNOME and systemd; Rust in the kernel; Defconfigs; ngnfs, Free-threaded Python; Asterinas.
  • Briefs: LSFMM+BPF book; tag2upload; PostmarketOS 25.06; Firefox 140.0; NLnet funding; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.

02:14

Wednesday, 25 June

23:56

British activist with "spy cop" as a lover [Richard Stallman's Political Notes]

One of the British activist who had a "spy cop" as lover pursued her legal case to the end, and it ended in victory. She received all the confidential reports he had made while spying on her. Now she has published them.

Bully forbids entry to US from 12 countries [Richard Stallman's Political Notes]

The bully has forbidden (with narrow exceptions) entry into the US of the nationals of 12 countries: Afghanistan, Burma, Chad, Republic of the Congo, Equatorial Guinea, Eritrea, Haiti, Iran, Libya, Somalia, Sudan and Yemen.

Referring to this as a "Muslim ban" is false. According to Wikipedia, four of the countries — Burma, Equatorial Guinea, Haiti and Republic of the Congo — have few Muslims (those in Burma are a persecuted minority, the Rohingya). Eritrea is more or less evenly divided between Christians and Muslims.

Meanwhile, many mainly Muslim countries are not covered by the ban. These include Albania, Bangladesh, Egypt, Iraq, Jordan, Malaysia, Morocco, Pakistan, Saudi Arabia, Senegal, Syria, and Turkey, and some more.

It seems clear that the motives for the ban are political, not racial or religious.

I don't see a sensible reason for the ban. The US has quarrels with some of these countries, but not all. And it is perverse to deny a person asylum because of something bad about the country perse is fleeing from.

Congress to request permission 12 hours in advance of visiting deportation prisons [Richard Stallman's Political Notes]

The bully has ordered members of Congress to request permission 12 hours in advance before visiting deportation prisons.

This would give the employees of the prison company a chance to clean up the signs of cruelty.

Deportation thugs attacked protester Jose Manuel Mojica [Richard Stallman's Political Notes]

Deportation thugs attacked protester Jose Manuel Mojica, then accused him of attacking them. Fortunately, the charges against him have been dropped. Full justice calls for charges against the agents who attacked him.

Anti-protest law in New South Wales [Richard Stallman's Political Notes]

New South Wales, in Australia, has an anti-protest law that allows conflating condemnation of Israel's war crimes with antisemitism. The confusion can be invoked by holding political and military events in synagogues.

Speed of bully's attack on democracy [Richard Stallman's Political Notes]

The bully's attack on democracy and freedom in the US is rushing ahead much faster than today's other authoritarians did.

It is unfair to list Hugo Chávez as one. He held real elections and the people really voted for him.

Indian deportation thugs forcing Muslim Indians into Bangladesh [Richard Stallman's Political Notes]

Indian deportation thugs are grabbing Muslim Indians and forcing them across the border with Bangladesh. Bangladeshi border guards reject many of them, saying they are Indians not Bangladeshis, and force them back to India, sometimes by arduous (and unguarded?) routes.

A few years ago, India passed a law allowing it to claim that people were immigrants if they didn't have documents to prove their forebears were Indian citizens. Another law allowed such people to claim Indian citizenship, but not if they are Muslims.

Put them together and they combine as a recipe for labeling a Muslim Indian who was born and raised in India as an unauthorized immigrant, so as to expel per.

Florida's attorney general found in contempt of court [Richard Stallman's Political Notes]

Florida's attorney general was found in contempt of court for ordering state agencies to disregard a court order against enforcing a state law to arrest unauthorized immigrants.

So far, magat officials have played at defying court orders. I think that was meant to make their supporters eager to see real defiance and a showdown that might make the federal courts powerless. Then what steps could judges take? I fear that would be the end of rule of law in the US.

WhatsApp "help" gives wrong phone number [Richard Stallman's Political Notes]

Someone asked the WhatsApp "help" chatbot for a train company's customer service phone number and it gave some other user's phone number.

When the user objected to that, it generated output that resembled what a human being would say if trying to excuse that mistake or claim that nothing was wrong.

The article quotes someone criticizing this chatbot in a way that assumes it is capable of understanding what was defective about its output, and even ideas of ethics and responsibility as applied to its own output. How foolish!

That Artificial Stupidity system does not understand what it means to help someone, does not understand what it means to harm someone, and does not understand what it means to be honest — or deceptive. It only looks for ways to make pertinent-sounding responses based on frequency tables.

Salafi Arabian journalist executed for criticizing government [Richard Stallman's Political Notes]

Salafi Arabian journalist Turki al-Jasser has been executed for criticizing the government of Salafi Arabia on ex-Twitter, after 7 years in prison with torture.

What the wrecker thinks about relations with other countries [Richard Stallman's Political Notes]

Sage commentary about what the wrecker thinks about relations with other democratic countries.

*[The wrecker] claims simply to want deals with dictators, but he seems also to crave validation from them. By contrast, he thinks it is humiliating for the US commander-in-chief to be seated at a round table as the peer of a German chancellor or the prime minister of Canada – barely a proper country. The idea of coordinating foreign and trade policy on the basis of shared respect for political pluralism and the rule of law is an idea Trump finds absurd, if he even understands it.*

*Over time, reluctance to say aloud that [the wrecker] is an authoritarian menace to the US’s constitutional republic becomes complicity in the assault.*

23:35

Stranger Suggests: Have the Gayest Pride Week of Your Life! [The Stranger]

One really gay thing to do every day of the week. by Megan Seling WEDNESDAY 6/25  

Take a Bite of Pride

(FOOD) This is it. It’s the last few days of Pride Month, but this weekend is a doozy, with dance parties and concerts and parades and drag shows happening all over the city every day for the rest of June. You’re gonna have to carbo-load to get through it all! Thankfully, dozens of local bakeries, bars, and restaurants have packed their menus with LGBTQ-themed treats. A few standouts include: Italian rainbow cookie cannolis at Kelly’s Cannoli, malted milkshake cake at Little Jaye, agua de jamaica tres leches cake at Tres Lecheria, the Purple Reign cocktail with Botanist Gin and butterfly pea flower tea at Shuckers, rainbow cake at Flora Bakehouse, and, the one I’m personally most intrigued by as far as flavors go, the Louder cake at Paper Cake Shop, which consists of chocolate sponge cake, strawberry jam, cereal milk ganache and frosting, candied Trix, and cereal milk gelee. A dollar from every slice sold goes to TWOC Solidarity Network. (Various locations, see a list of LGBTQ-owned restaurants here) MEGAN SELING

THURSDAY 6/26  

Perfume Genius

(MUSIC) Filled with fuzzy guitars and poignant piano, Perfume Genius' latest album, Glory, expands and contracts with a flow of emotions. Mike Hadreas, the queer icon and former Seattle resident behind the project, features the talents of his partner, Alan Wyffels, and producer Blake Mills on his seventh full-length. I'm looking forward to seeing this album performed live because, in my head, people dance to it like the girl in Sia's "Chandelier" video. Get there early, the show opens with Gothic-inspired rock artist Storefront Church, who's a friend of Phoebe Bridgers. (Showbox, 8 pm, all ages) SHANNON LUBETICH

FRIDAY 6/27  

Indigiqueer Festival

The annual Indigiqueer Festival returns to Pier 62 Friday, June 27. PHOTO BY ADAM LU COURTESY OF FRIENDS OF WATERFRONT PARK

(PRIDE) Quileute drag artist Hailey Tayathy co-founded the Indigiqueer Festival in 2022 because they felt that "a gay-friendly city named for a Suquamish and Duwamish Chief deserved the big Indigenous Pride event it didn’t have." Taking place at Pier 62 against the backdrop of the Salish Sea, this fest marks the start of Pride weekend with a stacked lineup of performers, including rocking drag queen Holli B. Sinclair, food from traditional Indigenous chef Natoncks Metsu, and a host of art vendors and community workshops. (Pier 62, 1–8 pm, free, all ages) SHANNON LUBETICH

SATURDAY 6/28  

Wildrose Pride 2025

Co-owner Shelley Brothers—not tending bar, just making sure the bar is clear for the go-go dancers. COURTESY OF WILDROSE

(PRIDE) Consider this your semi-regular reminder that there are only 37 surviving lesbian bars in the United States, so it's a rare and special thing to be able to join in amongst the pride revelry at the Wildrose, one of the West Coast's oldest establishments catering to dykes. Their three-day lineup of festivities this year, hosted by Shadae Simone, Briq House, and Amora Namor, includes appearances from DJs Velvet Whisper, Riz, and Yaddy. Plus, look forward to performances by Cherdonna Shinatra, Ruby Mimosa, and the Betsy Olson Band. Wildrose's 2025 Pride celebration honors the late Shelley Brothers, who co-owned the bar for 22 years and "was a driving force behind what this Pride party has become." (Wildrose, June 27–29, 21+) JULIANNE BELL

SUNDAY 6/29  

SIFF ‘n’ Stitch: ‘D.E.B.S.

