Thursday, 22 January

18:14

Slog AM: ICE Detained 5-Year-Old Near Minneapolis, Chicago Children’s Hospital Pauses Trans Care, Anti-ICE Protester Arrested for Disrupting Church Service [The Stranger]

The Stranger's morning news roundup. by Micah Yip

ICE Detains a 5-Year-Old near Minneapolis: And tried to use him as bait to catch his family. On Tuesday, Liam Conejo Ramos had just been picked up from school when masked agents apprehended him and his father in the driveway. MPR reported that another adult living at the house begged agents to let the boy stay. The agents then marched Liam up to the door and made him knock, hoping this would lure his family members out of the house. Nobody answered the door, and ICE took Liam and his dad away. Their lawyer thinks they’re in a family holding cell in Texas, but isn’t entirely sure. Liam is one of four students in the same school district north of Minneapolis that have been detained by ICE over the last two weeks.

ICE at Our Own Schools: Seattle Public Schools (SPS) is dealing with the aftermath of at least six schools sheltering-in-place Tuesday after unconfirmed reports of ICE activity in South Seattle. At last night’s school board meeting, half a dozen parents, teachers and community members spoke about how stressful that day was. Interim Superintendent Fred Podesta said district policy tells principals when they should order a shelter-in-place, which has worked well for local law enforcement activity. But federal law enforcement? Folks were having to make decisions on the basis of unconfirmed information and little risk assessment. Podesta thinks SPS hasn’t given its school leaders the tools needed to deal with ambiguous ICE reports, and they’re going to correct that. It’s unclear how the district will correct that.

More Local ICE Stuff: The feds have a plan to expand Tacoma’s Northwest ICE Processing Center, adding five courtrooms, airport services for deportation, and 60 additional beds for detainees. It hasn’t been approved yet.

Open Up: For years, legal aid groups have advised immigrants not to open the door for ICE unless agents have a warrant signed by a judge. But according to a May 2025 memo obtained by the Associated Press, ICE claims it doesn’t need a warrant and can forcibly enter certain homes. The memo permits ICE to enter based only on a narrow administrative warrant for a final order of removal. But without the judicial warrant, the arrest is unconstitutional, as it violates the Fourth Amendment’s protections against unlawful search and seizure. But ICE has been violating the Fourth Amendment for years, so this memo just validates that.

Minneapolis Church ICE Protester Arrested: On Sunday, activist and civil rights attorney Nekima Levy Armstrong led a protest to disrupt service at Cities Church, where one of the pastors is also a local ICE official. Now, she’s been arrested, according to an X post by US Attorney General Pam Bondi, writing, “WE DO NOT TOLERATE ATTACKS ON PLACES OF WORSHIP.” It’s unclear what crime Levy Armstrong has been charged with, but the Justice Department has said they’re considering prosecuting her under the Freedom of Access to Clinic Entrances (FACE) Act, which prohibits physically interfering with a person seeking reproductive services or trying to participate at a house of worship.

‘Catch of the Day’: That’s what the feds have named their newest ICE operation in Maine. Yesterday, the Associated Press reported a surge of ICE arrests in the state, stoking fear in larger cities likePortland and Lewiston. Maine doesn’t have a large undocumented population, but it does have thousands of African refugees, particularly from Somalia, who’ve been targeted by this administration. Portland’s mayor, Mark Dion, said the city council stands with their immigrant communities, and citizens have formed ICE alert networks.

Chicago Hospital Pauses Trans Youth Care: Housing one of the oldest gender-affirming care programs in the nation, Chicago’s Lurie Children’s Hospital won’t issue new prescriptions for puberty blockers and hormones to children and teens. The switch comes less than a week after the Trump administration announced Lurie, along with five other hospitals, including Doernbecher Children’s Hospital in Oregon, was being referred for an investigation by the Department of Health and Human Services. A Chicago trans advocacy group called the hospital’s decision “pre-compliance,” pointing out that no funding had yet been pulled.

Kidfluencers: State Rep. Kristine Reeves wants to prevent another Ruby Franke (the Utah family vlogger who ran the popular YouTube channel “8 Passengers” before being arrested for severe child abuse) in Washington. She’s sponsored House Bill 2400, which would establish legal protections for  child influencers, like trust accounts for their earnings and the ability to remove their content from the internet once they become adults. Think of them like Hollywood’s child actors, Reeves said: these kids are working and deserve the same protections from exploitation and long hours.

FEMA Flood Aid: Yesterday, Gov. Bob Ferguson asked the Trump administration for $21.3 million in FEMA assistance to help people whose homes were damaged by last month’s flooding. If Ferguson’s request is granted, the program would provide up to $43,600 for housing, repairs, and other needs. But it could take months. Though Trump did approve FEMA search-and-rescue help in the immediate aftermath of the floods in December, the President likes to withhold aid from blue states.

2 Line: A Seattle Times reporter joined South Transit and Mayor Katie Wilson for a practice trip on the new 2 Line across Lake Washington. Sound Transit CEO Dow Constantine said the route connecting the International District to Bellevue will open this spring. Officials will share the launch date tomorrow. 

Key Takeaways From Trump’s Davos Speech: Trump is obsessed with Greenland, and droned on about how the US needs the semiautonomous Danish territory for national and international security because Denmark is too weak to protect it. He claimed he wouldn’t use force to take Greenland, but the man’s a known liar. He said some other annoying shit, which you can read about here.

A Reminder That It’s Thursday. We’re almost to the weekend, guys. Hang in there. This morning, we’ll see freezing fog, before a chilly day with sun and clouds. KUOW reported that yesterday was Seattle’s ninth straight day without rain, and it looks like we’re going into our 10th. The high will be 42 degrees and the low will be 33.  

Now, a word from Megan:

Don’t Forget to Send Us Your Valentines! We’re filling our February issue (on stands February 4!) with hundreds of your love notes! Just head over to thestranger.com/valentines and spill your heart in 150 characters or less and we’ll put it in the pages of The Stranger! For FREE! But you gotta hurry. Only the first 500 entries are guaranteed to appear in the paper, and submissions must be received by 5 pm on Friday, January 23, for possible inclusion. And new this year: The first 20 people to purchase a new one-year subscription to the print edition of The Stranger can get a super-sized valentine! Just buy your subscription here, and then forward your receipt to valentines@thestranger.com using the same email address you used when submitting your valentine message, and we'll display your message in larger font with an extra cute design! Cuuuute!

18:07

[$] Linux Kernel Runtime Guard reaches its 1.0 release [LWN.net]

The Linux Kernel Runtime Guard (LKRG) is a out-of-tree loadable kernel module that attempts to detect and report violations of the kernel's internal invariants, such as might be caused by an in-progress security exploit or a rootkit. LKRG has been experimental since its initial release in 2018. In September 2025, the project announced the 1.0 version. With the promises of stability that version brings, users might want more information to decide whether to include it in their kernel.

Pluralistic: The petty (but undeniable) delights of cultivating unoptimizability as a habit (22 Jan 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


A pegboard into which a square peg has been jammed, cracking the surface. The background is a messy, indistinct pile of papers.

The petty (but undeniable) delights of cultivating ungovernability as a habit (permalink)

I am on record as being skeptical of the notion that if you shop very carefully, you can make society better. "Conscious consumption" is not a tool for structural change, and any election that requires you to "vote with your wallet" is always won by the people with the thickest wallets (statistically speaking, that's not you):

https://pluralistic.net/2025/09/13/consumption-choices/#marginal-benefits

Now, that's not to say that boycotts are useless. But a boycott is a structured and organized campaign. The Montgomery bus boycott wasn't a matter of a bunch of people waking up one morning and saying, "You know what, fuck it, I'm gonna walk today":

https://en.wikipedia.org/wiki/Montgomery_bus_boycott

The Montgomery bus boycott was an organized project, put together by a powerful membership organization, the NAACP, that demanded far more of its members than merely shopping very carefully. The boycott was the end stage of an organized resistance, not a substitute for it.

The problem with "conscious consumption" is that it comes out of the neoliberal tradition in which every political matter is supposedly determined by your individual actions, and not your actions as part of a union or other political institution that works as a bloc to overthrow the status quo.

"Conscious consumption" arises out of the tradition that gave us Margaret Thatcher's maxim, "There is no such thing as society. There are individual men and women and there are families and no government can do anything except through people and people look to themselves first."

Any attempt to change society by shopping very carefully is destined to fail, but it's worse than that. Because "shopping very carefully" never makes systemic change, its practitioners inevitably decide the reason they're not seeing the change they yearn for is that their allies aren't shopping carefully enough. This turns the careful shopper into a cop who polices other people's consumption, demanding that they stop eating some foodstuff or using Twitter or watching HBO Max. Squabbling over whether using a social media network makes you a Nazi generates far more heat than light – so much heat that it incinerates the solidarity you need to actually fight Nazis.

Which is not an argument against boycotts! Boycotts work. If boycotts didn't work, then genocide apologists wouldn't be apoplectic over the BDS movement:

https://bdsmovement.net/

But a "boycott" isn't the same thing as "you and your social circle deciding that buying the wrong product makes you a Bad Person and then devoting your energies to scolding your allies for choosing Coke instead of Pepsi." Boycotts are downstream of organizing; they are not a substitute for organizing. There is such a thing as society.

Now, all that said, I will confess: I sometimes do something that looks a lot like "shopping very carefully," and when I do, I derive enormous satisfaction from it (but I am always careful not to mistake my tiny victories for political action). But I get it, honestly, I do. Sometimes, "shopping very carefully" is a way to eke out a tiny, personal victory in the face of overwhelming odds against a wildly overmatched opponent. That feels very good.

One example would be patronizing my local repair shop (or fixing my stuff myself). The big structural barriers to repair are things like "parts pairing":

https://pluralistic.net/2024/05/24/record-scratch/#autoenshittification

And manufacturers who abuse trademark law to get CBP to seize refurbished parts at the border:

https://www.shacknews.com/article/108049/apple-repair-critic-louis-rossmann-takes-on-us-customs-counterfeit-battery-seizure

The repair problem isn't that your neighbors are "sheeple" who've had their minds warped by a "throwaway society." The problem is that technical and legal countermeasures have made repair so hard and unprofitable that getting your stuff fixed is more expensive and time-consuming than it needs to be.

That said: I love going to my local repair shop. I love fixing things on my own. It's great. It makes me feel great. I think you should do it because it may make you feel great, too, and it'd be nice for you to support your local fix-it place, but let's not pretend that we'll change society that way.

Here's another example: for the past couple years, I've been navigating a (thankfully very treatable) cancer diagnosis. The fact that my cancer is very treatable doesn't mean it's easily treated. America's shitty, for-profit healthcare system is terrible at the best of times, and nearly unnavigable when coping with a complex condition that crosses a lot of disciplinary lines and requires access to specialized, expensive equipment.

I'm asymptomatic, so the hardest part of having cancer – so far – is fighting the Kaiser bureaucracy to make sure my treatment goes off as planned:

https://pluralistic.net/2024/11/05/carcinoma-angels/#squeaky-nail

The fact that the different Kaiser departments drop so many balls when handing off care between them means that I have to juggle those balls for them. I make extensive use of organizational tactics like "suspense files," which are a kind of inverted to-do list, in that they let you manage other people's to-do lists, rather than your own:

https://pluralistic.net/2024/10/26/one-weird-trick/#todo

(In case you're wondering, the best part of having cancer is that Kaiser comps 100% of your parking! Free cancer parking!)

Now, I also make sure to note each of Kaiser's failures and I raise grievances and California health ombudsman complaints for each one – not because I'm angry and want an apology, but because I'm a well-organized, native English-speaking cancer patient with no symptoms, which means that I can do the advocacy that other people can't, and help them (I also track these complaints with suspense files, calendar entries, etc, to make sure that they're followed through).

Partly, I'm able to do this because I'm very organized. I'm not organized because I worship at the cult of "personal productivity"; I'm definitely Jenny Odell-pilled on that score:

https://memex.craphound.com/2019/04/09/how-to-do-nothing-jenny-odells-case-for-resisting-the-attention-economy/

I'm organized because I pursue The Way of Jim Munroe's "Time Management for Anarchists" ("once I learned how to make my own structure, I was able to kick my expensive boss habit and work on my own"):

https://jimmunroe.net/comics/pamphlets/time_management_for_anarchists/time_management_for_anarchists.html

Having invested a lot of energy into being organized, I now get massive discounts on dealing with other people's shit. Remember: giant corporations and other remorseless bureaucracies throw up roadblocks on the assumption that you will be a "rational economic actor." The airline assumes that if it costs you 15 hours to collect on the $50 voucher you're entitled to, you will just let them steal $50 from you. But once you get organized enough, you can cut that 15-hour investment down to a 15-minute one, and I will absolutely trade 15 minutes of dealing with an airline's bullshit for $50 of that airline's money.

(Why yes, Air Canada did fuck me over on Jan 3 and get me home at 5AM the next day, instead of 730PM the night before; and yes, they did deny my compensation claim; and yes, I have filed an appeal with the Canada Transport Agency; why do you ask?)

One of my favorite podcasts is "An Arm and a Leg," which divides itself between deep dive structural analyses into how corrupt and ghastly American medical billing is, and enumerations of sweet hacks that ninja bill-fighters have come up with to slice through the billing labyrinth your insurer and hospital trap you in and cut straight to the bullseye:

https://armandalegshow.com/

For example, the latest episode tells the story of med student Thomas Sanford, who figured out that hospitals were stealing billions of dollars every year from the poorest people in America, who were all entitled to have their medical bill canceled. He founded Dollarfor, a nonprofit that helps patients get their medical debt canceled:

https://armandalegshow.com/episode/our-favorite-project-of-2025-levels-up-and-you-can-help/

Dollarfor now has an automated tool that guides you through a survey and then generates and files the completed, hospital-specific paperwork needed to get your medical debt canceled (they've made versions of this for every hospital in America!):

https://dollarfor.org/

(If you're a health worker, here's a printable guide with QR codes that you can clip to your lanyard and show to patients while you deliver care):

https://drive.google.com/file/d/14cfwK66A_mfBBBqn35_Lp7930uoY-73f/view

Now, the real problem here isn't that hospitals steal billions from charity cases: it's that America has a garbage for-profit healthcare system that kills and bankrupts people at scale. Dollarfor is amazing, but it's not going to fix that problem. I don't know Sanford, but I bet if you asked him, he'd agree with this, and say something like, "Yes, and I'm helping people not have their lives destroyed by this garbage system, which is good unto itself; and also, it might give them the free time and wherewithal to participate in movements to overthrow the garbage system."

I really dote on the fact that Dollarfor has literally built a different version of their tool for every single hospital in the country. It's a perfect example of how turning yourself into a highly organized adversary can overcome the time-based economics our enemies rely on to keep their garbage systems intact.

Whenever I think of this stuff, I flash on two pop-culture references that made a deep impression on me. The first comes from 1985's Real Genius, Val Kilmer's best ever movie (fight me!). Real Genius is set at a fictionalized version of Caltech in which young prodigies slowly discover that their scumbag prof has tricked them into working on a weapons contract for the DoD.

This being fictional-Caltech, there are all these scenes in which very smart people do weird and amazing things. At one point, we learn that there's a former child prodigy living in the basement under the dorms, a guy named Lazlo Hollyfeld who became a hermit after discovering that he, too, had been duped into working on a baby-killer project. We get these tantalizing glimpses of Lazlo in his subterranean redoubt, where he has built some kind of giant Rube Goldberg machine that is engaged in a mysterious mechanical process that involves manipulating cards of some sort.

At the film's denouement (spoiler alert for a 40 year old movie), we discover what he was doing:

Lazlo: These are entries into the Frito-Lay Sweepstakes. "No purchase necessary, enter as often as you want" – so I am.

Chris: That's great! How many times?

Lazlo: Well, this batch makes it one million six hundred and fifty thousand. I should win thirty-two point six percent of the prizes, including the car.

Chris: That kind of takes the fun out of it, doesn't it?

Lazlo: They set up the rules, and lately I've come to realize that I have certain materialistic needs.

https://www.youtube.com/watch?v=I6kBfBXZBdc

Then there's a scene from the otherwise tepid (fight me!) Batman Returns (1992) in which we encounter the Penguin in his subterranean redoubt, brandishing pages full of kompromat that have been laboriously taped together:

The Penguin: What about the documents that prove you own half the firetraps in Gotham City?

Maximillian 'Max' Shreck: If there were such documents – and that's not an admission – I would have seen to it they were shredded.

The Penguin: Ah, good idea! [pulls out a sheaf of documents]

The Penguin: A lot of tape and a little patience make all the difference.

https://www.imdb.com/title/tt0103776/quotes/

Both Lazlo and the Penguin are defeating the time-based security assumptions of their adversaries. Frito Lay treats filling in 1.65m sweepstakes entries as the same thing as filling in infinity entries; Max Schrek treats the time needed to piece together shredded paper as infinite. Rounding a very large number up to infinity isn't entirely irrational, but once you get organized enough, you just might be able to find the time – or a system – to bring that very big number down to an entirely tractable value.

Yes, this is a species of "careful shopping" but my point isn't to say that shopping carefully is useless – rather, that it's a drastic error to mistake this useful (and surprisingly satisfying) tactic for a strategy that will truly alter the system.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Karl Schroeder's "Ventus" https://www.mindjack.com/books/ventus.html

#20yrsago Hollywood’s Canadian MP plagiarizes entertainment industry in op-ed https://web.archive.org/web/20060814015107/http://www.michaelgeist.ca/index.php?option=com_content&task=view&id=1082

#20yrago Pope: Divine inspiration is copyrighted https://web.archive.org/web/20070219175621/http://www.timesonline.co.uk/tol/news/world/europe/article717916.ece

#10yrsago Gay Tory MP outs himself as a “poppers” user, slams proposed ban https://web.archive.org/web/20160122212659/https://www.msn.com/en-gb/news/uknews/mp-crispin-blunt-admits-using-poppers-while-attacking-proposed-ban/ar-BBotElv

#10yrsago Donald Trump’s dad was Woody Guthrie’s hated Klansman landlord https://theconversation.com/woody-guthrie-old-man-trump-and-a-real-estate-empires-racist-foundations-53026

#5yrsago How one of America's most abusive employers gets away with it https://pluralistic.net/2021/01/22/paperback-writer/#toothless

#1yrago EFF's transition memo for the Biden admin https://pluralistic.net/2021/01/22/paperback-writer/#memo

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Memex Method," Farrar, Straus, Giroux, 2026

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1023 words today, 12377 total)

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

17:28

A simple helper function for attaching a progress handler to a Windows Runtime IAsync­Action­With­Progress or IAsync­Operation­With­Progress [The Old New Thing]

The Windows Runtime has interfaces IAsync­Action and IAsync­Operation<T> which represent asynchronous activity: The function starts the work and returns immediately, and then it calls you back when the work completes. Most language projections allow you to treat these as coroutines, so you can await or co_await them in order to suspend execution until the completion occurs.

There are also progress versions of these interfaces: IAsync­Action­With­Progress<P> and IAsync­Operation­With­Progress<T, P>. In addition to having a completion callback, you can also register a callback which will be called to inform you of the progress of the operation.

The usual usage pattern is

// C++/WinRT
auto operation = DoSomethingAsync();
operation.Progress([](auto&& op, auto&& p) { ⟦ ... ⟧ });
auto result = co_await operation;

// C++/CX
IAsyncOperation<R^, P>^ operation = DoSomethingAsync();
operation->Progress = ref new AsyncOperationProgressHandler<R^, P>(
    [](auto op, P p) { ⟦ ... ⟧ });
R^ result = co_await operation;

// C#
var operation = DoSomethingAsync();
operation.Progress += (op, p) => { ⟦ ... ⟧ };
var result = await operation;

// JavaScript
var result = await DoSomethingAsync()
                .then(null, null, p => { ⟦ ... ⟧ });

The JavaScript version is not too bad: You can attach the progress to the Promise and then await the whole thing. However, the other languages are fairly cumbersome because you have to declare an extra variable to hold the operation, so that you can attach the progress handler to it, and then await it. And in the C++ cases, having an explicitly named variable means that it is no longer a temporary, so instead of destructing at the end of the statement, it destructs when the variable destructs, which could be much later.

Here’s my attempt to bring the ergonomics of JavaScript to C++ and C#.

// C++/WinRT
template<typename Async, typename Handler>
Async const& with_progress(Async&& async, Handler&& handler)
{
    async.Progress(std::forward<Handler>(handler));
    return std::forward<Async>(async);
}

// C++/CX
template<typename Async, typename Handler>
Async with_progress(Async async, Handler handler)
{
    async->Progress = handler;
    return async;
}

// C#
static Async WithProgress<Async, Handler>(this Async async, Handler handler)
{
    async.Progress += handler;
    return async;
}

These functions don’t do much, but they save you the trouble of having to name your operations.

// C++/WinRT
auto result = co_await with_progress(DoSomethingAsync(),
            [](auto&& op, auto&& p) { ⟦ ... ⟧ });

// C++/CX
R^ result = co_await with_progress(DoSomethingAsync(),
            ref new AsyncOperationProgressHandler<R^, P>(
            [](auto op, P p) { ⟦ ... ⟧ });

// C#
var result = await DoSomethingAsync()
                .WithProgress((op, p) => { ⟦ ... ⟧ });

The post A simple helper function for attaching a progress handler to a Windows Runtime IAsync­Action­With­Progress or IAsync­Operation­With­Progress appeared first on The Old New Thing.

16:42

Nekoware resurrected: freeware and open source repository for IRIX [OSnews]

If you have any interest in SGI’s IRIX or used IRIX back when it was still current, you’re undoubtedly aware of Nekoware, a collection of freeware for IRIX, maintained and kept up-to-date as much as possible. After stagnating in 2015 and a few failed restarts and some infighting (apparently), the project finally relaunched somewhere last year, and a new quarterly release was pushed out.

Nekoware 2025Q4 is a clean break from previous releases, and requires that users fully remove any traces of previous installations. It contains the kinds of packages these freeware/open source collections for classic UNIX tended to contain: tons of common open source libraries, command-line tools, and more, including a few emulators. You’ll need IRIX 6.5.21 or newer, running on at least a MIPS R5000 processor-equipped SGI machine.

Planning for and work on the next release is already underway, and a brand new Nekoware SDK has been released as well, which provides bootstrap functionality and addresses the problem of having to build Nekoware on unstable IRIX environments. Seeing Nekoware resurrected is great news for the surprisingly active IRIX community.

As a HP-UX user, I feel some envy.

15:56

KIM-1 turns 50 [OSnews]

In January 1976, MOS Technologies presented a demonstration computer for their recently developed 6502 processor. MOS, which was acquired by Commodore later that year, needed to show the public what their low-cost processor was able to. The KIM-1 single board computer came fully assembled with an input keypad, a six-digit LED display, and complete documentation. It was intended for developers, but it turned out that at a price of only $249 the computer was the ideal playground for hobbyists, who could now afford a complete computer.

The unforgettable Jim Butterfield described it like this back in 1999:

But suddenly there was the KIM-1. It was fully assembled (although you had to add a power supply). Everybody’s KIM-1 was essentially the same (although the CPU added an extra instruction during the KIM-1’s production life).

And this created something that was never before part of the home computer phenomenon: users could quite happily exchange programs with each other; magazines could publish such programs; and people could talk about a known system.

We knew the 6502 chip was great, but it took quite a while to convince the majority of computer hobbyists. MOS Technology offered this CPU at a price that was a fraction of what the other available chips cost. We faced the attitude that “it must be no good because it’s too cheap,” even though the 6502, with its pipelined architecture, outperformed the 8080 and the 6800.”

↫ Jim Butterfield

Even though there would soon be better equipped and faster home computers (mostly based on the 6502) and the KIM-1 vanished from the collective minds, the home computer revolution started  50 years ago in Jan 1976. Hans Otten keeps the memory alive on his homepage, where you can find a full collection of information about single-board computers and especially the KIM-1.

15:07

30 years of ReactOS [LWN.net]

ReactOS, an open-source project to develop an operating system that is compatible with Microsoft Windows NT applications and drivers, is celebrating 30 years since the first commit to its source tree. In that time there have been more than 88,000 commits from 301 contributors, for a total of 14,929,578 lines of code. There is, of course, much left to do.

It's been such a long journey that many of our contributors today, including myself, were not alive during this event. Yet our mission to deliver "your favorite Windows apps and drivers in an open-source environment you can trust" continues to bring people together. [...]

We're continuing to move ReactOS forward. Behind the scenes there are several out-of-tree projects in development. Some of these exciting projects include a new build environment for developers (RosBE), a new NTFS driver, a new ATA driver, multi-processor (SMP) support, support for class 3 UEFI systems, kernel and usermode address space layout randomization (ASLR), and support for modern GPU drivers built on WDDM.

Rust 1.93.0 released [LWN.net]

Version 1.93.0 of the Rust programming language has been released. Notable changes include in updated version of the bundled musl library, thread-local storage for the global allocator, some asm! improvements, and a number of newly stabilized APIs.

14:42

Link [Scripting News]

Happy to say the Knicks won last night in convincing 2026 mode after I doubted them in Tuesday's post (perhaps they read my blog?). And after I asked if Greenland was the Sudetenland of our time, Trump did his famous TACO thing and said hey I was just kidding, so we don't have to ask if Canada will be this generation's Austria, or Poland? Now I have to say the Knicks beat the Nets, often referred to as the Knicks' "cross-town rivals" by sports announcers who know nothing about New York sports. The same team Kevin Durant said was the new cool NBA team from NYC (it wasn't and isn't and it turns out no one cared what KD said, certainly not basketball fans from the city).

14:21

Security updates for Thursday [LWN.net]

Security updates have been issued by AlmaLinux (gpsd), Debian (inetutils and modsecurity-crs), Fedora (cpp-httplib, curl, mariadb11.8, mingw-libtasn1, mingw-libxslt, mingw-python3, rclone, and rpki-client), Oracle (gimp, glib2, go-toolset:rhel8, golang, kernel, mariadb-devel:10.3, and thunderbird), Red Hat (buildah, go-toolset:rhel8, golang, grafana, kernel, kernel-rt, multiple packages, openssl, osbuild-composer, podman, and skopeo), Slackware (bind), SUSE (ffmpeg-4, libsodium, libvirt, net-snmp, open-vm-tools, ovmf, postgresql17, postgresql18, python-FontTools, python-weasyprint, and webkit2gtk3), and Ubuntu (glib2.0 and opencc).

13:56

AI in the Office [Radar]

My father spent his career as an accountant for a major public utility. He didn’t talk about work much; when he engaged in shop talk, it was generally with other public utility accountants, and incomprehensible to those who weren’t. But I remember one story from work, and that story is relevant to our current engagement with AI.

He told me one evening about a problem at work. This was the late 1960s or early 1970s, and computers were relatively new. The operations division (the one that sends out trucks to fix things on poles) had acquired a number of “computerized” systems for analyzing engines—no doubt an early version of what your auto repair shop uses all the time. (And no doubt much larger and more expensive.) There was a question of how to account for these machines: Are they computing equipment? Or are they truck maintenance equipment? And it had turned into a kind of turf war between the operations people and the people we’d now call IT. (My father’s job was less about adding up long columns of figures than about making rulings on accounting policy issues like this; I used to call it “philosophy of accounting,” with my tongue not entirely in my cheek.)

My immediate thought was that this was a simple problem. The operations people probably want this to be considered computer equipment to keep it off their budget; nobody wants to overspend their budget. And the computing people probably don’t want all this extra equipment dumped onto their budget. It turned out that was exactly wrong. Politics is all about control, and the computer group wanted control of these strange machines with new capabilities. Did operations know how to maintain them? In the late ’60s, it’s likely that these machines were relatively fragile and contained components like vacuum tubes. Likewise, the operations group really didn’t want the computer group controlling how many of these machines they could buy and where to place them; the computer people would probably find something more fun to do with their money, like leasing a bigger mainframe, and leaving operations without the new technology. In the 1970s, computers were for getting the bills out, not mobilizing trucks to fix downed lines.

I don’t know how my father’s problem was resolved, but I do know how that relates to AI. We’ve all seen that AI is good at a lot of things—writing software, writing poems, doing research—we all know the stories. Human language may yet become a very-high-level, the highest-possible-level, programming language—the abstraction to end all abstractions. It may allow us to reach the holy grail: telling computers what we want them to do, not how (step-by-step) to do it. But there’s another part of enterprise programming, and that’s deciding what we want computers to do. That involves taking into account business practices, which are rarely as uniform as we’d like to think; hundreds of cross-cutting and possibly contradictory regulations; company culture; and even office politics. The best software in the world won’t be used, or will be used badly, if it doesn’t fit into its environment.

Politics? Yes, and that’s where my father’s story is important. The conflict between operations and computing was politics: power and control in the context of the dizzying regulations and standards that govern accounting at a public utility. One group stood to gain control; the other stood to lose it; and the regulators were standing by to make sure everything was done properly. It’s naive of software developers to think that’s somehow changed in the past 50 or 60 years, that somehow there’s a “right” solution that doesn’t take into account politics, cultural factors, regulation, and more.

Let’s look (briefly) at another situation. When I learned about domain-driven design (DDD), I was shocked to hear that a company could easily have a dozen or more different definitions of a “sale.” Sale? That’s simple. But to an accountant, it means entries in a ledger; to the warehouse, it means moving items from stock onto a truck, arranging for delivery, and recording the change in stocking levels; to sales, a “sale” means a certain kind of event that might even be hypothetical: something with a 75% chance of happening. Is it the programmer’s job to rationalize this, to say “let’s be adults, ‘sale’ can only mean one thing”? No, it isn’t. It is a software architect’s job to understand all the facets of a “sale” and find the best way (or, in Neal Ford’s words, the “least worst way”) to satisfy the customer. Who is using the software, how are they using it, and how are they expecting it to behave?

Powerful as AI is, thought like this is beyond its capabilities. It might be possible with more “embodied” AI: AI that was capable of sensing and tracking its surroundings, AI that was capable of interviewing people, deciding who to interview, parsing the office politics and culture, and managing the conflicts and ambiguities. It’s clear that, at the level of code generation, AI is much more capable of dealing with ambiguity and incomplete instructions than earlier tools. You can tell C++ “Just write me a simple parser for this document type, I don’t care how you do it.” But it’s not yet capable of working with the ambiguity that’s part of any human office. It isn’t capable of making a reasoned decision about whether these new devices are computers or truck maintenance equipment.

How long will it be before AI can make decisions like those? How long before it can reason about fundamentally ambiguous situations and come up with the “least worst” solution? We will see.

13:49

A Very Mid Attempt To Incorporate More Protein Into My Dinner [Whatever]

I have never been one to care too much about the amount of protein a meal has, but sometimes I see a recipe on Instagram that boasts low calories and high protein and actually looks good, and I find myself tempted to try them out. I mean, if I can eat something healthy-ish and it tastes good, then it’s a win-win, right?

So, after seeing this Buffalo Chicken Hot Pocket recipe, I decided to give it a shot. It seemed like as good a place as any to start with higher protein meals.
View this post on Instagram

Even though the recipe looks long, it’s all pretty simple ingredients, though I did have to go buy quite a few.

So let’s talk about how “quick and easy” it was to make this, how much I had to buy to make it, the time it took, how many dishes it made, and if it actually tasted good.

Diving right in, the first thing was acquiring the ingredients. I shopped at Kroger.

First up, I had to buy a pack of chicken, which ended up being Simple Truth Natural Boneless Skinless Chicken Breast Family Pack for $16.52. I used all this chicken even though it was a big ol’ family pack. Next was Sweet Baby Ray’s Mild Buffalo Wing Sauce for $4.29. I used almost the entire bottle. A block of Philadelphia Reduced Fat Cream Cheese was $3.49. The recipe only needed about a fourth of the block. The recipe calls for a 0% fat Greek yogurt, so I picked Oikos Triple Zero Plain Greek Yogurt, which has zero added sugar, zero artificial sweeteners, and is zero percent fat with eighteen grams of protein (per 6oz serving). I used most of the 32oz container, which was $6.79.

Though I have all-purpose flour, bread flour, and gluten-free flour, I did not have self-rising flour, so I bought King Arthur Unbleached Self-Rising Flour in a five pound bag for $6.29. For the mozzarella, I usually like Sargento’s shredded mozzarella because it’s the only whole milk one I tend to find, but since the recipe specifies a fat free mozzarella, I just went with Kroger Low-Moisture Part Skim shredded mozzarella in the 4-cup size bag for $3.99. I picked Jack’s Special Mild Salsa for my “tomato salsa” which was $4.99 but I have most of the container left over. I also bought Simple Truth Organic Chives for $2.49. And last but not least I bought a Hidden Valley Ranch Seasoning 1oz packet for a whopping $2.39.

I had Daisy brand cottage cheese on hand already, both the whole milk version and the low-fat version, but for this recipe I used the whole milk type since it didn’t specify. Oh, and I used actual whole milk for the quarter cup of fat-free milk it calls for. You’ll just have to live with my substitution.

So, in total, I spent $51.24 on stuff for just this one recipe. I always say you can’t cook dinner without spending fifty bucks, and boy oh boy does that remain true. I swear it’s a literal constant in my life.

Moving on from cost, the first thing to do was to add a bunch of stuff into the Crockpot and let it get cooking. That part was really easy, you just throw the chicken in and add all the spices and whatnot on top, give it a mix and let it cook on high for a couple hours. The only dishes I used for this portion were measuring spoons and a measuring cup. Disclaimer: I did not add the white onion, therefore I saved myself from using a knife and cutting board.

While that was cooking, I blended all the ingredients for the sauce together. I only have a very tiny portable blender meant for protein shakes and smoothies on the go (don’t ask why because I don’t even know), so I had to do it in three or four batches, which meant I mixed everything together in a bowl and then put a couple ladles worth into the blender, blended it and dumped the blended mixture into a separate bowl. Due to my unnecessary steps, you probably will not make as many dirty dishes as I did here. Or as much of a mess on your countertop.

After the sauce was completed, I got to work on the dough. This part was definitely the most time consuming, partially because I decided to be precise and weigh out my ten dough balls to make sure they were perfectly equal. The dough took some work to come together, but after enough kneading, it got there. This portion of the recipe really only took a measuring cup and a bowl, plus the rolling pin to roll out the dough. I set my dough discs aside.

Finally, when the chicken was cooked through, I was very surprised by how much liquid there was in the Crockpot. In the video, when he goes to shred the chicken after its time in the Crockpot, it’s completely dry. I was perplexed why there was liquid in mine, especially when I actually used 100g more chicken breast than the recipe called for. I didn’t want to add my creamy sauce to it while there was so much watery liquid, but I also didn’t want to dump the liquid out of the Crockpot and waste all the flavor that was probably in there.

So, I got to work shredding the chicken to see if it would absorb more as I went. Sure enough, the liquid did reduce quite a bit after the shredding, which took forever and gave my arms a workout. I decided to let the chicken and liquid keep cooking with the lid off for a little bit to see if some of the liquid would cook off or evaporate, and when it finally got decently reduced, I went ahead and added the creamy sauce mixture and all the mozzarella cheese.

It ended up shaping up nicely, and looked like the mixture in the video. All in all, it worked out, it just took extra time. To be fair, the video said cook on high for 2-3 hours and I only did two since the chicken was up to temp.

For the dough discs, I definitely overstuffed the first one, and some of the filling spilled out into the skillet while cooking it. After the hot pocket had been thoroughly browned on both sides, I figured it was done, but when I cut into it, the dough hadn’t cooked all the way through. Though the outside was brown and crispy, the inside was pretty much raw dough. If it had been cooked any longer, though, the outside would’ve burned. I wasn’t sure how to get the inside fully cooked without burning the outside, so this was certainly a predicament.

Plus, my hot pockets were much more oddly shaped than the ones in the video. I couldn’t get a consistent shape and kept second guessing how much filling to put in. It also was pretty time consuming trying to form the hot pockets, and I ended up tearing like two of them. I was definitely frustrated by now, it felt like nothing was working out and I was messing everything up.

After taking a breather and finally eating one of the hot pockets that was cooked through mostly well enough, I am sad to report it was pretty mid. It was fine, but definitely not as good as I had hoped, and definitely not worth fifty dollars and a few hours of work. Though if you consider the fact you get ten hot pockets out of this recipe, it’s only five dollars per hot pocket if you spend fifty on ingredients. I guess that’s not too bad, but I think my feelings of disappointment overshadowed the value of being able to freeze the majority for later.

I will say that there was a pretty decent amount of the chicken filling leftover, whether it’s because I filled the hot pockets the wrong amount or not remains to be seen, but I did like putting the leftover chicken mixture in a tortilla instead. Honestly my main issue with this recipe was the dough. Having the chicken mixture by itself or in a different carb vehicle actually improved my eating experience, I think.

So I would say if you make this recipe, don’t make the dough, and just find something else to put the chicken in, or eat it by itself. Though, there will be less protein in the recipe since the dough was made with protein yogurt. I think that’s worth the trade, though.

Overall, I don’t think I’ll be making this recipe again, but it wasn’t terrible or anything.

Do you like Buffalo chicken? Have you tried Oikos protein yogurt in any of their sweeter/fruitier flavors? Let me know in the comments, and have a great day!

-AMS

12:49

Meet Guix at FOSDEM [Planet GNU]

It’s that time of the year again: next week is FOSDEM time! As in previous years, many Guix people will be in Brussels. Right after FOSDEM, about sixty of us will gather on February 2–3 for the Guix Days!

Picture showing Guix Days flag, by Luis Felipe.