(FILM) I have a soft spot for the goofy, tropey, splashy, colorful comedies of the early 2000s—think Austin Powers or Charlie’s Angels—but not many of them are explicitly queer. That’s why, after seeing the 2004 action comedy D.E.B.S. for the first time, I immediately wondered where the hell it had been my whole life. The premise is suitably ridiculous: The titular D.E.B.S. (Discipline, Energy, Beauty, Strength) are a group of college-aged women who have been secretly evaluated for their aptitude for espionage via the SAT and recruited into a prestigious training academy for spies. When the squad is assigned to surveil the deadly supervillain Lucy Diamond, promising spy-in-training Amy starts to fall for her. In case you’re not already sold, it also features a banger soundtrack, Devon Aoki with a fake French accent, and Holland Taylor as the school headmaster saying things like, “This isn’t Girl Scouts, it’s espionage!” Better yet, in collaboration with the Capitol Hill fiber arts coffee shop Stitch Cafe, SIFF will leave the lights on so that you can socialize and craft while watching. Bring along your current non-messy work-in-progress (knitting, crocheting, hand-sewing, weaving, and doodling all welcome), and stitch or sketch in bliss while swooning over the sapphic rivals-to-lovers romance. Consider it your cozy oasis if you’re feeling overwhelmed by the crowds, music, and flying candy from the Pride Parade marching down Fourth Avenue. (SIFF Cinema Uptown, noon, all ages) JULIANNE BELL

MONDAY 6/30  

Pride: The Ric Weiland Collection

(VISUAL ART) If you didn’t know already, Ric Weiland was a software developer and programmer who was hired as the second employee for a little company called Microsoft. Given his early involvement at the tech giant, Weiland was able to retire at the young age of 35 to dedicate his life to philanthropy and LGBTQ advocacy. Sadly, Weiland died at just 53, but his legacy lives on through the $65 million he left to queer rights organizations (such as the Pride Foundation). The MOHAI will honor Pride Month with a small-scale exhibit of photographs, letters, ephemera, and artifacts from Weiland’s estate that reflect his enduring fight for equality. While you’re there, be sure to check out the Collections Spotlight: Denim, which showcases artifacts from the MOHAI collection that tell the history of your ol’ blue jeans. (Museum of History & Industry, through Oct 5, all ages) AUDREY VANN

TUESDAY 7/1  

Nina Katchadourian: 'Origin Stories'

Nina Katchadourian's show 'Origin Stories' is on display through October 26. PHOTO BY DAMIEN GIFFITHS, COURTESY OF NATIONAL NORDIC MUSEUM

(VISUAL ART) In Origin Stories, artist Nina Katchadourian unpacks the quirks, rituals, and memories that shaped her creative world, from family summers in Finland to shipwreck obsessions and childhood games gone existential. Installed across the National Nordic Museum, the show blends humor, nostalgia, and tender strangeness. (For instance, there's a bronze sculpture of a stick-cow in the mix, as well as a six-channel video about her parents’ accents.) Go forth for a reminder that personal history is messy, mythic, and often hiding in plain sight. (National Nordic Museum, through Oct 26, all ages) LINDSAY COSTELLO

:zap: Prizefight! :zap:

Win tickets to rad upcoming events!*

Low Cut Connie
July 1, Neumos

ENTER NOW!

Contest Ends June 27 at 10 am

Tash Sultana
June 28, Chateau Ste Michelle

ENTER NOW! 

Contest Ends June 27 at 10 am

Odalalee Queer Pier Pride
June 29, Pier 62

ENTER NOW! 

Contest ends June 27 at 10 am

*Entering PRIZE FIGHT contests by submitting your email address signs you up to receive the Stranger Suggests newsletter. You can unsubscribe at any time.

22:35

Water use [Judith Proctor's Journal]

 The average water consumption for people in the UK needs to come down as hotter summers increase the chance of drought.


"The EA said customers in England need to cut their water use by 2.5 billion litres a day by 2055 – down from an average of around 140 litres per person per day to 110 litres per day. "

I looked at our previous water bills.  In summer, we use around 150L and in winter, significantly than that, but that's the total usage for three adults and  a child who is with us for two days a week.

Which makes our individual water usage just under a third of the national average, and already within the target by a good margin.  And that includes some water for topping up the pond and watering some of the plants.

We're on a water meter and pay about £170 per year for the household.


We've become very good over the years, at not using a lot of water.

LAUNDRY

A lot of people wear an item once, and automatically chuck it in the laundry (I was completely unaware of this until a woman told me that she washed her teenage son's jeans every day)

Me?  If it isn't visibly dirty, and it doesn't smell when I sniff under the armpits, then it's back in the wardrobe, or wear for another day.

If you're selective in the fabrics you buy, you can dramatically reduce the need for laundry.

Linen is amazing.  It really doesn't pick up body smells at all - that's because it naturally wicks moisture away from the body, in a way that synthetic fabrics can't. 

I found this out while doing my English Civil War Reenactment.  The bottom layer of clothing for women is always a linen smock.  So, I made a linen smock.  I washed it once, to soften the fabric a little, then -having been told that it softened very nicely with wear, started to wear it as a nightie.  The most comfortable night garment I've ever worn.  I kept on wearing it, every night, waiting for it to get smelly.  It didn't. And the fabric now has a wonderful feel when you touch it (probably something to do with the natural oil in flax, but I don't know for sure)

Whereas if I wear something polyester based, it's often just one day's wear.

Cotton is very good as well - not quite so good as linen, but I can wear a cotton t-shirt as an under-layer and get quite a few days out of that before fails the sniff test.

What do you do to reduce your water consumption?





comment count unavailable comments

22:14

“Sip Happens” At Dozo [Whatever]

Let’s revisit December 2o23 for a moment, when I first experienced Dozo: an exceptionally cool underground sushi spot in Dayton that features a pre-fixe tasting menu and sake/wine pairings. After that incredible initial visit, I went about six or seven more times after that. Every time was the bomb dot com.

Today I’m here to tell you about a special event they held last week, called “Sip Happens: Sake Edition.” It was a sake tasting event in partnership with SakeOne, a sake company out of Oregon that not only brews their own craft sake, but has been importing fine sake from Japan since 1992.

It was twenty bucks for a ticket, which got you a 2oz pour of each of the four selected sakes for the evening. When buying your ticket online, you had the choice to add on two different sushi rolls, each for seven dollars. I opted for one of each roll to accompany my sake samplings.

For the most part, the only time I ever have sake is when I’m dining at Dozo and do their sake pairing. I always enjoy getting to try new sakes, so I was really excited to try some new ones at the event and also learn all about them.

When I was seated at my corner bar seat (my favorite seat, really), there was this welcome card:

A rectangular welcome card that features a very red photo of Tender Mercy's underground lounge, with the words

On the back was a list of the sakes we were going to be trying, as well as the options to purchase another tasting of it or purchase the full bottle to take home:

On the back of the card it's just white with black letters and reads

I didn’t realize until I saw the card that the first sampling was going to be of my favorite sake! I absolutely love the Awa Yuki and it’s one of the first sake I ever tried, and it helped me realize I do really enjoy sake. So I was looking forward to that one even though I had in fact tried it before.

Here was my pours of the Awa Yuki and the Naginata:

Two wine glasses sitting on a black bar. In each of them is 2oz of sake. The one on the left is slightly more cloudy.

For the Awa Yuki, it’s a sparkling sake and I tend to enjoy sparkling sakes and wines more than still. The Awa Yuki is slightly sweet, very light, and has just the right amount of bubbles. I’ve always thought it tastes kind of marshmallowy or vanilla-esque, and apparently both of those are actual tasting notes of it! I feel accomplished. It’s very mellow and I love the pretty blue bottle it comes in. It’s actually about half the size of a regular 750ml sake bottle, which is why the to-go bottle you can purchase is only twelve bucks. It’s also lower in alcohol content than a lot of sakes, at 5.5%. Here’s some extra details on it.

When I was talking to the SakeOne representative, Jack, he was happy to hear Awa Yuki is my long-standing favorite sake.

Then he began telling me all the details of the Naginata. Something that really fascinated me was that the rice used for the Naginata was grown in Arkansas and is actually a super high quality sake rice called yamada nishiki. It is considered the “king” of sake rice, and SakeOne’s goal with the Naginata is “to craft the best sake brewed outside of Japan, period.” If that’s their goal, using the king of sake rice is certainly a good place to start!

The Naginata smelled like crisp apple, and when I tasted it I ended up getting a melon-y flavor. I didn’t know if that was “correct” so I waited until Jack mentioned the tasting notes of it, and I was on the mark again, much to my delight. It was slightly dry but not overly so, honestly very light and fruity. I really enjoyed it.

You may have noticed that this particular sake is considerably more expensive than the other offerings. Not only was there only 1000 bottles produced, but it is 100% handcrafted, and the brewmaster is involved in every step of the process from washing the rice to bottling. It comes in an elegant, simple bottle with an embossed logo. True Sake says on their website that this is a “world-class sake that should not be missed by any sake enthusiasts.”

While I was enjoying these two pours, my sushi was brought out to me:

A small black plate holding eight pieces of sushi, the kind with the rice on the outside and the seaweed on the inside. Avocado, cream cheese, and raw salmon are visible in the pieces.

Eight more pieces of sushi on a black plate, with the same rice on the outside set up. This one has avocado too, but looks like it has crab instead of raw fish in it. Like a California roll.

These rolls were much bigger than I anticipated, each coming with eight pretty large pieces. It was only seven dollars for each so I was pleasantly surprised at the portion. These rolls were extremely tasty, and the salmon was so fresh and tender that I ended up asking the chef about it. He said the salmon was from Canada, and was cold smoked. I think he also mentioned something about a brown sugar marinade, but yeah definitely super yummy. So glad I got to try both rolls.

I got my next two pours:

Two wine glasses, each with a 2oz pour of sake in them. The one on the left is a creamy, pale white color, and the one on the right is a clear, yellowish color, like apple juice.

When the Yuki Tora Nigori was being poured, I got to see the beautiful, frosted glass bottle with the coolest tiger decal on it, which is fitting because its name means “snow tiger.” This sake is cloudy from natural rice sediment, and is more creamy and silkier than other sakes. The snow tiger was certainly packed full of flavor, it was complex and layered and truly unique, with flavors of roasted grain and toasted cereal, but also some slight sweetness. It honestly reminds me of horchata with its warm spice and creaminess. I loved this one! Here’s some extra details on it. Plus I love that you can buy it in a little 200ml can, so cute.

And finally, the Hakutsuru Plum Wine. While it’s not a sake, it’s made by a sake brand, in fact it’s the same one that makes the Awa Yuki, so I had high hopes for this wine. I gave it a sniff and it smelled pleasantly sweet and rather almondy. This wine was seriously out of this world, with a beautifully sweet plum taste, it was the perfect finisher to this tasting experience. Jack told me that it’s especially delicious because it’s actual fermented plum puree, like it isn’t fake or artificial at all. The specific plums are called “ume,” and it’s very popular in Japan to have the plum wine mixed with soda water on the rocks, or for it to be used in plum wine highballs. Here’s some extra details on it.

All four sakes were fantastic, and I hope the next time I’m in Portland I get a chance to check out SakeOne’s Tasting Room. I’m so glad I got to have some delicious, fresh sushi from Dozo while savoring these sakes, and if Tender Mercy decides to do another one of these events in the future, you already know I’m going.

Which sake sounds the best to you? Do you prefer chilled sake like me, or do you like it hot? Let me know in the comments, and have a great day! And be sure to check out SakeOne, Tender Mercy, and Dozo on Instagram!

-AMS

Peepituity [Penny Arcade]

We're starting to really get into it now on the legal framework that underpins AI training data. Disney is trying to kick over Midjourney with one foot while wedging its other foot in the door at OpenAI for a possible licensing deal. It's kind of a hardcore play, when you think about it; it's something like testing the Death Star on Alderaan.

22:00

Tollef Fog Heen: Pronoun support in userdir-ldap [Planet Debian]

Debian uses LDAP for storing information about users, hosts and other objects. The wrapping around this is called userdir-ldap, or ud-ldap for short. It provides a mail gateway, web UI and a couple of schemas for different object types.

Back in late 2018 and early 2019, we (DSA) removed support for ISO5218 in userdir-ldap, and removed the corresponding data. This made some people upset, since they were using that information, as imprecise as it was, to infer people’s pronouns. ISO5218 has four values for sex, unknown, male, female and N/A. This might have been acceptable when the standard was new (in 1976), but it wasn’t acceptable any longer in 2018.

A couple of days ago, I finally got around to adding support to userdir-ldap to let people specify their pronouns. As it should be, it’s a free-form text field. (We don’t have localised fields in LDAP, so it probably makes sense for people to put the English version of their pronouns there, but the software does not try to control that.)

So far, it’s only exposed through the LDAP gateway, not in the web UI.

If you’re a Debian developer, you can set your pronouns using

echo "pronouns: he/him" | gpg --clearsign | mail changes@db.debian.org

I see that four people have already done so in the time I’ve taken to write this post.

21:28

Link [Scripting News]

A NYT article from last year about 34th Ave in Jackson Heights where "a stretch of 26 blocks, running east to west, has been closed to cars from 7 a.m. to 8 p.m. every day since 2020." Before we moved to Flushing when I was in 5th grade, we lived on 92nd St and 34th Ave. What a difference that must make. I love it when cities take chances like this, and the people in the neighborhood seem to love it.

20:28

19:56

“More Slowly” [Radar]

My friend David Eaves has the best tagline for his blog: “if writing is a muscle, this is my gym.” So I asked him if I could adapt it for my new biweekly (and occasionally weekly) hour-long video show on oreilly.com, Live with Tim O’Reilly. In it, I interview people who know way more than me, and ask them to teach me what they know. It’s a mental workout, not just for me but for our participants, who also get to ask questions as the hour progresses. Learning is a muscle. Live with Tim O’Reilly is my gym, and my guests are my personal trainers. This is how I have learned throughout my career—having exploratory conversations with people is a big part of my daily work—but in this show, I’m doing it in public, sharing my learning conversations with a live audience.

My first guest, on June 3, was Steve Wilson, the author of one of my favorite recent O’Reilly books, The Developer’s Playbook for Large Language Model Security. Steve’s day job is at cybersecurity firm Exabeam, where he’s the chief AI and product officer. He also founded and cochairs the Open Worldwide Application Security Project (OWASP) Foundation’s Gen AI Security Project.

During my prep call with Steve, I was immediately reminded of a passage in Alain de Botton’s marvelous book How Proust Can Change Your Life, which reconceives Proust as a self-help author. Proust is lying in his sickbed, as he was wont to do, receiving a visitor who is telling him about his trip to come see him in Paris. Proust keeps making him go back in the story, saying, “More slowly,” till the friend is sharing every detail about his trip, down to the old man he saw feeding pigeons on the steps of the train station.

Why am I telling you this? Steve said something about AI security that I understood in a superficial way but didn’t truly understand deeply. So I laughed and told Steve the story about Proust, and whenever he went by something too quickly for me, I’d say, “More slowly,” and he knew just what I meant.

This captures something I want to make part of the essence of this show. There are a lot of podcasts and interview shows that stay at a high conceptual level. In Live with Tim O’Reilly, my goal is to get really smart people to go a bit more slowly, explaining what they mean in a way that helps all of us go a bit deeper by telling vivid stories and providing immediately useful takeaways.

This seems especially important in the age of AI-enabled coding, which allows us to do so much so fast that we may be building on a shaky foundation, which may come back to bite us because of what we only thought we understood. As my friend Andrew Singer taught me 40 years ago, “The skill of debugging is to figure out what you really told your program to do rather than what you thought you told it to do.” That is even more true today in the world of AI evals.

“More slowly” is also something personal trainers remind people of all the time as they rush through their reps. Increasing time under tension is a proven way to build muscle. So I’m not entirely mixing my metaphors here. 😉

In my interview with Steve, I started out by asking him to tell us about some of the top security issues developers face when coding with AI, especially when vibe coding. Steve tossed off that being careful with your API keys was at the top of the list. I said, “More slowly,” and here’s what he told me:

As you can see, having him unpack what he meant by “be careful” led to a Proustian tour through the details of the risks and mistakes that underlie that brief bit of advice, from the bots that scour GitHub for keys accidentally left exposed in code repositories (or even the histories, when they’ve been expunged from the current repository) to a humorous story of a young vibe coder complaining about how people were draining his AWS account—after displaying his keys in a live coding session on Twitch. As Steve exclaimed: “They are secrets. They are meant to be secret!”

Steve also gave some eye-opening warnings about the security risks of hallucinated packages (you imagine, “the package doesn’t exist, no big deal,” but it turns out that malicious programmers have figured out commonly hallucinated package names and made compromised packages to match!); some spicy observations on the relative security strengths and weaknesses of various major AI players; and why running AI models locally in your own data center isn’t any more secure, unless you do it right. He also talked a bit about his role as chief AI and product officer at information security company Exabeam. You can watch the complete conversation here.

My second guest, Chelsea Troy, whom I spoke with on June 18, is by nature totally aligned with the “more slowly” idea—in fact, it may be that her “not so fast” takes on several much-hyped computer science papers at the recent O’Reilly AI Codecon planted that notion. During our conversation, her comments about the three essential skills still required of a software engineer working with AI, why best practice is not necessarily a good reason to do something, and how much software developers need to understand about LLMs under the hood are all pure gold. You can watch our full talk here.

One of the things that I did a little differently in this second interview was to take advantage of the O’Reilly learning platform’s live training capabilities to bring in audience questions early in the conversation, mixing them in with my own interview rather than leaving them for the end. It worked out really well. Chelsea herself talked about her experience teaching with the O’Reilly platform, and how much she learns from the attendee questions. I completely agree.

Additional guests coming up include Matthew Prince of Cloudflare (July 14), who will unpack for us Cloudflare’s surprisingly pervasive role in the infrastructure of AI as delivered, as well as his fears about AI leading to the death of the web as we know it—and what content developers can do about it (register here); Marily Nika (July 28), the author of Building AI-Powered Products, who will teach us about product management for AI (register here); and Arvind Narayanan (August 12), coauthor of the book AI Snake Oil, who will talk with us about his paper “AI as Normal Technology” and what that means for the prospects of employment in an AI future.

We’ll be publishing a fuller schedule soon. We’re going a bit light over the summer, but we will likely slot in more sessions in response to breaking topics.

18:56

Page 37 [Flipside]

Page 37 is done.

Slog AM: One War Is Over, Big Balls Is Out, and Cuomo Is Sad [The Stranger]

The Stranger's morning news roundup. by Megan Seling

Israel-Iran Conflict Update: Apparently, it’s over, and both countries are claiming to have “won.” As for the US’ involvement, that’s also done, and it was a big success, huge. Maybe. Marco Rubio and Trump are saying the US strike on Iran’s nuclear facilities was mission accomplished and the country is “much further away” from producing a nuclear weapon, but Trump is also acknowledging that damage “could be limited” while also saying everything was “obliterated.” Meanwhile, a preliminary classified report says the strike only set Iran’s nuclear program back a few months. I’m so tired. Everyone’s a liar. Trust no one. Take a nap.

Related

I absolutely hate it when people redundantly say or write “completely and totally”—especially when it's a demented, corrupt president boasting about the outcome of a bombing.