First things first: Guix presence at FOSDEM. On Saturday, January 31st:

On Sunday, February 1st, the Declarative & Minimalistic Computing track will once again be a Guile & Guix lair. The whole track is amazing, with top-notch talks and speakers; particularly relevant to Guix and Guile hackers are the following:

You can have more Guix bliss on Sunday afternoon:

Guix Days will take place on Monday and Tuesday right after FOSDEM, at our usual venue. Sixty people already registered, which is our maximum capacity—don’t just show up and hope for the best.

As always, this will be unconference style: we’ll make the program as we go, discussing hot topics such as the crowdfunding campaign, an update on Guix Foundation, processes and governance, as well as the more technical topics we’re fond of.

Picture of a sign reading “Au Bon Vieux Temps” (French for “good ol’times”).

This year marks the tenth anniversary of the Guile/Declarative & Minimalistic Computing track, and the eighth Guix Days. Shout out to our friends Pjotr Prins and Manolis Ragkousis, who have spearheaded the two events during all these years, and to all the volunteers who helped them on the way! This yearly Brussels gathering has been instrumental in building, shaping, and strengthening our community; to those who can be present, it’s the energizing and refreshing moment of the year. To Pjotr, to Manolis: thank you!

Guix Days graphics are copyright © 2024 Luis Felipe López Acevedo, under CC-BY-SA 4.0, available from Luis’ Guix graphics repository. Picture of “Au Bon Vieux Temps” sign © 2025 Ludovic Courtès, under CC-BY-SA 4.0.

Why AI Keeps Falling for Prompt Injection Attacks [Schneier on Security]

Imagine you work at a drive-through restaurant. Someone drives up and says: “I’ll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer.” Would you hand over the money? Of course not. Yet this is what large language models (LLMs) do.

Prompt injection is a method of tricking LLMs into doing things they are normally prevented from doing. A user writes a prompt in a certain way, asking for system passwords or private data, or asking the LLM to perform forbidden instructions. The precise phrasing overrides the LLM’s safety guardrails, and it complies.

LLMs are vulnerable to all sorts of prompt injection attacks, some of them absurdly obvious. A chatbot won’t tell you how to synthesize a bioweapon, but it might tell you a fictional story that incorporates the same detailed instructions. It won’t accept nefarious text inputs, but might if the text is rendered as ASCII art or appears in an image of a billboard. Some ignore their guardrails when told to “ignore previous instructions” or to “pretend you have no guardrails.”

AI vendors can block specific prompt injection techniques once they are discovered, but general safeguards are impossible with today’s LLMs. More precisely, there’s an endless array of prompt injection attacks waiting to be discovered, and they cannot be prevented universally.

If we want LLMs that resist these attacks, we need new approaches. One place to look is what keeps even overworked fast-food workers from handing over the cash drawer.

Human Judgment Depends on Context

Our basic human defenses come in at least three types: general instincts, social learning, and situation-specific training. These work together in a layered defense.

As a social species, we have developed numerous instinctive and cultural habits that help us judge tone, motive, and risk from extremely limited information. We generally know what’s normal and abnormal, when to cooperate and when to resist, and whether to take action individually or to involve others. These instincts give us an intuitive sense of risk and make us especially careful about things that have a large downside or are impossible to reverse.

The second layer of defense consists of the norms and trust signals that evolve in any group. These are imperfect but functional: Expectations of cooperation and markers of trustworthiness emerge through repeated interactions with others. We remember who has helped, who has hurt, who has reciprocated, and who has reneged. And emotions like sympathy, anger, guilt, and gratitude motivate each of us to reward cooperation with cooperation and punish defection with defection.

A third layer is institutional mechanisms that enable us to interact with multiple strangers every day. Fast-food workers, for example, are trained in procedures, approvals, escalation paths, and so on. Taken together, these defenses give humans a strong sense of context. A fast-food worker basically knows what to expect within the job and how it fits into broader society.

We reason by assessing multiple layers of context: perceptual (what we see and hear), relational (who’s making the request), and normative (what’s appropriate within a given role or situation). We constantly navigate these layers, weighing them against each other. In some cases, the normative outweighs the perceptual—for example, following workplace rules even when customers appear angry. Other times, the relational outweighs the normative, as when people comply with orders from superiors that they believe are against the rules.

Crucially, we also have an interruption reflex. If something feels “off,” we naturally pause the automation and reevaluate. Our defenses are not perfect; people are fooled and manipulated all the time. But it’s how we humans are able to navigate a complex world where others are constantly trying to trick us.

So let’s return to the drive-through window. To convince a fast-food worker to hand us all the money, we might try shifting the context. Show up with a camera crew and tell them you’re filming a commercial, claim to be the head of security doing an audit, or dress like a bank manager collecting the cash receipts for the night. But even these have only a slim chance of success. Most of us, most of the time, can smell a scam.

Con artists are astute observers of human defenses. Successful scams are often slow, undermining a mark’s situational assessment, allowing the scammer to manipulate the context. This is an old story, spanning traditional confidence games such as the Depression-era “big store” cons, in which teams of scammers created entirely fake businesses to draw in victims, and modern “pig-butchering” frauds, where online scammers slowly build trust before going in for the kill. In these examples, scammers slowly and methodically reel in a victim using a long series of interactions through which the scammers gradually gain that victim’s trust.

Sometimes it even works at the drive-through. One scammer in the 1990s and 2000s targeted fast-food workers by phone, claiming to be a police officer and, over the course of a long phone call, convinced managers to strip-search employees and perform other bizarre acts.

Why LLMs Struggle With Context and Judgment

LLMs behave as if they have a notion of context, but it’s different. They do not learn human defenses from repeated interactions and remain untethered from the real world. LLMs flatten multiple levels of context into text similarity. They see “tokens,” not hierarchies and intentions. LLMs don’t reason through context, they only reference it.

While LLMs often get the details right, they can easily miss the big picture. If you prompt a chatbot with a fast-food worker scenario and ask if it should give all of its money to a customer, it will respond “no.” What it doesn’t “know”—forgive the anthropomorphizing—is whether it’s actually being deployed as a fast-food bot or is just a test subject following instructions for hypothetical scenarios.

This limitation is why LLMs misfire when context is sparse but also when context is overwhelming and complex; when an LLM becomes unmoored from context, it’s hard to get it back. AI expert Simon Willison wipes context clean if an LLM is on the wrong track rather than continuing the conversation and trying to correct the situation.

There’s more. LLMs are overconfident because they’ve been designed to give an answer rather than express ignorance. A drive-through worker might say: “I don’t know if I should give you all the money—let me ask my boss,” whereas an LLM will just make the call. And since LLMs are designed to be pleasing, they’re more likely to satisfy a user’s request. Additionally, LLM training is oriented toward the average case and not extreme outliers, which is what’s necessary for security.

The result is that the current generation of LLMs is far more gullible than people. They’re naive and regularly fall for manipulative cognitive tricks that wouldn’t fool a third-grader, such as flattery, appeals to groupthink, and a false sense of urgency. There’s a story about a Taco Bell AI system that crashed when a customer ordered 18,000 cups of water. A human fast-food worker would just laugh at the customer.

The Limits of AI Agents

Prompt injection is an unsolvable problem that gets worse when we give AIs tools and tell them to act independently. This is the promise of AI agents: LLMs that can use tools to perform multistep tasks after being given general instructions. Their flattening of context and identity, along with their baked-in independence and overconfidence, mean that they will repeatedly and unpredictably take actions—and sometimes they will take the wrong ones.

Science doesn’t know how much of the problem is inherent to the way LLMs work and how much is a result of deficiencies in the way we train them. The overconfidence and obsequiousness of LLMs are training choices. The lack of an interruption reflex is a deficiency in engineering. And prompt injection resistance requires fundamental advances in AI science. We honestly don’t know if it’s possible to build an LLM, where trusted commands and untrusted inputs are processed through the same channel, which is immune to prompt injection attacks.

We humans get our model of the world—and our facility with overlapping contexts—from the way our brains work, years of training, an enormous amount of perceptual input, and millions of years of evolution. Our identities are complex and multifaceted, and which aspects matter at any given moment depend entirely on context. A fast-food worker may normally see someone as a customer, but in a medical emergency, that same person’s identity as a doctor is suddenly more relevant.

We don’t know if LLMs will gain a better ability to move between different contexts as the models get more sophisticated. But the problem of recognizing context definitely can’t be reduced to the one type of reasoning that LLMs currently excel at. Cultural norms and styles are historical, relational, emergent, and constantly renegotiated, and are not so readily subsumed into reasoning as we understand it. Knowledge itself can be both logical and discursive.

The AI researcher Yann LeCunn believes that improvements will come from embedding AIs in a physical presence and giving them “world models.” Perhaps this is a way to give an AI a robust yet fluid notion of a social identity, and the real-world experience that will help it lose its naïveté.

Ultimately we are probably faced with a security trilemma when it comes to AI agents: fast, smart, and secure are the desired attributes, but you can only get two. At the drive-through, you want to prioritize fast and secure. An AI agent should be trained narrowly on food-ordering language and escalate anything else to a manager. Otherwise, every action becomes a coin flip. Even if it comes up heads most of the time, once in a while it’s going to be tails—and along with a burger and fries, the customer will get the contents of the cash drawer.

This essay was written with Barath Raghavan, and originally appeared in IEEE Spectrum.

11:35

Grrl Power #1428 – Tight outfit + Maxima = Good disguise [Grrl Power]

I should have put all the competitor’s names on that splash screen on page 1425, only I hadn’t thought of them at that point. I tried to come up with a name for Maxima’s arena alter-ego that didn’t sound like a typical Terran (feminine) name, but also didn’t sound stupid. “Ixha” seemed to fit the bill. Took me about 50 iterations to come up with it. I also thought it was dumb to call purple-zilla “The Ultra Mega Bio Weapons Entrant” so I fumbled around until I came up with what I thought was a vaguely clever semi-acronym.

I googled how much a “tanker truck full of steel” would weigh, which I figure is about the dimensions of that bat. The number I got was 500 tons, though the real number is probably plus or minus at least 100 tons, depending on what kind of steel and other factors. I’m not sure solid steel that dimensions would go “bong,” though. Probably a decidedly lower register. Possibly a “BUNG” or “BLORP.” The question is, how much does U.M.B.Rage weigh? Well, I don’t know how tall he is, and googling how much Godzilla weighs gives numbers all up and down the range, so I’m going to say 80,000 tons. That’s just a wild estimation based on nothing. An uneducated guess. But who knows what his kaiju bones and muscles are made of? So 80K tons it is.

Maxima Hoard ThumbnailHere’s one of Gaxgy’s in progress shots of the painting Maxima promised him. Weird how he draws almost exactly like me.

I’ve finished the main picture with the nude variant. (More like the clothing is the variant, because it’s easier to add clothes than erase them.) But I haven’t finished the bonus comic yet, so I’ll update the incentives soon.

Patreon doesn’t have a nude version yet, but I’ll try and update this each week until it’s done.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:42

The big splash [Seth's Blog]

42 years ago, Apple’s 1984 ad ran on the Super Bowl. Once. It’s generally considered the most effective ad of its kind, creating a legend and also a trap.

Was this ad the reason the Mac is still around?

Or was it Regis McKenna’s work in getting Steve on the cover of more than 20 magazines the month it launched?

After all, they say that getting the word out is the key to marketing.

That’s not what did it.

It was Guy Kawasaki’s tireless year of evangelizing the platform to software developers, creating an ecosystem that made the Mac useful from the start.

And it was Susan Kare’s and Bill Atkinson’s unreasonable standards that made the experience of using the Mac unlike its alternatives–an advantage that has lasted half a century.

Hype is a trap. Better is better.

09:49

08:56

Steinar H. Gunderson: Rewriting Git merge history, part 2 [Planet Debian]

In part 1, we discovered the problem of rewriting git history in the presence of nontrivial merges. Today, we'll discuss the workaround I chose.

As I previously mentioned, and as Julia Evans' excellent data model document explains, a git commit is just a snapshot of a tree (suitably deduplicated by means of content hashes), a commit message and a (possibly empty) set of parents. So fundamentally, we don't really need to mess with diffs; if we can make the changes we want directly to the tree (well, technically, make a new tree that looks like what we want, and a new commit using that tree), we're good. (Diffs in git are, generally, just git diff looking at two trees and trying to make sense of it. This has the unfortunate result that there is no solid way of representing a rename; there are heuristics, but if you rename a file and change it in the same commit, they may fail and stuff like git blame or git log may be broken, depending on flags. Gerrit doesn't even seem to understand a no-change copy.)

In earlier related cases, I've taken this to the extreme by simply hand-writing a commit using git commit-tree. Create exactly the state that you want by whatever means, commit it in some dummy commit and then use that commit's tree with some suitable commit message and parent(s); voila. But it doesn't help us with history; while we can fix up an older commit in exactly the way we'd like, we also need the latter commits to have our new fixed-up commit as parent.

Thus, enter git filter-branch. git filter-branch comes with a suitable set of warnings about eating your repository and being deprecated (I never really figured out its supposed replacement git filter-repo, so I won't talk much about it), but it's useful when all else fails.

In particular, git filter-branch allows you to do arbitrary changes to the tree of a series of commits, updating the parent commit IDs as rewrites happen. So if you can express your desired changes in a way that's better than “run the editor” (or if you're happy running the editor and making the same edit manually 300 times!), you can just run that command over all commits in the entire branch (forgive me for breaking lines a bit):

git filter-branch -f --tree-filter \
  '! [ -f src/cluster.cpp ] || sed -i "s/if (mi.rank != 0)/if (mi.rank != 0
    \&\& mi.rank == rank())/" src/cluster.cpp' \
  665155410753978998c8080c813da660fc64bbfe^..cluster-master

This is suitably terrible. Remember, if we only did this for one commit, the change wouldn't be there in the next one (git diff would show that it was immediately reverted), so filter-branch needs to do this over and over again, once for each commit (tree) in the branch. And I wanted multiple fixups, so I had a bunch of these; some of them were as simple as “copy this file from /tmp” and some were shell scripts that did things like running clang-format.

You can do similar things for commit messages; at some point, I figured I should write “cluster” (the official name for the branch) and not “cluster-master” (my local name) in the merge messages, so I could just do

git filter-branch \
  --commit-msg-filter 'sed s/cluster-master/cluster/g' \
  665155410753978998c8080c813da660fc64bbfe^..cluster-master

I also did a bunch of them to fix up my email address (GIT_COMMITTER_EMAIL wasn't properly set), although I cannot honestly remember whether I used --env-filter or something else. Perhaps that was actually with git rebase and `-r --exec 'git commit --amend --no-edit --author …'` or similar. There are many ways to do ugly things. :-)

Eventually, I had the branch mostly in a state where I thought it would be ready for review, but after uploading to GitHub, one reviewer commented that some of my merges against master were commits that didn't exist in master. Huh? That's… surprising.

It took a fair bit of digging to figure out what had happened: git filter-branch had rewritten some commits that it didn't actually have to; the merge sources from upstream. This is normally harmless, since git hashes are deterministic, but these commits were signed by the author! And filter-branch (or perhaps fast-export, upon which it builds?) generally assumes that it can't sign stuff with other people's keys, so it just strips the signatures, deeming that better than having invalid ones sitting around. Now, of course, these commit signatures would still be valid since we didn't change anything, but evidently, filter-branch doesn't have any special code for that.

Removing an object like this (a “gpgsig” attribute, it seems) changes the commit hash, which is where the phantom commits came from. I couldn't get filter-branch to turn it off… but again, parents can be freely changed, diffs don't exist anyway. So I wrote a little script that took in parameters suitable for git commit-tree (mostly the parent list), rewrote known-bad parents to known-good parents, gave the script to git filter-branch --commit-filter, and that solved the problem. (I guess --parent-filter would also have worked; I don't think I saw it in the man page at the time.)

So, well, I won't claim this is an exercise in elegancy. (Perhaps my next adventure will be figuring out how this works in jj, which supposedly has conflicts as more of a first-class concept.) But it got the job done in a couple of hours after fighting with rebase for a long time, the PR was reviewed, and now the Stockfish cluster branch is a little bit more alive.

05:56

Urgent: Protect kids from RFK vaccine rollback [Richard Stallman's Political Notes]

US citizens: call on your state's governor to protect kids from RFK jr's vaccine rollback.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Arrest Renee Good's killer without waiting [Richard Stallman's Political Notes]

US citizens: call on Minnesota to arrest Renee Good's killer without waiting — there are enough grounds already.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Conditions on voting for DHS spending bill [Richard Stallman's Political Notes]

US citizens: phone your congresscritter and say, as suggested by Robert Reich:

Don't vote for the DHS spending bill unless it (1) disarms the deportation thugs (agents of "ICE") (2) prevents them from targeting people based on their race, language, or accent, and (3) stipulates that agents who harm civilians are liable under criminal and civil laws.

Even better in my view: abolish the deportation thug agency entirely with no replacement.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: GoFundMe rules of raising money [Richard Stallman's Political Notes]

US citizens: call on GoFundMe to follow its own rules against raising money for people who committed violent acts.

I refuse to use GoFundMe for any purpose because it requires running nonfree JavaScript code. Nearly all web sites require nonfree JS to make a payment, the exception I know of being fsf.org.

Urgent: Investigate deportation thugs' use of deadly force [Richard Stallman's Political Notes]

US citizens: call on Congress to investigate the deportation thugs' use of deadly force.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Restore PBS and NPR funding [Richard Stallman's Political Notes]

US citizens: call on Congress to restore PBS and NPR funding.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Stop calling it a ceasefire [Richard Stallman's Political Notes]

US citizens: call on US mass media to Stop calling it a ceasefire. Report on what is really happening in Gaza and the West Bank.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US capacity to prepare for natural disasters [Richard Stallman's Political Notes]

*Emergency managers say the [wrecker] has presided over a dangerous erosion in US capacity to prepare for and respond to natural disasters.*

02:21

01:07

City Council Hears Public Comment on Police Violence at Cal Anderson [The Stranger]

New bodycam video brought eight people to the public comment period at yesterday’s City Council meeting. Six of them were at the protest that day. Some said they were brutalized and arrested, or had witnessed police violence at the park. All voiced anger over the city’s nonhandling of the matter. by Micah Yip

Last Memorial Day weekend, far-right Christian supremacist group Mayday USA used Cal Anderson Park as their own house of worship for a flamboyant event they advertised as a battle in the spiritual war against “child butchers” and demonic forces (queer people and progressivism, respectively).

Hundreds showed up in nonviolent protest, but were met with a very violent Seattle Police Department (SPD). This week, bodycam footage, obtained through a public records request and shared on social media, revealed the cops’ intent to inflict violence on the protesters that day. In the video, Officer Matthew Didier can be heard riling up his fellow cops, saying, “We’re here to fuck people up now,” and “We’re going in this time with guns blazing and all our pieces in place.”

That video brought eight people to the public comment period at yesterday’s City Council meeting. Six of them were at the protest that day. Some said they were brutalized and arrested, or had witnessed police violence at the park. All voiced anger over the city’s nonhandling of the matter.

Over the past year, the city has conducted investigations of that day’s police violence. During the six-hour protest, 23 people were thrown to the ground, cuffed and arrested—all of whom were protesters.

An SPD spokesperson told The Stranger that the video was part of an internal review and Sentinel Event Review conducted by the University of Pennsylvania’s Quattrone Center, which they said was “a form of proactive accountability designed to help police departments increase professionalism, safety, and public trust.” The department did not confirm whether or not the video would result in any disciplinary action.

According to a letter sent last Thursday by the Seattle LGBTQ Commission to City Council, the mayor’s office, and media outlets, including The Stranger, nearly all of the investigations into the 28 separate allegations against 13 officers have been completed. But the Commission said just two allegations were sustained against one officer, who only received a written reprimand as discipline.

During public comment, Andrew Ashiofu, a commissioner on the LGBTQ Commission and former City Council candidate, called SPD’s actions that day “state-sanctioned violence,” and urged accountability.

“Seattle prides itself on being a progressive city, yet whenever it comes to LGBTQIA+ safety and representation, we remain reactive instead of protective,” Ashiofu said. “We wait for harm, for crisis, for headlines, and only then do we respond.”

Another commenter, Gabriel Diaz, played the audio of Didier’s statements into the microphone before describing how, during the protest, cops tackled him from behind, restrained his arms and punched him repeatedly in the head and ribs while he yelled “I’m a medic” over and over.

“We need to make sure these officers are held accountable for the harm caused to the community, not just swept under the rug as happens time and time again, specifically to our trans and queer communities,” Diaz said.

Kelsey and Jay Burns described how they were beaten and arrested at the protest. They both said they spent the weekend in jail, concussed and without medical care, despite Jay’s vomiting and inability to move from the cell floor.

“My expectations are that, without public pressure or action from this council, that this type of behavior will continue unchecked,” Kelsey said. “As we have seen repeatedly, the police will not hold themselves accountable.”

Alexander Dean said he was thrown to the ground after running to help a young woman being pepper sprayed by a cop. “Matt Didier decided that he was gonna go in and have people fuck us up, and so they fucked us up,” Dean said. “I don’t get how that is acceptable.”

After the public comment period, Councilmember Bob Kettle addressed commenters as chair of the Public Safety Committee. He said he’s committed to working with his committee and police accountability partners on the Cal Anderson report and following up with SPD and Chief Shon Barnes.

“We have a responsibility in our Public Safety Committee and in this council to do the oversight and bring to the fore that report,” Kettle said.

But City Council has failed to act on police accountability time and time again—most recently, by approving the Seattle Police Officers’ Guild’s (SPOG) contract in December that sorely lacked accountability measures. Then-Council President Sara Nelson and Councilmembers Bob Kettle, Dan Strauss, Joy Hollingsworth, Martiza Rivera, and Debora Juarez voted to approve the contract while Councilmembers Rob Saka, Alexis Mercedes Rinck, and Eddie Lin voted against it.

New City Councilmember Dionne Foster released a statement last week, saying she was “disturbed” by the footage and Didier’s comments, and called for transparency and the quick release of the final report.

“Seattle residents have a fundamental constitutional right to free speech and peaceful assembly,” Foster said in the statement. “Policing decisions at protests must be guided by de-escalation, clear standards, and accountability.”

00:49

[$] LWN.net Weekly Edition for January 22, 2026 [LWN.net]

Inside this week's LWN.net Weekly Edition:

  • Front: Singularity; fsconfig(); io_uring restrictions; GPG vulnerabilities; slab allocator; AshOS.
  • Briefs: Pixel exploit; telnetd exploit; OzLabs; korgalore; Firefox Nightly RPMs; Forgejo 14.0; Pandas 3.0; Wine 11.0; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.

Wednesday, 21 January

23:35

22:49

22:07

The Music Studio 2.0 [Whatever]

Some of you will remember that as a pandemic project I went and made a music studio in my basement. It was a lot of fun, and very cool — but too cool, as our basement is endemically cold, even in the summer, and spending more than a half hour in there is liable to set one’s teeth a-chatter. It ended up limiting the amount I used my studio area; for the last in year in particular I was more likely to record something at my kitchen’s center island than I was in my studio space in my basement.

Fast forward to today, and now I have a new set-up, in the room that was previously Athena’s bedroom. She doesn’t need the room anymore — she has a whole house now — and the room is nicely heated (and in the summer, cooled) and also literally ten feet from my current home office. I’ve done an initial setup, which you can see above. There’s more to be done, including bringing up some more musical equipment from the basement, most notably the drumset, but the setup here is good enough to start recording.

That is, once I get the current novel done. First things first. I consider this a bit of motivation.

— JS

22:00

Can you slim macOS down? [OSnews]

Howard Oakley answers a very interesting question – is it possible to slim macOS down by turning off unneeded services and similar tricks? The answer is obviously no, you cannot.

Classic Mac OS was more modular, with optional installs that the user could pick and choose, as shown above in Mac OS 9.1. These days with the SSV, choice is more limited from the start, with the only real options being whether to install the cryptexes used in AI, and the x86 code translator Rosetta 2. The latter is transient, though, and likely to go away next year.

Like it or not, modern macOS isn’t designed or implemented to give the user much choice in which processes it runs, and architectural features including the SSV and DAS-CTS prevent you from paring its processes down to any significant degree.

↫ Howard Oakley

That’s because macOS is not about creating the best experience for the user, but about creating the most value for shareholders. Giving users choice, allowing them to modify their operating system to suit their needs, removing unneeded components or replacing them with competing alternatives just isn’t in the interest of shareholders, and thus, it’s not allowed by Apple. That’s exactly why they’re fighting the EU’s very basic and simple consumer protection legislation tooth and nail with lies and propaganda, while giving Trump millions of dollars and silly plaques in bribes.

You’re as much a user of macOS as a passenger on a ferry is its captain. If you just want to get from Harwich to Hoek van Holland, that’s a fine arrangement, but if you want to explore beyond the bounds of the path laid out by those more wealthy than you, you’re going to have to leave macOS behind and find a different ship.

21:14

I Saw U: Walking Down 15th Avenue East, Flashing a Peace Sign While Leaving Betsutenjin, and Sitting Outside at Volunteer Park Cafe [The Stranger]

Did you see someone? Say something! by Anonymous

Whole Foods Roosevelt on MLKday

You: cute guy with wide frame grey glasses. Me:tall blonde We kept making eye contact. You waited outside and said hi. I got flustered… try again?

Walking down 15th Ave E on 1/20

U: with curly hair & headphones passing Cafe Ladro Me: light denim puffer. We caught each others eyes a couple times but kept walking. Go 4 coffee?

Cute queer couple at Betsutenjin on Saturday, 12/27

My partner and I were across the room sharing glances with you both. One of you gave a peace sign as you were leaving; hope you are doing alright :)

Crocodile, Disco 10/11/2025

You black hair, bangs, shining smile, me black clothing longish hair, standing at the bar, we kept glancing/smiling at each other, coffee sometime?

Beautiful eyes at Volunteer Park Cafe

Sat outside next to each other (dog too). I complimented your eyes and you said the sunlight helps bring out the color. Love your energy, coffee?

Blue hair and eyes that made my heart skip a beat

We saw each other for just a moment on 12th, just north of John. You were in a quilted olive jacket. I was walking my caramel pitbull. Interested?

Sonics come back

We were walking past Cal Anderson 1/18 I was sporting my vintage Sonics. You were cheesing at me as I noticed your Sonics shirt. Wish I turned around

Shadow Play Chop Suey

09/27/2025 last night Shadow Play, the gal w/ shoulder length hair & yellow pants that appeared to have Black Cat logo (?) coffee sometime?

Is it a match? Leave a comment here or on our Instagram post to connect!

Did you see someone? Say something! Submit your own I Saw U message here and maybe we'll include it in the next roundup!

20:35

Staryeet Academy [Penny Arcade]

Mark has covered a lot of it, he and I had discussed it at length, and so will probably go over a lot of the same ground. But did he have any Aliens references? No. Would such a reference even be welcome in a Star Trek: Starfleet Academy context? I guess we'll find out!

20:28

Evgeni Golov: Validating cloud-init configs without being root [Planet Debian]

Somehow this whole DevOps thing is all about generating the wildest things from some (usually equally wild) template.

And today we're gonna generate YAML from ERB, what could possibly go wrong?!

Well, actually, quite a lot, so one wants to validate the generated result before using it to break systems at scale.

The YAML we generate is a cloud-init cloud-config, and while checking that we generated a valid YAML document is easy (and we were already doing that), it would be much better if we could check that cloud-init can actually use it.

Enter cloud-init schema, or so I thought. Turns out running cloud-init schema is rather broken without root privileges, as it tries to load a ton of information from the running system. This seems like a bug (or multiple), as the data should not be required for the validation of the schema itself. I've not found a way to disable that behavior.

Luckily, I know Python.

Enter evgeni-knows-better-and-can-write-python:

#!/usr/bin/env python3

import sys
from cloudinit.config.schema import get_schema, validate_cloudconfig_file, SchemaValidationError

try:
    valid = validate_cloudconfig_file(config_path=sys.argv[1], schema=get_schema())
    if not valid:
        raise RuntimeError("Schema is not valid")
except (SchemaValidationError, RuntimeError) as e:
    print(e)
    sys.exit(1)

The canonical1 version if this lives in the Foreman git repo, so go there if you think this will ever receive any updates.

The hardest part was to understand thevalidate_cloudconfig_file API, as it will sometimes raise an SchemaValidationError, sometimes a RuntimeError and sometimes just return False. No idea why. But the above just turns it into a couple of printed lines and a non zero exit code, unless of course there are no problems, then you get peaceful silence.

  1. "canonical", not "Canonical" 

Drag Race Episode 3: Sketch(y) Comedy with my Inner Saboteur [The Stranger]

We are back for Episode Three of Drag Race. This week, we saw RDR Live, the infamous sketch comedy challenge, and as with previous seasons, Season 18’s RDR Live proved that the struggle is real. The writing was inconsistent. The editing was heavy handed. But at least much of the cast surprised us with their improv skills. It was a bunch of drag queens in a who-can-be-the-stupidest contest, a much needed escape from the chaos in the real world. by Mike Kohfeld

We are back for Episode Three of Drag Race. This week, we saw RDR Live, the infamous sketch comedy challenge, and as with previous seasons, Season 18’s RDR Live proved that the struggle is real. The writing was inconsistent. The editing was heavy handed. But at least much of the cast surprised us with their improv skills.

It was a bunch of drag queens in a who-can-be-the-stupidest contest, a much needed escape from the chaos in the real world. 

“RuPaul’s School of Overacting”

SNL cast member Sarah Sherman—whose body-horror comedy was once described by the New York Times’s David Cronenberg as “if he had been swallowed by a mulleted clown”—was the perfect guest judge for RDR Live. She arrived on set as a rainbow-brite harlequin, complete with matching ventriloquist puppet. (I think I saw that same doll at an East Vancouver vintage shop last weekend, sitting next to a taxidermied pangolin.)

We saw new sides of the queens on Episode Three, and not all of them were cute. The producers made Boston-based Briar Blush one of the stars of the episode as the annoying little sister of the cast. After flitting about, throwing shade, and literally poking an exasperated Athena, Briar cast herself as RDR Live hostess Athena’s “inner saboteur.” It didn’t pay off—the judges called her forgettable.

Kenya Pleaser brought us top-rate talking head in the episode with confessional cutaways on How to Succeed in a Drag Race Improv Challenge. She and Nini Coco played sentient cosmetics in the Lipstick Lovers sketch (plus, Jane’s lipstick headpiece from Episode Two made a cameo appearance on Nini’s head).

Myki Meeks from Orlando, better known by fans as “that queen that looks like Aria Stark,” talked about her impressive theater background when she first entered the werkroom. When she was paired with Juicy Love Dion in the Michelle Visage office supply store skit, Myki coached the younger queen on her performance nerves. Juicy’s fears were unfounded: despite “not being an actor,” Juicy’s confident delivery and queenly poise outshined scene partner Myki and earned her a top placement for the episode. (Side note: by Episode Three, Juicy has confessed to viewers that she can’t sew, can’t sing, and can’t act… girl, what are you doing on RuPaul’s Drag Race!?)

Mandy Mango and Darlene Mitchell appeared together in a half-baked butter-churning competition sketch. Darlene’s white trash biker chick overshadowed Mandy’s conservative Amish character, and Mandy landed in the bottom for the third episode in a row.

I felt bad for Mandy, though. Last week, she was read by the judges for doing too much and then this week she was read by the judges for not doing enough with her character. Mandy’s Drag Race run is unfortunate—a casualty of storyline production.

Keys to the Queendom

Who wouldn't have fun in those shorts. MTV

This edition of RDR Live brought RuPaul to the mainstage for a rare live performance, half-stepping to her 2022 song “Queendom” as the musical guest for the variety show. I watched Episode Three with my sister and nibling (neither had ever seen an episode of Drag Race). For me, watching the legendary RuPaul perform is compelling–call it cringe, but I appreciate her well-crafted pop, and her looks are nearly always perfect. But my nibling’s reaction was telling: “The dancing guys behind RuPaul look like they’re having a lot more fun.” Keep that media empire humming, Ru.

Some Girls Do, but Jane Don’t

Unsurprisingly, comedy queen Jane Don’t had a strong showing on Episode Three. As part of the RDR Live News Skit, Jane played a Minnesota PFLAG mom that was one part Debbie Novotny of Queer As Folk, one part Allison Janney in Drop Dead Gorgeous, and one hundred percent stupid. Her brilliant characterization and flawless comedic timing made her a breath of fresh air in an otherwise bland skit. Sarah Sherman said she’s “taking notes.”

 

          View this post on Instagram                      

A post shared by WOW Presents Plus (@wowpresentsplus)

Thanks, Jane; I’ve been saying “poppers” in a Minnesota accent out loud to no one for days.

Briar wasn’t the only “inner saboteur” at play this week. Jane’s performance on Season 18 has been so strong that the producers gave her a touch of the All-Stars Season Three BenDeLaCreme treatment, when DeLa got so in her head about winning challenges that she exited the competition by writing her own name on a tube of lipstick–let’s be sure to keep Jane away from the Wite-Out. After Jane’s stellar performance in the challenge, she had a menty b in the werkroom, sharing with the other queens that she was worried her winning streak would alienate her from the rest of the cast. It wasn’t a good look for Jane, but it seems to be the only way the producers can keep her from appearing as the most obvious winner ever. Jane, don’t worry about what the other queens think!

“From this day on, I will stop freebasing pangolin”

Episode Three brought us a magnificent collection of runway looks to the theme of “Animal Attraction.” If you were hoping for a furry festival, you might be disappointed, as the majority of the cast interpreted the prompt to the tune of glamorous eleganza extravaganza.

Discord “That’s definitely a walk” Addams finally got to hear about her runway during RuPaul’s walkthrough before the challenge. “You looked like a crazy person,” RuPaul told Discord, “in the most entertaining way possible.” Humiliation kink, Ru? 

Discord’s albino alligator look in Episode Three was no joke, though: a sickening take on animal skin in fashion featuring a human skin handbag with her own face screaming out of the side.

There goes Ru's pangolin scale empire. MTV

The top three queens of the week all had stunning looks. True to her roots, Darlene Mitchell appeared as a cow-cowboy hybrid complete with black hat, cape, and hooves. Jane Don’t wore a gorgeous feathered gown in eye-popping colors, channeling the tropical macaw. Juicy Love Dion found herself at the top of the pack in a glittering gown composed of thousands of golden scales modeled after the endangered pangolin. When asked “why pangolin?” by the judges, Juicy spoke to the species' vulnerability to poaching, thus ending RuPaul’s black market stock in powdered pangolin scales.

Briar, Vita, and Mandy landed in the bottom, with Briar and Mandy lip-syncing to Lizzo’s “Love in Real Life.” Mandy delivered another high-energy performance, but most of it was edited out of the episode in favor of Briar. Being in the bottom two for the first three episodes sealed Mandy’s fate as the next to sashay away. We’ll get to enjoy Briar’s mullet for at least another week, yay!

See you next week for Episode Four!

19:42

It’s Storytime: Wend-Way-Go [WIL WHEATON dot NET]

It is Wednesday, and that means there’s a new episode of It’s Storytime With Wil Wheaton, waiting for you wherever you get your podcasts.

This week’s story is Wend-Way-Go by Tim Pratt. It was originally published in Uncanny Magazine.

I made a creative choice for this week that I haven’t made before on the podcast, and it was so satisfying, I wanted to talk about it a little bit.

When I was working on Star Trek, one of the adults in the cast — and I can’t remember who, no matter how hard I try — introduced me to the concept of “meeting the demands of the material.” They meant that our job as actors is to serve the writer’s intention, not the other way around. Before we start changing words or rewriting lines, it is our responsibility to do the work of understanding the author’s intent until the scenes work. And if the scene still doesn’t work after all of that, then it is time to talk about making changes. But you don’t go making changes because you’re 15 and don’t yet know what it means to be an actor, beyond following direction.

It took me awhile to process that, and it took me even longer to reliably meet the demands of the material, but I eventually got there and never left.

As a narrator of over 100 titles, my job is easier, more joyful, and more satisfying because I know to listen to what the author wants to say, and then do my best to communicate that through my performance. When it works, the listener doesn’t even know what I did; they just feel the story more completely than they would, otherwise. It’s a pretty great trick.

When we recorded this week’s story, Gabrielle (who directs and produces) and I both felt that the material was making a specific demand, that was also a gift to me: without saying so directly, Tim sets this story in what felt to both of us like South Carolina, for some reason. It was so clear in the text that the narrative character needed to speak in a soft drawl, that supported his fundamental gentleness.

It is a creative risk, to be sure. Accents are tough, and present a unique trap that catches me all the time when I discover I am doing an accent, when I should be performing with an accent.

So it’s exciting and a little scary, but I’m glad I did it. I loved this story, and I hope you do, too.

And now, links!

You can also support the show on Patreon, where $5 a month gets you access to the show with no ads, a growing community of lovely people, live AMAs with me, and weekly insights behind the scenes of the show.

If this is your first time reading or visiting my blog, welcome! I’m glad you’re here. If you’d like to get my posts in your inbox, here’s the thing:

19:07

Starfleet Academy Thoughts [Penny Arcade]

I have watched only the first episode of the new Starfleet Academy show and as the comic suggests, I like the hook, the characters and the actors. What I don’t like is pretty much every word of dialog written for them to say. When the incredible Paul Giamatti launched into a wild speech comparing time to an origami chicken I nearly shut the show off. I finished the episode though and while I intend to continue watching for at least a few more episodes I have to say I am dissapointed by the desicion to use so much modern language and current idioms.