— editaurus (@davesegal.bsky.social) June 25, 2025 at 9:18 AM

ITMFA: Yesterday, the House voted to table the impeachment article against Trump for “abuse of power” for his unauthorized strikes against Iran. Rep. Al Green had introduced the article of impeachment, saying, “I do this because no one person should have the power to take over 300 million people to war without consulting with the Congress of the United States of America. I do this because I understand that the Constitution is going to be meaningful or it’s going to be meaningless.” The final vote was 344-79, with 344 voting to kill the article. The Washington Dems who voted with Republicans are Kim Schrier, Adam Smith, Marilyn Strickland, Marie Cluesenkamp Perez, Rick Larsen, and Suzan DelBene.

Andrew Cuomo Lost: Zohran Mamdani got 43.5 percent of first-place votes in New York City’s Democratic mayoral primary on Tuesday, while Cuomo only racked up 36.3 percent. The city used rank choice voting, so voters could choose up to five candidates in order of preference. While official results won’t be confirmed until July 1, there’s virtually no way Cuomo could mathematically defeat Mamdani, and Cuomo conceded Tuesday night.

People Say I’m Jealous but My Kink Is Watching Cuomo Cry:

"Andrew Cuomo is visibly upset and people are crying"

— Stella Sacco (@antlervel.vet) June 24, 2025 at 7:34 PM

No Vacation For Congress: Trump wrote on Truth Social yesterday that “NO ONE GOES ON VACATION” until they pass his stupid bill. He also wrote on Truth that Iran and Israel agreed to a ceasefire, but look how that turned out. The bill is currently in the upper chamber, and Senate Majority Leader John Thune wants a vote this week, even though everyone is still arguing over several key provisions. It’s kind of a mess, and maybe Elon wasn’t wrong when he called it a “disgusting abomination.” (Takes one to know one har har.)

Big Balls Is Out: Nineteen-year-old DOGE employee Edward Coristine—known as Big Balls to his grandmother—has left the White House. Neither side is saying why, but the White House confirmed Coristine’s departure, telling WIRED, “Edward Coristine resigned yesterday.” How long before Elon announces that Big Balls is his long-lost love child and the two do an about face money grab and co-author a book called Big Bawls: How Father-and-Son Incels Found the Strength to Feel and go on a multi-year global book tour and spill all of Trump’s secrets?

Seattle’s War on Graffiti Continues: City Attorney Ann Davison wants to make graffiti artists and taggers pay for their own clean-up. She introduced legislation to the city council’s public safety committee that would allow her to use civil litigation against the taggers in addition to criminal prosecution. "These individuals are responsible for extraordinary financial costs to the City and property owners,” she said. But it’s only an extraordinary fiscal cost because you make it an extraordinary fiscal cost, you ding dongs! Last year, Seattle spent more than $6 million to clean up graffiti, and for what? Because some NIMBYs in Shoreline think it makes the city look “trashy” or feel “unsafe”? We have real problems in this city. Grow up.

Speaking of Scams: (Because graffiti clean-up is a scam.) People are getting text messages from the supposed “Seattle Department of Motor Vehicles (BMV)” (their typo, not mine) threatening legal action if they don’t pay fictional traffic tickets “in accordance with Seattle Administrative Code 15C-16.003.” Don’t fall for it! Don’t click the links! Just delete it or report it and move on with your life! You’re better than this!

In Better Local News: Seattle will ban rent-setting software like RealPage! The city council voted unanimously last night to pass the Cathy Moore-sponsored bill. The Seattle Times writes, “The new law bans any service that compiles rent prices, occupancy rates and other data from private or public sources and then uses an algorithm to recommend rent prices to more than one landlord.” GOOD. If you’re unfamiliar, our story earlier this year shows how widespread and problematic such software is (it basically amounts to price-fixing, which is illegal! And artificially inflates our rent). One lawsuit claimed that RealPage-using landlords control almost two thirds of the apartments in Downtown Seattle, Capitol Hill, Central District, South Lake Union, and Queen Anne. 

Is This What Cleaning Up Downtown Looks Like? Seattle’s City Council was busy yesterday! Along with everything else mentioned above, they also voted 6-2 to approve the installation of dozens of eight-foot-tall digital advertising and service kiosks throughout the city. They’re big and ugly and privately owned. CM Sara Nelson says the passive income and service features make it a “win-win for everyone.” She also lives in a fantasy world where glowing advertisements would function as a “gathering place.” CMs Cathy Moore and Alexis Mercedes Rinck voted against them. The first 30 kiosks, to be installed downtown, are expected to draw in “$1.1 million a year,” and that money is required to be used to revitalize downtown. “The bulk of the revenue will go back to IKE Smart City, which is responsible for upkeep of the machines,” writes the Seattle Times. Sounds like a shitty deal. That’ll clean up like one-sixth of the graffiti around here. 

I Wonder How Much It Would Cost to Put This Picture of My Dog at the Corn Palace on the New Advertising Kiosk:

Johnny Waffles. MS

One More Time, Congratulations to New York’s Democratic Mayoral Nominee: 

          View this post on Instagram                      

A post shared by Vulture (@vulture)

18:49

NLnet announces funding for 62 projects [LWN.net]

The NLnet Foundation has announced a new group of projects receiving funding through the Next Generation Internet (NGI) Zero Commons Fund.

Free and open source technologies, open standards, open hardware and open data help to strengthen the open web and the open internet. The projects selected by NLnet all contribute in their own way to this important goal, and will empower end users and the community at large on different layers of the stack. For example, there are people working a browser controlled ad hoc cellular network (Wsdr) which can be used to create small mobile networks where they are needed. The open hardware security key Nitrokey is aiming for formal certification of their implementation of the FIDO2 standard, and will be adding encrypted storage capabilities. There are also more applied technologies: the high end open hardware microscope OpenFlexure will enable among others e-health use cases such as telepathology, allowing medical professionals to work together to help people in more remote areas.

See the announcement for the full list of selected projects and the current projects page for other projects recently funded by NLnet.

Pluralistic: What's a "public internet?" (25 Jun 2025) [Pluralistic: Daily links from Cory Doctorow]


Today's links


The EU flag, with a cluster of blue-tinted fiber optics in its background.

What's a "public internet?" (permalink)

The "Eurostack" is a (long overdue) project to publicly fund a European "stack" of technology that is independent from American Big Tech (as well as other powers' technology that has less hold in Europe, such as Chinese and Russian tech):

https://www.euro-stack.info/

But "technological soveriegnty" is a slippery and easily abused concept. Policies like "national firewalls" and "data localization" (where data on a country's population need to be kept on onshore servers) can be a means to different ends. Data localization is important if you want to keep an American company from funneling every digital fact about everyone in your country to the NSA. But it's also a way to make sure that your secret police can lay hands on population-scale data about anyone they might want to kidnap and torture:

https://doctorow.medium.com/theyre-still-trying-to-ban-cryptography-33aa668dc602

At its worst, "technological sovereignty" is a path to a shattered internet with a million dysfunctional borders that serve as checkpoints where thuggish customs inspectors can stop you from availing yourself of privacy-preserving technology and prevent you from communicating with exiled dissidents and diasporas.

But at its best, "technological sovereignty" is a way to create world-girding technology that can act as an impartial substrate on which all manner of domestic and international activities can play out, from a group of friends organizing a games night, to scientists organizing a symposium, to international volunteer corps organizing aid after a flood.

In other words, "technological sovereignty" can be a way to create a public internet that the whole public controls – not just governments, but also people, individuals who can exercise their own technological self-determination, controlling crucial aspects of their own technology usage, like "who will see this thing I'm saying?" and "whose communications will I see, and which ones can I block?"

A "public internet" isn't the same thing as "an internet that is operated by your government," but you can't get a public internet without government involvement, including funding, regulation, oversight and direct contributions.

Here's an example of different ways that governments can involve themselves in the management of one part of the internet, and the different ways in which this will create more or less "public" internet services: fiber optic lines.

Fiber is the platinum standard for internet service delivery. Nothing else comes even close to it. A plastic tube under the road that is stuffed with fiber optic strands can deliver billions of times more data than copper wires or any form of wireless, including satellite constellations like Starlink:

https://pluralistic.net/2021/03/30/fight-for-44/#slowpokes

(Starlink is the most antifuturistic technology imaginable – a vision of a global internet that gets slower and less reliable as more people sign up for it. It makes the dotcom joke of "we lose money on every sale but make it up in volume" look positively bankable.)

The private sector cannot deliver fiber. There's no economical way for a private entity to secure the rights of way to tear up every street in every city, to run wires into every basement or roof, to put poles on every street corner. Same goes for getting the rights of way to string fiber between city limits across unincorporated county land, or across the long hauls that cross national and provincial or state borders.

Fiber itself is cheap like borscht – it's literally made out of sand – but clearing the thicket of property rights and political boundaries needed to get wire everywhere is a feat that can only be accomplished through government intervention.

Fiber's opponents rarely acknowledge this. They claim, instead, that the physical act of stringing wires through space is somehow transcendentally hard, despite the fact that we've been doing this with phone lines and power cables for more than a century, through the busiest, densest cities and across the loneliest stretches of farmland. Wiring up a country is not the lost art of a fallen civilization, like building pyramids without power-tools or embalming pharoahs. It's something that even the poorest counties in America can manage, bringing fiber across forbidden mountain passes on the back of a mule named "Ole Bub":

https://www.newyorker.com/tech/annals-of-technology/the-one-traffic-light-town-with-some-of-the-fastest-internet-in-the-us

When governments apply themselves to fiber provision, you get fiber. Don't take my word for it – ask Utah, a bastion of conservative, small-government orthodoxy, where 21 cities now have blazing fast 10gb internet service thanks to a public initiative called (appropriately enough) "Utopia":

https://pluralistic.net/2024/05/16/symmetrical-10gb-for-119/#utopia

So government have to be involved in fiber, but how should they involve themselves in it? One model – the worst one – is for the government to intervene on behalf of a single company, creating the rights of way for that company to lay fiber in the ground or string it from poles. The company then owns the network, even though the fiber and the poles were the cheapest part of the system, worth an unmeasurably infinitesimal fraction of the value of all those rights of way.

In the worst of the worst, the company that owns this network can do anything they want with its fiber. They can deny coverage to customers, or charge thousands of dollars to connect each new homes to the system. They can gouge on monthly costs, starve their customer service departments or replace them with mindless AI chatbots. They can skimp on maintenance and keep you waiting for days or weeks when your internet goes out. They can lard your bill with junk fees, or force you to accept pointless services like landlines and cable TV as a condition of getting the internet.

They can also play favorites with local businesses: maybe they give great service to every Domino's pizza place at knock-down rates, and make up for it by charging extra to independent pizza parlors that want to accept internet orders and stream big sports matches on the TV over the bar.

They can violate Net Neutrality, slowing down your connection to sites unless their owners agree to pay bribes for "premium carriage." They can censor your internet any way they see fit. Remember, corporations – unlike governments – are not bound by the First Amendment, which means that when a corporation is your ISP, they can censor anything they feel like:

https://pluralistic.net/2022/12/15/useful-idiotsuseful-idiots/#unrequited-love

Governments can improve on this situation by regulating a monopoly fiber company. They can require the company to assume a "universal service" mandate, meaning they must connect any home or business that wants it at a set rate. Governments can ban junk fees, set minimum standards for customer service and repair turnarounds, and demand neutral carriage. All of this can improve things, though its a lot of work to administer, and the city government may lack the resources and technical expertise to investigate every claim of corporate malfeasance, and to perform the technical analysis to evaluate corporate excuses for slow connections and bungled repairs.

That's the worst model: governments clear the way for a private monopolist to set up your internet, offering them a literally priceless subsidy in the form of rights of way, and then, maybe, try to keep them honest.

Here's the other extreme: the government puts in the fiber itself, running conduit under all the streets (either with its own crews or with contract crews) and threading a fiber optic through a wall of your choice, terminating it with a box you can plug your wifi router into. The government builds a data-center with all the necessary switches for providing service to you and your neighbors, and hires people to offer you internet service at a reasonable price and with reasonable service guarantees.

This is a pretty good model! Over 750 towns and cities – mostly conservative towns in red states – have this model, and they're almost the only people in America who consistently describe themselves as happy with their internet service:

https://ilsr.org/articles/municipal-broadband-skyrocket-as-alternative-to-private-models/

(They are joined in their satisfaction by a smattering of towns served by companies like Ting, who bought out local cable companies and used their rights of way to bring fiber to households.)

This is a model that works very well, but can fail very badly. Municipal governments can be pretty darned kooky, as five years of MAGA takeovers of school boards, library boards and town councils have shown, to say nothing of wildly corrupt big-city monsters like Eric Adams (ten quintillion congratulations to Zohran Mamdani!). If there's one thing I've learned from the brilliant No Gods No Mayors podcast, it's that mayors are the weirdest people alive:

https://www.patreon.com/collection/869728?view=condensed

Remember: Sarah Palin got her start in politics as mayor of Wasilla, Alaska. Do you want to have to rely on Sarah Palin for your internet service?

https://www.patreon.com/posts/119567308?collection=869728

How about Rob Ford? Do you want the crack mayor answering your tech support calls? I didn't think so:

https://www.patreon.com/posts/rob-ford-part-1-111985831

But that's OK! A public fiber network doesn't have to be one in which the government is your only choice for ISP. In addition to laying fiber and building a data-center and operating a municipal ISP, governments can also do something called "essential facilities sharing":

https://transition.fcc.gov/Bureaus/Common_Carrier/Orders/1999/fcc99238.pdf

Governments all over the world did this in the late 1990s and early 2000s, and some do it still. Under an essential facilities system, the big phone company (BT in the UK, Bell in Canada, AT&T and the Baby Bells in the USA) were required to rent space to their competitors in their data centers. Anyone who wants to set up an ISP can install their own switching gear at a telephone company central office and provide service to any business or household in the country.

If the government lays fiber in your town, they can both operate a municipal fiber ISP and allow anyone else to set up their own ISP, renting them shelf-space at the data-center. That means that the town college can offer internet to all its faculty and students (not just the ones who live in campus housing), and your co-op can offer internet service to its members. Small businesses can offer specialized internet, and so can informal groups of friends. So can big companies. In this model, everyone is guaranteed both the right to get internet access and the right to provide internet access. It's a great system, and it means that when Mayor Sarah Palin decides to cut off your internet, you don't need to sue the city – you can just sign up with someone else, over the same fiber lines.

That's where essential facilities sharing starts, but that's not where it needs to stop. When the government puts conduit (plastic tubes) in the ground for fiber, they can leave space for more fiber to fished through, and rent space in the conduit itself. That means that an ISP that wants to set up its own data center can run physically separate lines to its subscribers. It means that a university can do a point-to-point connection between a remote scientific instrument like a radio telescope and the campus data-center. A business can run its own lines between branch offices, and a movie studio can run dedicated lines from remote sound-stages to the edit suites at its main facility.

This is a truly public internet service – one where there is a publicly owned ISP, but also where public infrastructure allows for lots of different kinds of entities to provide internet access. It's insulated from the risks of getting your tech support from city hall, but it also allows good local governments to provide best-in-class service to everyone in town, something that local governments have a pretty great track record with.

The Eurostack project isn't necessarily about fiber, though. Right now, Europeans are thinking about technological sovereignty through the lens of software and services. That's fair enough, though it does require some rethinking of the global fiber system, which has been designed so that the US government can spy on and disconnect every other country in the world:

https://pluralistic.net/2023/10/10/weaponized-interdependence/#the-other-swifties

Just as with the example of fiber, there are a lot of ways the EU and member states could achieve "technological sovereignty." They could just procure data-centers, server software, and the operation of social media, cloud hosting, mobile OSes, office software, and other components of Europeans' digital lives from the private sector – sort of like asking a commercial operator to run your town's internet service.

The EU has pretty advanced procurement rules, designed to allow European governments to buy from the private sector while minimizing corruption and kickbacks. For example, there's a rule that the lowest priced bid that conforms to all standards needs to win the contract. This sounds good (and it is, in many cases) but it's how Newag keeps selling trains in Poland, even after they were caught boobytrapping their trains so they would immobilize themselves if the operator took them for independent maintanance:

https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure

The EU doesn't have to use public-private partnerships to build the Eurostack. They could do it all themselves. The EU and/or member states could operate public data centers. They could develop their own social media platforms, mobile OSes, and apps. They could be the equivalent of the municipal ISP that offers fast fiber to everyone in town.

As with public monopoly ISPs, this is a system that works well, but fails badly. If you think Elon Musk is a shitty social media boss, wait'll you see the content moderation policies of Viktor Orban – or Emmanuel Macron:

https://jacobin.com/2025/06/france-solidarity-urgence-palestine-repression

Publicly owned data centers could be great, but also, remember that EU governments have never given up on their project of killing working encryption so that their security services can spy on everyone. Austria's doing it right now!

https://www.yahoo.com/news/austrian-government-agrees-plan-allow-150831232.html

Ever since Snowden, EU governments have talked a good line about the importance of digital privacy. Remember Angela Merkel's high dudgeon about how her girlhood in the GDR gave her a special horror of NSA surveillance?

https://www.bbc.com/news/world-us-canada-24647268

Apparently, Merkel managed to get over her horror of mass surveillance and back total, unaccountable, continuous digital surveillance over all of Germany:

https://www.hrw.org/news/2021/06/24/germanys-new-surveillance-laws-raise-privacy-concerns

So there's good reasons to worry about having your data – and your apps – hosted in an EU cloud.

To create a European public internet, it's neither necessary nor desirable to have your digital life operated by the EU and its member states, nor by its private contractors. Instead, the EU could make Eurostack a provider of technological public goods.

For example, the EU could work to improve federated social media systems, like Mastodon and Bluesky. EU coders could contribute to the server and client software for both. They could participate in future versions of the standard. They could provide maintenance code in response to bug reports, and administer bug bounties. They could create tooling for server administrators, including moderation tools, both for Mastodon and for Bluesky, whose "composable moderation" system allows users to have the final say over their moderation choices. The EU could perform and/or fund labelling work to help with moderation.

The EU could also provide tooling to help server administrators stand up their own independent Mastodon and Bluesky servers. Bluesky needs a lot of work on this, still. Bluesky's CTO has got a critical piece of server infrastructure to run on a Raspberry Pi for a few euros per month:

https://justingarrison.com/blog/2024-12-02-run-a-bluesky-pds-from-home/

Previously, this required a whole data center and cost millions to operate, so this is great. But this now needs to be systematized, so that would-be Bluesky administrators can download a package and quickly replicate the feat.

Ultimately, the choice of Mastodon or Bluesky shouldn't matter all that much to Europeans. These standards can and should evolve to the point where everyone on Bluesky can talk to everyone on Mastodon and vice-versa, and where you can easily move your account from one server to another, or one service to another. The EU already oversees systems for account porting and roaming on mobile networks – they can contribute to the technical hurdles that need to be overcome to bring this to social media:

https://pluralistic.net/2024/12/14/fire-exits/#graceful-failure-modes

In addition to improving federated social media, the EU and its member states can and should host their own servers, both for their own official accounts and for public use. Giving the public a digital home is great, especially if anyone who chafes at the public system's rules can hop onto a server run by a co-op, a friend group, a small business or a giant corporation with just a couple clicks, without losing any of their data or connections.