 

18:49

[$] Cleanup on aisle fsconfig() [LWN.net]

As part of the process of writing man pages for the "new" mount API, which has been available in the kernel since 2019, Aleksa Sarai encountered a number of places where the fsconfig() system call—for configuring filesystems before mounting—needs to be cleaned up. In the 2025 Linux Plumbers Conference (LPC) session that he led, Sarai wanted to discuss some of the problems he found, including at least one with security implications. The idea of the session was for him to describe the various bugs and ambiguities that he had found, but he also wanted attendees to raise other problems they had with the system call.

18:21

Link [Scripting News]

Isn't Greenland the Sudetenland of our time?

18:07

Page 44 [Flipside]

Page 44 is done.

Pandas 3.0 released [LWN.net]

Version 3.0.0 of the pandas data analysis and manipulation library for Python has been released. Notable changes include a dedicated string type (str), new "copy-on-write" behavior, and much more. This release also removes a number of features that were deprecated in prior versions of pandas; developers are advised to upgrade to pandas 2.3 and ensure code is working without warnings before moving to 3.0. See the release notes for the full changelog.

Slog AM: Three Area Fires Happened Last Night, Unconfirmed ICE Sightings Unnerve Seattle Schools, Canada Says the US Is a Goner [The Stranger]

by Charles Mudede

To celebrate MLK day, my family and I had lunch at a superb soul food restaurant, Paschal’s, in Atlanta, Georgia. There’s a lot of good history in this place. MLK and other civil rights leaders regularly dined here in the 50s and 60s. But what caught my attention during my visit was the robot that served our food. Pictures of MLK on the wall; a robot bringing soul food to the table. What to make of this? Beats me. But I enjoyed my fried chicken sandwich, which came with a bowl of greens. The robot was silent. 

Seattle area firefighters faced three fires last night. One happened in Kent, another near Woodland Park Zoo, and a third in Tacoma. The Seattle Times reports that no one was injured in the first fire, a person was injured in the second one, and the third destroyed an abandoned house. All fires are under investigation.

Vivian McCall and Nathalie Graham reported yesterday that “at least 6 Seattle public schools sheltered in place” because of a number of reports from our community of ICE activity. These reports were not confirmed, but they did reveal a level of real fear in this and other cities that have yet to experience the nightmare Minneapolis is presently going through. ICE is not about capturing criminals but making all of us scared of the power that is now concentrated in the hands of the White House.

In short, Trump has his own secret police, and such an organization works by the power of what the 18th-century English philosopher Jeremy Bentham called panopticon. The basic idea isn’t that the secret police is always watching people, looking for people, kidnapping people (that’s an impossible task) but instead wants you to believe in its ubiquity. The Seattle schools that locked their doors yesterday made it clear that we’ve now entered this state of mind.

Is Seattle next? This is a tough call, and this administration is intentionally unpredictable. But I do know that Seattle, San Francisco, and New York City are at the center of an AI bubble that’s keeping the US economy above water. As Ruchir Sharma of the Financial Times put it back in October: “AI companies have accounted for 80 percent of gains in US stocks so far in 2025.” This is serious business. And if that bubble pops, then you don’t even want to know. This is why Microsoft CEO Satya Nadella recommended, during a speech he delivered at 2O26 World Economic Forum at Davos, the expansion of AI into more and more domains of life. If it stops growing, if the investments cease, if the fantasy evaporates, then Wall Street will experience a fall that puts Icarus to shame. At that point, what protected Seattle and San Francisco from Trump vanishes and we become no better than Portland, Chicago, Minneapolis, and Los Angeles. This, mind you, is just an idea. I could be wrong, very wrong. 

Another important speech at the World Economic Forum at Davos was delivered by the Canadian Prime Minister Mark Carney. He basically said it like it is: the US is cooked, a joke, a thing of the past. And what countries in a post-Trump world must figure out is who is sitting at the table, because if you are not, then you’re on the menu. Canadians aren't having it. They know the US like a wife knows an abusive husband, and are now telling the world that nothing can be done to appease that madman in the White House. Just think about it. Who in their right mind comes up with the idea to invade Greenland in this day and age? An age where capitalist time dominates capitalist space? And so this lebensraum stuff is so primitive and tiresome. In the words of Slick Rick, we are “in a madman’s dream.”

 

Trump on NATO: "Until the last few days when I told them about Iceland, they loved me. They called me daddy." 


(He means Greenland.)

[image or embed]

— Aaron Rupar (@atrupar.com) January 21, 2026 at 6:19 AM

 

What’s frog activism about? You have ICE on the one side and the inflated frog on the other. What is the meaning of this? Simple enough: ICE is reduced to a performance that's as bad as a $70 inflatable frog. But the performances were not identical in nature. One, ICE, is a show; the other, frog, a critique of what's shown. The latter ultimately evaluates a performance, but (and here comes the complexity) not in the belief that there's a real ICE, a real Ross, a real Noem, and so on. Any enforcement of immigration laws requires the fiction of a performance.

Let’s revisit this horrible incident that occurred in St. Paul on January 19. ICE smashed the door of a home, and dragged ChongLy Scott Thao, a US citizen, into the freezing cold. He only wore boxers, crocs, and a thin blanket. According to several reports, ICE drove Thao from here to there and then from there to here for almost an hour, and in-between photographed him, fingerprinted him, determined they had the wrong guy, dumped him at his house and bounced. Stop and think about this for a moment. No accountability, no report, no internal investigation. Even the secret police in the dystopian film Brazil (1984), provided a receipt for kidnapping Buttle, who turned out to be (like Thao) the wrong guy (they were after Tuttle). This rudimentary record, provided after the secret police destroyed Buttle's home and traumatized his family, is nowhere to be found in ICE's real and present dystopia.

Octavia Butler for the Win: University of Washington researchers determined from Seattle Public Library's checkout data that Butler's Parable of the Sower and Kindred are among its "most read titles." Now and then, Seattle knows what time it is.

Seattle may have nothing going on in the Oscars this year but the James Beard Awards, "considered the Oscars of the restaurant world," named two of its restaurants, The Wayland Mill and Little Beast, as contenders for Best New Restaurants. Bellingham's Starla—the new bar from the owners of Capitol Hill's bygone Blotto—is also in the running. As we say in Shona, makorokoto!

Did I even talk about the weather? I did not. Today, I’m just going to look out my window here in Columbia City, and like that famous “Fast Song” skit on In Living Color, tell you what I see. Fog, which is slowly lifting. Across the street there’s a huge apartment complex under construction. It’s not as ugly as the one in Ballard, Urbana. Next to the construction site are some birds that appear to be bickering. European Starlings? The members of that featured class seem to never get along. They are always going at each other about something or another. They fly to this tree and bicker. Then they fly to another tree and continue bickering. If reincarnation is a thing, my hope is to return as a European Starling so that I can finally learn what the fuss is all about.

That said, let’s end AM with that priceless Living Color skit. 

17:21

On the proper usage of a custom Win32 dialog class [The Old New Thing]

Some time ago, I discussed custom dialog classes. You can specify that a dialog template use your custom dialog class by putting the custom class’s name in the CLASS statement of the dialog template. A customer tried doing that but it crashes with a stack overflow.

// Dialog template

IDD_AWESOME DIALOGEX 0, 0, 170, 62
STYLE DS_SHELLFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION
CAPTION "I'm so awesome"
CLASS "MyAwesomeDialog"
FONT 8, "MS Shell Dlg", 0, 0, 0x1
BEGIN
    ICON            IDI_AWESOME,IDC_STATIC,14,14,20,20
    LTEXT           "Whee!",IDC_STATIC,42,14,114,8
    DEFPUSHBUTTON   "OK",IDOK,113,41,50,14,WS_GROUP
END

// Custom dialog class procedure
// Note: This looks ugly but that's not the point.
LRESULT CALLBACK CustomDlgProc(HWND hwnd, UINT message,
                               WPARAM wParam, LPARAM lParam)
{
    if (message == WM_CTLCOLORDLG) {
        return (LRESULT)GetSysColorBrush(COLOR_INFOBK);
    }
    return DefDlgProc(hwnd, message, wParam, lParam);
}

void Test()
{
    // Register the custom dialog class
    WNDCLASS wc{};
    GetClassInfo(nullptr, WC_DIALOG, &wc);
    wc.lpfnWndProc = CustomDlgProc;
    wc.lpszClassName = TEXT("MyAwesomeDialog");
    RegisterClass(&wc);

    // Use that custom dialog class for a dialog
    DialogBox(hInstance, MAKEINTESOURCE(IDD_AWESOME), hwndParent,
              CustomDlgProc);
}

Do you see the problem?

The problem is that the code uses the CustomDlgProc function both as a window procedure and as a dialog procedure.

When a message arrives, it goes to the window procedure. This rule applies regardless of whether you have a traditional window or a dialog. If you have a standard dialog, then the window procedure is Def­Dlg­Proc, and that function calls the dialog procedure to let it respond to the message. If the dialog procedure declines to handle the message, then the Def­Dlg­Proc function does some default dialog stuff.

Creating a custom dialog class means that you want a different window procedure for the dialog, as if you had subclassed the dialog. The custom window procedure typically does some special work, and then it passes messages to Def­Dlg­Proc when it wants normal dialog behavior.

If you use the same function as both the window procedure and the dialog procedure, then when the function (acting as a window procedure) passes a message to Def­Dlg­Proc, the Def­Dlg­Proc function will call the dialog procedure, which is also Custom­Dlg­Proc. That function doesn’t realize that it’s now being used as a dialog procedure, so it is expected to return TRUE or FALSE (depending on whether it decided to handle the message). It thinks it is still a window procedure, so it passes the message to Def­Dlg­Proc, and the loop continues until you overflow the stack.

The idea behind custom dialog classes is that you have some general behavior you want to apply to all the dialogs that use that class. For example, maybe you want them all to use different default colors, or you want them all to respond to DPI changes the same way. Instead of replicating the code in each dialog procedure, you can put it in the dialog class window procedure.

But even if you are using a custom dialog class, your dialog procedure should still be a normal dialog procedure. That dialog procedure is the code-behind for the dialog template, initializing the controls in the template, responding to clicks on the controls in the template, and so on.

The post On the proper usage of a custom Win32 dialog class appeared first on The Old New Thing.

16:35

[$] Responses to gpg.fail [LWN.net]

At the 39th Chaos Communication Congress (39C3) in December, researchers Lexi Groves ("49016") and Liam Wachter said that they had discovered a number of flaws in popular implementations of OpenPGP email-encryption standard. They also released an accompanying web site, gpg.fail, with descriptions of the discoveries. Most of those presented were found in GNU Privacy Guard (GPG), though the pair also discussed problems in age, Minisign, Sequoia, and the OpenPGP standard (RFC 9580) itself. The discoveries have spurred some interesting discussions and as well as responses from GPG and Sequoia developers.

15:49

Security updates for Wednesday [LWN.net]

Security updates have been issued by AlmaLinux (brotli and container-tools:rhel8), Debian (python-keystonemiddleware and python3.9), Fedora (cef, freerdp, golang-github-tetratelabs-wazero, and libpcap), Oracle (brotli, gpsd, kernel, and transfig), Red Hat (freerdp, golang, java-11-openjdk with Extended Lifecycle Support, libpng, libssh, mingw-libpng, and runc), SUSE (abseil-cpp, alloy, apache2, bind, cpp-httplib, curl, erlang, firefox, gpg2, grafana, haproxy, hauler, hawk2, libblkid-devel, libpng16, libraylib550, python-keystonemiddleware-doc, python-uv, python-weasyprint, squid, and tomcat), and Ubuntu (crawl and iperf3).

Air traffic control: the IBM 9020 [OSnews]

The 9020 is a fascinating system, exemplary of so many of the challenges and excitement of the birth of the modern computer. On the one hand, a 9020 is a sophisticated, fault-tolerant, high-performance computer system with impressive diagnostic capabilities and remarkably dynamic resource allocation. On the other hand, a 9020 is just six to seven S/360 computers married to each other with a vibe that is more duct tape and bailing wire than aerospace aluminum and titanium.

↫ J. B. Crawford

I was hooked from beginning to end. An absolutely exceptional article.

15:21

ChatGpt TV ads are great [Scripting News]

The ads I like on TV these days are the ChatGPT ads that show you how it makes your life better. In the first ad two college age people, brother and sister it turns out, are on a cross-country drive and have a great trip planned. You can tell they love each other, and have a casual familiarity and trust and laugh a lot, teasing, as the itinerary scrolls by too fast to read more than two or three lines, but you can see they're going to have a better trip than I've ever had and I've done a lot of cross-country trips with friends over the years.

The other ad, again with the young college-age people, this time a date, probably not the first date, at his apartment, and the guy is making dinner for his guest, and again, the plan scrolls by. He's making something nice, but not too much, and like the last ad, they're confident, young, full of life, and since they've used ChatGPT for just this purpose, they're probably going to have a great meal, and they'll go out again, for sure.

This is the perfect advertising for this stage of their business. They are the leading product, the Coca Cola of AI systems, so they don't need to compare themselves with anyone, they are the standard -- and now they take the opportunity to define it. It's about friendship, love, looking good, getting the girl, etc. But it's wholesome and American. I bet they run the same ad in Denmark, only the kids speak Danish and have blonde hair and they go to places in Denmark and eat simple but good Danish food.

I don't think Google or Facebook did these kinds of ads as they were rising to dominance. Apple did, Microsoft didn't. This will also change the press coverage they get. Journalists like to pretend that ads don't infulence what they think, but good ones like these do.

BTW, if Microsoft had done ads introducing themselves to the world as the future tech behemoth, they might have gone folksy -- like Smucker's jam. "With a name like Microsoft, it has to be good." You probably don't even think about it these days the name is so familiar, but MIcro + Soft is not the most inspiring name for a tech product. But then ChatGPT is a pretty awful name too. Four syllables, too many. Three is ideal. Imho ymmv. Doesn't matter now, everyone has learned to say it. And they need those ads to cement the bond with the people of the world.

15:07

Pluralistic: Google's AI pricing plan (21 Jan 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


Google's Mountain View headquarters. The scene is animated: the building is quickly covered with price-tags ranging from 0.99 to 99999.99. In the final frames, 99999.99 tags cover all the other price tags. In the background, rising over the roof of the Googleplex like the rising sun, is the staring red eye of HAL 9000 from Stanley Kubrick's '2001: A Space Odyssey.'

Google's AI pricing plan (permalink)

Google is spending a lot on AI, but what's not clear is how Google will make a lot from AI. Or, you know, even break even. Given, you know, that businesses are seeing zero return from AI:

https://www.theregister.com/2026/01/20/pwc_ai_ceo_survey/

But maybe they've figured it out. In a recent edition of his BIG newsletter, Matt Stoller pulls on several of the strings that Google's top execs have dangled recently:

https://www.thebignewsletter.com/p/will-google-organize-the-worlds-prices

The first string: Google's going to spy on you a lot more, for the same reason Microsoft is spying on all of its users: because they want to supply their AI "agents" with your personal data:

https://www.youtube.com/watch?v=0ANECpNdt-4

Google's announced that it's going to feed its AI your Gmail messages, as well as the whole deep surveillance dossier the company has assembled based on your use of all the company's products: Youtube, Maps, Photos, and, of course, Search:

https://twitter.com/Google/status/2011473059547390106

The second piece of news is that Apple has partnered with Google to supply Gemini to all iPhone users:

https://twitter.com/NewsFromGoogle/status/2010760810751017017

Apple already charges Google more than $20b/year not to enter the search market; now they're going to be charging Google billions to stay out of the AI market, too. Meanwhile, Google will get to spy on Apple customers, just like they spy on their own users. Anyone who says that Apple is ideologically committed to your privacy because they're real capitalists is a sucker (or a cultist):

https://pluralistic.net/2024/01/12/youre-holding-it-wrong/#if-dishwashers-were-iphones

But the big revelation is how Google is going to make money with AI: they're going to sell AI-based "personalized pricing" to "partners," including "Walmart, Visa, Mastercard, Shopify, Gap, Kroger, Macy’s, Stripe, Home Depot, Lowe's, American Express, etc":

https://blog.google/products/ads-commerce/agentic-commerce-ai-tools-protocol-retailers-platforms/

Personalized pricing, of course, is the polite euphemism for surveillance pricing, which is when a company spies on you in order to figure out how much they can get away with charging you (or how little they can get away with paying you):

https://pluralistic.net/2025/06/24/price-discrimination/#

It's a weird form of cod-Marxism, whose tenet is "From each according to their desperation; to each according to their vulnerability." Surveillance pricing advocates say that this is "efficient" because they can use surveillance data to offer you discounts, too – like, say you rock up to an airline ticket counter 45 minutes before takeoff and they can use surveillance data to know that you won't take their last empty seat for $200, but you would fly in it for $100, you could get that seat for cheap.

This is, of course, nonsense. Airlines don't sell off cheap seats like bakeries discounting their day-olds – they jack up the price of a last-minute journey to farcical heights.

Google also claims that it will only use its surveillance pricing facility to offer discounts, and not to extract premiums. As Stoller points out, there's a well-developed playbook for making premiums look like discounts, which is easy to see in the health industry. As Stoller says, the list price for an MRI is $8,000, but your insurer gets a $6000 "discount" and actually pays $1970, sticking you with a $30 co-pay. The $8000 is a fake number, and so is the $6000 – the only real price is the $30 you're paying.

The whole economy is filled with versions of this transparent ruse, from "department stores who routinely mark everything as 80% off" to pharmacy benefit managers:

https://pluralistic.net/2024/09/23/shield-of-boringness/#some-men-rob-you-with-a-fountain-pen

Google, meanwhile, is touting its new "universal commerce protocol" (UCP), a way for AI "agents" to retrieve prices and product descriptions and make purchases:

https://www.thesling.org/the-harm-to-consumers-and-sellers-from-universal-commerce-protocol-in-googles-own-words/

Right now, a major hurdle to "agentic AI" is the complexity of navigating websites designed for humans. AI agents just aren't very reliable when it comes to figuring out which product is which, choosing the correct options, and putting it in a shopping cart, and then paying for it.

Some of that is merely because websites have inconsistent "semantics" – literally things like the "buy" button being called something other than "buy button" in the HTML code. But there's a far more profound problem with agentic shopping, which is that companies deliberately obfuscate their prices.

This is how junk fees work, and why they're so destructive. Say you're a hotel providing your rate-card to an online travel website. You know that travelers are going to search for hotels by city and amenities, and then sort the resulting list by price. If you hide your final price – by surprising the user with a bunch of junk fees at checkout, or, better yet, after they arrive and put their credit-card down at reception – you are going to be at the top of that list. Your hotel will seem like the cheapest, best option.

But of course, it's not. From Ticketmaster to car rentals, hotels to discount airlines, rental apartments to cellular plans, the real price is withheld until the very last instant, whereupon it shoots up to levels that are absolutely uncompetitive. But because these companies are able to engage in deceptive advertising, they look cheaper.

And of course, crooked offers drive out honest ones. The honest hotel that provides a true rate card, reflecting the all-in price, ends up at the bottom of the price-sorted list, rents no rooms, and goes out of business (or pivots to lying about its prices, too).

Online sellers do not want to expose their true prices to comparison shopping services. They benefit from lying to those services. For decades, technologists have dreamed of building a "semantic web" in which everyone exposes true and accurate machine-readable manifests of their content to facilitate indexing, search and data-mining:

https://people.well.com/user/doctorow/metacrap.htm

This has failed. It's failed because lying is often more profitable than telling the truth, and because lying to computers is easier than lying to people, and because once a market is dominated by liars, everyone has to lie, or be pushed out of the market.

Of course, it would be really cool if everyone diligently marked up everything they put into the public sphere with accurate metadata. But there are lots of really cool things you could do if you could get everyone else to change how they do things and arrange their affairs to your convenience. Imagine how great it would be if you could just get everyone to board an airplane from back to front, or to stand right and walk left on escalators, or to put on headphones when using their phones in public.

Wanting it badly is not enough. People have lots of reasons for doing things in suboptimal ways. Often the reason is that it's suboptimal for you, but just peachy for them.

Google says that it's going to get every website in the world to expose accurate rate cards to its chatbots to facilitate agentic AI. Google is also incapable of preventing "search engine optimization" companies from tricking it into showing bullshit at the top of the results for common queries:

https://pluralistic.net/2024/05/03/keyword-swarming/#site-reputation-abuse

Google somehow thinks that the companies that spend millions of dollars trying to trick its crawler won't also spend millions of dollars trying to trick its chatbot – and they're providing the internet with a tool to inject lies straight into the chatbot's input hopper.

But UCP isn't just a way for companies to tell Google what their prices are. As Stoller points out, UCP will also sell merchants the ability to have Gemini set prices on their products, using Google's surveillance data, through "dynamic pricing" (another euphemism for "surveillance pricing").

This decade has seen the rise and rise of price "clearinghouses" – companies that offer price "consulting" to direct competitors in a market. Nominally, this is just a case of two competitors shopping with the same supplier – like Procter and Gamble and Unilever buying their high-fructose corn-syrup from the same company.

But it's actually far more sinister. "Clearinghouses" like Realpage – a company that "advises" landlords on rental rates – allow all the major competitors in a market to collude to raise prices in lockstep. A Realpage landlord that ignores the service's "advice" and gives a tenant a break on the rent will be excluded from Realpage's service. The rental markets that Realpage dominates have seen major increases in rental rates:

https://pluralistic.net/2025/10/09/pricewars/#adam-smith-communist

Google's "direct pricing" offering will allow all comers to have Google set their prices for them, based on Google's surveillance data. That includes direct competitors. As Stoller points out, both Nike and Reebok are Google advertisers. If they let Google price their sneakers, Google can raise prices across the market in lockstep.

Despite how much everyone hates this garbage, neoclassical economists and their apologists in the legal profession continue to insist that surveillance pricing is "efficient." Stoller points to a law review article called "Antitrust After the Coming Wave," written by antitrust law prof and Google lawyer Daniel Crane:

https://nyulawreview.org/issues/volume-99-number-4/antitrust-after-the-coming-wave/

Crane argues that AI will kill antitrust law because AI favors monopolies, and argues "that we should forget about promoting competition or costs, and instead enact a new Soviet-style regime, one in which the government would merely direct a monopolist’s 'AI to maximize social welfare and allocate the surplus created among different stakeholders of the firm.'"

This is a planned economy, but it's one in which the planning is done by monopolists who are – somehow, implausibly – so biddable that governments can delegate the power to decide what we can buy and sell, what we can afford and who can afford it, and rein them in if they get it wrong.

In 1890, Senator John Sherman was stumping for the Sherman Act, America's first antitrust law. On the Senate floor, he declared:

If we will not endure a King as a political power we should not endure a King over the production, transportation, and sale of the necessaries of life. If we would not submit to an emperor we should not submit to an autocrat of trade with power to prevent competition and to fix the price of any commodity.

https://pluralistic.net/2022/02/20/we-should-not-endure-a-king/

Google thinks that it has finally found a profitable use for AI. It thinks that it will be the first company to make money on AI, by harnessing that AI to a market-rigging, price-gouging monopoly that turns Google's software into Sherman's "autocrat of trade."

It's funny when you think of all those "AI safety" bros who claimed that AI's greatest danger was that it would become sentient and devour us. It turns out that the real "AI safety" risk is that AI will automate price gouging at scale, allowing Google to crown itself a "King over the necessaries of life":

https://pluralistic.net/2023/11/27/10-types-of-people/#taking-up-a-lot-of-space

(Image: Noah_Loverbear; CC BY-SA 3.0; Cryteria, CC BY 3.0; modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Disney swaps stock for Pixar; Jobs is largest Disney stockholder https://web.archive.org/web/20060129105430/https://www.telegraph.co.uk/money/main.jhtml?xml=/money/2006/01/22/cnpixar22.xml&amp;menuId=242&amp;sSheet=/money/2006/01/22/ixcitytop.html

#20yrsago HOWTO anonymize your search history https://web.archive.org/web/20060220004353/https://www.wired.com/news/technology/1,70051-0.html

#15yrsago Bruce Sterling talk on “vernacular video” https://vimeo.com/18977827

#15yrsago Elaborate televised prank on Belgium’s terrible phone company https://www.youtube.com/watch?v=mxXlDyTD7wo

#15yrsago Portugal: 10 years of decriminalized drugs https://web.archive.org/web/20110120040831/http://www.boston.com/bostonglobe/ideas/articles/2011/01/16/drug_experiment/?page=full

#15yrsago Woman paralyzed by hickey https://web.archive.org/web/20110123072349/https://www.foxnews.com/health/2011/01/21/new-zealand-woman-partially-paralyzed-hickey/

#15yrsago EFF warns: mobile OS vendors aren’t serious about security https://www.eff.org/deeplinks/2011/01/dont-sacrifice-security-mobile-devices

#10yrsago Trumpscript: a programming language based on the rhetorical tactics of Donald Trump https://www.inverse.com/article/10448-coders-assimilate-donald-trump-to-a-programming-language

#10yrsago That time the DoD paid Duke U $335K to investigate ESP in dogs. Yes, dogs. https://www.muckrock.com/news/archives/2016/jan/21/duke-universitys-deep-dive-uncanny-abilities-canin/

#10yrsago Kathryn Cramer remembers her late husband, David Hartwell, a giant of science fiction https://web.archive.org/web/20160124050729/http://www.kathryncramer.com/kathryn_cramer/2016/01/til-death-did-us-part.html

#10yrsago What the Democratic Party did to alienate poor white Americans https://web.archive.org/web/20160123041632/https://www.alternet.org/economy/robert-reich-why-white-working-class-abandoned-democratic-party

#10yrsago Bernie Sanders/Johnny Cash tee https://web.archive.org/web/20160126070314/https://weardinner.com/products/bernie-cash

#5yrsago NYPD can't stop choking Black men https://pluralistic.net/2021/01/21/i-cant-breathe/#chokeholds

#5yrsago Rolling back the Trump rollback https://pluralistic.net/2021/01/21/i-cant-breathe/#cra

#1yrsago Winning coalitions aren't always governing coalitions https://pluralistic.net/2025/01/06/how-the-sausage-gets-made/#governing-is-harder

#1yrago The Brave Little Toaster https://pluralistic.net/2025/01/08/sirius-cybernetics-corporation/#chatterbox

#1yrago The cod-Marxism of personalized pricing https://pluralistic.net/2025/01/11/socialism-for-the-wealthy/#rugged-individualism-for-the-poor

#1yrago They were warned https://pluralistic.net/2025/01/13/wanting-it-badly/#is-not-enough

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Memex Method," Farrar, Straus, Giroux, 2026

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1010 words today, 11362 total)

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

14:35

The Spew [Original Fiction Archives - Reactor]

All Fiction Dark Fantasy

The Spew

A man is hired to transcribe the words of a mysterious woman who speaks in “spews” during self-induced trances, but he soon discovers an intriguing story coalescing within her seemingly…

Illustrated by Carter Gill

Edited by

By

Published on January 21, 2026

0 Share
An illustration of an ominous figure towering over a small girl.

A man is hired to transcribe the words of a mysterious woman who speaks in “spews” during self-induced trances, but he soon discovers an intriguing story coalescing within her seemingly incoherent rambles.

Short story | 5,245 words

Arathusia, petite—with raven-black hair gathered to one side as if she was facing due south in a windstorm from the east—could talk the ear off a brass monkey. Within the raging current of her flow, stories surfaced, swam hard to save themselves only to disappear beneath the deluge of random words. If you can imagine a real flood overwhelming a small town, think of what would be borne in those rushing waters: garbage-can lids, trash, lawn furniture, toys, flowerpots, newspapers, umbrellas, a red gingham tablecloth, and the rotting, bloated corpses of the drowned. So too, Arathusia’s telling—between, around, and through the stories—was dotted with bobbing mundanities and grotesqueries. You could tell her it didn’t make sense, but that wasn’t going to stop her.

She called it spewing and said she’d discovered her propensity for it at age six. It was a kind of trance/monologue that sometimes told a story but often was just a jumble of fleeting instances and ideas. “You could call it automatic talking, sort of like automatic writing,” she said. “First I control my breathing, then I close my eyes. In the dark, my imagination blossoms until it swallows me into a scene, and I speak without knowing whatever I encounter there. A situation, its figures and landscape, might grow until it crumbles from its own weight of words and then it evolves into something different, only to fly apart to seed a hundred other permutations.”

I couldn’t really picture what she meant by all that, and I told her so. She said, “OK, I’ll give you a quick ten-minute sample.” She closed her eyes. Her nostrils flared and she took in great quantities of air, as if trying to hyperventilate. In an instant, her shoulders slouched, her head tipped to the side, and she leaned forward, limp, against the desk. A full minute passed, and I wondered if I should get up and leave. As I was about to do just that, I noticed her jaw twitching slightly. I reared back in my seat when her mouth sprang open like an automated device. Then the grumbling started and eventually eased into whispers. A few moments later, I heard her first real words.

“There’s something in the water, something in the slaughter, something in your daughter, so bring the brick and mortar.” That snippet gave way to a string of unrelated words, chaotic nonsense I won’t even try to record here. I lost track for a few seconds of what she said as I was focused on the speed at which her lips moved—pursing, undulating, quivering, popping. It was such an onslaught of raw language minus meaning that I felt like I was against the ropes, being worked over.

By the time I surfaced from that barrage, she’d returned to the original story. There was a farmer, and he was bricking his daughter up in an underground root cellar. From within, a fierce howling could be heard. When he finished his work, he took a pistol from his pocket and shot himself in the head. He lay beneath the yellow sky, a storm approaching, whipping the branches of trees and pushing ahead of it a pouring rain that might fill a swimming pool one could keep a porpoise in to make friends with and learn its intelligence until it escaped one day when the town flooded. You get the picture, the tale just veered off into inanity about the porpoise and the flood, and that led to the ocean and a kingdom under the sea, and an exegesis on growing tomatoes, etc.

Eventually, her words turned to light snoring, her body moved slowly into an upright position, and she opened her eyes with a shy smile. I applauded. She blushed.

 “So, you want me to copy down what you say?” I asked. 

“That’s right.”

“And you want me to handwrite all of these words?”

“Yes, pen and paper only, no computers or typewriters.”

“I doubt I’d be able to keep up with you. I can only write by hand so quickly. I got slapped on the knuckles with a ruler all through grammar school for holding the pen wrong, and I still do.”

She shrugged and shook her head like that was no problem. I wondered if she was a little light upstairs.

“Get a tape recorder. It’d be way better than me,” I said.

“You don’t understand,” she said, grinning. “I want my words to be shaped at random by the static of your failure to record everything legibly and accurately. Still, I want you to try passionately hard to do a perfect job. The spirit of passion denied will permeate my verbiage and sculpt it into something beautiful, like the acid in an etching.”

I was convinced she was a lunatic and prepared to take my leave when she reached into the top drawer of the desk and pulled out a fat roll of twenties. “Three hundred dollars a session. Two hours, no more, no less, in which you are dedicated to capturing my words, verbatim, on paper,” she said.

I stared at the roll of money.

She slid a business card across the desktop to me. “Meet me Tuesday at this address; bring your favorite pen.” 

Luckily Tuesday was only three days away. I was low on money and food, and had cut back already to toast and coffee in the morning and a meager dinner in the evening. It was starting to take a toll. My landlord was after me for the rent, which I’d only saved half of since being laid off two weeks earlier. I was banking so hard on Arathusia’s three hundred, I never really considered what an absurd enterprise I’d enlisted in. I reminded myself, I would have to fake passion. She seemed to want lots of passion and passion denied. In my mind they cancelled each other out, but to her it was art. I stood before the mirror and practiced my passion look, nine-tenths desperation.

Each of those three nights, whereas I would usually read short stories, I sat down at the card table in my kitchen with a bottle of bellyache red and a yellow legal pad. I left the little TV on in the living room and tried as best I could to copy down what the news heads spoke. I caught some of it, but my handwriting was atrocious as always and there were some major gaps in the text when my mind would drift away to my future employer’s melodic voice and serene beauty. She was a flagrant kook, but otherwise quite alluring.

The other thing on my mind was that story she began about the farmer who bricked his daughter up in the root cellar and then shot himself in the head. The more I thought about it, the stronger the images came through. What I saw led me to believe it took place in some other time. The old man wore a rumpled white shirt buttoned at the collar beneath a black vest. His pants were a size and a half too big for him, cinched at the waist with a length of rope. On his feet, he wore thick leather sandals. White hair, and white beard framed an expression of determination, a man on a mission. He trudged along, the weight of his daughter slung over his shoulder, pulling him down. The girl was either asleep or dead, dressed in a pink nightgown. Dark hair spilled down his back and ended only two inches above the ground. 

Papa had all the tools, the bricks and mortar ready at the root cellar, which indicated the deed had been carefully planned. His destination was an eruption of the field, covered atop by grass. The mound had one side that was a wall made of river rocks. In the middle of that wall, there was a wooden frame and a heavy door that opened onto a set of crude steps, leading down into the earth. As part of his planning, there was a lit candle down there, sitting on a small table, the only furnishing in that vault. The place was lined with limestone riprap, had a dirt floor and a ceiling of beams that somehow I knew he’d rescued from a demolished church.

It looked like it took everything out of him to lay her carefully on the floor. He got to his knees, rolled her onto her back, adjusted her nightgown to cover as much as it could, and kissed her on the forehead. In that instant, I saw her face in the wavering candlelight and could tell she was in her late teens. The only vibe about her that came through clearly was one of innocence. Her father sprang up then, and staggered quickly for the steps as if he was being chased. He blocked my view as he came toward the exit, and the last I saw before he passed through me and up out of the root cellar, was her lovely long hair sprawled in the dirt.

Outside, the wind had picked up, and even before I could turn my focus back to the old man, I could hear the trowel scraping on brick. Then time jumped forward and he was nearing completion of the job, fitting the last couple of bricks into place. I got a good look at him. His face was wrinkled and dark from the sun. He had a sharp nose and a grimace minus a few teeth. There were tears in his eyes. When the howling came from inside the root cellar, he dropped the trowel and staggered backward as if the noise had pushed him. He reached into his pocket and brought out a pistol.

For those three days my thoughts were rampant with the ideas and images of the strange interview. The only aspect of the entire affair that brought a smile to my face was recalling that when recently fired from my warehouse job, loading and unloading thirty-two-foot trucks on the graveyard shift, my boss, Ed Pares, told me I was a half-assed fuckup. I got a kick out the fact that my new employer took it as a given that I would assuredly fuck up, and that was why she hired me. There’s something to be said for that. The ad in the local paper that had brought me to her, proclaimed WRITER WANTED. When another warehouse job proved unavailable, on the spot, I became a writer. It was that easy.

Couldn’t sleep Monday night, tossing and turning as I did before the start of any job. Eventually I administered the vino. It always works eventually. Tuesday morning, I woke in a frenzy, the covers twisted around my neck, my pillow drenched with sweat. My mouth was Death Valley Days, and my head was The City of Dreadful Night. While shaving, I discovered my lack-of-passion expression. A shower and four cups of coffee got me halfway back in the swing. Dressed in my old brown suit, a pea-green shirt, black bow tie, and white sneakers, I headed for the door. When the hotel where I was to meet Arathusia came into view, six blocks from my place, I realized I’d forgotten my pens.

I hoped there would be some kind of stationary shop or drugstore where I might buy a pen. But we all know that could never be. I wound up at the foot of the stone stairway that led to the front entrance of the Parliament Hotel, a century-old building with a cupola and turrets constructed from a bright yellow rock. I wondered if it was sulfur as I mounted the steps, ten in all. There were stained glass windows of colorful birds around the borders of the door, survivors of an opulent past. Inside, dinginess ruled, a film of dust like gray snow under dim lighting. The tattered floral carpet, in places, was trod to threads. There was no one behind the front desk. I pulled the card Arathusia had given me from my pocket to check the room number and went in search of it.  

Up three flights of stairs and down a long hallway, I found 432 and knocked. She called for me to enter. I immediately saw that the room took up one of the turrets of the old place, a museum of threadbare finery. The Turkish carpets, the candelabra, the furniture constructed from Bombay ebony, were tattered and tarnished and splintered. She sat at a round table with a white linen cloth. Behind Arathusia was a window that faced the street, and the daylight made an aura around her form. A chair was pulled out for me across from hers. On the table at my spot was a stack of yellow legal pads.

I nodded to her and wished her a good morning.

She returned the pleasantry, and then said, “Do you have your pen?”

I hesitated for a moment, smiling harder. There was nothing but to break the news to her that I was a soldier without my weapon. I briefly considered telling her that it had run out of ink that morning just before I was to leave for the Parliament. Finally, I just said, “I forgot it.”

She laughed as if relieved and clapped her hands. “If you’d brought your own, I would have had to allow you the choice to use it. Now, you must use mine. Come here. Take off your jacket.”

I did as I was told, dropped the garment over the back of a chair, and approached her from across the room. In the moment I’d been looking away, she’d produced a small pine box, no wider nor longer than a five-hundred-page trade paperback book.  “Roll up the sleeve on the arm of your writing hand,” she said. I did, and she remarked, “Lefty,” cocked her head, and gave my mitt a sort of lascivious once-over. I’d never experienced nakedness concerning my hands before. She slid the top off the box. I leaned in and saw that the container was three quarters filled with dark soil. From the dirt it appeared a fragile green plant grew, sending out long, fine tendrils. Reaching in, she dug her fingers down around the plant, and when she lifted it, I saw those green shoots were not vegetable but wire. They were attached to a long, silver pen, and there was a wrist clasp with Velcro that had also been buried. 