This is essential facilities sharing for services. Combine it with public data centers and tooling for migrating servers from and to the public server to a private, or nonprofit, or co-op data-center, and you've got the equivalent of publicly available conduit, data-centers, and fiber.

In addition to providing code, services and hardware, the EU can continue to provide regulation to facilitate the public internet. They can expand the very limited interoperability mandates in the Digital Markets Act, forcing legacy social media companies like Meta and Twitter to stand up APIs so that when a European quits their service for new, federated media, they can stay in touch with the friends they left behind (think of it as Schengen for social media, with guaranteed free movement):

https://www.eff.org/interoperablefacebook

With the Digital Service Act, the EU has done a lot of work to protect Europeans from fraud, harassment and other online horribles. But a public internet also requires protections for service providers – safe harbors and carve outs that allow you to host your community's data and conversations without being dragged into controversies when your users get into flamewars with each other. If we make the people who run servers liable for their users' bad speech acts, then the only entities that will be able to afford the lawyers and compliance personnel will be giant American tech companies run by billionaires like Elon Musk and Mark Zuckerberg.

https://pluralistic.net/2020/12/04/kawaski-trawick/#230

A "public internet" isn't an internet that's run by the government: it's a system of publicly subsidized, publicly managed public goods that are designed to allow everyone to participate in both using and providing internet services. The Eurostack is a brilliant idea whose time arrived a decade ago. Digital sovereignty projects are among the most important responses to Trumpism, a necessary step to build an independent digital nervous system the rest of the world can use to treat the USA as damage and route around it. We can't afford to have "digital soveriegnty" be "national firewalls 2.0" – we need a public internet, not 200+ national internets.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Tit of justice reinstated by Supreme Torturer Gonzales https://web.archive.org/web/20050910170445/http://www.usatoday.com/news/washington/2005-06-24-doj-statue_x.htm

#20yrsago What tomorrow’s Grokster Supreme Court ruling will mean https://web.archive.org/web/20050827114341/https://www.eff.org/deeplinks/archives/003742.php

#15yrsago Toronto’s secret ID law used to arrest G20 protestor https://web.archive.org/web/20100628022932/http://www.thestar.com/news/gta/torontog20summit/article/828372–man-arrested-and-left-in-wire-cage-under-new-g20-law

#10yrsago Why parents in Cincinnati camp out for 16 days to get a kindergarten spot https://medium.com/@hellogerard/waiting-for-kindergarten-62a14d4f1ce5

#10yrsago Stephen Harper ready to sign TPP and throw Tory rural base under the bus https://memex.craphound.com/2015/06/25/stephen-harper-ready-to-sign-tpp-and-throw-tory-rural-base-under-the-bus/

#10yrsago How the UK Prime Minister’s office gets around Freedom of Information requests https://www.independent.co.uk/news/uk/politics/downing-st-accused-of-deliberate-attempts-to-avoid-freedom-of-information-requests-as-exstaff-reveal-automated-deletion-system-10325231.html

#10yrsago They’re tearing down the Adventurer’s Club https://memex.craphound.com/2015/06/25/theyre-tearing-down-the-adventurers-club/

#10yrsago David Byrne and St Vincent celebrate Color Guard with astounding Contemporary Color show https://www.youtube.com/watch?v=K8jSWQtC_fA

#5yrsago 759 Trump atrocities https://pluralistic.net/2020/06/25/canada-reads/#m-o

#5yrsago How Big Tech distorts discourse https://pluralistic.net/2020/06/25/canada-reads/#oii

#1yrago Mirion Malle's "So Long Sad Love" https://pluralistic.net/2024/06/25/missing-step/#the-fog-of-love

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • Enshittification: Why Everything Suddenly Got Worse and What to Do About It, Farrar, Straus, Giroux, October 7 2025
    https://us.macmillan.com/books/9780374619329/enshittification/

  • Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026

  • The Memex Method, Farrar, Straus, Giroux, 2026


Colophon (permalink)

Today's top sources:

Currently writing:

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

18:42

The Big Idea: Chuck Rothman [Whatever]

Royalty is by blood. So what if a princess wakes up in a body that isn’t hers? And what if that body was previously a corpse? Author Chuck Rothman has the answers and is here to share them in the Big Idea for his newest novel, Cadaver PrincessFollow along to see if “blue blood” really does run through royals’ veins.

CHUCK ROTHMAN:

Cunningham’s Law states that the best way to get the right answer on the internet is not to ask a question; it’s to post the wrong answer. The webcomic XKCD created a popular meme where someone is staying up late because someone is wrong on the Internet.

The Cadaver Princess started due to someone being wrong on the Internet.

I am a storyteller. I also like to try to find new ways to do it. No Hero’s Journey for me! No planning, either.  I start with a situation and see where it leads. 

By the time I began writing The Cadaver Princess, I learned to lean into my strengths: short chapters and many point-of-view characters.  I call it a “mosaic novel,” where a bunch of small vignettes slowly reveal the main plot (and subplots). And my goal in all this was to make it all work.

As to how this book began . . . 

Matthew Foster is an excellent critic of fantasy and SF films.  In his review of Boris Karloff’s The Body Snatcher, he said, “There were more movies about Victorian body snatchers than there were Victorian body snatchers.” 

But body snatching was a major concern in 1831.  Cadavers were needed to teach doctors. “Resurrectionists” would dig up the freshly buried, and medical schools would pay for them, no questions asked. People went to some lengths to protect the bodies of their loved ones.

I had learned this from a book called The Italian Boy by Sarah Wise, about a group called the “London Burkers,” led by John Bishop. Obscure today, their actions were more important historically than the better-known Burke and Hare, and, like them, Bishop and his crew didn’t just dig up graves at night: they turned to murder. 

I decided to start with them.  But since I write fantasy, the idea of a cadaver lying on the slab is too mundane, so I had her sit up. And to make the stakes higher, I said she was Princess (later queen) Victoria — in the body of another young woman. 

So I had a setting and an incident.  I started to write about what happened next. 

I spontaneously generate ideas as I write.  Most of what I’ve encountered in books about the period (not counting Dickens) dealt with the upper classes. I wanted to write about the lower classes. 

I had started with the point of view of the anatomist who received the corpse, but after a few short chapters, I realized there was a better main character:  Pablo Mansong, a Black man who had been taken by slavers but was freed before he got to America. The name came from Pablo Fanque. Beatles fans might recognize it; Fanque was a Black circus owner and a major Victorian impresario.

Pablo is quite at home among the poor and the street vendors of London. There are chapters about royalty, but most of the book deals with Pablo and Victoria, including the shock when someone from royalty is face to face with poverty.

I had already dabbled in what I call “hidden history” — fantasy set in a real historical setting, but with fantastic events that are not recorded in history books. I see it as the opposite of alternative history, since it doesn’t change what’s known. But there are plenty of possibilities and ways of dovetailing the events to match the records. 

Since I had introduced Victoria, I had to research her. I read about how she was raised, which gave me motivation for her villain, John Conroy. I also learned of how Victoria’s governess, Baroness Lehzen, tried to protect her charge.

As I write, connections come to me. Sometimes, a scene that’s just for background becomes an unplanned but essential plot element by the end. In one scene I’m describing one of the street vendors of the era. Later on, I realize it is important for a key moment.  

The real joy of writing this was figuring out how to make the connections, and how to make them dramatic. It was like a puzzle, and I enjoy putting all the pieces together. 

But ultimately, the novel originated from Cunningham’s Law: correcting something on the Internet that was wrong. I just turned it into fiction.

Cadaver Princess: Amazon

Author socials: Website|Bluesky

18:07

17:35

Finding Frontier [Scripting News]

I tried an experiment, go back as far as I can in archive.org on scripting.com and see where it gets me. The first try got me to a classified ads site I was experimenting with in mid-November 1996. A few weeks later, on December 3, there was a colorful directory that took you to all the sub-sites on the server, DaveNet, Frontier, Classified ads, our Midas Website (Macintosh Internet Developers Association), DocServer, a BBS, and Guestbook.

I went digging around in the Frontier part. Lots of stuff there. By then we had been working on Frontier for eight years. It had been reborn once, from a Mac-focused single-user scripting environment to a networked one, all because the web had exploded and Apple didn't want us making system software for their platform. 😄

BTW, some of this stuff is still here.

There are lots of paths to try out.

This was where my blog home page was then.

Then to DaveNet, and in the left margin Nerd's guide to this website.

I love the screen shots that show what a good match the Frontier object database was to the way a website is organized.

user.websites.davenet

16:35

[$] Libxml2's "no security embargoes" policy [LWN.net]

Libxml2, an XML parser and toolkit, is an almost perfect example of the successes and failures of the open-source movement. In the 25 years since its first release, it has been widely adopted by open-source projects, for use in commercial software, and for government use. It also illustrates that while many organizations love using open-source software, far fewer have yet to see value in helping to sustain it. That has led libxml2's current maintainer to reject security embargoes and sparked a discussion about maintenance terms for free and open-source projects.

15:49

Your information has been permanently deleted, for small values of permanently [The Old New Thing]

As part of a periodic purge of unused online accounts, I deleted my account from a company ten months ago. Let’s call that company Contoso. I received a confirmation that said, “Your personal information and items associated with your account have now been deleted. This action is permanent and cannot be reversed.”

Yesterday, I got an email from Contoso informing me that they have updated their Privacy Policy.

So I guess their “confirmation” of “permanent” and “irreversible” deletion of my personal information was premature, seeing as they still have my email address.

The post Your information has been permanently deleted, for small values of permanently appeared first on The Old New Thing.

Why do I get errors about some weird symbol called ?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform…, part 1 [The Old New Thing]

A colleague was writing a fuzz test and ran into a build error.

vccorlib.lib(climain.obj) : error LNK2019: unresolved external symbol "?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform@@$00@Platform@@@Z" (?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform@@$00@Platform@@@Z) referenced in function "int __cdecl _main(void)" (?_main@@YAHXZ)

What does this mean?

My colleague was writing a fuzz test in C++, but noted that other parts of the component are written in C++/CX.

I could have guessed that C++/CX was involved because the missing symbol says that it’s a function named main which takes parameters that involve things named Array, String, and Platform.

The signature for the main function in a C++/CX program is

int main(Platform::Array<Platform::String^>^ args)

so that seems to match up with the words we picked out of the decorated name.

(Amusingly, C++/CX is such a black sheep that the linker’s decorated name decoder can’t even decode C++/CX names.)

The usage of this particular fuzz test library is similar to LLVM’s libFuzzer: You define a fuzzing entrypoint that takes a memory block, and the library provides a main function that calls your function repeatedly with different blocks of memory.

We pulled in the Visual Studio team to help figure out why the wrong main function was being requested.

They suggested linking with the /verbose to get more insight into how the linker is working.

      Found mainCRTStartup
        Loaded libcmt.lib(exe_main.obj)

      Found main
        Referenced in LIBCMT.lib(exe_main.obj)
        Loaded vccorlib.lib(main.obj)

      Found "int __cdecl _main(void)" (?_main@@YAHXZ)
        Referenced in vccorlib.lib(main.obj)
        Loaded vccorlib.lib(climain.obj)

vccorlib.lib(climain.obj) : error LNK2019: unresolved external symbol "?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform@@$00@Platform@@@Z" (?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform@@$00@Platform@@@Z) referenced in function "int __cdecl _main(void)" (?_main@@YAHXZ)

The error message says that vccorlib.lib‘s climain.obj has a reference to the weird version of main. Working backward through the verbose output, we see that vccorlib.lib(climain.obj) was in turn added to the binary because it satisfied a search for int __cdecl _main(void) that was requested by vccorlib.lib(main.obj).

The vccorlib.lib(main.obj) was added to the binary because it satisfied a request for main from libcmt.lib(exe_main.obj).

And libcmt.lib(exe_main.obj). was added to the binary because it satisfied a request for mainCRTStartup, which was presumably requested by the linker because this was linked as a console program.

The problem is that the main function was found in vccorlib.lib rather than in the fuzzer library.

The final piece of the puzzle is the linker documentation on the finer points of how it resolves symbols:

Object files on the command line are processed in the order they appear on the command line. Libraries are searched in command line order as well, with the following caveat: Symbols that are unresolved when bringing in an object file from a library are searched for in that library first, and then the following libraries from the command line and /DEFAULTLIB (Specify default library) directives, and then to any libraries at the beginning of the command line.

Okay, now we can piece the story together by working forward.

The linker starts by looking for mainCRTStartup, and that leads to the main, which in turn leads to the wrong int __cdecl _main(). We get the wrong one due to the “symbols that are unresolved when bringing in an object file from a library” rule: The linker got main from vccorlib.lib, so the search for _main begins at vccorlib.lib, and that’s why it finds the one in vccorlib.lib(climain.obj) instead of the one in the fuzzer library.

Now that we understand what happened, we can produce a minimal reproducible example.

>lib.cpp echo void fuzzme(); int __cdecl main(int, char**) { fuzzme(); return 42; }
cl /c lib.cpp
lib /out:lib.lib lib.obj

This first step creates a library which provides a definition of main. This is the minimal version of the fuzzer library.

>fuzzer.cpp echo void fuzzme() {}
cl /c fuzzer.cpp

The next step creates the fuzzer client that the fuzzer library calls.

And then we can try to link it and see what happens.

link /out:fuzzer.exe /subsystem:console fuzzer.obj lib.lib

rem succeeds!

Hm, our attempt to create a minimal reproduction failed. There must be something we are missing.

We’ll continue the investigation next time.

The post Why do I get errors about some weird symbol called ?main@@YAHP$01E$AAV?$Array@PE$AAVString@Platform…, part 1 appeared first on The Old New Thing.

[$] Getting extensions to work with free-threaded Python [LWN.net]

One of the biggest changes to come to the Python world is the addition of the free-threading interpreter, which eliminates the global interpreter lock (GIL) that kept the interpreter thread-safe, but also serialized multi-threaded Python code. Over the years, the GIL has been a source of complaints about the scalability of Python code using threads, so many developers have been looking forward to the change, which has been an experimental feature since Python 3.13 was released in October 2024. Making the free-threaded version work with the rest of the Python ecosystem, especially native extensions, is an ongoing effort, however; Nathan Goldbaum and Lysandros Nikolaou spoke at PyCon US 2025 about those efforts.

15:14

Link [Scripting News]

A preview of how a WordLand linkblog works, which is of course a WordPress site, viewed in my blogroll. When I clicked on the link, I was surprised that it goes to Poynter, and not to the linkblog. But then I remembered that's the point of a linkblog. And it flows through to the feed, and the blogroll software understands. So now I have an end-to-end linkblog.

15:07

LSFMM+BPF 2025 reporting complete [LWN.net]

It took time and the writing of over 60 articles, but LWN's coverage from the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit is now complete. We have also made an EPUB book (13MB) containing the full set of coverage available to all readers. This coverage constitutes the definitive guide to the challenges that these core-kernel communities are facing and their development plans for the coming year.

Documenting an event of this intensity at such a detailed level is not a small undertaking. We are grateful to the Linux Foundation for funding our travel to our event and, especially, to LWN's subscribers for making the whole thing possible. If you appreciate this type of coverage and have not yet subscribed, please sign up today to help make more of it possible.