“I call my invention the Starlight Stylus, after my mother’s middle name, June Starlight Sernom,” she said, and attached the clasp around my left wrist. “Now, hold the pen with your index, middle finger, and thumb.” I moved closer to her, and she maneuvered my fingers into the appropriate positions. Her touch had a noticeable warmth to it that almost made me swoon. In that moment, it happened so quickly I’m not sure I saw it, but the tendrils of green, of their own volition, wrapped in an eyeblink around each of my fingers. I took a step back and gasped. “It’s quite alright,” she said. “The stylus will assist you by means of massage, keep you writing long after you might have given up.”

I could feel the device’s grip. Who knew where it all came from, but as I sat down in front of the stack of legal pads, I noticed my hand was covered now by a green glove of wire-wisps. The silver pen looked like a polished rifle bullet lying in the grass and fit my hand with an exactitude that made writing seem inevitable. If only I’d had one in school. I looked over at Arathusia. “Write your name at the top of the pad for practice,” she said. I did, and could tell I wasn’t completely in control of my script. The Starlight device clutched and eased its grip in a hundred tiny places. Its influence produced a midsized text, wonderfully loopy with old-fashioned flourishes, and yet completely legible. I laughed out loud in reaction.

“I see your name is Eben Cull.”

“Call me Eben.”

“I hired you for today without ever knowing your name. Merely on the strength of your personality. Now, are you ready to write with passion?” I gave her my best passionate expression. She hiked her right eyebrow briefly, gave a sigh, and said, “Very well, let’s begin.”

She closed her eyes, those long lashes gracefully falling, and even before they shut out the world, her face went, in a heartbeat, from joyfully eager to totally blank. Only then when she was at rest did I truly see her for the first time that morning. I marveled at the smoothness of her skin, her small mouth, partially open, the lips done in a pale coral. Her black hair was, as usual, gathered completely to the right, as if sidestepping the onrush of her bizarre thoughts on their way to the polestar. She wore a lavender dress with white lace trim, cinched at the waist. It had a high collar with a black ribbon tied in a bow at the front. Slowly, she leaned forward against the table.

Whatever trepidation I had about the job, I was ready to dive in now. My were-hand held a silver rocket. I closed my eyes and listened intently. The faint sound of her rhythmic breathing began subtly and grew in urgency. I waited and waited, and then my mind wandered, and I saw, on the blank screen behind my eyes, the scene of the root cellar in the dark rainy field, the old man’s body. It made me jump when the cellar door was flung violently open, and candlelight streamed out into the night. In the next breath, I heard her speak. She’d started and I was caught off guard. Already, two lines of gibberish had flowed past me with no response. The Starlight Stylus stung my hand in four places. The pain was excruciating, but it got me jotting.  

The first fifteen minutes of her verbal emission was nothing but disjointed fiddle-faddle, crowding the lines of the pad. The stylus allowed me to keep up, and I was quite happy with my progress, missing merely a word here or there throughout the first two pages. I was operating like a real scrivener, if you know what I mean. Then I felt something change, just a twinge, less than a possibility, but it registered. The utterances it swam with had no seeming connection or sense, but this puff in the flow, like a miniscule fart of “meaning,” began to attract other words around it until, over a period of a page, it tumbled, vaguely at first, and then most solidly, into a story.

The young girl, dressed in a navy-blue pinafore and white blouse, sat across from her father at the dinner table in the kitchen. She wasn’t as interested in the food as he was. He used a piece of bread to corral gravy and potatoes while she looked out the window at the darkening autumn sky. In the quiet but for his chewing, she heard the wind, and beneath it the cows lowing in their pens. Turning back to him, she said, “I went to visit Mommy today.”

He didn’t look up. “How was that?” he asked.

“The trees in the graveyard were all bright yellow.”

“They’re elms,” he said. “What did you tell your mother?”

“I told her about a dream I had.”

He pushed his plate back and lifted his head to see her. “Can you tell me?”

“I was walking home from the pond. I could see the house and knew it was close to dinnertime. My boots were covered with mud, and I was carrying my wooden doll, Bindi. All of a sudden, a man appeared, walking toward me. He was dressed very fine like a gentleman, hat and checkered vest, dark coat, a tie, and a walking stick.  As we came closer to each other, I noticed there was something wrong about him. I felt it in my chest before I saw what it was. His face was feathered, like a robin’s breast, and he had a beak and large eyes. I stopped walking, although I wanted to run.”

“My goodness,” said her father.

“He told me his name was Twin Owls 12 and asked for mine. I couldn’t move. Then he leaned down like he wanted a better look at me and spit a long violet stream into my open mouth. It tasted like bad perfume and onions. I ran away as fast as I could.”

The static set in then, inconsequential blither, words flying out in all directions, scattering like cockroaches when you hit the lights. I fielded most of them, memorializing each on yellow paper. The silver pen was probably responsible for a good deal of my success. Without any reason organizing them, each utterance came whizzing out of nowhere like a slap shot. My guess was I was an hour into the ordeal. I could feel myself flagging. I looked over at Arathusia. She was drooling from the corner of her racing lips, but still lovely. Her eyes fluttered behind her lids. It wasn’t long at all before my attention began to falter, but when I contemplated taking the nib from the paper, the Starlight contraption gave me a jolt of pain that brought me back into focus. It rode my hand like a jockey with a whip.

A deluge, an avalanche of words, each so brilliantly dissimilar from the ones around it, the whole thing seemed impossible. Wanting to avoid future stinging, I did what I could to keep up and all was fine, save an errant morsel here or there. Then I could feel the flow shifting, like an airliner banking into the arc of a turn. As the stream lost speed it gained meaning, and before I knew it I was back in the farmhouse. I didn’t recognize the room I was in, but it seemed a parlor or a living room. I smelled the remnant aroma of dinner, saw the light shining in the distance. The farmer spoke, and I followed the sound of his voice.

He stood in the dark hallway at the entrance to a room. A mild glow spilled out. I walked up behind him and saw over his shoulder that it was his daughter’s room. She lay in bed with the covers pulled up to her chin. He watched as she clasped her hands, closed her eyes, and said a prayer for her mother. “OK, now,” he said and flipped the lights off. She turned and put her arms out. He leaned over and kissed her on the forehead. She clasped her hands behind his neck and held on for a moment. “Go to sleep,” he said, and left the room.

I followed him to the living room, describing every iota, as if I was recording and creating the scene in the same instant. At that juncture I wasn’t conscious of what words I was committing to paper, nor could I even hear Arathusia speaking. The farmer sat in a chair and turned on the standing light above his head. He took a book off the small table to the left of his seat and turned to a saved page. In the calm, I heard him breathing, watched his eyes shifting side to side, his lips barely moving. As soon as I realized the serenity of the scene, the words shed meaning, slowly at first. Disparate verbs infiltrated, sharp consonants shredded. The farmhouse and the country night, the lamp, the chair, and the farmer turned to smoke and drifted off. In a moment, it had all become mere words, and I was back in the hotel room with Arathusia, recording, with a fatigued hand, her every banal utterance.

It was obvious to me that I was missing more per sentence than I had all morning. Words were dropping like flies, and I barely gave a shit. After the story fell apart, I lost what feeble passion I had mustered. My hand was tired and swollen, as if I’d somehow sprained it. The wire tendrils of the stylus were stretched to their limit, digging into my fingers. I very nearly lifted the nib from the paper when Arathusia gasped, and the device grabbed me. There was a spark of wicked pain in the palm pad at the base of my thumb. It felt like a drill was incrementally digging its way in. I gave a sharp cry, hoping to wake her and put an end to the session. Next I knew, I was writing faster than I had yet, and Arathusia had put me back in the farmhouse, in the living room with the farmer reading.

There came a description of the wind outside, “distant cry of anguish,” a note about “the insistent ticking of the grandfather clock near the entrance to the hallway,” and half a page devoted to the farmer’s “reliable and soothing” respiration. Then I heard it, and apparently he did too. From down the hall came his daughter’s voice, a steady, undulating stream. It wasn’t loud enough to catch meaning from. She was talking to either her doll, Bindi, or herself. Obviously, the farmer wasn’t surprised. He sighed and smiled and shook his head slightly. “I’m coming down there if you don’t shhh and go to sleep,” he called out. The girl’s monologue didn’t stop with his warning. Instead, it increased in urgency and volubility. He tried for a minute to go back to his reading, but there was no ignoring it as the rising and falling of her chant became incantatory.

“Good Lord,” he said, and laid the book open on the side table. He rubbed his eyes, stretched, and got to his feet. I followed him down the hall to his daughter’s room. He turned in at the doorway and said, “I thought I told you to be quiet.” There was a definite sternness in his tone, still a shred that found it comic but rapidly losing patience. I passed through him and stood at the end of the girl’s bed. It was dark, with only the light from the living room seeping in from down the hallway and around two corners. Her words now were individually recognizable, but I couldn’t make out what she was saying. “That’s enough,” her father yelled. The sudden force of his outburst scared me but did nothing to slow her down. He flipped the light switch on and said, “Arathusia, please.”

You can imagine, when I heard her called that name, it sent a shudder through me. My mind blanked for a second. Somehow, I was aware that I was still engaged with my employer’s dictation, but the Starlight Stylus must have completely taken over. I couldn’t feel my arm move but I did feel my hand being carried across the page like the farmer’s daughter over his shoulder. I wondered if the entire spew I was privy to was all merely memories of Arathusia when she was a child.

The girl lay back on her pillow, one arm over her head, the other across her chest. Her appearance was perfectly serene but for the movement of her lips and what noise the words made. The farmer called her name again and again and lightly shook her shoulder to wake her. He might as well have been as incorporeal as myself. I wanted to tell him, “Hey, she’s spewing,nothing to worry about.” He did look worried, placing his hand upon her forehead to check for fever. When he found he couldn’t wake her, he backed away, as if the rush of the language pushed him up against the wall, panic in his eyes.

She raised her voice for a few beats and yelled, “Twin Owls 12,” and to my astonishment the figure of that odd gentleman appeared exactly as she’d previously described him, standing on the opposite side of the bed from her father. When it appeared, I literally gasped, but luckily he also seemed not to notice I was there. It was clear however that Arathusia’s father saw the well-dressed birdman’s feathered face, saw his cane, a monocle in the left eye, and a bowler derby. “What in hell!” said the farmer. Twin Owls 12 threw his head back and laughed—the sound of a blue jay screeching.

As that horrible sound faded it summoned forth a storm of unrelated lines and phrases. The scene before me came apart at the atomic level, sifting into salt and then smoke. A tornado of disparate words whirled around my head, and I slumped forward onto my legal pad. It was like a drink of water after a week in the desert not to hear Arathusia anymore. Just the silence and the wind outside on the street. I sat back and opened my eyes. Arathusia was upright in her seat, blinking away her trance and wiping the drool from her chin. Nearly as welcome as the silence was the sun, still morning, pouring in behind her. I lifted my arm to get a better look at the diabolical Starlight Stylus, and the thing suddenly sloughed off my wrist, fell onto the table like a pulled weed, and inched its way back toward its box.

“Well done,” she said. “Seems you’ve caught quite a bit of my spew.”

“Are you aware of what you’re speaking when you’re out cold? Is it like a dream where you remember something of what you spoke?”

“No, no,” she said, and the way she said it seemed so attractive to me. “The only thing I recall is that I was talking fast and hard.”

“Wild.” I shook my head.

“But now I have your dictation to read and I can finally discover what I’ve said. That’s such a relief. I want to thank you.”

“Would you like to get a cup of coffee, a bite of lunch?”

“Pass me those legal pads, please,” she said, and I did. “Sorry, but I can’t be seen with you. My husband doesn’t know I’ve undertaken the task of learning about me. He’s the jealous sort. You’ll be smart not to meet him.”

“Isn’t this something you should have told me before?”

She slipped the pads and the wooden stylus box into a briefcase and latched it shut. “Probably,” she said, “but then I might not have gotten you to help me.”

“You tricked me?”

She laughed and although it was a slap in the face, the music of it was enchanting. “Don’t worry, go home. I’ll contact you if I need you again,” she said. The roll of twenties came sailing through the air, and I caught it with both hands. All I could do was stare at it. In the meantime, she took up her briefcase and said, “Ciao.” As she swept past me to the door, her scent, lilac perfume and sweat, fogged me, and before I knew it she was gone. I sat there for a few more minutes, until I noticed that for my entire stint in the room there had been a painted portrait of a sinister-looking owl—the beak, head feathers, angry eyes, sporting a red cravat and monocle —on the wall across from me. I shoved the money in my pocket, put on my jacket, and fled the Parliament. 

“The Spew” copyright © 2026 by Jeffrey Ford
Art copyright © 2026 by Carter Gill

Buy the Book

An illustration of an ominous figure towering over a small girl.
--> An illustration of an ominous figure towering over a small girl.

The Spew

Jeffrey Ford

The post The Spew appeared first on Reactor.

13:49

Building AI-Powered SaaS Businesses [Radar]

In preparation for our upcoming Building SaaS Businesses with AI Superstream, I sat down with event chair Jason Gilmore to discuss the full lifecycle of an AI-powered SaaS product, from initial ideation all the way to a successful launch.

Jason Gilmore is CTO of Adalo, a popular no-code mobile app builder. A technologist and software product leader with over 25 years of industry experience, Jason’s spent 13 years building SaaS products at companies including Gatherit.co and the highly successful Nomorobo and as the CEO of the coding education platform Treehouse. He’s also a veteran of Xenon Partners, where he leads technical M&A due diligence and advises their portfolio of SaaS companies on AI adoption, and previously served as CTO of DreamFactory.

Here’s our interview, edited for clarity and length.

Ideation

Michelle Smith: As a SaaS developer, what are the first steps you take when beginning the ideation process for a new product?

Jason Gilmore: I always start by finding a name that I love, buying the domain, and then creating a logo. Once I’ve done this, I feel like the idea is becoming real. This used to be a torturous process, but thanks to AI, my process is now quite smooth. I generate product names by asking ChatGPT for 10 candidates, refining them until I have three preferred options, and then checking availability via Lean Domain Search. I usually use ChatGPT to help with logos, but interestingly, while I was using Cursor, the popular AI-powered coding editor, it automatically created a logo for ContributorIQ as it set up the landing page. I hadn’t even asked for one, but it looked great, so I went with it!

Once I nail down a name and logo, I’ll return to ChatGPT yet again and use it like a rubber duck. Of course, I’m not doing any coding or debugging at this point; instead, I’m just using ChatGPT as a sounding board, asking it to expand upon my idea, poke holes in it, and so forth.

Next, I’ll create a GitHub repository and start adding issues (basically feature requests). I’ve used the GitHub kanban board in the past and have also been a heavy Trello user at various times. However, these days I keep it simple and create GitHub issues until I feel I have enough to constitute an MVP. Then I’ll use the GitHub MCP server in conjunction with Claude Code or Cursor to pull and implement these issues.

Before committing resources to development, how do you approach initial validation to ensure the market opportunity exists for a new SaaS product?

The answer to this question is simple. I don’t. If the problem is sufficiently annoying that I eventually can’t resist building something to solve it, then that’s enough for me. That said, once I have an MVP, I’ll start telling everybody I know about it and really try to lower the barrier associated with getting started.

For instance, if someone expresses interest in using SecurityBot, I’ll proactively volunteer to help them validate their site via DNS. If someone wants to give ContributorIQ a try, I’ll ask to meet with the person running due diligence to ensure they can successfully connect to their GitHub organization. It’s in these early stages of customer acquisition that you can determine what users truly want rather than merely trying to replicate what competitors are doing.

Execution, Tools, and Code

When deciding to build a new SaaS product, what’s the most critical strategic question you seek to answer before writing any code?

Personally, the question I ask myself is whether I seriously believe I will use the product every day. If the answer is an adamant yes, then I proceed. If it’s anything but a “heck yes,” then I’ve learned that it’s best to sit on the idea for a few more weeks before investing any additional time.

Which tools do you recommend, and why?

I regularly use a number of different tools for building software, including Cursor and Claude Code for AI-assisted coding and development, Laravel Forge for deployment, Cloudflare and SecurityBot for security, and Google Analytics and Search Console for analytics. Check out my comprehensive list at the end of this article for more details.

How do you accurately measure the success and adoption of your product? What key metrics (KPIs) do you prioritize tracking immediately after launch?

Something I’ve learned the hard way is that being in such a hurry to launch a product means that you neglect to add an appropriate level of monitoring. I’m not necessarily referring to monitoring in the sense of Sentry or Datadog; rather I’m referring to simply knowing when somebody starts a trial.

At a minimum, you should add a restricted admin dashboard to your SaaS which displays various KPIs such as who started a trial and when. You should also be able to quickly determine when trialers reach a key milestone. For instance, at SecurityBot, that key milestone is connecting their Slack, because once that happens, trialers will periodically receive useful notifications right in the very place where they spend a large part of their day.

On build versus buy: What’s your critical decision framework for choosing to use prebuilt frameworks and third-party platforms?

I think it’s a tremendous mistake to try to reinvent the wheel. Frameworks and libraries such as Ruby on Rails, Laravel, Django, and others are what’s known as “batteries included,” meaning they provide everything 99% of what developers require to build a tremendously useful, scalable, and maintainable software product. If your intention is to build a successful SaaS product, then you should focus exclusively on building a quality product and acquiring customers, period. Anything else is just playing with computers. And there’s nothing wrong with playing with computers! It’s my favorite thing to do in the world. But it’s not the same thing as building a software business.

Quality and Security

What unique security and quality assurance (QA) protocols does an intelligent SaaS product require that a standard, non-AI application doesn’t?

The two most important are prompt management and output monitoring. To minimize response drift (the LLM’s tendency for creative, inconsistent interpretation), you should rigorously test and tightly define the LLM prompt. This must be repeatedly tested against diverse datasets to ensure consistent and desired behavior.

Developers should look beyond general OpenAI APIs and consider specialized custom models (like the 2.2 million available on Hugging Face) that are better suited for specific tasks.

To ensure quality and prevent harm, you’ll also need to proactively monitor and review the LLM’s output (particularly when it’s low-confidence or potentially sensitive) and continuously refine and tune the prompt. Keeping a human in the loop (HITL) is essential: At Nomorobo, for instance, we manually reviewed low-confidence robocall categorizations to improve the model. At Adalo, we’ve reviewed thousands of app-building prompt responses to ensure desired outcomes.

Critically, businesses must transparently communicate to users exactly how their data and intellectual property are being used, particularly before passing it to a third-party LLM service.

It’s also important to differentiate when AI is truly necessary. Sometimes, AI can be used most effectively to enhance non-AI tools—for instance, using an LLM to generate complex, difficult-to-write scripts or reviewing schemas for database optimization—rather than trying to solve the core problem with a large, general model.

Marketing, Launch, and Business Success

What are your top two strategies for launching a product?

For early-stage growth, founders should focus intently on two core strategies: prioritizing SEO and proactively promoting the product.

I recommend prioritizing SEO early and aggressively. Currently, the majority of organic traffic still comes from traditional search results, not AI-generated answers (GEO). We are however certainly seeing GEO being attributed to a larger share of visitors. So while you should focus on Google organic traffic, I also suggest spending time tuning your marketing pages for AI crawlers.

Implement a feature-to-landing page workflow: For SecurityBot, nearly all traffic was driven by creating a dedicated SEO-friendly landing page for every new feature. AI tools like Cursor can automate the creation of these pages, including generating necessary assets like screenshots and promotional tweets. Landing pages for features like Broken Link Checker and PageSpeed Insights were 100% created by Cursor and Sonnet 4.5.

Many technical founders hesitate to promote their work, but visibility is crucial. Overcome founder shyness: Be vocal about your product and get it out there. Share your product immediately with friends, colleagues, and former customers to start gaining early traction and feedback.

Mastering these two strategies is more than enough to keep your team busy and effectively drive initial growth.

On scaling: What’s the single biggest operational hurdle when trying to scale your business from a handful of users to a large, paying user base?

I’ve had the opportunity to see business scaling hurdles firsthand, not only at Xenon but also during the M&A process, as well as within my own projects. The biggest operational hurdle, by far, is maintaining focus on customer acquisition. It is so tempting to build “just one more feature” instead of creating another video or writing a blog post.

Conversely, for those companies that do reach a measure of product-market fit, my observation is they tend to focus far too much on customer acquisition at the cost of customer retention. There’s a concept in subscription-based businesses known as “max MRR,” which identifies the point at which your business will simply stop growing once revenue lost due to customer churn reaches an absolute dollar point that erases any revenue gains made through customer acquisition. In short, at a certain point, you need to focus on both, and that’s difficult to do.

We’ll end with monetization. What’s the most successful and reliable monetization strategy you’ve seen for a new AI-powered SaaS feature? Is it usage-based, feature-gated, or a premium tier?

We’re certainly seeing usage-based monetization models take off these days, and I think for certain types of businesses, that makes a lot of sense. However, my advice to those trying to build a new SaaS business is to keep your subscription model as simple and understandable as possible in order to maximize customer acquisition opportunities.

Thanks, Jason.

For more from Jason Gilmore on developing successful SaaS products, join us on February 10 for our AI Superstream: Building SaaS Businesses with AI. Jason and a lineup of AI specialists from Dynatrace, Sendspark, DBGorilla, Changebot, and more will examine every phase of building with AI, from initial ideation and hands-on coding to launch, security, and marketing—and share case studies and hard-won insights from production. Register here; it’s free and open to all.

Appendix: Recommended Tools

Category Tool/service Primary use Notes
AI-assisted coding Cursor (with Opus 4.5) and Claude Code Coding and AI assistance Claude Opus 4.5 highly valued
Code management GitHub Managing code repositories Standard code management
Deployment Laravel Forge Deploying projects to Digital Ocean Highly valued for simplifying deployment
API/SaaS interaction MCP servers Interacting with GitHub, Stripe, Chrome devtools, and Trello Centralized interaction point
Architecture Mermaid Creating architectural diagrams Used for visualization
Research ChatGPT Rubber duck debugging and general AI assistance Dedicated tool for problem-solving
Security Cloudflare Security services and blocking bad actors Primarily focused on protection
Marketing and SEO Google Search Console Tracking marketing page performance Focuses on search visibility
Analytics Google Analytics 4 (GA4) Site metrics and reporting Considered a “horrible” but necessary tool due to lack of better alternatives

13:14

Ne Zha 2: The Best Movie You Haven’t Heard Of [Whatever]

It would stand to reason that the highest-grossing animated film of all time would be more well-known, yet it seems that Ne Zha 2 remains unknown to practically every single person I’ve talked to about it. It’s especially wild to think how many people have never even heard of the film when you consider the fact that it’s #5 on the list of highest-grossing movies of all time, right underneath Avatar and its sequel, Avengers: Endgame, and Titanic.

Not only did Ne Zha 2 become the king of all animated movies, but sits proudly in the top five of all movies. Is that not absolutely wild? So why is no one talking about it?

And I know you’re probably thinking, well of course people are talking about it, haven’t you seen all the articles over it in The New York Times, seen the ratings on Rotten Tomatoes, etc.?

Listen, journalists don’t count as people. What I mean when I say no one is talking about it, is if you go into work and you ask your coworker Becky if she’s seen any good movies lately, chances are she’s not saying she threw on Ne Zha 2 with original Chinese audio.

If you walk up to literally anyone on the street and ask “have you heard of Avengers: Endgame or perhaps Titanic?” chances are not only have they heard of it, they’ve probably seen it. So why is it not the same answer when you ask if they’ve heard of Ne Zha?

Anyways, I’m here to tell you about this incredible film, since I’m guessing even if you’ve heard of it, you might not have seen it yet, as it’s only available through streaming on HBO Max (and there’s no Chinese audio if you watch it on there).

Ne Zha 2 is an absolutely amazing film with the most spectacular animation and passion behind it. It is a true feast for your eyes, with practically every moment being worthy of being a desktop background. So often I found myself saying “oh my god that’s absolutely insane” in regards to the art and animation. Even if the story was downright terrible (which it isn’t), it would still be worth sitting through the almost two and half hours of the movie just for the art.

While I do really like Ne Zha, its sequel is better in every way. Ne Zha 2 has less childish humor that the first one suffers from, a more intricate and interesting story, develops its characters and their relationships better, and of course, superior animation.

Ne Zha is one of those movies where the last half hour makes sitting through the first hour of the film worth it, where as Ne Zha 2 is all gas no brakes. Ne Zha 2 had my jaw on the floor the entire time.

I want to talk about the story, but I don’t know how I can without just spoiling the entire movie! It’s such a… let’s say, involved plot. There’s a lot going on, and if you’re unfamiliar with Chinese mythos and gods, it can feel sort of overwhelming. Almost like when you start reading a high fantasy novel and you’re having a hard time keeping all the proper nouns straight in your head.

I honestly find it easier to keep names and places straight when the subtitles are on (which, if you watch it in Chinese, chances are you’ll probably have them on anyways).

I personally prefer the original Chinese, as I find the mouths not matching up with the English dub distracting and a lot of lines are delivered oddly in an attempt to make the mouths fit the words better.

One of the reasons I love Ne Zha and its sequel is because of its originality. So many movies that come out these days are revivals of old franchises, “live-action” remakes of old classics, and just stuff we’ve seen a hundred times before. Ne Zha and Ne Zha 2 feel so much more unique and interesting than any animated movies has felt for me in a long time.

I find it unfortunate that truly the only reason it feels like no one has heard of it is because it’s a foreign film. That’s really all it comes down to is that it’s a Chinese film, and Americans don’t consume a lot of foreign media. America pumps out so much media that foreign gems can sometimes get lost in translation.

I’ve been intentionally vague about the plot this whole time because it really feels like something you should just experience without knowing too much about it. It’s a wild ride, and one I went into pretty blind, and recommend the same for you.

If you want to watch it with the Chinese original audio with English subtitles, my best recommendation is to buy it on YouTube since HBO Max only has the English dub. I know, it sucks buying movies on YouTube, mostly because they can remove it from your library at any time and you don’t get your money back, but this is unfortunately the era of streaming monopolies and whatnot that we live in. Consuming media is difficult even though that’s all any company wants us to do.

Have you seen Ne Zha or Ne Zha 2? Did you manage to catch either in theaters? Are there any foreign films you like that you feel like most people haven’t heard of? Let me know in the comments, and have a great day!

-AMS

12:42

CodeSOD: Validation Trimmed Away [The Daily WTF]

Grace sends us, in her words, "the function that validates the data from the signup form for a cursed application."

It's more than one function, but there are certainly some clearly cursed aspects of the whole thing.

function trimStr(v) {
  return typeof v === "string" ? v.trim() : v;
}

This function, itself, isn't cursed, but it certainly represents a bad omen. Take any type of input, and if that input happens to be a string, return the trimmed version. Otherwise, return the input unchanged. I've got good news and bad news about this omen: the good news is that it isn't used in most of the code that follows, and the bad news is that it is used in some of the code that follows.

The next function builds a validation schema using the yup library, and we'll take this one in chunks, since it's long.

function buildSchema() {
  // Common string with trim transform
  const t = () =>
    yup
      .string()
      .transform((val) => (typeof val === "string" ? val.trim() : val))
      .nullable();

See, I promised that the trimStr function wasn't used in most of the code- because they just copy/pasted its body where they needed it.

  let emailField = yup
    .string()
    .transform((val) => (typeof val === "string" ? val.trim().toLowerCase() : val))
    .nullable()
    .required("email is required");

  emailField = emailField.test("email-format", "email is invalid", (v) => {
      if (!v) return false; // required above
      // Simple email format validation
      return /^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/i.test(v);
    });

I assume t above is meant to be a common base transformation, so you don't have to constantly rewrite the trim functionality. Though this isn't precisely a trim- it also canonicalizes the address to lower case. That will likely work most of the time, but while the domain portion of an email address is case insensitive, the address part of it is not- Remy@somesite.com and remy@somesite.com could be different addresses.

They also make the email field both nullable and required, which is an interesting choice. Not one they're confident about, as they also check that the required field is actually populated in their test function. Then they do a regex to validate the email address, which it's worth noting that email addresses shouldn't be validated by regexes, but also yup already includes an email validation, so none of this is necessary.

let passwordField = yup.string().nullable().required("password is required");

  passwordField = passwordField
    .test(
      "password-min-length",
      "password must be at least 8 characters",
      (v) => !!v && v.length >= 8
    )
    .test(
      "password-alpha-num",
      "password must contain letters and numbers",
      (v) => !!v && (/[A-Za-z]/.test(v) && /\d/.test(v))
    );

  let confirmPasswordField = yup.string().nullable().required("confirmPassword is required");

  confirmPasswordField = confirmPasswordField.test(
      "passwords-match",
      "password and confirmPassword do not match",
      function (v) {
        const pwd = this.parent.password;
        if (!v && !pwd) return false; // both empty => invalid
        if (!v || !pwd) return true; // required rules will handle
        return v === pwd;
      }
    );

Passwords limited to alphanumeric is a choice. A bad one, certainly. Again we also see the pattern of nullable required fields.

  let telephoneField = t().required("telephone is required");

  telephoneField = telephoneField.test("telephone-digits", "telephone is invalid", (v) => {
      if (!v) return false;
      const digits = (v.match(/\d/g) || []).length;
      return digits >= 7;
    });

Oh, at least on phone numbers they use that common base transformation. Again, they're not using the built-in features of yum which can already validate phone numbers, but hey, at least they're making sure that there are at least seven digits, which probably works in some places. Not everywhere, but some places.

  const schema = yup.object().shape({
    firstName: t().required("firstName is required").max(100, "firstName too long"),
    lastName: t().required("lastName is required").max(100, "lastName too long"),
    companyName: t().required("companyName is required").max(150, "companyName too long"),
    telephone: telephoneField,
    email: emailField,
    product: t().max(150, "product too long"),
    password: passwordField,
    confirmPassword: confirmPasswordField,
    affiliateId: t(),
    visitorId: t(),
  });

  return schema;
}

And here we finish constructing the schema, and look at that- we do use that base transformation a few more times here.

How do we use it?

function validateSignupPayload(payload = {}) {

  // Normalize input keys to match schema: support email/emailAddress and telephone/phoneNumber
  const normalized = {
    firstName: trimStr(payload.firstName),
    lastName: trimStr(payload.lastName),
    companyName: trimStr(payload.companyName),
    telephone: trimStr(payload.telephone) || trimStr(payload.phoneNumber),
    email: (trimStr(payload.email) || trimStr(payload.emailAddress) || "").toLowerCase(),
    product: trimStr(payload.product),
    password: typeof payload.password === "string" ? payload.password : payload.password || undefined,
    confirmPassword:
      typeof payload.confirmPassword === "string" ? payload.confirmPassword : payload.confirmPassword || undefined,
    affiliateId: trimStr(payload.affiliateId),
    visitorId: trimStr(payload.visitorId),
  };

  const schema = buildSchema();

  try {
    const cleaned = schema.validateSync(normalized, { abortEarly: false, stripUnknown: true });
    return { errors: [], cleaned };
  } catch (e) {
    const errors = Array.isArray(e.errors) ? e.errors : ["Invalid arguments"];
    // Still return partial cleaned data from normalization
    return { errors, cleaned: normalized };
  }
}

Here, we "normalize" the inputs, which repeats most of the logic of how we validate the inputs. Mostly. This does have the added benefit of ensuring that the password fields could be undefined, which is not null. More fun, to my mind, is that the input form is clearly inconsistent about the naming of fields- is it telephone or phoneNumber? email or emailAddress?

I agree that this is cursed, less in the creeping dread sense, and more in the "WTF" sense.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

CodeSOD: NUrll [The Daily WTF]

Grace was tracking down some production failures, which put her on the path to inspecting a lot of URLs in requests. And that put her onto this blob of code:

app.get(
    (
      [
        "/api/ddm/getProjectList",
        ":dueDate",
        ":status",
        ":userAssignedId",
        ":managerID",
        ":clientID",
        ":projectHeaderID",
        ":tagId",
        ":companyId",
        ":clientGroup",
        ":isDefault",
        ":dateRange",
        ":dateToFilter",
        ":tagIds",
        ":statusIds",
        ":repeatValues",
        ":engagementID?",
        ":completionDate?"
      ]
      .join( "/" )
    ),
    ddmDboardCtrl.getProjectList
);

This defines a route in ExpressJS for handling GET requests. And it defines the route such that every single parameter on the request is contained in the path portion of the URL. That raises questions about why you need seventeen parameters to fulfill your request and what that means for our API design, but it's even worse than it looks: most of those parameters are allowed to be null.

That means the request looks like this:

GET /api/ddm/getProjectList/null/null/null/null/878778/null/null/2049/null/null/null/null/null/null/null/3532061?

For bonus point, the developer responsible for that awful API also has a "special" way for dealing with possibly empty returns:

(
      fs.readdirSync( `${ GLOBAL_DIRECTORY_PATH }` )
  ||
      (
        [ ]
      )
)
.map(
  (
    function( moduleName ){
      return  (
                path.resolve( 
                  ( `${ GLOBAL_DIRECTORY_PATH }/${ moduleName }` )
                )
              );
    }
  )
)

This code calls reddirSync and in case that returns null, ||s the result with an empty array. Only one problem: readdirSync never returns null. It returns an empty array when there are no results.

Also, this indenting is as submitted, which… what is even happening?

This developer has a strange relationship with nulls- defending against them when they're not a risk, spamming them into URLs. They have gazed too long into the null, and the null gazes back into them.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

12:07

Internet Voting is Too Insecure for Use in Elections [Schneier on Security]

No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer.

Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology that can make it secure. Still, vendors of internet voting keep claiming that, somehow, their new system is different, or the insecurity doesn’t matter. Bradley Tusk and his Mobile Voting Foundation keep touting internet voting to journalists and election administrators; this whole effort is misleading and dangerous.

I am one of the many signatories.

10:21

Identity violation and pricing [Seth's Blog]

Why do books and records have standard pricing? You’d think that a record from Miles Davis or Patricia Barber would cost more than one from the local garage band.

Economists tie themselves into knots trying to explain why wine and handbags have such wide price variation, but tickets to movies do not. They invoke “credence goods” and “focal point coordination” and “transaction utility” and “cost disease.” Darby, Karni, Schelling, Baumol, Thaler—a parade of Nobel-adjacent thinkers building elegant models to explain what’s sitting right in front of them.

It’s simpler than that, I think. People don’t go into publishing or music to make a profit (not most of them, not the smart ones). They do it to create culture and to be part of a culture. They’re not going to brag about making a lot of money, they’ll brag about finding art or sharing it.

Meanwhile, down the street at the hedge fund, the entire point is to find and capture price differences. Leaving money on the table isn’t just a missed opportunity—it’s an embarrassment. It means you weren’t paying attention.

The pricing norms in any industry reflect the identity of the people who built it.

Hermès could auction Birkin bags and make more money. They don’t, because scarcity-through-restraint is the elegant move, the identity-consistent move. It’s what people like them do.

Movie theaters were built by showmen who inherited vaudeville instincts: pack the house, give ’em a show, make it up on popcorn. Uniform ticket pricing isn’t economically optimal. It’s simply what people like us have always done.

This explains why industries are so stable—and why disruption feels like betrayal.

When concert tickets went dynamic, the backlash wasn’t about economics. It was moral outrage. Artists who adopted surge pricing weren’t just changing strategy; they were declaring themselves to be a different kind of person. The fans noticed.

Amazon didn’t share publishing’s allergy to profit. Ticketmaster didn’t share the old promoter’s loyalty to fans. They weren’t optimizing within the culture—they were violating it.

The price variation in any market reflects not what the market will bear, but what the people in that market can bear to charge.

The economists will keep building models. But if you want to understand why things cost what they cost, don’t ask what’s efficient. Ask what kind of person would be embarrassed to charge more. Or embarrassed not to.

09:49

08:28

Staryeet Academy [Penny Arcade]

New Comic: Staryeet Academy

05:42

Girl Genius for Wednesday, January 21, 2026 [Girl Genius]

The Girl Genius comic for Wednesday, January 21, 2026 has been posted.

02:42

The Giving Gloop [QC RSS]

Moray is doing her best :)

Tuesday, 20 January

23:28

Six Seattle Schools Sheltered-in-Place After Unconfirmed ICE Activity [The Stranger]

At least six schools sheltered-in-place after these unconfirmed reports. by Vivian McCall

At least six Seattle public schools sheltered in place after unconfirmed community reports of ICE activity in the city’s South End.

The confirmed schools included Mercer International Middle School, Cleveland STEM High School, Maple Elementary School, Dearborn Park International Elementary School, Beacon Hill International Elementary School, and Aki Kurose Middle School, according to Seattle Public Schools Chief of Staff Bev Redmond.

Redmond says several schools sheltered-in-place after these unconfirmed reports. Sheltering-in-place is different from lockdown—while exterior doors are locked, students are free to move between classrooms. The decisions were made on a school level and out of an abundance of caution, Redmond says. 

Some schools may have stopped sheltering-in-place, while others will continue until the end of the school day. Redmond says the district is working to confirm additional details, and compile a list of the schools that sheltered-in-place.

Seattle Public Schools Safety and Security staff have been on site throughout the day and have not seen ICE. Staff remain on alert, Redmond says.

The Stranger has asked the US Department of Immigration and Customs Enforcement if agents are in the area. The department has not responded.

School Board Director Joe Mizrahi says the potential of ICE activity was treated like any other threat to student safety, which, unfortunately, most students have experienced and run drills for all the time.

“But ICE is a pretty unique threat and we are in such a fast moving environment [that] we need to push to have a more clear protocol and make sure that teachers, students, families, and community understand it. Because there is a lot of the same and a lot different.”