Feeds

FeedRSSLast fetchedNext fetched after
@ASmartBear XML 21:07, Monday, 30 June 21:48, Monday, 30 June
a bag of four grapes XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Ansible XML 21:07, Monday, 30 June 21:47, Monday, 30 June
Bad Science XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Black Doggerel XML 21:07, Monday, 30 June 21:48, Monday, 30 June
Blog - Official site of Stephen Fry XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Charlie Brooker | The Guardian XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Charlie's Diary XML 21:42, Monday, 30 June 22:30, Monday, 30 June
Chasing the Sunset - Comics Only XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Coding Horror XML 21:42, Monday, 30 June 22:29, Monday, 30 June
Cory Doctorow's craphound.com XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Cory Doctorow, Author at Boing Boing XML 21:07, Monday, 30 June 21:48, Monday, 30 June
Ctrl+Alt+Del Comic XML 21:42, Monday, 30 June 22:30, Monday, 30 June
Cyberunions XML 21:35, Monday, 30 June 22:24, Monday, 30 June
David Mitchell | The Guardian XML 21:00, Monday, 30 June 21:43, Monday, 30 June
Deeplinks XML 21:00, Monday, 30 June 21:44, Monday, 30 June
Diesel Sweeties webcomic by rstevens XML 21:00, Monday, 30 June 21:43, Monday, 30 June
Dilbert XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Dork Tower XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Economics from the Top Down XML 21:00, Monday, 30 June 21:43, Monday, 30 June
Edmund Finney's Quest to Find the Meaning of Life XML 21:00, Monday, 30 June 21:43, Monday, 30 June
EFF Action Center XML 21:00, Monday, 30 June 21:43, Monday, 30 June
Enspiral Tales - Medium XML 21:00, Monday, 30 June 21:45, Monday, 30 June
Events XML 21:42, Monday, 30 June 22:30, Monday, 30 June
Falkvinge on Liberty XML 21:42, Monday, 30 June 22:30, Monday, 30 June
Flipside XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Flipside XML 21:00, Monday, 30 June 21:45, Monday, 30 June
Free software jobs XML 21:07, Monday, 30 June 21:47, Monday, 30 June
Full Frontal Nerdity by Aaron Williams XML 21:42, Monday, 30 June 22:30, Monday, 30 June
General Protection Fault: Comic Updates XML 21:42, Monday, 30 June 22:30, Monday, 30 June
George Monbiot XML 21:00, Monday, 30 June 21:43, Monday, 30 June
Girl Genius XML 21:00, Monday, 30 June 21:43, Monday, 30 June
Groklaw XML 21:42, Monday, 30 June 22:30, Monday, 30 June
Grrl Power XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Hackney Anarchist Group XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Hackney Solidarity Network XML 21:00, Monday, 30 June 21:45, Monday, 30 June
http://blog.llvm.org/feeds/posts/default XML 21:00, Monday, 30 June 21:45, Monday, 30 June
http://calendar.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 21:07, Monday, 30 June 21:47, Monday, 30 June
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 21:00, Monday, 30 June 21:45, Monday, 30 June
http://eng.anarchoblogs.org/feed/atom/ XML 20:56, Monday, 30 June 21:42, Monday, 30 June
http://feed43.com/3874015735218037.xml XML 20:56, Monday, 30 June 21:42, Monday, 30 June
http://flatearthnews.net/flatearthnews.net/blogfeed XML 21:07, Monday, 30 June 21:48, Monday, 30 June
http://fulltextrssfeed.com/ XML 21:00, Monday, 30 June 21:43, Monday, 30 June
http://london.indymedia.org/articles.rss XML 21:42, Monday, 30 June 22:29, Monday, 30 June
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 20:56, Monday, 30 June 21:42, Monday, 30 June
http://planet.gridpp.ac.uk/atom.xml XML 21:42, Monday, 30 June 22:29, Monday, 30 June
http://shirky.com/weblog/feed/atom/ XML 21:00, Monday, 30 June 21:44, Monday, 30 June
http://thecommune.co.uk/feed/ XML 21:00, Monday, 30 June 21:45, Monday, 30 June
http://theness.com/roguesgallery/feed/ XML 21:42, Monday, 30 June 22:30, Monday, 30 June
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 21:35, Monday, 30 June 22:24, Monday, 30 June
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 21:00, Monday, 30 June 21:44, Monday, 30 June
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 21:00, Monday, 30 June 21:42, Monday, 30 June
http://www.baen.com/baenebooks XML 21:00, Monday, 30 June 21:44, Monday, 30 June
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 21:00, Monday, 30 June 21:44, Monday, 30 June
http://www.godhatesastronauts.com/feed/ XML 21:42, Monday, 30 June 22:30, Monday, 30 June
http://www.tinycat.co.uk/feed/ XML 21:07, Monday, 30 June 21:47, Monday, 30 June
https://anarchism.pageabode.com/blogs/anarcho/feed/ XML 21:00, Monday, 30 June 21:44, Monday, 30 June
https://broodhollow.krisstraub.comfeed/ XML 21:07, Monday, 30 June 21:48, Monday, 30 June
https://debian-administration.org/atom.xml XML 21:07, Monday, 30 June 21:48, Monday, 30 June
https://feeds.feedburner.com/Starslip XML 21:00, Monday, 30 June 21:42, Monday, 30 June
https://feeds2.feedburner.com/GeekEtiquette?format=xml XML 21:00, Monday, 30 June 21:43, Monday, 30 June
https://hackbloc.org/rss.xml XML 21:07, Monday, 30 June 21:48, Monday, 30 June
https://kajafoglio.livejournal.com/data/atom/ XML 21:35, Monday, 30 June 22:24, Monday, 30 June
https://philfoglio.livejournal.com/data/atom/ XML 21:42, Monday, 30 June 22:29, Monday, 30 June
https://pixietrixcomix.com/eerie-cutiescomic.rss XML 21:42, Monday, 30 June 22:29, Monday, 30 June
https://pixietrixcomix.com/menage-a-3/comic.rss XML 21:00, Monday, 30 June 21:44, Monday, 30 June
https://propertyistheft.wordpress.com/feed/ XML 21:07, Monday, 30 June 21:47, Monday, 30 June
https://requiem.seraph-inn.com/updates.rss XML 21:07, Monday, 30 June 21:47, Monday, 30 June
https://studiofoglio.livejournal.com/data/atom/ XML 20:56, Monday, 30 June 21:42, Monday, 30 June
https://thecommandline.net/feed/ XML 20:56, Monday, 30 June 21:42, Monday, 30 June
https://torrentfreak.com/subscriptions/ XML 21:00, Monday, 30 June 21:43, Monday, 30 June
https://twitter.com/statuses/user_timeline/22724360.rss XML 21:07, Monday, 30 June 21:47, Monday, 30 June
https://web.randi.org/?format=feed&type=rss XML 21:00, Monday, 30 June 21:43, Monday, 30 June
https://www.dcscience.net/feed/medium.co XML 21:35, Monday, 30 June 22:24, Monday, 30 June
https://www.DropCatch.com/domain/steampunkmagazine.com XML 21:07, Monday, 30 June 21:48, Monday, 30 June
https://www.DropCatch.com/domain/ubuntuweblogs.org XML 20:56, Monday, 30 June 21:42, Monday, 30 June
https://www.DropCatch.com/redirect/?domain=DyingAlone.net XML 21:42, Monday, 30 June 22:29, Monday, 30 June
https://www.freedompress.org.uk:443/news/feed/ XML 21:42, Monday, 30 June 22:30, Monday, 30 June
https://www.goblinscomic.com/category/comics/feed/ XML 21:07, Monday, 30 June 21:47, Monday, 30 June
https://www.loomio.com/blog/feed/ XML 20:56, Monday, 30 June 21:42, Monday, 30 June
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 21:07, Monday, 30 June 21:48, Monday, 30 June
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 21:42, Monday, 30 June 22:29, Monday, 30 June
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 21:00, Monday, 30 June 21:43, Monday, 30 June
https://www.travelthelakes.com/ XML 21:42, Monday, 30 June 22:29, Monday, 30 June
Humble Bundle Blog XML 21:42, Monday, 30 June 22:29, Monday, 30 June
I, Cringely XML 21:42, Monday, 30 June 22:30, Monday, 30 June
Irregular Webcomic! XML 21:07, Monday, 30 June 21:48, Monday, 30 June
Joel on Software XML 20:56, Monday, 30 June 21:42, Monday, 30 June
Judith Proctor's Journal XML 21:07, Monday, 30 June 21:47, Monday, 30 June
Krebs on Security XML 21:07, Monday, 30 June 21:48, Monday, 30 June
Lambda the Ultimate - Programming Languages Weblog XML 21:07, Monday, 30 June 21:47, Monday, 30 June
Looking For Group XML 21:00, Monday, 30 June 21:44, Monday, 30 June
LWN.net XML 21:07, Monday, 30 June 21:48, Monday, 30 June
Mimi and Eunice XML 21:00, Monday, 30 June 21:45, Monday, 30 June
Neil Gaiman's Journal XML 21:07, Monday, 30 June 21:47, Monday, 30 June
Nina Paley XML 21:42, Monday, 30 June 22:29, Monday, 30 June
O Abnormal – Scifi/Fantasy Artist XML 21:00, Monday, 30 June 21:45, Monday, 30 June
Oglaf! -- Comics. Often dirty. XML 21:42, Monday, 30 June 22:30, Monday, 30 June
Oh Joy Sex Toy XML 21:00, Monday, 30 June 21:44, Monday, 30 June
Order of the Stick XML 21:00, Monday, 30 June 21:44, Monday, 30 June
Original Fiction Archives - Reactor XML 21:00, Monday, 30 June 21:42, Monday, 30 June
OSnews XML 21:00, Monday, 30 June 21:45, Monday, 30 June
Paul Graham: Unofficial RSS Feed XML 21:00, Monday, 30 June 21:45, Monday, 30 June
Penny Arcade XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Penny Red XML 21:00, Monday, 30 June 21:45, Monday, 30 June
PHD Comics XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Phil's blog XML 21:42, Monday, 30 June 22:30, Monday, 30 June
Planet Debian XML 21:00, Monday, 30 June 21:45, Monday, 30 June
Planet GNU XML 21:07, Monday, 30 June 21:48, Monday, 30 June
Planet Lisp XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Pluralistic: Daily links from Cory Doctorow XML 21:07, Monday, 30 June 21:47, Monday, 30 June
PS238 by Aaron Williams XML 21:42, Monday, 30 June 22:30, Monday, 30 June
QC RSS XML 21:42, Monday, 30 June 22:29, Monday, 30 June
Radar XML 21:00, Monday, 30 June 21:42, Monday, 30 June
RevK®'s ramblings XML 20:56, Monday, 30 June 21:42, Monday, 30 June
Richard Stallman's Political Notes XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Scenes From A Multiverse XML 21:42, Monday, 30 June 22:29, Monday, 30 June
Schneier on Security XML 21:07, Monday, 30 June 21:47, Monday, 30 June
SCHNEWS.ORG.UK XML 21:00, Monday, 30 June 21:44, Monday, 30 June
Scripting News XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Seth's Blog XML 20:56, Monday, 30 June 21:42, Monday, 30 June
Skin Horse XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Spinnerette XML 21:00, Monday, 30 June 21:44, Monday, 30 June
Tales From the Riverbank XML 21:35, Monday, 30 June 22:24, Monday, 30 June
The Adventures of Dr. McNinja XML 21:00, Monday, 30 June 21:45, Monday, 30 June
The Bumpycat sat on the mat XML 21:07, Monday, 30 June 21:47, Monday, 30 June
The Daily WTF XML 20:56, Monday, 30 June 21:42, Monday, 30 June
The Monochrome Mob XML 21:07, Monday, 30 June 21:48, Monday, 30 June
The Non-Adventures of Wonderella XML 21:00, Monday, 30 June 21:43, Monday, 30 June
The Old New Thing XML 21:00, Monday, 30 June 21:44, Monday, 30 June
The Open Source Grid Engine Blog XML 21:42, Monday, 30 June 22:29, Monday, 30 June
The Stranger XML 21:00, Monday, 30 June 21:45, Monday, 30 June
towerhamletsalarm XML 20:56, Monday, 30 June 21:42, Monday, 30 June
Twokinds XML 21:00, Monday, 30 June 21:42, Monday, 30 June
UK Indymedia Features XML 21:00, Monday, 30 June 21:42, Monday, 30 June
Uploads from ne11y XML 20:56, Monday, 30 June 21:42, Monday, 30 June
Uploads from piasladic XML 21:00, Monday, 30 June 21:43, Monday, 30 June
Use Sword on Monster XML 21:42, Monday, 30 June 22:29, Monday, 30 June
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 20:56, Monday, 30 June 21:42, Monday, 30 June
what if? XML 21:07, Monday, 30 June 21:48, Monday, 30 June
Whatever XML 21:35, Monday, 30 June 22:24, Monday, 30 June
Whitechapel Anarchist Group XML 21:35, Monday, 30 June 22:24, Monday, 30 June
WIL WHEATON dot NET XML 21:00, Monday, 30 June 21:44, Monday, 30 June
wish XML 21:00, Monday, 30 June 21:45, Monday, 30 June
Writing the Bright Fantastic XML 21:00, Monday, 30 June 21:44, Monday, 30 June
xkcd.com XML 21:00, Monday, 30 June 21:43, Monday, 30 June