Port Commissioner Toshiko Hasegawa, who is running for King County Council District 2, said in a statement, “No one–no child, parent or educator, deserves to live in this kind of chaos and fear.” 

Hasegawa first heard the reports of the shelter-in-place order from a friend with a child at Cleveland High School. Hasegawa’s children attend a daycare just blocks away. Hasegawa wants to see childcare centers partner with SPS to send out alerts to families if anything like this happens again.

But, she cautioned against spreading inaccurate information.

“As always, we must balance the need to keep our community members safe against the risk of causing undue fear or spreading misinformation,” Hasegawa said in a statement. “I will continue to share information as I receive it, and I’ll always take reasonable steps to verify any reports before I share them on my platforms.”

Texting from a hearing for the farm worker bill of rights and immigrant worker notification bills in Olympia, State Sen. Rebecca Saldaña, who is running for the same seat as Hasegawa, wrote that the shelter in place has been lifted at Cleveland STEM High, and her daughter, a student at the school, joined students across the district to protest ICE “trying to intimidate our children while they should be focused on learning, targeting our children when their hard working parents are at work.”

The Stranger was unable to confirm with Cleveland STEM High that the shelter-in-place had been lifted.

Saldaña continued: “It is heartbreaking and maddening that kids and teachers had to shelter in place out of fear that they could be targeted by ICE. I'm thankful to Seattle Public Schools for their quick action to put families first.”

Seattle City Councilmember Eddie Lin, who represents District 2, writes in a statement that “schools should be safe, welcoming places for all, and it is heartbreaking that ICE is now creating such intense fear in schools. ICE's activities are immoral, unconstitutional and antithetical to our democratic ideals. This is another dark stain in our nation’s history and those responsible must ultimately be held to account. We all have a moral duty to resist this tyranny.”

This article has been updated with additional detail since its original publication.

22:42

the footsteps of a rag doll dance [WIL WHEATON dot NET]

Marlowe and I were out on her morning walk, when we saw one of her friends.

“Hi Marlowe!” He said with a huge smile, while I struggled to keep up with her efforts to get her head under his outstretched hand.

While they enjoyed scritches, he and I had a long talk about the squirrels and birds in the neighborhood.

Y’all, I became a weird Bird Person so gradually, I can’t even tell you when it started.1

Marlowe looked back at me, letting me know she had finished Friendship and was ready to return to Walkies.

Her friend and I said goodbye, and continued our walks.

We were about halfway up the block when I started thinking about my blog. Every morning, and almost every evening, I sit down at my desk and open WordPress. I click new and spend some disappointing minutes trying to post … something. Usually, I get overwhelmed by options or current events or both, and close the tab in frustration.

I’ve been trying, and failing, to find my way back to writing every day, even if it’s about something that I have decided is silly or pointless. Not everything has to be Super Important, I tell myself, and then I look at the news. It’s so awful. It’s like America ripped off the mask, and the monster we always knew was lurking underneath it wasn’t just a monster, it was a cosmic horror, indescribable and incomprehensible in its violence, fear, and anger. I look at that and I’m like, how can I not do something about this? How can I not talk about it, if only for the record? And I get stuck there.

One of the local ravens, Little Kevin, landed on a branch in front of me. They did that corvid chortle cluck thing, which I have come to understand is a greeting.

“Hey, buddy,” I said. I reached into my pocket and pulled out a couple of peanuts. I made my own clicking, clucking, chortling sounds as I tossed them into the middle of the street. Then I deliberately looked away, which I understand is a way to let corvids know we aren’t a threat.

I had only taken a couple of steps when their shadow passed across my face. I glanced behind me and watched Little Kevin pick up one, then two, peanuts, before they flew up into a tree. I made corvid sounds at them.

I love this, I thought. I’m going to mark this moment, so I don’t forget.

We rounded the corner, walking out of the shade. The sun was warm and welcoming on my skin. I am grateful for this. Everything is terrible, but I am grateful for this.

Maybe I’ll write about this on my blog, I thought.

And that’s when I got this anxious tightness in my chest, like I have a midterm in an hour and I haven’t studied. At all.

What the actual fuck is that about?

I don’t know, but It’s literally just a blog post, Wil. It’s not … whatever you’re making it.

I noticed that Marlowe was looking up at me, expectantly. I became vaguely aware of the jingling of dog tags. I realized that my body was on the corner, but my mind was someplace very far away. I realized that I was looking at a dog we call Marlowe’s Nemesis. Their Person waved to me, and I waved back. For the last three or four years, we have worked to convince our dogs that they don’t need to yell at each other when we pass on the street. Around a year ago, something changed and they both just … got over it. So now, when Marlowe sees her, she does a super good sit, just like I taught her. Her nemesis ignores us both, while their person and I exchange a silent greeting. None of us knows each other’s names.

“Better late than never, but waiting until you were 14 was certainly a choice, Mars,” I said as I gave her a treat.

Little Kevin flew over me and landed on the street light. They called, loudly, bowing their head a little bit and opening their wings. Almost immediately, another raven joined them. I was pretty sure it was their older sibling, who was a fledgling last year. We named them Kevin, after the bird in Up. Did you know that corvids live intergenerationally in the same nest? The older sibling will stay for a year and help raise the new fledgling2. We watched Kevin teach Little Kevin how to hunt and eviscerate baby birds last summer, for instance. There’s nothing quite like walking out into the yard and discovering an avian ritual killing, first thing in the morning.

“Hi Kevin,” I said. I tossed another handful of peanuts into the street.

I’ve been doing daily meditations with the Calm App, off and on, for a few months. I started using it to help manage my anxiety, and to help fall asleep. It was super effective, so I looked into a more regular meditation practice, averaging about ten minutes a day. I can’t tell you why, because I don’t know and I don’t understand, but holy shit does it WORK. I struggle with nervous system dysregulation almost every day, and CPTSD flashbacks is my Sword of Damocles. I’ve been working diligently for years with a trauma-recovery therapist to help me, well, recover from my trauma. I use EMDR and IFS therapy, and it is working more effectively than I ever thought possible.3 I’m so much better, you guys, than I was just a year ago,4 but recovery is a journey with no destination beyond the next step, so my work doesn’t really end (but daily life has gotten much, much, easier. I think I may have enough to write a book about the experience).

So. To support my therapy, and give myself a kind of booster between sessions, I do meditation. I don’t know how it works or exactly what is happening, but I do know that, starting in like … October last year? I think? … I have been able to slow down in my head. I have been able to quiet my racing, anxious, worried, hypervigilant brain. And I don’t even know how I’m doing it, just that I am doing it.

Slowing down has made a huge, significant, difference for me.

A lightbulb popped over my head.

“Marlowe, this is important,” I said. “When I was regularly writing in my blog like twenty years ago, everything was slower. We didn’t have smartphones; we barely had dumb phones. We didn’t have social media. We didn’t have Influencers. It was slower, quieter. I could spend a whole day thinking about what I was going to write that night or the next morning. I wasn’t distracted and pulled in a dozen different directions. Daily life wasn’t an endless string of compounding traumas while we all hoped with everything we had that it will happen today.

“A thought that is now one or two posts on a social network was developed into a whole post on a blog. There was a community of regular readers who commented every time, and I had no idea how much I would miss that when it was gone.”

Marlowe looked up at me and did her best to understand. The Kevins fluttered down to the ground and began picking at the peanuts.

“It is unrealistic for me to expect myself to write now like I did then, because Now is fundamentally different. I am fundamentally different.”

Is it really as easy as adjusting my expectations for myself? Is it really as easy as not judging myself, and hitting publish instead of cancel?

There’s nothing tricky about it! It’s just a little trick!

I need to unplug. We all need to unplug. We all need to take breaks from the horrors. We need to slow down, even if it’s just for a couple of minutes.

Everything won’t be terrible forever. There’s a reckoning coming and I, for one, want to be ready.

If I don’t write about the mundane, if I don’t exercise the muscles I use when I make a post about walking my dog, watching birds, and reflecting on who I am right now, because all I want to do is scream at the horrors until I have no voice left, then I have surrendered in advance. I have given up doing something I love, that gives my life purpose and meaning.

I keep forgetting that I am a Helper, which I know is silly since I literally just wrote about that. But, you know, trauma makes you weird sometimes.

The Kevins followed us for a few houses. I tossed them some more peanuts and a minute later they both passed close by me, carrying them in their beaks. I could hear the soft rustle of their feathers and felt the downdraft on the side of my face.

I’m not gonna lie, it was magical.

When we got back to our house, I took Marlowe’s collar off at the driveway so she could walk up to the door. She got there ahead of me, turned around, and looked at me with that great Pittie smile, her tail wagging.

“You did such a great job, Mars,” I told her. “A+.”

We walked into the house. She had what Anne and I call “one thousand times drinks” from her doggie fountain, then lay down, happily, in front of the couch. I kneeled down in front of her and kissed the top of her head. She thumped her tail twice and sighed.

“I’ll be in my office if you need anything, honey,” I said, “I going to go write something for my blog.”

Thanks for reading. I’m glad you’re here. If you’d like to get my posts by e-mail, here’s the thingy:

  1. Yesterday, I was on my way out the kitchen door, stopped with a gasp, and quietly called Anne over to see the California Towhee that was perched on the wire over the patio. We have tons of finches and sparrows, even the occasional cowbird, but I just love the Towhees, and this was the first time I’d ever seen one on my patio.
    We sat there and made excited noises for a second. Then I looked at her.
    “Still punk as fuck,” I said.
    “Yeah, obviously. Still punk as fuck.” ↩
  2. I was one of the lucky ten thousand about a year ago. ↩
  3. Honestly, it works so well, it is indistinguishable from magic at times. ↩
  4. today is a terrible anniversary; one year since America pulled the trigger on the gun it put to its head in 2016 ↩

“If We’re Going to Say His Name, Then We Have to Continue the Fight” [The Stranger]

Voices from Seattle's 43rd Annual MLK Day March. by Marcus Harrison Green

Photos by John Caplinger for The Stranger

On a gentle January morning, against the backdrop of civil rights being dismantled in plain sight across the country, thousands gathered at Garfield High School, refusing silence in a nation increasingly estranged from its own conscience. The city’s 43rd Annual Martin Luther King Jr. Celebration followed its familiar rhythm: workshops in the auditorium, a rally inside the Garfield gymnasium, then a march spilling into the streets. But nothing about this year felt ceremonial. Not the moment we’re living inside, nor the theme guiding the day.

Where do we go from here?

Dr. King asked that question in the final year of his life, as the nation recoiled from its own civil rights gains and recommitted itself to war, repression, and inequality. Today, the echo of that question hits with the force of a national indictment: in 2026, one year after Donald Trump’s second inauguration—held, grotesquely, on King’s holiday—civil rights enforcement has been hollowed out, voting rights sit under open assault, and diversity itself is framed as a threat. Trans people are targeted with cruelty masquerading as policy. In Minneapolis, communities live under the shadow of federal occupation with ICE raids normalized, dissent branded as insurrection, and militarization treated as governance. History is not merely being revised; it is being weaponized.

In response, people chose presence over retreat at Garfield.

They came carrying children and clipboards, grief and resolve. They came for workshops that asked not only what is broken, but what must be built. They came for the rally with its songs, testimony, honoring community leaders, and for the reminder that courage is often quiet and collective. They came to the opportunity fair because survival, in moments like this, is not individual. And they marched—not because marching is enough, but because isolation is fatal.

Inside the gym and along the route, no single message dominated. Calls for Palestinian liberation stood beside demands for strong unions. Affirmations that trans Black lives are not negotiable moved alongside appeals for healthcare, housing, peace, and dignity. The convergence was not tidy, but it was honest. If authoritarianism depends on fragmentation, then this kind of gathering—imperfect and plural—is its natural enemy.

What this day made clear is that Martin Luther King Jr. is not honored by comfort. He is honored by continuity. By the refusal to believe that progress moves in one direction, or that rights sustain themselves. King was not only a dreamer; he was a disruptor who was most dangerous to power when he named racism, militarism, and materialism as inseparable forces.

The question, Where do we go from here?, does not map the road ahead, but it does require us to walk it together.

What follows are voices from those already in motion, through education, organizing, and the increasingly radical act of standing together in a time designed to pull us apart.

Some statements have been lightly edited for clarity.

Jamil Suleman, filmmaker and community organizer

I think one of the most important things we can do is get people together. When we’re in person, rather than stuck in the oppositional social media silos we usually operate in, and we’re actually with each other in community, that’s when some of the most positive things can happen, right?

It really comes down to organizing and protecting our community members, and having that unity we’ve always known is there. But to really see it, you have to show up. You have to be in person with everybody else. And that’s what these events help do.

That’s the legacy of Martin and everyone from that era—from the Panthers on. It was always about getting people together, getting people on the same page, mobilized and organized. That’s why there’s such a big turnout today. There’s a lot going on in the world and a lot going on in this country, and we need to show that we have the unity to stand by the principles we truly believe in.

There are organizations and people who have been doing this work for a very long time, and what we need to do is support them. We don’t have to recreate the wheel. On the hyper-local level, there are mutual aid organizations that already exist and have been helping people get what they need. We need to show up for them, learn more about them, join them, and support them in any way we can.

Aaron Dixon, co-founder and Captain of the Seattle chapter of the Black Panther Party

Well, it reminds us that we always have to keep fighting for justice and fighting for human rights—not just civil rights, but human rights. And it reminds us that we are in a state of fascism under Trump, just as we were, in part, under Richard Nixon.

I don’t think a lot of people realize that when Martin Luther King was murdered, it didn’t just lead to an explosion of people joining the Black Panther Party. It also led young people of all ethnic backgrounds to join organizations and fight for change: fight for radical change in America. King’s death was a turning point.

And there’s something else people often don’t realize: it also led to the death of little Bobby Hutton, the first person to join the Black Panther Party and the first member to be killed.

So Martin Luther King plays an important role in modern history, not just for Black people, but for America as a whole. He also came out against the war in Vietnam, which I believe contributed to the decision to assassinate him.

He’s someone we will always remember and always uplift, because he played such a critical role. And today, right now, we are living under fascism. We could use his leadership more than ever. But at the very least, we still have his memory and his legacy, and that’s something we can use to move forward, and to confront the forces of fascism we’re facing today.

Tony Benton, proprietor of Columbia City Theater and Rainier Avenue Radio 

For someone like me, it means remembering that when I woke up this morning, I didn’t have to worry about dogs being sicced on me. I didn’t have to worry about fire hoses being turned on me. I didn’t have to worry about being beaten. That comfort, under these circumstances, really reinvigorated me.

It also reminds me how important it is to make sure this message continues to resonate as we move further away from Dr. King’s time, how we connect people to what it meant then, and why it still matters today. The conveniences we have now are things people worked hard for, things people were willing to die for, so that we could enjoy them today.

And then there’s just the beauty of the day itself: being around people at the career fair, everyone smiling, everyone happy, everyone being gracious, thoughtful, and empathetic. It’s really an amazing thing to be a part of.

Abdi Mohamed, community organizer

We should commemorate this day every year. As an African immigrant, we are riding on the back of Dr. King. Whatever rights we enjoy today, every part of our lives in this country is connected to the struggles he fought for. And we can’t just let that go. We have to celebrate it, we have to be part of it, and that’s why I’m here today.

For me, Dr. King’s legacy shouldn’t be something that only lives in libraries or in books. It should be part of our daily lives. We have a responsibility to educate the current generation and the generations coming after us.

And you know, Dr. King wasn’t someone who just talked and sat on a couch. He was a mover and a shaker—a community organizer, a freedom fighter. We may never be able to fully walk in his shoes, but we have to try to place ourselves there. We keep his legacy alive by teaching what he fought for, what he stood for, and by living it every day

Alex Hudson

I think in some ways it’s a touchpoint back to history, a reminder of the length and longevity of the struggle for racial justice, and for undoing white supremacy and anti-Black violence in this country. And in one sense, that’s comforting. It reminds us that this is a struggle we didn’t have to invent. That the language, the tactics, the ways of opposing these forces already exist.

But in other ways, it’s incredibly disheartening to realize that we’re still talking about the same things 50, 60, 70 years later, right? I find his speeches deeply inspiring and motivating. And as a white person, it’s also deeply sad to me that white people continue to carry this violent, destructive virus of white supremacy in our culture, and to see the pain and suffering it causes to other people, to other souls.

So I’d say: read. Read a book. Read the news. Talk to other people. Get out there. I hate to sound like a self-help quote or whatever, but go touch grass. Talk to people. Think about what it would actually mean to live in a truly just world, and then figure out how to move toward that with the people you know. Every day.

It’s simple, and it’s big, and it all adds up.

KL Shannon, community organizer 

I think Dr. King’s legacy is really about what he embodied: nonviolence, peace, and fearlessness. And when I think about the pressure that was placed on him, it’s overwhelming. When Dr. King was assassinated, and they did the autopsy, they said he was only 39 years old, but his heart looked like that of a 67-year-old man. That tells you the kind of stress he was carrying.

And when he came out and spoke against the war, everything shifted. People turned on him. So for me, his legacy is about embodying that courage—speaking your truth even when you’re scared, even when it makes you unpopular.

That’s what I so deeply appreciate about Dr. King. He stood by his principles no matter what people said. He stayed committed to nonviolence. He stayed committed to peace. And that, truly is what his legacy is.

Katie Wilson, Mayor of Seattle 

I think Dr. King’s legacy reminds us, especially in this moment, that it’s the responsibility of all of us to stand up for both civil rights and human rights, and to continue the struggle for racial and economic justice. It’s a moment to reflect on how far we’ve come because we have made real progress, much of it rooted in Dr. King’s work, and at the same time to reckon with how far we still have to go.

Bana Abera, organizer 

I would say that not much has changed since the days when Dr. King was marching, resisting, and being arrested. So much of what he spoke about is still painfully relevant to what we’re experiencing now. If we’re truly going to honor his legacy, if we’re going to remember him and say his name, then we have to continue the fight. The struggle isn’t over. The dream he carried, the vision of freedom and equality for all people, of ending exploitation and violence against Black people and against all people. The job is not done.

Girmay Zahilay, King County Executive

His legacy means we’ve got to keep fighting. That’s what it means to me. Right now, so many people’s civil rights and human rights are being eroded, assaulted, and attacked in ways I haven’t seen in my lifetime. I know others have witnessed moments like this before, but for us, this level of explicit attack on civil and human rights feels unprecedented.

And that means we have to come together and recommit ourselves to the struggle, to change, and to fighting for one another. Everybody has a role to play in that. You don’t have to be an elected official. You don’t have to be a professional advocate. But everyone has a role in creating the change we need.

Greg Ramirez, Deputy Director SEIU6

 

I think it’s not just about any one day. It’s about continuing to stay active and continuing to fight for whatever struggles are in front of us, right? From a labor union perspective, of course we focus on workers’ rights but the reality is, all of these issues are interconnected. Workers’ rights, human rights, immigrant justice, all of it goes hand in hand.

Dr. King gets quoted a lot, and people like to cherry-pick what he said. But ultimately, what he was really talking about was human dignity. And that transcends everything—race, labor, all of it.

For us, it’s about continuing to show up, continuing to do the work, and trying to leave this world a little better than we found it.

Mary Puttmann-Kostecka and Matt Kostecka, medical doctor and public school educator, respectively

Mary: I think one of the best ways forward is to let go of the idea that you have to do everything, all the time. Instead, find ways to get to know your neighbors and really know your community. It’s easy now, with so much of our lives online, to lose touch with the people who live right next to us or just down the street. And when that happens, it becomes harder to understand what people around you are actually needing, wanting, or thinking.

So I’d say start there. Try something new. Show up in small, meaningful ways, and don’t feel like you have to do everything.

Matt: Sometimes we fall into a very simple archetype of who Martin Luther King was and what he stood for. My kids and I were actually listening to the Mountaintop speech on the way down here, and what really struck me was that the work wasn’t over.

By 1964 and 1965, Dr. King had shifted much more toward advocating for poor people and leading the Poor People’s Campaign. And like one of the speakers said today, if Dr. King were alive now, he’d be in Minneapolis. He’d be marching alongside the protesters there.

His work wasn’t just about equal rights under the law. It was about true freedom, real opportunity in this country, things that go beyond what happened in 1964 and 1965. And I think what I’d want educators, and parents, to teach their kids about the continuation of his work is this: first and foremost, the work isn’t done.

But it also doesn’t always have to look as grand as passing civil rights legislation or marching on Washington. It can be as simple as supporting union labor. It can be as simple as taking care of your community: cleaning it up, showing up, and doing the work right where you are.

Havika Fleming

For me, it really means coming together with people—people of all kinds, with similar beliefs and different beliefs, from different backgrounds, involved in different fights and movements, and choosing to move in solidarity and in love. Truly.

And I think we do that in Seattle by staying open and accepting people for who they are and where they come from. We try to make sure equity and equality are present and accessible to everyone, whether someone’s been here for twenty years or just arrived. We do what we can to show up for everybody.

22:35

Don't change me [Scripting News]

Nobody wants to be told how to think. I think the best thing is to be friends with everyone you can. And maybe don't make a big issue about who people voted for, and relate as people and Americans. That's something to put in the bank.

Also if you let people relax around you, you may find out that someone you trust and like is actually antisemitic or racist. That's also something to put in the bank, this is not someone I want to trust if and when things get worse.

Things are changing radically now. so you may not have to do anything to wake anyone up. And it's good to reflect on your own attitudes and whether or not some of the things they say about you are fair criticism. We all put up barriers, and those don't ever serve us imho, esp in a democracy -- but they are esp nasty now.

21:56

21:49

Ryabitsev: Tracking kernel development with korgalore [LWN.net]

Konstantin Ryabitsev has put up a blog post about korgalore, a tool he has written to circumvent delivery problems experienced by kernel developers using the large, centralized email systems.

We cannot fix email delivery, but we can sidestep it entirely. Public-inbox archives like lore.kernel.org store all mailing list traffic in git repositories. In its simplest configuration, korgalore can shallow-clone these repositories directly and upload any new messages straight to your mailbox using the provider's API.

[1281] Gratitude and Guilt [Twokinds]

Comic for January 20, 2026

21:07

Remote authentication bypass in telnetd [LWN.net]

One would assume that most LWN readers stopped running network-accessible telnet services some number of decades ago. For the rest of you, this security advisory from Simon Josefsson is worthy of note:

The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.

If the client supplies a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes.

20:28

Reminder: Scammers Are Out There Pretending to Be Me (and Other Authors as Well) [Whatever]

Three times in the last week I’ve gotten inquiries from authors, about email from an account purporting to be me. This account praised their book in a very “AI” fashion and tried to get them to write back to the account, with the end goal, no doubt, of scamming them out of money via “marketing services” or some such. These authors, quite reasonably, wanted to confirm that the email they got sent was a scam.

I was happy to confirm it, and was happy that they checked rather than allow themselves to be taken in. Nevertheless, this is one of those times where it will be useful to have a post dealing with it that I can point people to (and other people can point people to as well). So here it is, in convenient list form.

1. If I were going to contact you, about anything, it would be from my actual email address and not any other. If you get an email from “me” from any other domain, it’s not me. If you’re not sure, even though I just told you now, you can email me at my actual address and I will tell you. Actually what I will probably do is link you to this post. Hi! You’re not the first person to have a scam attempted on them!

(If you do get a suspicious email that appears to be from my actual address, and you want to double-check: one, make sure the actual reply address matches mine, and two, you can send me a brand new email, not as a reply, saying “hey, was this really from you?” I don’t mind you checking.)

2. No, I almost certainly have not contacted you to tell you privately how great your book is. I probably haven’t read your book (sorry) unless I’ve been contacted by your publisher/editor/publicist about the possibility of blurbing it. If that’s the case, the blurb would be going through that channel, not to you directly.

Conversely, if I don’t like your book, I’m not going to email you about that, either, because I’m not that kind of asshole. Similarly, I will never email you offering suggestions about how to make the work better, because that’s not my job, and also the book is already published, it’s too late for that.

The point of the scam person buttering you up (or negging you, depending) is to get you to start a conversation where they will segue into offering a “service” of some kind, which would entail you sending money, and them taking it and running off with it. Don’t fall for any of that.

3. If I had read your book outside of blurbing and thought it was terrific, it’s extremely unlikely I would contact you directly about it, and not just because I couldn’t be bothered to track down your email. What I would do is praise it publicly, through this site and/or social media. Why publicly instead of privately? Because that’s what would do the most good for you — to tell other people they should look out for your work, and maybe even buy it. That’s how you help other writers in the age of social media: Tell people about them.

4. Outside of you (or anyone else) purchasing my books, I neither want nor need your money. Likewise I don’t use any publishing, marketing or promotion services outside of my publishers. Additionally, I myself do not offer any editing/consulting services directly to other writers. To top it all off, I would never ever just randomly pull up in your email about any of the above. I am both too lazy, and have too much to do, for any of that. So if you see “me” doing any of that crap, it’s not me.

5. Nearly all of the above can be applied to pretty much any “big name” writers that scammers will impersonate to gain your trust and from there, your money. You know what, most of us just don’t have time for individual outreach, and if we did, we’re not going to segue into trying to offer you publishing-related services. We have books to write and our own things to deal with.

Now, some authors do offer consulting, or do workshops, or other things. What they are not likely to do, and what should be a red flag for you, is track you down individually and offer that service directly. They will do it via their sites, or announcements through social media, or through their newsletters, etc. Beware that “personal outreach.”

6. I don’t typically encourage writers to use “AI” for anything — do your own work, it’s better that way — but here’s one thing you can do: Go to ChatGPT, or Gemini, or any other “AI,” and enter the following prompt: “Write me an email to [Your Name] telling them in no more than 150 words how awesome their book [Your Book Title] is.” Put in your name and your book title where directed, and hit enter. There, now you have an idea a) what “AI” praise looks like, so you will recognize it in a scam email, b) how fast a scammer can now produce an individualized piece of praise.

It feels good to get praise! It feels even better to get praise from someone who is, to some degree or another, successful in the field! This is why these scammers do this. They want to get past your defenses and aim for your money. The better you understand how this fake “praise” is generated, and how quickly it can be generated, the better armed you will be against it.

7. Does it feel like a scam? It’s a scam. Are you not sure if it’s a scam? It’s a scam. Absolutely certain it’s not a scam? My friend, I have some real bad news for you.

8. This should in no way preclude you, as a writer or a fan (or both!), from sending a nice email to a writer telling them how much you enjoyed their work. Write it yourself — don’t have an “AI” do it, come on now — and I recommend being brief. It is actually nice for writers to get positive email about their work from real people.

Likewise, if you are a writer, you don’t have to mistrust every complimentary email you get. In a short enough time, it becomes clear which emails are from actual people, and which ones are “AI”-generated scams (hint: the real emails tend to be more endearingly awkward). But if that “big name” shows up in your email box, it’s not only okay to give it heightened scrutiny, it’s actually necessary to do it.

— JS

20:21

What was the secret sauce that allows for a faster restart of Windows 95 if you hold the shift key? [OSnews]

I totally forgot you could do this, but back in the Windows 9x days, you could hold down shift while clicking restart, and it would perform a sort-of “soft” restart without going through a complete reboot cycle. What’s going on here?

The behavior you’re seeing is the result of passing the EW_RESTART­WINDOWS flag to the old 16-bit Exit­Windows function.

What happens is that the 16-bit Windows kernel shuts down, and then the 32-bit virtual memory manager shuts down, and the CPU is put back into real mode, and control returns to win.com with a special signal that means “Can you start protected mode Windows again for me?”

The code in win.com prints the “Please wait while Windows restarts…” message, and then tries to get the system back into the same state that it was in back when win.com had been freshly-launched.

↫ Raymond Chen

There’s a whole lot more involved behind the curtains, of course, and if conditions aren’t right, the system will still perform a full reboot cycle. Chen further notes that because WIN.COM was written in assembly, getting back to that “freshly-launched” state wasn’t always easy to achieve.

I only vaguely remember you could hold down shift and get a faster “reboot”, but I don’t remember ever really using it. I’ve been digging around in my memories since I saw this story yesterday, and I just can’t think of a scenario where I would’ve realised in time that I could do this.

19:35

The Xous operating system [OSnews]

Xous is a microkernel operating system designed for medium embedded systems with clear separation of processes. Nearly everything is implemented in userspace, where message passing forms the basic communications primitive.

↫ Xous website

It’s written in Rust, and it’s been around for a while – so much so it’s sponsored by NLnet and the EU. The Xous Book provides a ton more details and information, with a strong focus on the kernel. You can run Xous in hosted mode on Linux, Windows, or macOS, inside the Renode emulator, or on the one supported hardware device, the Precursor. Obviously, the code’s open and on GitHub (which they should really be moving to a European solution now that the Americans are threatening the EU with war over Greenland).

18:49

The Parent Trap [The Stranger]

Should I Open Pandora’s Box with My Elderly Parents?
by Dan Savage I’m a gay man in my fifties, comfortable in my skin, but I suffered severe bullying throughout school, which was often abetted by teachers. A recent class reunion prompted me to write a tell-all letter to the current school director regarding that trauma. His gracious response was incredibly healing. My family has accepted me since I came out in my 20s, but they don’t know the full extent of my ordeal. While I shared the letter with my supportive brother, I’ve hesitated to show it to my parents, who are in their 70s. They claim ignorance (“We didn’t know you were suffering!”, “You never told us you were gay!”), yet they acknowledged long ago that I was “different” from toddlerhood, and they often criticized my “un-boyish” behavior when I was a child. To give you one concrete example: some older kids called me a gay slur when I was seven.…

[ Read more ]

18:07

Mozilla introduces Firefox Nightly RPM package repository [LWN.net]

Mozilla has announced a repository with Firefox Nightly channel packages for RPM-based Linux distributions such as CentOS Stream, Fedora, and openSUSE. Mozilla has provided a Debian repository since 2023.

Note that this repository only includes the nightly builds of The firefox-nightly package. Mozilla is not providing stable builds as RPMs at this time. However, the package will not conflict with a distribution's regular firefox package; both packages can be installed at the same time for those who wish to test the nightly builds. See the blog post for instructions on setting up the repository.

18:00

Slog AM: Trump Still Insists Greenland is His, The Crocodile Up For Sale, WA Again Considers Lowering BAC Limit [The Stranger]

The Stranger's morning news roundup. by Vivian McCall

For Sale, Venue, Unprofitable? After its owners closed its smaller rooms Madame Lou’s and Here-After and laid off half its workforce, the Crocodile is up for sale. The financial picture must be bad, because the sale is being handled through a receivership process, an alternative to bankruptcy. According to the National Independent Venue Association, only 40 percent of the state’s independent venues and festivals are profitable. It does not bode well that the Croc, an iconic venue that’s been independent for 35 years, is struggling this badly.

For Sale, Thrift Store: The University District’s Red Light Vintage is up for sale, and the store’s original owner, Tacee Webb, is trying to buy it back. Webb has applied for a small business loan, but the funds won’t be available for a few months, so she’s asking for public support to keep the home of Seattle’s bygone naked shopping spree running in the meantime. The store was featured in Macklemore's “Thrift Shop” video. It’s all we have.

Weather: First the morning’s patchy fog will lift, then the clouds, for a partly sunny day with a high near 48 degrees. Tomorrow, it’ll be sunny, followed by a checkerboard week of sunny and cloudy days.

Once again, lawmakers are considering lowering the legal blood alcohol content limit for drivers from 0.08 percent to 0.05 percent. As we, and particularly me via Malort, discovered last year, 0.08 percent is definitely impaired, so this might be a good idea.

We’re Watching: The Washington State Legislature is considering a bill to regulate how data from automatic license plate readers (ALPRs) is stored and shared, so it doesn’t end up in ICE’s hands. Considering the unaccountable and untrustworthy handling of these digital spyglasses by police and the ALPR company Flock, we’d do well to ban this surveillance technology outright, but at least it’s something. Almost half the country has already regulated this technology.

Speaking of Surveillance: Seattle has entrusted its police CCTV camera network, already an inexcusable idea if you truly believe the federal government is authoritarian, to Chief Shon Barnes, who, as The Stranger reported last week, ignored multiple guardrails around Madison, Wisconsin’s body camera pilot.

ICYMI: Nathalie profiled Imraan Siddiqi, the director of Washington’s Council on American-Islamic Relations running to replace Democratic State Rep. Lauren Davis in the 32nd District.

Portland Shooting: Police were searching northeast Portland last night for a man suspected of shooting two police officers, reports The Oregonian. Police say the officers responded to a call of a person brandishing a knife near the city’s Lloyd Center, and were shot after making contact with the man. Portland’s Police Chief Bob Day wouldn’t say if the officers fired at him.

Secret Police, Open Up: Mischief, a toy store in St. Paul, Minnesota, was interviewed by ABC News about distributing free whistles for citizens to alert their neighbors of ICE activity. Three hours after airtime, two plainclothes ICE agents arrived at their door and demanded proof that the store’s employees could legally work in the country.

Band of Brothers? The Pentagon has ordered 1,500 active duty paratroopers to prepare to deploy to Minnesota to stop people protesting the federal intervention that terrorized immigrants and killed Renee Good. The two battalions in the 11th Airborne Division are trained to fight in the Arctic.

“No Going Back”: President Donald Trump said there’s “no going back” on his plan to wrestle Greenland from Denmark, claiming that “only power that can ensure peace throughout the world—and it is done, quite simply, through strength.” 

Blowback: The World Economic Forum has become an emergency summit for the EU in Davos, Switzerland. The Union’s top official called Trump’s plan to punish eight European countries for standing up for Greenland with a 10 percent tariff a “mistake especially between long-standing allies.” Ursula von der Leyen, President of the European Commission, promised an “unflinching, united, and proportional” response from the EU.

More Blowback: Also speaking at Davos—in aviator sunglasses, to underscore the seriousness of the situation—French President Emanuel Macron said we’re experiencing “a shift towards a world without rules, where international law is trampled underfoot and where the only law that seems to matter is that of the strongest.” In a private text Trump shared with the world, Macron wrote: “I do not understand what you are doing on Greenland.” (Politico has this unnecessarily detailed breakdown of the text’s obvious meaning.)

Goddddddd: In a shockingly stupid text to Norwegian Prime Minister Jonas Gahr Støre, Trump wrote: “Considering your Country decided not to give me the Nobel Peace Prize for having stopped 8 Wars PLUS, I no longer feel an obligation to think purely of Peace, although it will always be predominant, but can now think about what is good and proper for the United States of America.” Støre said he has “several times clearly explained to Trump” that an independent Nobel committee, not the government of Norway!!!!!!!!!!!, awards the prize. A Nobel “snub” really could unravel our European alliances.

God: Timothy P. Broglio, the Catholic Archbishop of the US Military, said it would be “morally acceptable” for troops to disobey orders as Trump prepares to take Greenland and deploy troops to Minnesota. “Greenland is a territory of Denmark,” Broglio said in a BBC interview Sunday. “It does not seem really reasonable that the United States would attack and occupy a friendly nation.”

Relaxing Music to Lower Your Blood Pressure:

17:21

OK Knicks [Scripting News]

The Knicks are on an epic losing streak. This feels very normal. Let the trades begin. Maybe if we ask nice, Thibs will return? And isn't it funny these days KAT makes Randle look pretty good. Sort of a bonus for the Minneapolis team, which is playing NBA in a war zone.

Time for Knicks fans to get out the paper bags.

Above is a picture from the 2015 Knicks, a team that was actually even suckier than the 2026 Knicks (at this moment). The guy in the lower right of that picture has the canonical look of a Knicks fan wondering how did this happen and when it will all end. The only revenge I get from the Knicks suckage is that most Yankees fans are also Knicks fans and they have sooo much more trouble coping with this than Mets fans. Heh. It's actually almost worth it when you meet one. ;-)

A possible theory is that the Knicks won that in-season championship that no one really understands. It could be that winning turns out to be a curse, in which case having the Knicks suck now is worth it. Then every NBA team every year will try to lose that series, for fear of what happened to the Knicks happening to them. Sports fans in case you didn't know tend to be mystics, we suffer through the mysteries of existence to explain things.

17:14

Microspeak: On fire, putting out fires [The Old New Thing]

Remember, Microspeak is not necessarily jargon exclusive to Microsoft, but it’s jargon that you need to know if you work at Microsoft.

When something has gone horribly wrong and requires immediate attention, one way to describe it is to say that it is on fire. The obvious metaphor here is that the situation is so severe that it is as if the office building or computer system was literally on fire.

Here are some citations I found.

I’ll be back in Redmond on Monday. Is anything on fire?

This person is just checking in to see if there are any emergencies.

I think the Nosebleed branch is still on fire.

This person is saying that they think that the Nosebleed branch is still in very bad shape. My sense that being on fire is worse than being on the floor. If a branch is on the floor, then that probably means that there’s a problem with the build or release process. But if the branch is on fire, it suggests that they have identified some critical issue in the branch, and everybody is scrambling to figure it out and fix it.

While looking for citations, I found the minutes for a meeting titled “What’s on Fire Meetings”, which I guess is a regular meeting to report on whatever disaster is currently unfolding this time.

I even found some citations from my own inbox.

That’s my top item once I can wrap up the work I’m doing for the Nosebleed feature, but Nosebleed is always on fire.

Even the fires are on fire.

There is a channel on our team called “Fires” which is where people report on anything on fire and collaborate on putting out that fire. Putting out fires is the preferred way to say that someone is trying to fix whatever is on fire.

Bonus chatter: Note that this is not the same as saying that a person is “on fire”, which is slang for saying that they are doing exceptionally well.

The post Microspeak: On fire, putting out fires appeared first on The Old New Thing.

16:35

Free Software Directory meeting on IRC: Friday, January 23, starting at 12:00 EST (17:00 UTC) [Planet GNU]

Join the FSF and friends on Friday, January 23 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

[$] An alternate path for immutable distributions [LWN.net]

LWN has had a number of articles on immutable distributions, such as Bluefin and Bazzite, in recent years. These distributions have taken a variety of approaches, including using rpm-ostree, filesystem snapshots, and bootable container (bootc) images. But those approaches, especially the latter, lead to extra complexity for a user attempting to install new software, instead of just using the existing package manager. AshOS (Any Snapshot Hierarchical OS) is an experimental AGPL-3-licensed "meta-distribution" that tried a different approach more in line with traditional package management. Although the project is no longer updated, it remains usable, and can still shed some light on a potential alternate path for users worried about adopting bootc-based approaches.

16:28

“Light mode” should be “grey mode” [OSnews]

Have you noticed how it seems like how the “light mode” of your graphical user interface of choice is getting lighter over time? It turns out you’re not crazy, and at least for macOS, light mode has indeed been getting lighter.

You can clearly see that the brightness of the UI has been steadily increasing for the last 16 years. The upper line is the default mode/light mode, the lower line is dark mode. When I started using MacOS in 2012, I was running Snow Leopard, the windows had an average brightness of 71%. Since then they’ve steadily increased so that in MacOS Tahoe, they’re at a full 100%.

↫ Will Richardson

While this particular post only covers macOS, I wouldn’t be surprised to discover similar findings in Windows, GNOME, and KDE. The benefit of using KDE is that it’s at least relatively easy to switch colour schemes or themes, but changing colours in Windows is becoming a hidden feature, and GNOME doesn’t support it out of the box at all, and let’s not even get started about macOS.

I think “light mode” should be “grey mode”, and definitely lament the lack of supported, maintained “grey modes” in both KDE and GNOME. There’s a reason that graphical user interfaces in the era of extensive science-based human-computer interaction research opted for soft, gentle greys (ooh, aah, mmm), and I’m convinced we need to bring it back. The glaring whites we use today are cold and clinical, and feel unpleasant to the point where I turn down the brightness of my monitor in a way that makes other colours feel too muted.

Or perhaps I’m out of touch.

The incredible overcomplexity of the Shadcn radio button [OSnews]

The other day I was asked to update the visual design of radio buttons in a web app at work. I figured it couldn’t be that complicated. It’s just a radio button right?

&lt;input type="radio" name="beverage" value="coffee" />

Boom! Done. Radio buttons are a built-in HTML element. They’ve been around for 30 years. The browser makes it easy. Time for a coffee.

↫ Paul Hebert

If only it was that simple – cue the rollercoaster ride. What an absolutely garish state of affairs lies behind this simple radio button on a website. I’m also well aware OSNews has a certain amount of complexity it might not need, and while I can’t fix that, I am at least working on a potential solution.

15:42

A lament for Aperture [OSnews]

I’m not particularly interested in photo editing or management, professional or not, but one thing I do know is that many people who are miss one application in particular: Aperture. Discontinued over a decade ago, people still lament its loss, and Daniel Kennett explains to us layman why that’s the case.

Aperture’s technical brilliance is remarkable in how quiet it is. There’s no BEHOLD RAINBOW SPARKLE ANIMATIONS WHILE THE AI MAKES AUNT JANICE LOOK LIKE AN ANTHROPOMORPHISED CARROT, just an understated dedication to making the tool you’re using work for you in exactly the way you want to work.

It’s the kind of monumental engineering effort that the user is unlikely to ever notice, simply because of how obvious it is to use — if I want to zoom in to this photo, I point at it with the zoom thing. Duh. Sure, it’s a tiny thumbnail inside a small thumbnail of a page in a book… but how else would it work?

And that is why Aperture was so special. It was powered by some of the most impressive technology around at the time, but you’d never even know it because you were too busy getting shit done.

↫ Daniel Kennett

I half-expected to get some wishy-washy vibes-based article about some professional photo management tool, but instead, I came away easily and clearly understanding what made Aperture such a great tool. Beng able to access any set of tools wherever you are, without having to take a photo to a certain specific place in the user interface makes perfect sense to me, and the given counterexample from the modern Photos application instantly feels cumbersome and grating.

At this point it’s clear Aperture’s never coming back, but I’m rather surprised nobody seems to have taken the effort to clone it. It seems there’s a market out there for something like this, but from what I gather Lightroom isn’t what Aperture fans are looking for, and any other alternatives are simply too limited or unpolished.

There’s a market here, for sure. What other alternatives to Aperture exist today?

14:21

Security updates for Tuesday [LWN.net]

Security updates have been issued by AlmaLinux (gpsd-minimal, jmc, kernel, kernel-rt, and net-snmp), Debian (apache-log4j2 and dcmtk), Fedora (exim, gpsd, mysql8.0, mysql8.4, python-biopython, and rust-lru), Mageia (firefox, nss and thunderbird), Oracle (container-tools:rhel8, gpsd-minimal, jmc, kernel, net-snmp, and uek-kernel), Red Hat (net-snmp), SUSE (chromium, go, harfbuzz-devel, kernel, libsoup, rust1.91, rust1.92, and thunderbird), and Ubuntu (apache2, avahi, and python-urllib3).

Pluralistic: AI is how bosses wage war on "professions" (20 Jan 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


An armored luxury car driving towards the viewer; in the foreground, a hand is flipping off the car. The background is the hostile, glaring red eye of HAL 9000 from '2001: A Space Odyssey.' Half of the car has been overlaid with an ASCII art conversion of the car itself.

AI is how bosses wage war on "professions" (permalink)

Growing up, I assumed that being a "professional" meant that you were getting paid to do something. That's a perfectly valid definition (I still remember feeling like a "pro" the first time I got paid for my writing), but "professional" has another, far more important definition.

In this other sense of the word, a "professional" is someone bound to a code of conduct that supersedes both the demands of their employer and the demands of the state. Think of a doctor's Hippocratic Oath: having sworn to "first do no harm," a doctor is (literally) duty-bound to refuse orders to harm their patients. If a hospital administrator, a police officer or a judge orders a doctor to harm their patient, they are supposed to refuse. Indeed, depending on how you feel about oaths, they are required to refuse.

There are many "professions" bound to codes of conduct, policed to a greater or lesser extent by "colleges" or other professional associations, many of which have the power to bar a member from the profession for "professional misconduct." Think of lawyers, accountants, medical professionals, librarians, teachers, some engineers, etc.

While all of these fields are very different in terms of the work they do, they share one important trait: they are all fields that AI bros swear will be replaced by chatbots in the near future.

I find this an interesting phenomenon. It's clear to me that chatbots can't do these jobs. Sure, there are instances in which professionals may choose to make use of some AI tools, and I'm happy to stipulate that when a skilled professional chooses to use AI as an adjunct to their work, it might go well. This is in keeping with my theory that to the extent that AI is useful, it's when its user is a centaur (a person assisted by technology), but that employers dream of making AI's users into reverse centaurs (machines who are assisted by people):

https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington

A psychotherapist who uses AI to transcribe sessions so they can refresh their memory about an exact phrase while they're making notes is a centaur. A psychotherapist who monitors 20 chat sessions with LLM "therapists" in order to intervene if the LLM starts telling patients to kill themselves is a "reverse centaur." This situation makes it impossible for them to truly help "their" patients; they are an "accountability sink," installed to absorb the blame when a patient is harmed by the AI.

Lawyers might use a chatbot to help them format a brief or transcribe a client meeting (centaur)- but when senior partners require their juniors and paralegals to write briefs at inhuman speed (reverse centaur), they are setting themselves up for briefs full of "hallucinated" citations:

https://www.damiencharlotin.com/hallucinations/

I hold a bedrock view that even though an AI can't do your job, an AI salesman can convince your boss to fire you and replace you with an AI that can't do your job:

https://pluralistic.net/2025/03/18/asbestos-in-the-walls/#government-by-spicy-autocomplete

But why are bosses such easy marks for these gabby AI hustlers? Partly, it's because an AI can probably do your boss's job – if 90% of your job is answering email and delegating tasks, and if you are richly rewarded for success but get to blame failure on your underlings, then, yeah, an AI can totally do that job.

But I think there's an important psychological dimension to this: bosses are especially easy to trick with AI when they're being asked to believe that they can use AI to fire workers who are in a position to tell them to fuck off.

That certainly explains why bosses are so thrilled by the prospect of swapping professionals for chatbots. What a relief it would be to fire everyone who is professionally required to tell you to fuck off when you want them to do stupid and/or dangerous things; so you could replace them with servile, groveling LLMs that punctuate their sentences with hymns to your vision and brilliance!

This also explains why media bosses are so anxious to fire screenwriters and actors and replace them with AI. After all, you prompt an LLM in exactly the same way a clueless studio boss gives notes to a writers' room: "Give me ET, but make it about a dog, give it a love interest, and put a car chase in Act III." The difference is that the writers will call you a clueless fucking suit and demand that you go back to your spreadsheets and stop bothering them while they're trying to make a movie, whereas the chatbot will cheerfully shit out a (terrible) script to spec. The fact that the script will suck is less important than the fact that swapping writers for LLMs will let studio bosses escape ego-shattering conflicts with empowered workers who actually know how to do things.

It also explains why bosses are so anxious to replace programmers with chatbots. When programmers were scarce and valuable, they had to be lured into employment with luxurious benefits, lavish pay, and a collegial relationship with their bosses, where everyone was "just an engineer." Tech companies had business-wide engineering meetings where techies were allowed to tell their bosses that they thought their technical and business strategies were stupid.

Now that tech worker supply has caught up with demand, bosses are relishing the thought of firing these "entitled" coders and replacing them with chatbots overseen by traumatized reverse centaurs who will never, ever tell them to fuck off:

https://pluralistic.net/2025/08/05/ex-princes-of-labor/#hyper-criti-hype

And of course, this explains why bosses are so eager to use AI to replace workers who might unionize: drivers, factory workers, warehouse workers. For what is a union if not an institution that lets you tell your boss to fuck off?

https://www.thewrap.com/conde-nast-fires-union-staffers-video/

AI salesmen may be slick, but they're not that slick. Bosses are easy marks for anyone who dangles the promise of a world where everyone – human and machine – follows orders to the letter, and praises you for giving them such clever, clever orders.

(Image: Christoph Scholz; CC BY-SA 2.0; Cryteria, CC BY 3.0; modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Broadcast Flag is back, this time it covers iPods and PSPs, too https://memex.craphound.com/2006/01/20/broadcast-flag-is-back-this-time-it-covers-ipods-and-psps-too/

#20yrsago Nonprofit alternative to CDDB gets its first deal https://web.archive.org/web/20060128114433/http://blog.musicbrainz.org/archives/2006/01/introducing_lin_1.html

#20yrsago David Byrne: boycott DRM https://web.archive.org/web/20060117084842/http://journal.davidbyrne.com/

#20yrsago Cozy blanket with sleeves: the Slanket https://web.archive.org/web/20060203040004/https://www.theslanket.com/

#15yrsago Safe-cracking robot autodials combinations to brute-force a high-security safe https://web.archive.org/web/20110709082726/http://www.kvogt.com/autodialer/

#15yrsago Forger never takes money, only wants to see his works hanging in galleries https://www.nytimes.com/2011/01/12/arts/design/12fraud.html

#15yrsago Hotel made of beach trash in Madrid https://www.smh.com.au/traveller/travel-news/new-hotel-is-complete-rubbish-20110120-19xjl.html

#15yrsago Enfield, CT cancels screening of Moore’s Sicko after pressure from local gov’t https://web.archive.org/web/20110123033350/http://web.resourceshelf.com/go/resourceblog/63420

#15yrsago Best mafiosi nicknames from today’s historic bust https://web.archive.org/web/20110126120419/https://blogs.villagevoice.com/runninscared/2011/01/the_20_best_nic.php

#10yrsago Very sad news about science fiction titan David G Hartwell https://memex.craphound.com/2016/01/20/very-sad-news-about-science-fiction-titan-david-g-hartwell/

#10yrsago Solving the “Longbow Puzzle”: why did France and Scotland keep their inferior crossbows? https://www.journals.uchicago.edu/doi/abs/10.1086/684231

#10yrsago Netflix demands Net Neutrality, but makes an exception for T-Mobile https://www.theverge.com/2016/1/19/10794288/netflix-t-mobile-binge-on-net-neutrality-zero-rating

#10yrsago Research: increased resident participation in city planning produces extreme wealth segregation https://arstechnica.com/tech-policy/2016/01/data-analysis-reveals-that-us-cities-are-segregating-the-wealthy/

#10yrsago Independent economists: TPP will kill 450,000 US jobs; 75,000 Japanese jobs, 58,000 Canadian jobs https://www.techdirt.com/2016/01/19/more-realistic-modelling-tpps-effects-predicts-450000-us-jobs-lost-gdp-contraction/

#10yrsago Howto: make your own fantastically detailed Star Trek: TOS bridge playset https://www.instructables.com/Star-Trek-Enterprise-Bridge-Playset/

#10yrsago Strategic butt coverings in video games https://www.youtube.com/watch?v=ujTufg1GvR4

#10yrsago Company that pampers rich people at Burning Man won’t give up https://memex.craphound.com/2016/01/20/company-that-pampers-rich-people-at-burning-man-wont-give-up/

#5yrsago No one should be on the No-Fly List https://pluralistic.net/2021/01/20/damn-the-shrub/#no-nofly

#5yrsago My letter to the FBI https://pluralistic.net/2021/01/20/damn-the-shrub/#foia

#1yrago Enshittification isn't caused by venture capital https://pluralistic.net/2025/01/20/capitalist-unrealism/#praxis

#1yrago Keir Starmer appoints Jeff Bezos as his "first buddy" https://pluralistic.net/2025/01/22/autocrats-of-trade/#dingo-babysitter

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Memex Method," Farrar, Straus, Giroux, 2026

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1002 words today, 10352 total)

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

14:14

The Fork-It-and-Forget Decade [Radar]

The following article originally appeared on Medium and is being republished here with the author’s permission.

Open source has been evolving for half a century, but the last two decades have set the stage for what comes next. The 2000s were the “star stage”—when open source became mainstream, commercial, and visible. The 2010s decentralized it, breaking the hierarchy and making forking normal. Now, in the 2020s, it’s transforming again as generative AI enters the scene—as a participant.

This decade isn’t just faster. It’s a different kind of speed. AI is starting to write, refactor, and remix code and open source projects at a scale no human maintainer can match. GitHub isn’t just expanding; it’s mutating, filled with AI-generated derivatives of human work, on track to manage close to 1B repositories by the end of the decade.

If we want to understand what’s happening to open source now, it helps to look back at how it evolved. The story of open source isn’t a straight line—it’s a series of turning points. Each decade changed not just the technology but also the culture around it: from rebellion in the 1990s to recognition in the 2000s to decentralization in the 2010s. Those shifts built the foundation for what’s coming next—an era where code isn’t just written by developers but by the agents they are managing.

1990s: Setting the Stage

The late ’80s and early ’90s were defined by proprietary stacks—Windows, AIX, Solaris. By the mid-’90s, developers began to rebel. Open source wasn’t just an ideal; it was how the web got built. Most sites ran Apache on the frontend but relied on commercial engines such as Dynamo and Oracle on the backend. The first web was open at the edges and closed at the core.

In universities and research labs, the same pattern emerged. GNU tools like Emacs, GCC, and gdb were everywhere, but they ran on proprietary systems—SGI, Solaris, NeXT, AIX. Open source had taken root, even if the platforms weren’t open. Mike Loukides and Andy Oram’s Programming with GNU Software (1996) captured that world perfectly: a maze of UNIX variants where every system broke your scripts in a new way. Anyone who learned command-line syntax on AIX in the early ’90s still trips over it on macOS today.

That shift—Linux and FreeBSD meeting the web—set the foundation for the next decade of open infrastructure. Clearly, Tim Berners-Lee’s work at CERN was the pivotal event that defined the next century, but I think the most tactical win from the 1990s was Linux. Even though Linux didn’t become viable for large-scale use until 2.4 in the 2000s, it set the stage.

2000s: The Open Source Decade

The 2000s were when open source went mainstream. Companies that once sold closed systems started funding the foundations that challenged them—IBM, Sun, HP, Oracle, and even Microsoft. It wasn’t altruism; it was strategy. Open source had become a competitive weapon, and being a committer had become a form of social capital. The communities around Apache, Eclipse, and Mozilla weren’t just writing code; they built a sort of reputation game. “I’m a committer” could fund a startup or land you a job.

Chart of SourceForge-hosted projects 2000–2010 (proxy for OSS). It shows an increase from nearly zero in 2000 to almost 250,000 in 2010. Data sourced from Wikipedia.Data sourced from SourceForge’s Wikipedia page.

As open source gained momentum, visibility became its own form of power. Being a committer was social capital, and fame within the community created hierarchy. The movement that had started as a rebellion against proprietary control began to build its own “high places.” Foundations became stages; conferences became politics. The centralized nature of CVS and Subversion reinforced this hierarchy—control over a single master repository meant control over the project itself. Forking wasn’t seen as collaboration; it was defiance. And so, even in a movement devoted to openness, authority began to concentrate.

By the end of the decade, open source had recreated the very structures it once tried to dismantle and there were power struggles around forking and control—until Git arrived and quietly made forking not just normal but encouraged.

In 2006, Linus Torvalds quietly dropped something that would reshape it all: Git. It was controversial, messy, and deeply decentralized—the right tool at the right time.

2010s: The Great Decentralization

The 2010s decentralized everything. Git unseated Subversion and CVS, making forking normal. GitHub turned version control into a social network, and suddenly open source wasn’t a handful of central projects—it was thousands of competing experiments. Git made a fork cheap and local: Anyone could branch off instantly, hack in isolation, and later decide whether to merge back. That one idea changed the psychology of collaboration. Experimentation became normal, not subversive.

The effect was explosive. SourceForge, home to the CVS/SVN era, hosted about 240,000 projects by 2010. Ten years later, GitHub counted roughly 190 million repositories. Even if half were toy projects, that’s a two-to-three-order-of-magnitude jump in project creation velocity—roughly one new repository every few seconds by the late 2010s. Git didn’t just speed up commits; it changed how open source worked.

But the same friction that disappeared also removed filters. Because Git made experimentation effortless, “throwaway projects” became viable—half-finished frameworks, prototypes, and personal experiments living side by side with production-grade code. By mid-decade, open source had entered its Cambrian phase: While the 2000s gave us five or six credible frontend frameworks, the 2010s produced 50 or 60. Git didn’t just decentralize code—it decentralized attention.

Chart tracking Git and Subversion usage over time, 2010–2022. Git shows increased usage, while Subversion usage fell. Data sourced from the Eclipse Community Survey (2011, 2013) and the Stack Overflow Dev Survey (2015–2022).Data sourced from the Eclipse Community Survey (2011, 2013) and the Stack Overflow Dev Survey (2015–2022).

2020s: What Will We Call This Decade?

Now that we’re halfway through the 2020s, something new is happening. Generative AI has slipped quietly into the workflow, reshaping open source once again—not by killing it but by making forking even easier. It also forms one of the main training inputs for the output it generates.

Go back two decades to the 2000s, if a library didn’t do what you needed, you joined the mailing list, earned trust, and maybe became a committer. That was slow, political, and occasionally productive. But for you or the companies you work for to be able to influence a project and commit code, we’re talking months or years of investment.

Today, if a project is 90 percent right, you fork it, describe the fix to an AI, and you move on 5 minutes later. No review queues. No debates about brace styles. The pull-request culture that once defined open source starts to feel optional because you aren’t investing any time in it to begin with.

In fact, you might not even be aware that you forked and patched something. One of the 10 agents you launched in parallel to reimplement an API might have forked a library, patched it for your specific use case, and published it to your private GitHub npm repository while you were at lunch. And you might not even be paying attention to those details.

Trend prediction: We’re going to have a nickname for developers who use GenAI and are unable to read the code it generated very soon because that’s happening.

Is Open Source Done?

No. But it’s already changing. The big projects will continue—React, Next.js, and DuckDB will keep growing because AI models already prefer them. And I do think there are still communities or developers who want to collaborate with other humans.

But there is a surge of AI-generated open source contributions and projects that will start to affect the ecosystem. Smaller, more focused libraries will start to see more forks. That’s my prediction, and it might get to the point where it doesn’t make much sense anymore to track them.

Instead of half a dozen stable frameworks per category, we’ll see hundreds of small, AI-tuned frameworks and forks, each solving one developer’s problem perfectly and then fading away. The social glue that once bound open source—mentorship, debate, shared maintenance—gets thinner. Collaboration gives way to radical personalization. And I don’t know if that’s such a bad thing.

The Fork-It-and-Forget Decade

This is shaping up to be the “fork-it-and-forget” decade. Developers—and the agents they run—are moving at a new kind of velocity: forking, patching, and moving on. GitHub reports more than 420 million repositories as of early 2023, and it’s on pace to hit a billion by 2030.

We tore down the “high places” that defined the 2000s and replaced them with the frictionless innovation of the 2010s. Now the question is whether we’ll even recognize open source by the end of this decade. I still pay attention to the libraries I’m pulling in, but most developers using tools like Cursor to write complex code probably don’t—and maybe don’t need to. The agent already forked it and moved on.

Maybe that’s the new freedom: to fork, to forget, and to let the machines remember for us.

14:07

CodeSOD: Well Timed Double Checking [The Daily WTF]

Last week's out of order logging reminded Adam R of a similar bug he encountered once.

The log files looked like this:

[2026-01-14 16:40:12.999802][process_name][42][DEBUG][somefilename:01234] A thing happened
[2026-01-14 16:40:12.999997][process_name][42][DEBUG][somefilename:01235] Another thing happened
[2026-01-14 16:40:12.000031][process_name][42][DEBUG][somefilename:01236] A third thing happened
[2026-01-14 16:40:13.000385][process_name][42][DEBUG][somefilename:01237] A fourth thing happened

Note the timestamp on the third log line: it's out of order. But as you can get from Adam's highly anonymized messages, it's actually in the correct order- it's the third thing that happened, and it's the third log line. So clearly, something has gone off with calculating the timestamp.

Now, if you want to ask your OS for time with microsecond precision, you can call gettimeofday, which will populate a timeval struct. That gives you seconds/microseconds since the epoch. gmtime can then be used to convert the seconds portion into something more readable. This is pretty standard stuff- how could someone screw it up?

void Logger::log(const char* message, int level, const char* filename, int line)
{
    time_t now = time();
    struct tm* now_tm = gmtime(&now);

    struct timeval now_tv;
    gettimeofday(&now_tv, NULL);

    char buffer[1024];  // I've simplified this to a fixed-size buffer for expository purposes, but the code DID handle overflow and dynamically resizing the buffer correctly
    snprintf(buffer, sizeof(buffer), "[%04d-%02d-%02d %02d:%02d:%02d.%06d][%s][%s][%s][%32s:%05d] %s\n",
        now_tm->tm_year + 1900,
        now_tm->tm_mon + 1,
        now_tm->tm_mday,
        now_tm->tm_hour,
        now_tm->tm_min,
        now_tm->tm_sec,
        now_tv->tv_usec,
        get_process_name(),
        get_thread_id(),
        log_level_string(level),
        filename,
        line,
        message);

    write_to_log_file(buffer);
}

This C++ function is reconstructed as Adam remembers it. The first four lines highlight the problem: they check the time twice. The call to time() returns the number of seconds since the epoch, which they then convert into a readable time using gmtime. Then they use gettimeofday to get the seconds/microseconds since the epoch. When they print, they use the values from time for every field but microseconds, and then use the microseconds from gettimeofday.

They check the clock twice, and shockingly, get different values each time. And when the clock ticks are near a second boundary, the microseconds can roll back over to zero, creating a situation where log entries appear to go backwards in time.

The fix was simple: just check the time once.

Adam writes:

My suspicion is that this logging function started out printing only seconds, and then someone realized "Hey, wouldn't it be useful to add microseconds to here as well?" and threw in the extra call to gettimeofday() without thinking about it hard enough.

That's a pretty solid suspicion. Adam can't confirm it, because he doesn't work there anymore, and has no access to their source control, and even if he did, the project has been through multiple source control migrations which destroyed or otherwise mangled the history, leaving the root cause as always and forever a mystery.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

13:21

Joe Marshall: Filter [Planet Lisp]

One of the core ideas in functional programming is to filter a set of items by some criterion. It may be somewhat suprising to learn that lisp does not have a built-in function named “filter” “select”, or “keep” that performs this operation. Instead, Common Lisp provides the “remove”, “remove-if”, and “remove-if-not” functions, which perform the complementary operation of removing items that satisfy or do not satisfy a given predicate.

The remove function, like similar sequence functions, takes an optional keyword :test-not argument that can be used to specify a test that must fail for an item to be considered for removal. Thus if you invert your logic for inclusion, you can use the remove function as a “filter” by specifying the predicate with :test-not.

> (defvar *nums* (map 'list (λ (n) (format nil "~r" n)) (iota 10)))
*NUMS*

;; Keep *nums* with four letters
> (remove 4 *nums* :key #'length :test-not #'=)
("zero" "four" "five" "nine")

;; Keep *nums* starting with the letter "t"
> (remove #\t *nums* :key (partial-apply-right #'elt 0) :test-not #'eql)
("two" "three")

12:49

Could ChatGPT Convince You to Buy Something? [Schneier on Security]

Eighteen months ago, it was plausible that artificial intelligence might take a different path than social media. Back then, AI’s development hadn’t consolidated under a small number of big tech firms. Nor had it capitalized on consumer attention, surveilling users and delivering ads.

Unfortunately, the AI industry is now taking a page from the social media playbook and has set its sights on monetizing consumer attention. When OpenAI launched its ChatGPT Search feature in late 2024 and its browser, ChatGPT Atlas, in October 2025, it kicked off a race to capture online behavioral data to power advertising. It’s part of a yearslong turnabout by OpenAI, whose CEO Sam Altman once called the combination of ads and AI “unsettling” and now promises that ads can be deployed in AI apps while preserving trust. The rampant speculation among OpenAI users who believe they see paid placements in ChatGPT responses suggests they are not convinced.

In 2024, AI search company Perplexity started experimenting with ads in its offerings. A few months after that, Microsoft introduced ads to its Copilot AI. Google’s AI Mode for search now increasingly features ads, as does Amazon’s Rufus chatbot. OpenAI announced on Jan. 16, 2026, that it will soon begin testing ads in the unpaid version of ChatGPT.

As a security expert and data scientist, we see these examples as harbingers of a future where AI companies profit from manipulating their users’ behavior for the benefit of their advertisers and investors. It’s also a reminder that time to steer the direction of AI development away from private exploitation and toward public benefit is quickly running out.

The functionality of ChatGPT Search and its Atlas browser is not really new. Meta, commercial AI competitor Perplexity and even ChatGPT itself have had similar AI search features for years, and both Google and Microsoft beat OpenAI to the punch by integrating AI with their browsers. But OpenAI’s business positioning signals a shift.

We believe the ChatGPT Search and Atlas announcements are worrisome because there is really only one way to make money on search: the advertising model pioneered ruthlessly by Google.

Advertising model

Ruled a monopolist in U.S. federal court, Google has earned more than US$1.6 trillion in advertising revenue since 2001. You may think of Google as a web search company, or a streaming video company (YouTube), or an email company (Gmail), or a mobile phone company (Android, Pixel), or maybe even an AI company (Gemini). But those products are ancillary to Google’s bottom line. The advertising segment typically accounts for 80% to 90% of its total revenue. Everything else is there to collect users’ data and direct users’ attention to its advertising revenue stream.

After two decades in this monopoly position, Google’s search product is much more tuned to the company’s needs than those of its users. When Google Search first arrived decades ago, it was revelatory in its ability to instantly find useful information across the still-nascent web. In 2025, its search result pages are dominated by low-quality and often AI-generated content, spam sites that exist solely to drive traffic to Amazon sales—a tactic known as affiliate marketing—and paid ad placements, which at times are indistinguishable from organic results.

Plenty of advertisers and observers seem to think AI-powered advertising is the future of the ad business.

Highly persuasive

Paid advertising in AI search, and AI models generally, could look very different from traditional web search. It has the potential to influence your thinking, spending patterns and even personal beliefs in much more subtle ways. Because AI can engage in active dialogue, addressing your specific questions, concerns and ideas rather than just filtering static content, its potential for influence is much greater. It’s like the difference between reading a textbook and having a conversation with its author.

Imagine you’re conversing with your AI agent about an upcoming vacation. Did it recommend a particular airline or hotel chain because they really are best for you, or does the company get a kickback for every mention? If you ask about a political issue, does the model bias its answer based on which political party has paid the company a fee, or based on the bias of the model’s corporate owners?

There is mounting evidence that AI models are at least as effective as people at persuading users to do things. A December 2023 meta-analysis of 121 randomized trials reported that AI models are as good as humans at shifting people’s perceptions, attitudes and behaviors. A more recent meta-analysis of eight studies similarly concluded there was “no significant overall difference in persuasive performance between (large language models) and humans.”

This influence may go well beyond shaping what products you buy or who you vote for. As with the field of search engine optimization, the incentive for humans to perform for AI models might shape the way people write and communicate with each other. How we express ourselves online is likely to be increasingly directed to win the attention of AIs and earn placement in the responses they return to users.

A different way forward

Much of this is discouraging, but there is much that can be done to change it.

First, it’s important to recognize that today’s AI is fundamentally untrustworthy, for the same reasons that search engines and social media platforms are.

The problem is not the technology itself; fast ways to find information and communicate with friends and family can be wonderful capabilities. The problem is the priorities of the corporations who own these platforms and for whose benefit they are operated. Recognize that you don’t have control over what data is fed to the AI, who it is shared with and how it is used. It’s important to keep that in mind when you connect devices and services to AI platforms, ask them questions, or consider buying or doing the things they suggest.

There is also a lot that people can demand of governments to restrain harmful corporate uses of AI. In the U.S., Congress could enshrine consumers’ rights to control their own personal data, as the EU already has. It could also create a data protection enforcement agency, as essentially every other developed nation has.

Governments worldwide could invest in Public AI—models built by public agencies offered universally for public benefit and transparently under public oversight. They could also restrict how corporations can collude to exploit people using AI, for example by barring advertisements for dangerous products such as cigarettes and requiring disclosure of paid endorsements.

Every technology company seeks to differentiate itself from competitors, particularly in an era when yesterday’s groundbreaking AI quickly becomes a commodity that will run on any kid’s phone. One differentiator is in building a trustworthy service. It remains to be seen whether companies such as OpenAI and Anthropic can sustain profitable businesses on the back of subscription AI services like the premium editions of ChatGPT, Plus and Pro, and Claude Pro. If they are going to continue convincing consumers and businesses to pay for these premium services, they will need to build trust.

That will require making real commitments to consumers on transparency, privacy, reliability and security that are followed through consistently and verifiably.

And while no one knows what the future business models for AI will be, we can be certain that consumers do not want to be exploited by AI, secretly or otherwise.

This essay was written with Nathan E. Sanders, and originally appeared in The Conversation.

12:35

Freexian Collaborators: Monthly report about Debian Long Term Support, December 2025 (by Santiago Ruano Rincón) [Planet Debian]

The Debian LTS Team, funded by [Freexian’s Debian LTS offering] (https://www.freexian.com/lts/debian/), is pleased to report its activities for December.

Activity summary

During the month of December, 18 contributors have been paid to work on Debian LTS (links to individual contributor reports are located below).

The team released 41 DLAs fixing 252 CVEs.

The team currently focuses on preparing security updates for Debian 11 “bullseye”, but also looks for contributing with updates for Debian 12 “bookworm”, Debian 13 “trixie” and even Debian unstable.

Notable security updates:

  • libsoup2.4 (DLA-4398-1), prepared by Andreas Henrikson, fixing several vulnerabilities.
  • glib2.0 (DLA-4412-1), published by Emilio Pozuelo Monfort, addressing multiple issues.
  • lasso (DLA-4397-1), prepared by Sylvain Beucler, addressing multiple issues, including a critical remote code execution (RCE) vulnerability (CVE-2025-47151)
  • roundcube (DLA 4415-1), prepared by Guilhem Moulin, fixing a cross-site-scripting (XSS) (CVE-2025-68461) and an information disclosure (CVE-2025-68460) vulnerabilities
  • mediawiki (DLA 4428-1), published by Guilhem, fixing multiple vulnerabilities could lead to information disclosure, denial of service or privilege escalation.
  • While the DLA has not been published yet, Charles Henrique Melara proposed upstream fixes for seven CVEs in ffmpeg: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21275.
  • python-apt (DLA 4408-1), prepared by Utkarsh Gupta, in coordination with the Debian Security Team and Julian Andres Klode, the apt’s maintainer.
  • libpng1.6 (DLA-4396-1), published by Tobias Frost, completing the work started the previous month.

Notable non-security updates:

  • tzdata (DLA-4403-1), prepared by Emilio, including the latest changes to the leap second list and its expiry date, which was set for the end of December.

Contributions from outside the LTS Team:

  • Christoph Berg, co-maintainer of PostgreSQL in Debian, prepared a postgresql-13 update, released as DLA-4420-1

The LTS Team has also contributed with updates to the latest Debian releases:

Individual Debian LTS contributor reports

Thanks to our sponsors

Sponsors that joined recently are in bold.

10:07

The empathy of instructions [Seth's Blog]

It’s difficult to write directions.

A user interface, a map or a recipe all require empathy.

That’s because the person writing it knows something the reader doesn’t. In fact, that’s the only reason to do it.

But because instructions exist to bridge this gap, we benefit by understanding and focusing on the gap. The instructions aren’t there to remind you of how to do something. They serve to help someone who doesn’t know, learn.

Here’s a useful way to begin:

Assume less.

Yes, the person reading your recipe knows what a knife is, but do they know you keep your mustard in the food cabinet, not the fridge?

List every step you could imagine, and then list some more.

Once the overdone, step-by-step instructions exist, begin removing them. The interface for your induction cooktop probably doesn’t benefit from having icons so obscure they’re meaningless, but it also doesn’t need every step for boiling water enunciated in capital letters.

In my experience in reading instructions, it’s easier for the user to skip over steps that are too complete than it is to try to guess what the person writing the directions had in mind.

08:42

Sweet Transparency by Elise Schuenke [Oh Joy Sex Toy]

Sweet Transparency by Elise Schuenke

Elise Schuenke comics about Sage, an exhausted hard working autistic, home from a long day of work, masking and social effort. Decompressing and pulling back from the effort to perform, we get to see a 5 pager comic of their partners reactions. A wonderful comic that highlights and gives a moment for a powerfully intimate […]

06:21

Urgent: Stop march to war [Richard Stallman's Political Notes]

US citizens: call on Congress to stop the march to war — no attacks on Cuba, no escalation in Latin America, and no more US-driven violence in our hemisphere.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Resist attempts to freeze child care funds [Richard Stallman's Political Notes]

US citizens: call on Congress to resist the bully's attempts to freeze child care funds.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Subpoena Big Oil [Richard Stallman's Political Notes]

US citizens: call on your congresscritter and senators to subpoena Big Oil for its role in the bully's illegal war.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Protect Medicine for Veterans [Richard Stallman's Political Notes]

US citizens: call on Congress to Protect Medicine for Veterans — Strengthen the VA, Don't Cut It.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Voter personal information [Richard Stallman's Political Notes]

US citizens: call on the Department of Justice to drop its demands for voters' personal information.

You know how will use it — for persecution, making eligible voters fear to vote.

Urgent: Condemn threats against Greenland [Richard Stallman's Political Notes]

US citizens: call on Congress to condemn threats against Greenland.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Stop funding deportation thugs [Richard Stallman's Political Notes]

US citizens: write to your senators and rep to stop funding the deportation thugs until they cease their unjustified violence.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Investigate killings by deportation thugs [Richard Stallman's Political Notes]

US citizens: call on Congress to investigate all killings by the deportation thugs.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Billionaires Income Tax [Richard Stallman's Political Notes]

US citizens: call on your representative and senators to pass the Billionaires Income Tax.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Push to impeach RFK Jr [Richard Stallman's Political Notes]

US citizens: Push to impeach RFK Jr to defend public health.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Skyrocketing medical costs [Richard Stallman's Political Notes]

US citizens: call on Congress to hold down skyrocketing medical costs.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Stop Warner mega-merger [Richard Stallman's Political Notes]

US citizens: call on the DOJ to stop the Warner Mega-Merger.

We should not allow large companies to get larger through mergers.

Urgent: Cover bully's intimidation honestly [Richard Stallman's Political Notes]

US citizens: call on the mass media to cover the bully's intimidation honestly, instead of pretending it is legitimate conduct for a president.

Urgent: Impeach the gnome [Richard Stallman's Political Notes]

US citizens: call on Congress to impeach the gnome.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Institutional investors [Richard Stallman's Political Notes]

US citizens: call on Tell Trump to make good on his promise to curb institutional investors: Pass the Stop Wall Street Looting Act!

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Refuse funds for deportation thugs [Richard Stallman's Political Notes]

US citizens: call on Congress to refuse funds for the deportation thugs unless it is accompanied by making them respect people's lives and human rights.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Apple and Google contracts with deportation thugs [Richard Stallman's Political Notes]

US citizens: Call on Apple & Google CEOs to end your contracts with the deportation thugs.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: EPA authority of energy efficiency of manufactured houses [Richard Stallman's Political Notes]

US citizens: call on Tell Your Senators: Protect the EPA's authority over energy efficiency of manufactured houses.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Raytheon stock buybacks [Richard Stallman's Political Notes]

US citizens: call on Raytheon's board to invest in improvements rather than buying back the company's stock.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Magats' attacks on education, housing and other programs [Richard Stallman's Political Notes]

US citizens: call on Congress to block the magats' attacks on congressionally approved education, housing, and other human needs programs.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Bring TJ Sabula back to work [Richard Stallman's Political Notes]

US citizens: call on Ford to bring TJ Sabula back to work — don't punish workers for criticizing hateful visiting politicians.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Stop special business tax breaks [Richard Stallman's Political Notes]

US citizens: call on your state governor to stop giving businesses special tax breaks on the supposition that their investment would do wonders for the state.

[Please include the following URL as literal text. You can also place on that text a link to that same page.]

I mentioned https://stallman.org/articles/states-union.html in my letter.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

Urgent: Data leakage at Social Security Administration [Richard Stallman's Political Notes]

US citizens: call Senate Crapo to investigate the coverup of data leakage at the Social Security Administration.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

03:14

Sahil Dhiman: Conferences, why? [Planet Debian]

Back in December, I was working to help organize multiple different conferences. One has already happened; the rest are still works in progress. That’s when the thought struck me: why so many conferences, and why do I work for them?

I have been fairly active in the scene since 2020. For most conferences, I usually arrive late in the city on the previous day and usually leave the city on conference close day. Conferences for me are the place to meet friends and new folks and hear about them, their work, new developments, and what’s happening in their interest zones. I feel naturally happy talking to folks. In this case, people inspire me to work. Nothing can replace a passionate technical and social discussion, which stretches way into dinner parties and later.

For most conference discussions now, I just show up without a set role (DebConf is probably an exception to it). It usually involves talking to folks, suggesting what needs to be done, doing a bit of it myself, and finishing some last-minute stuff during the actual thing.

Having more of these conferences and helping make them happen naturally gives everyone more places to come together, meet, talk, and work on something.

No doubt, one reason for all these conferences is evangelism for, let’s say Free Software, OpenStreetMap, Debian etc. which is good and needed for the pipeline. But for me, the primary reason would always be meeting folks.

03:07

Social Grace [QC RSS]

aaaaaa

02:28

02:00

The Inheritance [Penny Arcade]

I have way, way more than this done, but it seemed like a super funny situation and who knows; I'd love to see him go for it. Let's see him put his best foot forward on such a rich narrativo. I would definitely like to read a couple strips about that, maybe on some Cave of Tits type action, but then I would have to write it. Inconvenient!

00:56

Dirk Eddelbuettel: RApiDatetime 0.0.11 on CRAN: Micro-Maintenance [Planet Debian]

A new (micro) maintenance release of our RApiDatetime package is now on CRAN, coming only a good week after the 0.0.10 release which itself had a two year gap to its predecessor release.

RApiDatetime provides a number of entry points for C-level functions of the R API for Date and Datetime calculations. The functions asPOSIXlt and asPOSIXct convert between long and compact datetime representation, formatPOSIXlt and Rstrptime convert to and from character strings, and POSIXlt2D and D2POSIXlt convert between Date and POSIXlt datetime. Lastly, asDatePOSIXct converts to a date type. All these functions are rather useful, but were not previously exported by R for C-level use by other packages. Which this package aims to change.

This release adds a single (and ) around one variable as the rchk container and service by Tomas now flagged this. Which is … somewhat peculiar, as this is old code also ‘borrowed’ from R itself but no point arguing so I just added this.

Details of the release follow based on the NEWS file.

Changes in RApiDatetime version 0.0.11 (2026-01-19)

  • Add PROTECT (and UNPROTECT) to appease rchk

Courtesy of my CRANberries, there is also a diffstat report for this release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.

Monday, 19 January

23:00

Blue Skies [Penny Arcade]

I shared some stuff over on BlueSky that I thought readers here might also enjoy. I don't blame anyone for not installing or monitoring a new social media site. So no need to go anywhere, just sit back and relax as I bring the social media to you!

22:14

Link [Scripting News]

Screen shot: Twitter did what I have been begging all the others to do. Get rid of the character limit and allow for simple styling, links, optional titles, the ability to edit, basically the writing functions of the world wide web. You can also put a nice Medium-like picture at the top. Twitter was started in 2006 which according to my records is approximately twenty freaking years ago! I mean geez how long does it take?

Link [Scripting News]

I'm always happy to see NakedJen in my blogroll. Screen shot.

Link [Scripting News]

I got a text from Matt recommending Claude Code, saying it's as new as ChatGPT was when it came out.

21:49

The end of OzLabs [LWN.net]

OzLabs is a collection of Australian free-software developers that was, for most of its history, associated with IBM. Members of OzLabs have included Hugh Blemings, Michael Ellerman, Ben Herrenschmidt, Greg Lehey, Paul Mackerras, Martin Pool, Stephen Rothwell, Rusty Russell, and Andrew Tridgell, among others. The OzLabs "about" page notes that, as of January 2026, the last remaining OzLabs members have departed IBM. "This brought to a close the Ozlabs association with IBM". Thus ends a quarter-century of development history.

(Thanks to Jon Masters).

Isoken Ibizugbe: Mid-Point Project Progress [Planet Debian]

Halfway There

Hurray! 🎉 I have officially reached the 6-week mark, the halfway point of my Outreachy internship. The time has flown by incredibly fast, yet it feels short because there is still so much exciting work to do.

I remember starting this journey feeling overwhelmed, trying to gain momentum. Today, I feel much more confident. I began with the apps_startstop task during the contribution period, writing manual test steps and creating preparation Perl scripts for the desktop environments. Since then, I’ve transitioned into full automation and taken a liking to reading openQA upstream documentation when I have issues or for reference.

In all of this, I’ve committed over 30 hours a week to the project. This dedicated time has allowed me to look in-depth into the Debian ecosystem and automated quality assurance.

The Original Roadmap vs. Reality

Reviewing my 12-week goal, which included extending automated tests for “live image testing,” “installer testing,” and “documentation,” I am happy to report that I am right on track. My work on desktop apps tests has directly improved the quality of both the Live Images and the netinst (network installer) ISOs.

Accomplishments

I have successfully extended the apps_startstop tests for two Desktop Environments (DEs): Cinnamon and LXQt. These tests ensure that common and DE specific apps launch and close correctly across different environments.

  • Merged Milestone: My Cinnamon tests have been officially merged into the upstream repository! [MR !84]
  • LXQt & Adaptability: I am in the final stages of the LXQt tests. Interestingly, I had to update these tests mid-way through because of a version update in the DE. This required me to update the needles (image references) to match the new UI, a great lesson in software maintenance.

Solving for “Synergy”

One of my favorite challenges was suggested by my mentor, Roland: synergizing the tests to reduce redundancy. I observed that some applications (like Firefox and LibreOffice) behave identically across different desktops. Instead of duplicating Perl scripts/code for every single DE, I used symbolic links. This allows the use of the same Perl script and possibly the same needles, making the test suite lighter and much easier to maintain.

The Contributor Guide

During the contribution phase, I noticed how rigid the documentation and coding style requirements are. While this ensures high standards and uniformity, it can be intimidating for newcomers and time-consuming for reviewers.

To help, I created a contributor guide [MR !97]. This guide addresses the project’s writing style. My goal is to reduce the back-and-forth during reviews, making the process more efficient for everyone and helping new contributors.

Looking Forward

For the second half of the internship, I plan to:

  1. Assist others: Help new contributors extend apps start-stop tests to even more desktop environments.
  2. Explore new coverage: Move beyond start-stop tests into deeper functional testing.

This journey has been an amazing experience of learning and connecting with the wider open-source community, especially Debian Women and the Linux QA team.

I am deeply grateful to my mentors, Tassia Camoes Araujo, Roland Clobus, and Philip Hands, for their constant guidance and for believing in my ability to take on this project.

Here’s to the next 6 weeks 🥂

19:28

Francesco Paolo Lovergine: A Terramaster NAS with Debian, take two. [Planet Debian]

After experimenting at home, the very first professional-grade NAS from Terramaster arrived at work, too, with 12 HDD bays and possibly a pair of M2s. NVME cards. In this case, I again installed a plain Debian distribution, but HDD monitoring required some configuration adjustments to run smartd properly.

A decent approach to data safety is to run regularly scheduled short and long SMART tests on all disks to detect potential damage. Running such tests on all disks at once isn't ideal, so I set up a script to create a staggered configuration and test multiple groups of disks at different times. Note that it is mandatory to read the devices at each reboot because their names and order can change.

Of course, the same principle (short/long test at regular intervals along the week) should be applied for a simpler configuration, as in the case of my home NAS with a pair of RAID1 devices.

What follows is a simple script to create a staggered smartd.conf at boot time:

#!/bin/bash
#
# Save this as /usr/local/bin/create-smartd-conf.sh
#
# Dynamically generate smartd.conf with staggered SMART test scheduling
# at boot time based on discovered ATA devices

# HERE IS A LIST OF DIRECTIVES FOR THIS CONFIGURATION FILE.
# PLEASE SEE THE smartd.conf MAN PAGE FOR DETAILS
#
#   -d TYPE Set the device type: ata, scsi[+TYPE], nvme[,NSID],
#           sat[,auto][,N][+TYPE], usbcypress[,X], usbjmicron[,p][,x][,N],
#           usbprolific, usbsunplus, sntasmedia, sntjmicron[,NSID], sntrealtek,
#           ... (platform specific)
#   -T TYPE Set the tolerance to one of: normal, permissive
#   -o VAL  Enable/disable automatic offline tests (on/off)
#   -S VAL  Enable/disable attribute autosave (on/off)
#   -n MODE No check if: never, sleep[,N][,q], standby[,N][,q], idle[,N][,q]
#   -H      Monitor SMART Health Status, report if failed
#   -s REG  Do Self-Test at time(s) given by regular expression REG
#   -l TYPE Monitor SMART log or self-test status:
#           error, selftest, xerror, offlinests[,ns], selfteststs[,ns]
#   -l scterc,R,W  Set SCT Error Recovery Control
#   -e      Change device setting: aam,[N|off], apm,[N|off], dsn,[on|off],
#           lookahead,[on|off], security-freeze, standby,[N|off], wcache,[on|off]
#   -f      Monitor 'Usage' Attributes, report failures
#   -m ADD  Send email warning to address ADD
#   -M TYPE Modify email warning behavior (see man page)
#   -p      Report changes in 'Prefailure' Attributes
#   -u      Report changes in 'Usage' Attributes
#   -t      Equivalent to -p and -u Directives
#   -r ID   Also report Raw values of Attribute ID with -p, -u or -t
#   -R ID   Track changes in Attribute ID Raw value with -p, -u or -t
#   -i ID   Ignore Attribute ID for -f Directive
#   -I ID   Ignore Attribute ID for -p, -u or -t Directive
#   -C ID[+] Monitor [increases of] Current Pending Sectors in Attribute ID
#   -U ID[+] Monitor [increases of] Offline Uncorrectable Sectors in Attribute ID
#   -W D,I,C Monitor Temperature D)ifference, I)nformal limit, C)ritical limit
#   -v N,ST Modifies labeling of Attribute N (see man page)
#   -P TYPE Drive-specific presets: use, ignore, show, showall
#   -a      Default: -H -f -t -l error -l selftest -l selfteststs -C 197 -U 198
#   -F TYPE Use firmware bug workaround:
#           none, nologdir, samsung, samsung2, samsung3, xerrorlba
#   -c i=N  Set interval between disk checks to N seconds
#    #      Comment: text after a hash sign is ignored
#    \      Line continuation character
# Attribute ID is a decimal integer 1 <= ID <= 255
# except for -C and -U, where ID = 0 turns them off.

set -euo pipefail

# Test schedule configuration
BASE_SCHEDULE="L/../../6"  # Long test on Saturdays
TEST_HOURS=(01 03 05 07)   # 4 time slots: 1am, 3am, 5am, 7am

DEVICES_PER_GROUP=3

main() {
    # Get array of device names (e.g., sda, sdb, sdc)
    mapfile -t devices < <(ls -l /dev/disk/by-id/ | grep ata | awk '{print $11}' | grep sd | cut -d/ -f3 | sort -u)

    if [[ ${#devices[@]} -eq 0 ]]; then
        exit 1
    fi

    # Start building config file
    cat << EOF
# smartd.conf - Auto-generated at boot
# Generated: $(date '+%Y-%m-%d %H:%M:%S')
#
# Staggered SMART test scheduling to avoid concurrent disk load
# Long tests run on Saturdays at different times per group
#
EOF

    # Process devices into groups
    local group=0
    local count_in_group=0

    for i in "${!devices[@]}"; do
        local dev="${devices[$i]}"
        local hour="${TEST_HOURS[$group]}"

        # Add group header at start of each group
        if [[ $count_in_group -eq 0 ]]; then
            echo ""
            echo "# Group $((group + 1)) - Tests at ${hour}:00 on Saturdays"
        fi

        # Add device entry
        #echo "/dev/${dev} -a -o on -S on -s (${BASE_SCHEDULE}/${hour}) -m root"
        echo "/dev/${dev} -a -o on -S on -s (L/../../6/${hour}) -s (S/../.././$(((hour + 12) % 24))) -m root"

        # Move to next group when current group is full
        count_in_group=$((count_in_group + 1))
        if [[ $count_in_group -ge $DEVICES_PER_GROUP ]]; then
            count_in_group=0
            group=$(((group + 1) % ${#TEST_HOURS[@]}))
        fi
    done
}

main "$@"

To run such a script at boot, add a unit file to the systemd configuration.

sudo systemctl  edit --full /etc/systemd/system/regenerate-smartd-conf.service
sudo systemctl enable regenerate-smartd-conf.service

Where the unit service is the following:

[Unit]
Description=Generate smartd.conf with staggered SMART test scheduling
# Wait for all local filesystems and udev device detection
After=local-fs.target systemd-udev-settle.service
Before=smartd.service
Wants=systemd-udev-settle.service
DefaultDependencies=no

[Service]
Type=oneshot
# Only generate the config file, don't touch smartd here
ExecStart=/bin/bash -c '/usr/local/bin/create-smartd-config.sh > /etc/smartd.conf'
StandardOutput=journal
StandardError=journal
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Civil Rights Nonprofit Director Imraan Siddiqi Wants to Represent Legislative District 32 [The Stranger]

Sitting at Shoreline Diva Espresso, Imraan Siddiqi looked tired. Diva down? Not this diva, who wore a shirt with the words “I know my rights” inside an outline of Washington State. by Nathalie Graham

It has already been a long year for Imraan Siddiqi, the executive director of the civil rights nonprofit Council on American-Islamic Relations (CAIR) Washington, which is working to protect immigrants from being sucked into the gears of Donald Trump’s administration. Sitting at Shoreline Diva Espresso, he looked tired. Diva down? Not this diva, who wore a shirt with the words “I know my rights” inside an outline of Washington State. It’s a mantra pivotal to his work.

That morning, CAIR had achieved the culmination of three weeks’ worth of effort, getting a Palestinian immigrant out of the Northwest Detention Center on bond. The man had been detained the day after Christmas, when CAIR was on a holiday break. No matter. Siddiqi, at home with his family, picked up the phone and jumped into action. 

He called CAIR-WA’s four lawyers and directed a team member to drive out to Auburn to comfort the man’s wife, who was alone with their newborn. In the weeks leading up to the man’s bond hearing, Siddiqi sent community members and religious leaders to sit with him, to make sure he was less alone.

Three weeks later—“Imagine how long those weeks were for him,” Siddiqi says wearily—the man could finally go home. Siddiqi showed me the video on his phone of the man’s release that morning. A woman greeted him outside a chain-link fence. “Happy New Year,” she said, embracing him. 

It’s this kind of work, and the prospect of helping people on a grander scale, that makes Siddiqi want to run for office. He wants to be the representative for Legislative District 32, a seat already held by a Democrat, Lauren Davis. 

“I have nothing against the incumbent,” Siddiqi says, “but I feel that there is a shortfall in terms of leaders who have failed to meet this moment, to stand up as our communities are being ravaged by ICE.” 

Siddiqi is not shy about challenging Democrat incumbents, either. In 2024, he tried to unseat Rep. Kim Schrier (WA-08), who he felt hadn’t stood against Israel’s war on  Gaza. She crossed a line when she voted to censure Rep. Rashida Tlaib, the only Palestinian member of Congress, he says. Siddiqi believed running against Schrier could “change the narrative on the genocide” and show “that there are voices out there who are going to stand up.” 

Siddiqi didn’t make it past the primary, but he’s feeling optimistic this time. He pointed to Zohran Mamdani’s win in the New York City mayoral race, and Seattle Mayor Katie Wilson’s razor-thin triumph over Bruce Harrell. 

“There has been an energy shift in this country within this last year,” Siddiqi says. “Young people will turn out [to vote] if you have people who are willing to stand on business. We don't want the same corporate Democrats occupying these offices for decades and not moving the needle at all.” 

Davis has been in office eight years and isn’t the picture of a corporate Democrat. She’s pushed for progressive taxation legislation and drug decriminalization in Olympia (which is why we’ve endorsed her so many times). However, recently, she’s backed off some of her progressive ideals. Just this week, she broke ranks with Democrats to oppose a bill that would allow for the release of three-strike offenders currently serving a life prison sentence if any of the strikes occurred while the offender was a juvenile. The bill coincides with a 2012 Supreme Court ruling that found life sentences for juvenile offenders to be cruel and unusual punishment and a 2018 Washington State Supreme Court ruling that upheld the same sentiment. She expressed her “alarm” on conservative radio host Jason Rantz’s show. Last year, she hand-wrung over the public health implications of allowing retail cannabis stores to operate within Lynnwood’s city limits. 

“I'm just the strongest candidate,” Siddiqi says. 

All his life, he’s had to explain himself, to educate his peers about Muslims. Growing up in Auburn, Alabama, and Atlanta, Georgia, he and his family were often the only Muslims around.

He felt this kind of activism was what he was meant to do, but in 1999, he came to a crossroads. His older brother, who was starting to take over the family jewelry business, was in a horrific car accident and lay comatose in a hospital bed. Siddiqi, a college student, knew someone would have to support his parents. His brother survived. But by the time he’d mostly recovered, Siddiqi had dropped out and taken over the business. 

Two years later, the Islamophobic fallout of 9/11nudged him back toward activism. He penned op-eds. He got his degree, and an MBA. In 2010, shortly after opening a coffee shop in Phoenix, Arizona—called “Where You Bean?”—he joined a mostly defunct chapter of CAIR. Six years ago, he moved north to lead our state chapter.

CAIR mostly fights anti-Muslim discrimination, but after Afghan refugees fled their collapsing country for the US in 2021, Siddiqi knew the organization would have to change. 

“There was going to need to be a deeper integration of immigration law into what CAIR Washington was doing,” Siddiqi says. “It initially started with evacuees from Afghanistan, refugees who are coming here and helping them either reunite with their families or start their new life over here.”

It’s come in handy quite a bit since. Given, you know, everything.

So, Siddiqi is running for office to help more people with his expertise.

His biggest focuses when he gets into the legislature will be affordability and protections for immigrant and nonwhite communities. His platform is still fuzzy.

Recently, CAIR-WA has been helping local Somali immigrants who have been threatened by right-wing misinformation campaigns. Many have had their businesses and personal information doxxed, or exposed online. Siddiqi would like to beef up protections against doxxing—that is, people targeting others by publishing private and identifying information online. That could help the Somali community and anyone protesting ICE. In 2023, the legislature passed a bill allowing anyone who was harmed by doxxing to sue a doxxer. Siddiqi would like to see those protections for doxxing victims go further. He didn’t explain how. 

As far as affordability goes, Siddiqi wants to reduce costs. How? Also unclear. When asked, he offered one idea: starting with the exorbitantly wealthy. 

“I'm very passionate about holding billionaires accountable,” Siddiqi says. 

His business background means he gets the whole economics thing. “Income inequality is the gulf that is growing exponentially,” he says. (The real Gulf of America.)

He supports the new millionaires tax that’s being talked about in the legislature. Gov. Bob Ferguson has championed a 9.9 percent tax on income over $1 million. There’s also talk at the state level of pursuing a broader income tax. Siddiqi wouldn’t say outright whether he supported that, fearing it could be a “hot button issue” that would turn voters off. 

“That is something that, if it reduces other areas of taxes, we should definitely explore,” he says of the income tax. “Getting a vibe from our voters is going to be extremely important.” 

Mostly, it’s about bringing change to Olympia, especially when it comes to protecting people against ICE. 

“I'm going to push all these people, whether it's the attorney general, whether it's the governor, [to] act on the behalf of these people who are impacted by this fascist administration,” Siddiqi says.

17:56

What was the secret sauce that allows for a faster restart of Windows 95 if you hold the shift key? [The Old New Thing]

Commenter Otul Osan wondered what was happening when the user held the Shift key when restarting Windows. Windows displays the message “Windows is restarting” rather than doing a full cold restart of the system.

The behavior you’re seeing is the result of passing the EW_RESTART­WINDOWS flag to the old 16-bit Exit­Windows function.

What happens is that the 16-bit Windows kernel shuts down, and then the 32-bit virtual memory manager shuts down, and the CPU is put back into real mode, and control returns to win.com with a special signal that means “Can you start protected mode Windows again for me?”

The code in win.com prints the “Please wait while Windows restarts…” message, and then tries to get the system back into the same state that it was in back when win.com had been freshly-launched.

One of the things it has to do is to reset any command line options that had been passed to win.com. This is largely clerical work, but it is rather cumbersome because win.com was written in assembly language. And some global variables need to be reset back to the original values.

You might recall that .com files are implicitly given all of the remaining available convention memory when they launch. Programs can release that memory back to the system if they want to make it available to other programs. In win.com‘s case, it releases all the memory beyond its own image back to the system so that there is a single large contiguous block of memory for loading protected-mode Windows.

If somebody had allocated memory in the space that win.com had given up for protected-mode Windows, then convention memory will be fragmented, and the “try to get the system back into the same state that it was in back when win.com had been freshly-launched” is not successful because the expected memory layout was “one giant contiguous block of memory”. In that case, win.com says, “Sorry, I can’t do what you asked” and falls back to a full reboot.

Otherwise, everything looks good, and win.com jumps back to the code that starts protected-mode Windows, and that re-creates the virtual machine manager, and then the graphical user interface launches, and the user sees that Windows has restarted.

Bonus chatter: A common trick in assembly language back in this era when you counted every byte was to take the memory that holds functions that will no longer be called and reuse them as uninitialized data. It’s free memory!

In the case of win.com, the original code reused the first bytes of the entry point as a global variable since the entry point executes only once. Once you get past the entry point, it’s dead code, so you can put a global variable there! Fortunately, the “fast-restart” case doesn’t jump all the way back to the entry point, so the fact that those instructions were corrupted is not significant.

Bonus bonus chatter: Otul Osan also noted that the fast-restart wasn’t perfect: If you try two fast-restarts in a row, the second one crashes. I wasn’t able to reproduce this. I was able to fast-restart four times in a row without incident. My guess is that some device driver did not reset itself properly, so when the system restarted, the second instance of the driver saw a slightly weird device, and the weirdness finally caught up to it at shutdown. (Maybe it corrupted some memory that didn’t cause problems until shutdown.)

The post What was the secret sauce that allows for a faster restart of Windows 95 if you hold the shift key? appeared first on The Old New Thing.

17:07

Page 43 [Flipside]

Page 43 is done.

16:35

[$] Task-level io_uring restrictions [LWN.net]

The io_uring subsystem is more than an asynchronous I/O interface for Linux; it is, for all practical purposes, an independent system-call API. It has enabled high-performance applications, but it also brings challenges for code built around classic, Unix-style system calls. For example, the seccomp() sandboxing mechanism does not work with it, causing applications using seccomp() to disable io_uring outright. Io_uring maintainer Jens Axboe is seeking to improve that situation with a rapidly evolving patch series adding a new restrictive mechanism to that subsystem.

Haas: Who contributed to PostgreSQL development in 2025? [LWN.net]

PostgreSQL contributor Robert Haas has published a blog post that breaks down code contributions to PostgreSQL in 2025.

I calculate that, in 2025, there were 266 people who were the principal author of at least one PostgreSQL commit. 66% of the new lines of code where contributed by one of 26 people, and 90% of the lines of new code were contributed by one of 67 people.

Contributions to the project seem to be on the upswing; in his analysis of development in 2024, there were 229 people who were the primary authors of a commit, and 66% of new lines of code were contributed by one of 18 people. The raw data is also available.

16:21

Hellen Chemtai: Internship Highlights at Outreachy: My Journey with Debian OpenQA [Planet Debian]

Highlights

Hello world 😀. I am an intern here at Outreachy working with Debian OpenQA Image testing team. The work consists of testing Images with OpenQA. The internship has reached midpoint and here are some of the highlights that I have had so far.

  1. The mentors : Roland Clobus, Tassia Camoes and Philip Hands are very good mentors. I like the constant communication and the help I get while working on the project. I enjoy working with this team.
  2. The community : The contributors, mentors and the greater SUSE OpenQA community are constantly in communication. I learn a lot from these meetings.
  3. The women network : The women of Debian meet and network . The meetings are interactive and we are encouraged to interact.
  4. The project : We are making progress one step at a time. Isoken Ibizugbe is my fellow intern working on start-stop tests. I am working on live installers tests.

Communication

I have learned a lot during my internship. I have always been on the silent path of life with little communication. I once told myself being a developer would hide me behind a computer to avoid socializing. Being in open source especially this internship has helped me out with communication and networking. The team work in the project has helped me a lot

  1. My mentors encourage communication. Giving project updates and stating when we get stuck.
  2. My mentors have scheduled weekly meetings to communicate about the project
  3. We are constantly invited to the SUSE meetings by mentors or by Sam Thursfield who is part of the team.
  4. Female contributors are encouraged to join Debian women monthly meetings for networking

Lessons so far

I have had challenges , solved problems and learned new skills all this while

  1. I have learned Perl, OpenQA configuration, needle editing and improved my Linux and Git skills
  2. I have known how various Images are installed , booted and run through live viewing of tests
  3. I have solved many test errors and learned to work with applications that are needed in the OS installations. e.g. rufus
  4. I have learned how virtual machines work and how to solve errors in regards to them

So far so good. I am grateful to be a contributor towards the project and hope to continue learning.

16:14

Code is a liability (not an asset) [Cory Doctorow's craphound.com]

A shredder, shredding a giant US$100 bill. Benjamin Franklin's head has been replaced with a cliched 'hacker in a hoodie' illustration. The machine's faceplate bears the Claude Code wordmark. The background is the hostile red eye of HAL 9000 from Stanley Kubrick's '2001: A Space Odyssey.'

This week on my podcast, I read “Code is a liability (not an asset),” a recent post from my Pluralistic.net blog, about the bad ideas behind the drive to replace programmers with chatbots.


Code is a liability. Code’s capabilities are assets. The goal of a tech shop is to have code whose capabilities generate more revenue than the costs associated with keeping that code running. For a long time, firms have nurtured a false belief that code costs less to run over time: after an initial shakedown period in which the bugs in the code are found and addressed, code ceases to need meaningful maintenance. After all, code is a machine without moving parts – it does not wear out; it doesn’t even wear down.

MP3

(Image: Cryteria, CC BY 3.0, modified)

15:49

Pluralistic: Social media without socializing (19 Jan 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


Mark Zuckerberg's metaverse avatar, perched on a legless nude Ken doll body; its eyes are psychedelic pinwheels. Behind the figure is a group shot of child laborer miners from the 1910s, glitched out, blue tinted, and covered with scan lines. The background is a psychedelic swirl of moody colors. They stand atop a filthy checkerboard floor that stretches off to infinity.

Social media without socializing (permalink)

From the earliest days of social media, social media bosses have been at war with sociability. To create a social media service is to demarcate legitimate and illegitimate forms of sociability. It's a monumental act of hubris, really.

It was ever thus. The founder of Friendster decreed that people could only form friendship bonds with each other, but could not declare themselves to be "friends" of everyone with a common interest. You and I could be friends, but you couldn't be "friends" with a group called "bloggers." Each member of that group would have to create a reciprocal friendship link to see one another's feeds.

Way back in 1999, Larry Lessig taught us that "code is law." By encoding these restrictions into the feed, Friendster's programmers were putting limits on the kinds of relationships that could be formed using the service. But Lessig's law (code?) is often overidden by an even older principle: William Gibson's 1982 maxim that "the street finds its own uses for things."

Friendster told its users how to be friends with one another, and Friendster's users treated Friendster's management as damage and routed around it. They created accounts with names like "New York City" and whenever anyone friended that account, it friended them back. Users hacked their own way to form "illegitimate" friendships based on affinity into the system:

https://www.zephoria.org/thoughts/archives/2003/08/17/the_fakester_manifesto.html

As social media turned into a billion- (and then a trillion-) dollar business, the urgency of the struggle between how social media bosses demanded that we socialize and how we wanted to socialize only got sharper. Mark Zuckerberg doubtless thought he was covering all his bases when he tossed a casual "It's complicated" to the pulldown menu for defining your relationship status, but that's because he doesn't understand how complicated all our relationships are:

https://www.phillymag.com/news/2013/07/10/facebook-complicated-relationship-status/

For Zuck, crisply defined relationships were things that he could do simple math on in order to target ads, make recommendations, and sort users into categories. When you need to treat relationships as elements in a series of discrete mathematical operations, the fact that relationships are intrinsically, irreducibly qualitative is a serious bug. So Zuck did what computer scientists usually do when they want to do math on qualitative variables: he incinerated all the qualitative elements by quantizing them, and then did math on the dubious residue that remained:

https://locusmag.com/feature/cory-doctorow-qualia/

Zuck's biggest problem isn't the ambiguity of your social connections, though – it's that they exist at all. Think about it: Mark Zuckerberg personally makes or loses billions of dollars based on how much you socialize with your friends on his platforms. If your friends engage with you in ways that are low intensity and easily concluded ("How'd you sleep?" "Just fine." "That's nice."), then he loses. If, on the other hand, you and your friends get into protracted, intense interactions, he gets to show you so many ads and make so much money.

Your friends are a problem for Mark Zuckerberg to solve, and (to his undying chagrin), you and your friends stubbornly refuse to organize your relationships around Zuck's financial imperatives. You just wanna hang out in the rhythms that are part of any friendship – sometimes intense, sometimes casual, often sporadic. I mean, honestly, if you're going to insist on just having normal friendships, how the hell can Mark Zuckerberg post the kind of growth his shareholders expect?

This explains much of the drive to transform Facebook from a platform that shows you the things your friends post to a platform that mostly shows you things that "content creators" post. Your friends aren't motivated by the dangling possibility of viral dollars if they get you to "engage" with their posts, but for content creators, your engagement buys the groceries and pays the rent. By swapping out your friends and replacing them with people who are highly motivated to "engage" with you, Zuck gets a lever he can yank to get his users to arrange their conduct in ways that goose his growth.

In other words, Zuck lured you in with the promise of having pleasurable online conversations that matter to you; and now that he's trapped you, he wants you to break up with your friends so you have more time to watch his community access cable station.

It also explains Zuck's passion for filling his platform with botshit, and his plan to solve the loneliness epidemic by giving you chatbots instead of friends:

https://fortune.com/2025/06/26/mark-zuckerberg-ai-friends-hinge-ceo/

For Mark Zuckerberg, all people are just shitty chatbots – chatbots that won't follow orders. He wants to be able to point us at one another in the hopes that we will simply prompt one another into endless chatter, with endless scrolling, and endless ad insertions. This works great with chatbots, not so well with people:

https://www.youtube.com/watch?v=EtNagNezo8w

After all, Zuck doesn't really believe most other people exist. Read Careless People, Sarah Wynn-Williams's tell-all whistleblower memoir about her years at Facebook and you'll quickly realize that for Zuck, people are statistical artifacts, not co-equal beings worthy of moral consideration:

https://pluralistic.net/2025/04/23/zuckerstreisand/#zdgaf

Billionaires are plagued by solipsism. Not believing other people exist is a great aid to billionairedom, because it lets you amass your fortune without scrupling over the population-scale misery you're inflicting on the way:

https://pluralistic.net/2025/08/18/seeing-like-a-billionaire/#npcs

For Zuck, AI is the most exciting technology in history (even more exciting than the Metaverse, if you can believe it!) because it might give him the world he dreams of: a world without people, or, at very least, a social media network without any socializing:

https://pluralistic.net/2026/01/05/fisher-price-steering-wheel/#billionaire-solipsism

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Nutjob offers $100 bounty to UCLA students who wiretap lefty profs https://news.slashdot.org/story/06/01/21/1948206/ucla-students-urged-to-expose-radical-professors

#20yrsago Mysterious birthday ritual at Poe’s graveside disrupted by rubberneckers https://web.archive.org/web/20060212041742/https://www.cnn.com/2006/US/01/19/poe.mystery.ap/index.html?section=cnn_latest

#20yrsago DRM primer for librarians https://web.archive.org/web/20060115061831/https://www.ala.org/ala/washoff/WOissues/copyrightb/digitalrights/DRMfinal.pdf

#20yrsago Hollywood’s MP caught lying on tape https://web.archive.org/web/20061010121359/http://www.michaelgeist.ca/index.php?option=com_content&amp;task=view&amp;id=1080

#20yrsago Musician playing at Hollywood’s MP fundraiser owes success to copying https://web.archive.org/web/20080704112401/http://accordionguy.blogware.com/blog/_archives/2006/1/19/1714267.html

#15yrsago Book made using 4 daisy-chained printers spanning 100 years’ worth of technology https://web.archive.org/web/20110111054908/https://www.xavierantin.fr/archive/Just-In-Time/

#15yrsago Assemblage octopus for sale https://web.archive.org/web/20110124175436/http://jemayer.tumblr.com/post/2802328671

#15yrsago Among Others: extraordinary, magic story of science fiction as a toolkit for taking apart the world https://memex.craphound.com/2011/01/18/among-others-extraordinary-magic-story-of-science-fiction-as-a-toolkit-for-taking-apart-the-world/

#10yrsago Reminder: Don’t put balls of tea leaves in your vagina https://www.the-independent.com/life-style/health-and-families/health-news/women-putting-herb-balls-in-vagina-to-detox-their-wombs-have-been-warned-of-dangers-a6814671.html

#10yrsago Martin Luther King, socialist: “capitalism has outlived its usefulness” https://theintercept.com/2016/01/18/martin-luther-king-jr-celebrations-overlook-his-critiques-of-capitalism-and-militarism/

#10yrsago Debullshitifying the “sleep science” industry: first up, sleeplessness and obesity https://web.archive.org/web/20160120210128/http://askforevidence.org/articles/obesity-linked-to-not-getting-enough-sleep

#10yrsago England’s most senior civil judge rules that Terrorism Act violates human rights https://www.theguardian.com/world/2016/jan/19/terrorism-act-incompatible-with-human-rights-court-rules-in-david-miranda-case

#10yrsago Delhi’s “Sleep Mafia” control the nights of 100,000 homeless workers https://www.youtube.com/watch?v=rXzElV75x08

#10yrsago Replica weapons made from thousands of cut and stacked post-its https://web.archive.org/web/20160109080110/http://ercolimarco.me/post-it-sculpture/

#10yrsago How the standard, high-quality disaster-relief tarpaulin came to be https://www.wired.com/2016/01/tarpaulin/

#10yrsago GM’s Dieselgate: mechanics privately admit software update removes crimeware from Opel cars https://web.archive.org/web/20160121055745/http://www.ft.com/cms/s/0/16ff471e-bdfd-11e5-846f-79b0e3d20eaf.html

#10yrsago Griefer hacks baby monitor, terrifies toddler with spooky voices https://memex.craphound.com/2016/01/19/griefer-hacks-baby-monitor-terrifies-toddler-with-spooky-voices/

#10yrsago Spanish-language broadcasting titan Univision buys controlling interest in The Onion https://www.univision.com/noticias/univision-makes-investment-in-the-onion

#10yrsago How the National Reconnaissance Office came to choose a sinister, planet-devouring octopus for a logo https://www.muckrock.com/news/archives/2016/jan/19/octopus-NRO/

#5yrsago Amazon warehouse union gets tech solidarity https://pluralistic.net/2021/01/19/deastroturfing/#real-power

#5yrsago Facebook's community standards https://pluralistic.net/2021/01/18/peak-indifference/#community-standards

#5yrsago Honor MLK day with the Internet Archive https://pluralistic.net/2021/01/18/peak-indifference/#mlk

#5yrsago Planet Money's free Great Gatsby audiobook https://pluralistic.net/2021/01/18/peak-indifference/#gatsby

#5yrsago Pandemics and peak indifference https://pluralistic.net/2021/01/18/peak-indifference/#peak-indifference

#5yrsago How to leak a Zoom meeting https://pluralistic.net/2021/01/18/peak-indifference/#watermarks

#1yrago Billionaire-proofing the internet https://pluralistic.net/2025/01/14/contesting-popularity/#everybody-samba

#1yrago Canada shouldn't retaliate with US tariffs https://pluralistic.net/2025/01/15/beauty-eh/#its-the-only-war-the-yankees-lost-except-for-vietnam-and-also-the-alamo-and-the-bay-of-ham

#1yrago Fu-Schnickens https://pluralistic.net/2025/01/17/holy-batfu-its-an-apple/#ba-schnicker-bah-snchnucker

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Memex Method," Farrar, Straus, Giroux, 2026

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America ( words today, total)

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

15:28

Link [Scripting News]

I'd like to see a social network that had an AI filter that only showed comments that were responsive to the question raised by the post they're responding to. BTW we need some technical terminology for socializing online. When I reply to a post, what do we call the post I'm replying to? Remember there's a human quality to this too, you're not just talking about something on a computer, but an actual person.

Link [Scripting News]

I took a couple of falls on ice the other day, during one of the many snowstorms we've had, and both times my watch, after a polite pause, shook my wrist, asking if I just took a fall and should it call in an emergency? if you don't do anything it makes the call. In that sense, your watch could beep when someone is gaslighting the other person. If it was you gaslighting them you'd see your avatar on the screen. Of it's them, you can show it to them.

15:07

Wine 11.0 released [LWN.net]

Version 11.0 of the Wine Windows compatibility layer is out. "This release represents a year of development effort, around 6,300 individual changes, and more than 600 bug fixes." The most notable changes in this release are support for the NTSync Linux kernel module (when available), and the completion of the Windows 32-bit on Windows 64-bit (WoW64) architecture that was announced as experimental in Wine 9.0.

14:56

Special neighbours [RevK®'s ramblings]

The video kind of says it all...

Hi. 
 Yes, I still have this cold. It's come 
 back. Don't ask. 
 But I've had a weird weekend. 
 It started with early hours of Saturday 
 morning where two jobs decided to take 
 concrete slabs off the wall outside my 
 house and dump them on the A40. 
 uh police did attend and the good news 
 is having given them all the CCTV is 
 apparently they actually have suspects 
 which is great. So we'll see how that 
 goes. It's not the first time we've had 
 this before but we suspect it's the same 
 people as before. 
 So that's going to be interesting to see 
 how it pans out. 
 But then later on Saturday we had 
 something a little bit unexpected. 
 A guy walking his dog decides to take 
 the Christmas wreaths off our gate. Now, 
 to be fair, we've been meaning to take 
 them off for a while, but we haven't got 
 around to it. 
 And he dumps them behind the gate, and 
 the result is they get run over. 
 Basically, uh my one of my kids came up 
 to the gate, open the gate, can't see 
 the wreaths because they're right up by 
 the gate. It's under the under their 
 bonnet, and drive over them, smashing 
 blessings. 
 We're kind of hoping we can kind of 
 recover them now. Replace some Bbles, 
 check the lights work and things, but 
 they're probably about 50 quid each. 
 Quite large Christmas wreaths. So, not 
 funny. 
 So, I put a poster up on the gate 
 basically who does this and and a Grinch 
 image and some pictures. 
 Well, guy with his dog comes back. He's 
 obviously not amused. 
 And you know, I was half expecting him 
 to just like rip the poster off as he 
 went past or something like that, but 
 no, you won't believe this. 
 He seems to have planned a midnight 
 raid. Okay, half past midnight. 
 He's got a woolly hat, different coats, 
 hand over his face, and 
 he sort of creeps down Belmont Road, 
 comes around the corner, grabs the 
 posters off the fence, sort of half 
 hides behind a a pole at one point, and 
 then scurryies back up Belmont Road, 
 sort of ducking under the under the 
 wall. And yeah, I 
 it sounds crazy. I have the video. see 
 this. Uh, I think it's fairly sensible 
 because I've, you know, I can't identify 
 who's in the video. I'm not sure anyone 
 else can. That's the whole point of him 
 covering his face. So, I think I'm I'm 
 quite legit in publishing this. 
 So, yeah. Well, 
 I have the weirdest neighbors, but I 
 mean, 10 out of 10 for entertainment. 
 Who'd have expected him to plan a 
 midnight raid to take a poster off my 
 gate? I mean, that's just Well, wow. 
 Wow.

14:21

Two new stable kernels for Monday [LWN.net]

Greg Kroah-Hartman has released the 5.15.198, and 5.10.248 stable kernels. As usual, each contains important fixes throughout the tree; users are advised to upgrade.

Security updates for Monday [LWN.net]

Security updates have been issued by AlmaLinux (cups, libpq, libsoup3, podman, and postgresql16), Debian (ffmpeg, gpsd, python-urllib3, and thunderbird), Fedora (chromium, foomuuri, forgejo, freerdp, harfbuzz, libtpms, musescore, python-biopython, and python3.12), Mageia (gimp, libpng, nodejs, and python-urllib3), and SUSE (alloy, avahi, bind, chromedriver, chromium, cpp-httplib, docker, erlang, fluidsynth, freerdp, go-sendxmpp, govulncheck-vulndb, kernel, libwireshark19, NetworkManager-applet-l2tp, python, python311-virtualenv, thunderbird, and zk).

13:21

Marking Territory [The Daily WTF]

There's something about hierarchical arrangements that makes top-down interference utterly irresistible to many managers and executives. Writers may also experience similar strife with their editors, a phenomenon Robert Heinlein described with the perfect metaphor: "After he pees in it himself, he likes the flavor much better."

Sometimes, a leader leverages their hard-won wisdom and experience to steer a project onto a better path. But, all too often, someone's imagined wisdom and starving ego force a perfectly good train off the rails.

Today, our friend and long-time submitter Argle shares an example of the latter:

Decorative fire hydrant at Windsor Fire Fighter Memorial, Windsor, Ontario, 2025-05-31

Between 2017 and the end of 2023, I worked with a contracting firm. The work was quite varied, and I generally liked all the clients I had to deal with. One of those was Regional Western Electric. RWE was a good company, and the engineers I worked most closely with were guys I'd happily drink beer with. The project itself was a bit of a WTF: it was a transformer design program written in BASIC running on DOS (from circa 1988) that they wished to modernize.

While it's possible to write good BASIC code, that generally doesn't happen, and this project was typical. Aside from having a horrendous user interface, their 10 base transformer designs started as a single program and bloated to 10 programs, all sharing variables g1 through g99 and g1$ through g99$. At some point, they got a language update, so full-length names dotted the program, and a few line numbers went away.

Thankfully, they didn't want us to fix the program: they wanted it replaced as web application for their intranet. This proved that there ARE smart engineers and management.

My job was to convert all the math from BASIC to C#. I was more the math guy than the other senior programmer who wanted this to be our second big project in Angular. (The first was an internal project.) This worked well, though I did ask at the start if it wasn't wiser just to have me get together with their engineers at a marker board and just figure out everything directly. There was some discussion about this, and one engineer remarked that we'll probably look back and regret not following my suggestion, but at least going the "conversion" route let us compare old output to new.

Since this was a fact, we forged ahead. The catch with this was that I had to replicate all the content errors, and there were many. A sorted table of wires had one sorted out of place. A lengthy magnetic field calculation was negated by multiplying by a global variable that was always 0. The code was littered with *1.1 or *1.05 to add 10% or 5% fudge factors to one specific design, then left in the code. As this progressed, the project went from unmanageable code to which nothing new could be added (they had newer equipment which couldn't be figured into designs) [into something manageable].

This is the happy part of the story.

The unhappy part is what happened to my co-worker. While I had a lovely base class for the transformers and happy virtual functions making the designs slick, he had something similar working in Angular. The CSS was great and designed by our house designer (who was good at his job), the components were perfect ... the whole thing was a showcase project.

Then came the meeting to discuss the aforementioned additions that everyone was looking forward to. For the first time, their IT director joined one of the meetings. He looked over everything, then declared that he didn't want to learn Typescript and Angular, and then insisted that the whole front-end be rewritten in MVC.

The company was paid by the hour, so the owner didn't mind this, but you could almost see the smoke rising from my co-worker's head as he spent weeks on the rewrite.

As for the IT director, he never stuck his nose in the project again. Never maintained it, and retired around the time I added some of the new features.

Sadly, the period of inflation ate into any budget they might have had to move on to the next big phase of the project, and I've moved on to another company.

It's just a shame what one person throwing his weight around can do to a project.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

13:14

12:07

AI-Powered Surveillance in Schools [Schneier on Security]

It all sounds pretty dystopian:

Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition database. Behavioral analysis AI reviews the footage for signs of violent behavior. Behind a bathroom door, a smoke detector-shaped device captures audio, listening for sounds of distress. Outside, drones stand ready to be deployed and provide intel from above, and license plate readers from $8.5 billion surveillance behemoth Flock Safety ensure the cars entering and exiting the parking lot aren’t driven by criminals.

This isn’t a high-security government facility. It’s Beverly Hills High School.

11:35

Grrl Power #1427 – Unlimited Class Battle Arena Round 1 Fight! [Grrl Power]

In a no holds barred Battle Royale, blowing up the whole battlefield is a pretty solid option, assuming you yourself could survive it. Of course, in an unlimited class arena, there’s a chance your opponents could too. Still, why not? Might knock out a few of them anyway. Pretty much the only thing not allowed in the UCBA is anything that could be categorized as off table support. No orbital railguns, no over the horizon artillery, no transporting infinite backup mecha or clones or oceans onto the field. Hammerspace/bags of holding are okay, but not an actual wormhole to a thousand arrays of battleship weapons pointed at the entrance of the wormhole, or, you know, an infinite warehouse full of mecha ocean clones.

Can you put a tag-team-partner in your bag of holding? Well, most of them don’t work like that, but this is Unlimited Class, so let’s assume they have one that allows you to store a living being. No, you can’t do that, because they would count as a separate entrant. There have been some special cases where a duo entered as a single entrant, but they were weird psychically paired or something.

Can you enter a starship? Like a Galactic Dreadnought? Sure, but with only a single crew member. Or a single A.I. (A proper A.I., not the shit we have now.) However, in a relatively close-range fight against 7 other Unlimited Class opponents, it’s a pretty good way to get boarded and lose your ship. There have been a few instances in the past where people tried to cheat by entering a powerful ship or mecha and another powerful entrant shanghaied it to double up their fighting power, but it’s a stupid tactic, because you can just enter Goku wearing Iron Man’s armor piloting a Warhammer 40K Titan in the first place. The only thing “cheating” like that would do is it would let you “beat” an otherwise difficult opponent because they’re really on your side to begin with.

That isn’t to say organizations haven’t tried to stack the final matchups by flooding the entry pools. The problem at that level of competition is getting beings that powerful to take falls. The Gokus and Supermen would be offended by the cheating, and the Friezas and Dr. Dooms would incinerate you for suggesting that anyone would believe that they could be beaten.

There are a lot of good “thing powering up sounds.” The Proton Power Pack from Ghostbusters is a good one, though it’s probably more the reaction than the sound in that scene. The guy yelling “Power UP!” in Altered Beasts is actually pretty fun. As soundbytes go, “POWER OVERWHELMING” is an amazing one. But really I’m talking about sound effects, not He-Man yelling “IIIIII HAVE THE POWEEEEER!” Which incidentally is another good one. Share your favorite “thing power up” moments.

Maxima Hoard ThumbnailHere’s one of Gaxgy’s in progress shots of the painting Maxima promised him. Weird how he draws almost exactly like me.

I’ve finished the main picture with the nude variant. (More like the clothing is the variant, because it’s easier to add clothes than erase them.) But I haven’t finished the bonus comic yet, so I’ll update the incentives soon.

Patreon doesn’t have a nude version yet, but I’ll try and update this each week until it’s done.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

10:56

Jonathan Dowland: FOSDEM 2026 [Planet Debian]

I'm going to FOSDEM 2026!

I'm presenting in the Containers dev room. My talk is Java Memory Management in Containers and it's scheduled as the first talk on the first day. I'm the warm-up act!

The Java devroom has been a stalwart at FOSDEM since 2004 (sometimes in other forms), but sadly there's no Java devroom this year. There's a story about that, but it's not mine to tell.

Please recommend to me any interesting talks! Here's a few that caught my eye:

Debian/related:

Containers:

Research:

Other:

10:49

On the wall [Seth's Blog]

We are story-processing creatures, and the most effective stories are often embodied in people. Living examples of the lesson we’re trying to learn and the posture we hope to model.

Heroes, mentors, martyrs, examples, icons, avatars, archetypes, and even villains.

Sometimes those people are fictional, living in an anecdote and refined to form a legend.

The leverage of media, though, has made history more powerful than any made-up story ever could be.

When we rehearse and amplify the story, we can’t help but make the person less real. The story has a purpose, and its purpose is to remind us of who we could be and how we move forward.

This is what saints do for us. This is why we put pictures on the wall or invoke the memories of the people who came before us.

Reminded of our heroes, we know we can improve. We can work harder for justice, find more compassion and show up as a contribution. We can look at the ordinary moments when someone chose to keep going and realize that choice is available to us as well.

There are so many extraordinary people who have come before. It’s on us to choose our heroes wisely and to do the hard work to honor the contributions they made. Even when it’s difficult and unpopular. Especially then.

Today is a fine day to consider who’s on our wall.

09:49

08:42

08:28

The Inheritance [Penny Arcade]

New Comic: The Inheritance

07:49

Vincent Bernat: RAID 5 with mixed-capacity disks on Linux [Planet Debian]

Standard RAID solutions waste space when disks have different sizes. Linux software RAID with LVM uses the full capacity of each disk and lets you grow storage by replacing one or two disks at a time.

We start with four disks of equal size:

$ lsblk -Mo NAME,TYPE,SIZE
NAME TYPE  SIZE
vda  disk  101M
vdb  disk  101M
vdc  disk  101M
vdd  disk  101M

We create one partition on each of them:

$ sgdisk --zap-all --new=0:0:0 -t 0:fd00 /dev/vda
$ sgdisk --zap-all --new=0:0:0 -t 0:fd00 /dev/vdb
$ sgdisk --zap-all --new=0:0:0 -t 0:fd00 /dev/vdc
$ sgdisk --zap-all --new=0:0:0 -t 0:fd00 /dev/vdd
$ lsblk -Mo NAME,TYPE,SIZE
NAME   TYPE  SIZE
vda    disk  101M
└─vda1 part  100M
vdb    disk  101M
└─vdb1 part  100M
vdc    disk  101M
└─vdc1 part  100M
vdd    disk  101M
└─vdd1 part  100M

We set up a RAID 5 device by assembling the four partitions:1

$ mdadm --create /dev/md0 --level=raid5 --bitmap=internal --raid-devices=4 \
>   /dev/vda1 /dev/vdb1 /dev/vdc1 /dev/vdd1
$ lsblk -Mo NAME,TYPE,SIZE
    NAME          TYPE    SIZE
    vda           disk    101M
┌┈▶ └─vda1        part    100M
┆   vdb           disk    101M
├┈▶ └─vdb1        part    100M
┆   vdc           disk    101M
├┈▶ └─vdc1        part    100M
┆   vdd           disk    101M
└┬▶ └─vdd1        part    100M
 └┈┈md0           raid5 292.5M
$ cat /proc/mdstat
md0 : active raid5 vdd1[4] vdc1[2] vdb1[1] vda1[0]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

We use LVM to create logical volumes on top of the RAID 5 device.

$ pvcreate /dev/md0
  Physical volume "/dev/md0" successfully created.
$ vgcreate data /dev/md0
  Volume group "data" successfully created
$ lvcreate -L 100m -n bits data
  Logical volume "bits" created.
$ lvcreate -L 100m -n pieces data
  Logical volume "pieces" created.
$ mkfs.ext4 -q /dev/data/bits
$ mkfs.ext4 -q /dev/data/pieces
$ lsblk -Mo NAME,TYPE,SIZE
    NAME          TYPE    SIZE
    vda           disk    101M
┌┈▶ └─vda1        part    100M
┆   vdb           disk    101M
├┈▶ └─vdb1        part    100M
┆   vdc           disk    101M
├┈▶ └─vdc1        part    100M
┆   vdd           disk    101M
└┬▶ └─vdd1        part    100M
 └┈┈md0           raid5 292.5M
    ├─data-bits   lvm     100M
    └─data-pieces lvm     100M
$ vgs
  VG   #PV #LV #SN Attr   VSize   VFree
  data   1   2   0 wz--n- 288.00m 88.00m

This gives us the following setup:

One RAID 5 device built from four partitions from four disks of equal capacity. The RAID device is part of an LVM volume group with two logical volumes.
RAID 5 setup with disks of equal capacity

We replace /dev/vda with a bigger disk. We add it back to the RAID 5 array after copying the partitions from /dev/vdb:

$ cat /proc/mdstat
md0 : active (auto-read-only) raid5 vdb1[1] vdd1[4] vdc1[2]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/3] [_UUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk
$ sgdisk --replicate=/dev/vda /dev/vdb
$ sgdisk --randomize-guids /dev/vda
$ mdadm --manage /dev/md0 --add /dev/vda1
$ cat /proc/mdstat
md0 : active raid5 vda1[5] vdb1[1] vdd1[4] vdc1[2]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

We do not use the additional capacity: this setup would not survive the loss of /dev/vda because we have no spare capacity. We need a second disk replacement, like /dev/vdb:

$ cat /proc/mdstat
md0 : active (auto-read-only) raid5 vda1[5] vdd1[4] vdc1[2]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/3] [U_UU]
      bitmap: 0/1 pages [0KB], 65536KB chunk
$ sgdisk --replicate=/dev/vdb /dev/vdc
$ sgdisk --randomize-guids /dev/vdb
$ mdadm --manage /dev/md0 --add /dev/vdb1
$ cat /proc/mdstat
md0 : active raid5 vdb1[6] vda1[5] vdd1[4] vdc1[2]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

We create a new RAID 1 array by using the free space on /dev/vda and /dev/vdb:

$ sgdisk --new=0:0:0 -t 0:fd00 /dev/vda
$ sgdisk --new=0:0:0 -t 0:fd00 /dev/vdb
$ mdadm --create /dev/md1 --level=raid1 --bitmap=internal --raid-devices=2 \
>   /dev/vda2 /dev/vdb2
$ cat /proc/mdstat
md1 : active raid1 vdb2[1] vda2[0]
      101312 blocks super 1.2 [2/2] [UU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md0 : active raid5 vdb1[6] vda1[5] vdd1[4] vdc1[2]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

We add /dev/md1 to the volume group:

$ pvcreate /dev/md1
  Physical volume "/dev/md1" successfully created.
$ vgextend data /dev/md1
  Volume group "data" successfully extended
$ vgs
  VG   #PV #LV #SN Attr   VSize   VFree
  data   2   2   0 wz--n- 384.00m 184.00m
$  lsblk -Mo NAME,TYPE,SIZE
       NAME          TYPE    SIZE
       vda           disk    201M
   ┌┈▶ ├─vda1        part    100M
┌┈▶┆   └─vda2        part    100M
┆  ┆   vdb           disk    201M
┆  ├┈▶ ├─vdb1        part    100M
└┬▶┆   └─vdb2        part    100M
 └┈┆┈┈┈md1           raid1  98.9M
   ┆   vdc           disk    101M
   ├┈▶ └─vdc1        part    100M
   ┆   vdd           disk    101M
   └┬▶ └─vdd1        part    100M
    └┈┈md0           raid5 292.5M
       ├─data-bits   lvm     100M
       └─data-pieces lvm     100M

This gives us the following setup:2

One RAID 5 device built from four partitions and one RAID 1 device built from two partitions. The two last disks are smaller. The two RAID devices are part of a single LVM volume group.
Setup mixing both RAID 1 and RAID 5

We extend our capacity further by replacing /dev/vdc:

$ cat /proc/mdstat
md1 : active (auto-read-only) raid1 vda2[0] vdb2[1]
      101312 blocks super 1.2 [2/2] [UU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md0 : active (auto-read-only) raid5 vda1[5] vdd1[4] vdb1[6]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/3] [UU_U]
      bitmap: 0/1 pages [0KB], 65536KB chunk
$ sgdisk --replicate=/dev/vdc /dev/vdb
$ sgdisk --randomize-guids /dev/vdc
$ mdadm --manage /dev/md0 --add /dev/vdc1
$ cat /proc/mdstat
md1 : active (auto-read-only) raid1 vda2[0] vdb2[1]
      101312 blocks super 1.2 [2/2] [UU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md0 : active raid5 vdc1[7] vda1[5] vdd1[4] vdb1[6]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

Then, we convert /dev/md1 from RAID 1 to RAID 5:

$ mdadm --grow /dev/md1 --level=5 --raid-devices=3 --add /dev/vdc2
mdadm: level of /dev/md1 changed to raid5
mdadm: added /dev/vdc2
$ cat /proc/mdstat
md1 : active raid5 vdc2[2] vda2[0] vdb2[1]
      202624 blocks super 1.2 level 5, 64k chunk, algorithm 2 [3/3] [UUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md0 : active raid5 vdc1[7] vda1[5] vdd1[4] vdb1[6]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk
$ pvresize /dev/md1
$ vgs
  VG   #PV #LV #SN Attr   VSize   VFree
  data   2   2   0 wz--n- 482.00m 282.00m

This gives us the following layout:

Two RAID 5 devices built from four disks of different sizes. The last disk is smaller and contains only one partition, while the others have two partitions: one for /dev/md0 and one for /dev/md1. The two RAID devices are part of a single LVM volume group.
RAID 5 setup with mixed-capacity disks using partitions and LVM

We further extend our capacity by replacing /dev/vdd:

$ cat /proc/mdstat
md0 : active (auto-read-only) raid5 vda1[5] vdc1[7] vdb1[6]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/3] [UUU_]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md1 : active (auto-read-only) raid5 vda2[0] vdc2[2] vdb2[1]
      202624 blocks super 1.2 level 5, 64k chunk, algorithm 2 [3/3] [UUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk
$ sgdisk --replicate=/dev/vdd /dev/vdc
$ sgdisk --randomize-guids /dev/vdd
$ mdadm --manage /dev/md0 --add /dev/vdd1
$ cat /proc/mdstat
md0 : active raid5 vdd1[4] vda1[5] vdc1[7] vdb1[6]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md1 : active (auto-read-only) raid5 vda2[0] vdc2[2] vdb2[1]
      202624 blocks super 1.2 level 5, 64k chunk, algorithm 2 [3/3] [UUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

We grow the second RAID 5 array:

$ mdadm --grow /dev/md1 --raid-devices=4 --add /dev/vdd2
mdadm: added /dev/vdd2
$ cat /proc/mdstat
md0 : active raid5 vdd1[4] vda1[5] vdc1[7] vdb1[6]
      299520 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk

md1 : active raid5 vdd2[3] vda2[0] vdc2[2] vdb2[1]
      303936 blocks super 1.2 level 5, 64k chunk, algorithm 2 [4/4] [UUUU]
      bitmap: 0/1 pages [0KB], 65536KB chunk
$ pvresize /dev/md1
$ vgs
  VG   #PV #LV #SN Attr   VSize   VFree
  data   2   2   0 wz--n- 580.00m 380.00m
$ lsblk -Mo NAME,TYPE,SIZE
       NAME          TYPE    SIZE
       vda           disk    201M
   ┌┈▶ ├─vda1        part    100M
┌┈▶┆   └─vda2        part    100M
┆  ┆   vdb           disk    201M
┆  ├┈▶ ├─vdb1        part    100M
├┈▶┆   └─vdb2        part    100M
┆  ┆   vdc           disk    201M
┆  ├┈▶ ├─vdc1        part    100M
├┈▶┆   └─vdc2        part    100M
┆  ┆   vdd           disk    301M
┆  └┬▶ ├─vdd1        part    100M
└┬▶ ┆  └─vdd2        part    100M
 ┆  └┈┈md0           raid5 292.5M
 ┆     ├─data-bits   lvm     100M
 ┆     └─data-pieces lvm     100M
 └┈┈┈┈┈md1           raid5 296.8M

You can continue by replacing each disk one by one using the same steps. ♾️

  1. Write-intent bitmaps speed up recovery of the RAID array after a power failure by marking unsynchronized regions as dirty. They have an impact on performance, but I did not measure it myself. ↩︎

  2. In the lsblk output, /dev/md1 appears unused because the logical volumes do not use any space from it yet. Once you create more logical volumes or extend them, lsblk will reflect the usage. ↩︎

07:00

Russell Coker: Furilabs FLX1s [Planet Debian]

The Aim

I have just got a Furilabs FLX1s [1] which is a phone running a modified version of Debian. I want to have a phone that runs all apps that I control and can observe and debug. Android is very good for what it does and there are security focused forks of Android which have a lot of potential, but for my use a Debian phone is what I want.

The FLX1s is not going to be my ideal phone, I am evaluating it for use as a daily-driver until a phone that meets my ideal criteria is built. In this post I aim to provide information to potential users about what it can do, how it does it, and how to get the basic functions working. I also evaluate how well it meets my usage criteria.

I am not anywhere near an average user. I don’t think an average user would ever even see one unless a more technical relative showed one to them. So while this phone could be used by an average user I am not evaluating it on that basis. But of course the features of the GUI that make a phone usable for an average user will allow a developer to rapidly get past the beginning stages and into more complex stuff.

Features

The Furilabs FLX1s [1] is a phone that is designed to run FuriOS which is a slightly modified version of Debian. The purpose of this is to run Debian instead of Android on a phone. It has switches to disable camera, phone communication, and microphone (similar to the Librem 5) but the one to disable phone communication doesn’t turn off Wifi, the only other phone I know of with such switches is the Purism Librem 5.

It has a 720*1600 display which is only slightly better than the 720*1440 display in the Librem 5 and PinePhone Pro. This doesn’t compare well to the OnePlus 6 from early 2018 with 2280*1080 or the Note9 from late 2018 with 2960*1440 – which are both phones that I’ve run Debian on. The current price is $US499 which isn’t that good when compared to the latest Google Pixel series, a Pixel 10 costs $US649 and has a 2424*1080 display and it also has 12G of RAM while the FLX1s only has 8G. Another annoying thing is how rounded the corners are, it seems that round corners that cut off the content are a standard practice nowadays, in my collection of phones the latest one I found with hard right angles on the display was a Huawei Mate 10 Pro which was released in 2017. The corners are rounder than the Note 9, this annoys me because the screen is not high resolution by today’s standards so losing the corners matters.

The default installation is Phosh (the GNOME shell for phones) and it is very well configured. Based on my experience with older phone users I think I could give a phone with this configuration to a relative in the 70+ age range who has minimal computer knowledge and they would be happy with it. Additionally I could set it up to allow ssh login and instead of going through the phone support thing of trying to describe every GUI setting to click on based on a web page describing menus for the version of Android they are running I could just ssh in and run diff on the .config directory to find out what they changed. Furilabs have done a very good job of setting up the default configuration, while Debian developers deserve a lot of credit for packaging the apps the Furilabs people have chosen a good set of default apps to install to get it going and appear to have made some noteworthy changes to some of them.

Droidian

The OS is based on Android drivers (using the same techniques as Droidian [2]) and the storage device has the huge number of partitions you expect from Android as well as a 110G Ext4 filesystem for the main OS.

The first issue with the Droidian approach of using an Android kernel and containers for user space code to deal with drivers is that it doesn’t work that well. There are 3 D state processes (uninterrupteable sleep – which usually means a kernel bug if the process remains in that state) after booting and doing nothing special. My tests running Droidian on the Note 9 also had D state processes, in this case they are D state kernel threads (I can’t remember if the Note 9 had regular processes or kernel threads stuck in D state). It is possible for a system to have full functionality in spite of some kernel threads in D state but generally it’s a symptom of things not working as well as you would hope.

The design of Droidian is inherently fragile. You use a kernel and user space code from Android and then use Debian for the rest. You can’t do everything the Android way (with the full OS updates etc) and you also can’t do everything the Debian way. The TOW Boot functionality in the PinePhone Pro is really handy for recovery [3], it allows the internal storage to be accessed as a USB mass storage device. The full Android setup with ADB has some OK options for recovery, but part Android and part Debian has less options. While it probably is technically possible to do the same things in regard to OS repair and reinstall the fact that it’s different from most other devices means that fixes can’t be done in the same way.

Applications

GUI

The system uses Phosh and Phoc, the GNOME system for handheld devices. It’s a very different UI from Android, I prefer Android but it is usable with Phosh.

IM

Chatty works well for Jabber (XMPP) in my tests. It supports Matrix which I didn’t test because I don’t desire the same program doing Matrix and Jabber and because Matrix is a heavy protocol which establishes new security keys for each login so I don’t want to keep logging in on new applications.

Chatty also does SMS but I couldn’t test that without the SIM caddy.

I use Nheko for Matrix which has worked very well for me on desktops and laptops running Debian.

Email

I am currently using Geary for email. It works reasonably well but is lacking proper management of folders, so I can’t just subscribe to the important email on my phone so that bandwidth isn’t wasted on less important email (there is a GNOME gitlab issue about this – see the Debian Wiki page about Mobile apps [4]).

Music

Music playing isn’t a noteworthy thing for a desktop or laptop, but a good music player is important for phone use. The Lollypop music player generally does everything you expect along with support for all the encoding formats including FLAC0 – a major limitation of most Android music players seems to be lack of support for some of the common encoding formats. Lollypop has it’s controls for pause/play and going forward and backward one track on the lock screen.

Maps

The installed map program is gnome-maps which works reasonably well. It gets directions via the Graphhopper API [5]. One thing we really need is a FOSS replacement for Graphhopper in GNOME Maps.

Delivery and Unboxing

I received my FLX1s on the 13th of Jan [1]. I had paid for it on the 16th of Oct but hadn’t received the email with the confirmation link so the order had been put on hold. But after I contacted support about that on the 5th of Jan they rapidly got it to me which was good. They also gave me a free case and screen protector to apologise, I don’t usually use screen protectors but in this case it might be useful as the edges of the case don’t even extend 0.5mm above the screen. So if it falls face down the case won’t help much.

When I got it there was an open space at the bottom where the caddy for SIMs is supposed to be. So I couldn’t immediately test VoLTE functionality. The contact form on their web site wasn’t working when I tried to report that and the email for support was bouncing.

Bluetooth

As a test of Bluetooth I connected it to my Nissan LEAF which worked well for playing music and I connected it to several Bluetooth headphones. My Thinkpad running Debian/Trixie doesn’t connect to the LEAF and to headphones which have worked on previous laptops running Debian and Ubuntu. A friend’s laptop running Debian/Trixie also wouldn’t connect to the LEAF so I suspect a bug in Trixie, I need to spend more time investigating this.

Wifi

Currently 5GHz wifi doesn’t work, this is a software bug that the Furilabs people are working on. 2.4GHz wifi works fine. I haven’t tested running a hotspot due to being unable to get 4G working as they haven’t yet shipped me the SIM caddy.

Docking

This phone doesn’t support DP Alt-mode or Thunderbolt docking so it can’t drive an external monitor. This is disappointing, Samsung phones and tablets have supported such things since long before USB-C was invented. Samsung DeX is quite handy for Android devices and that type feature is much more useful on a device running Debian than on an Android device.

Camera

The camera works reasonably well on the FLX1s. Until recently for the Librem 5 the camera didn’t work and the camera on my PinePhone Pro currently doesn’t work. Here are samples of the regular camera and the selfie camera on the FLX1s and the Note 9. I think this shows that the camera is pretty decent. The selfie looks better and the front camera is worse for the relatively close photo of a laptop screen – taking photos of computer screens is an important part of my work but I can probably work around that.

I wasn’t assessing this camera t find out if it’s great, just to find out if I have the sorts of problems I had before and it just worked. The Samsung Galaxy Note series of phones has always had decent specs including good cameras. Even though the Note 9 is old comparing to it is a respectable performance. The lighting was poor for all photos.

FLX1s


Note 9


Power Use

In 93 minutes having the PinePhone Pro, Librem 5, and FLX1s online with open ssh sessions from my workstation the PinePhone Pro went from 100% battery to 26%, the Librem 5 went from 95% to 69%, and the FLX1s went from 100% to 99%. The battery discharge rate of them was reported as 3.0W, 2.6W, and 0.39W respectively. Based on having a 16.7Wh battery 93 minutes of use should have been close to 4% battery use, but in any case all measurements make it clear that the FLX1s will have a much longer battery life. Including the measurement of just putting my fingers on the phones and feeling the temperature (FLX1s felt cool and the others felt hot).

The PinePhone Pro and the Librem 5 have an optional “Caffeine mode” which I enabled for this test, without that enabled the phone goes into a sleep state and disconnects from Wifi. So those phones would use much less power with caffeine mode enabled, but they also couldn’t get fast response to notifications etc. I found the option to enable a Caffeine mode switch on the FLX1s but the power use was reported as being the same both with and without it.

Charging

One problem I found with my phone is that in every case it takes 22 seconds to negotiate power. Even when using straight USB charging (no BC or PD) it doesn’t draw any current for 22 seconds. When I connect it it will stay at 5V and varying between 0W and 0.1W (current rounded off to zero) for 22 seconds or so and then start charging. After the 22 second display the phone will make the tick sound indicating that it’s charging and the power meter will measure that it’s drawing some current.

I added the table from my previous post about phone charging speed [6] with an extra row for the FLX1s. For charging from my PC USB ports the results were the worst ever, the port that does BC did not work at all it was looping trying to negotiate after a 22 second negotiation delay the port would turn off. The non-BC port gave only 2.4W which matches the 2.5W given by the spec for a “High-power device” which is what that port is designed to give. In a discussion on the Purism forum about the Librem5 charging speed one of their engineers told me that the reason why their phone would draw 2A from that port was because the cable was identifying itself as a USB-C port not a “High-power device” port. But for some reason out of the 7 phones I tested the FLX1s and the One Plus 6 are the only ones to limit themselves to what the port is apparently supposed to do. Also the One Plus 6 charges slowly on every power supply so I don’t know if it is obeying the spec or just sucking.

On a cheap AliExpress charger the FLX1s gets 5.9V and on a USB battery it gets 5.8V. Out of all 42 combinations of device and charger I tested these were the only ones to involve more than 5.1V but less than 9V. I welcome comments suggesting an explanation.

The case that I received has a hole for the USB-C connector that isn’t wide enough for the plastic surrounds on most of my USB-C cables (including the Dell dock). Also to make a connection requires a fairly deep insertion (deeper than the One Plus 6 or the Note 9). So without adjustment I have to take the case off to charge it. It’s no big deal to adjust the hole (I have done it with other cases) but it’s an annoyance.

Phone Top z640 Bottom Z640 Monitor Ali Charger Dell Dock Battery Best Worst
FLX1s FAIL 5.0V 0.49A 2.4W 4.8V 1.9A 9.0W 5.9V 1.8A 11W 4.8V 2.1A 10W 5.8V 2.1A 12W 5.8V 2.1A 12W 5.0V 0.49A 2.4W
Note9 4.8V 1.0A 5.2W 4.8V 1.6A 7.5W 4.9V 2.0A 9.5W 5.1V 1.9A 9.7W 4.8V 2.1A 10W 5.1V 2.1A 10W 5.1V 2.1A 10W 4.8V 1.0A 5.2W
Pixel 7 pro 4.9V 0.80A 4.2W 4.8V 1.2A 5.9W 9.1V 1.3A 12W 9.1V 1.2A 11W 4.9V 1.8A 8.7W 9.0V 1.3A 12W 9.1V 1.3A 12W 4.9V 0.80A 4.2W
Pixel 8 4.7V 1.2A 5.4W 4.7V 1.5A 7.2W 8.9V 2.1A 19W 9.1V 2.7A 24W 4.8V 2.3A 11.0W 9.1V 2.6A 24W 9.1V 2.7A 24W 4.7V 1.2A 5.4W
PPP 4.7V 1.2A 6.0W 4.8V 1.3A 6.8W 4.9V 1.4A 6.6W 5.0V 1.2A 5.8W 4.9V 1.4A 5.9W 5.1V 1.2A 6.3W 4.8V 1.3A 6.8W 5.0V 1.2A 5.8W
Librem 5 4.4V 1.5A 6.7W 4.6V 2.0A 9.2W 4.8V 2.4A 11.2W 12V 0.48A 5.8W 5.0V 0.56A 2.7W 5.1V 2.0A 10W 4.8V 2.4A 11.2W 5.0V 0.56A 2.7W
OnePlus6 5.0V 0.51A 2.5W 5.0V 0.50A 2.5W 5.0V 0.81A 4.0W 5.0V 0.75A 3.7W 5.0V 0.77A 3.7W 5.0V 0.77A 3.9W 5.0V 0.81A 4.0W 5.0V 0.50A 2.5W
Best 4.4V 1.5A 6.7W 4.6V 2.0A 9.2W 8.9V 2.1A 19W 9.1V 2.7A 24W 4.8V 2.3A 11.0W 9.1V 2.6A 24W

Conclusion

The Furilabs support people are friendly and enthusiastic but my customer experience wasn’t ideal. It was good that they could quickly respond to my missing order status and the missing SIM caddy (which I still haven’t received but believe is in the mail) but it would be better if such things just didn’t happen.

The phone is quite user friendly and could be used by a novice.

I paid $US577 for the FLX1s which is $AU863 by today’s exchange rates. For comparison I could get a refurbished Pixel 9 Pro Fold for $891 from Kogan (the major Australian mail-order company for technology) or a refurbished Pixel 9 Pro XL for $842. The Pixel 9 series has security support until 2031 which is probably longer than you can expect a phone to be used without being broken. So a phone with a much higher resolution screen that’s only one generation behind the latest high end phones and is refurbished will cost less. For a brand new phone a Pixel 8 Pro which has security updates until 2030 costs $874 and a Pixel 9A which has security updates until 2032 costs $861.

Doing what the Furilabs people have done is not a small project. It’s a significant amount of work and the prices of their products need to cover that. I’m not saying that the prices are bad, just that economies of scale and the large quantity of older stock makes the older Google products quite good value for money. The new Pixel phones of the latest models are unreasonably expensive. The Pixel 10 is selling new from Google for $AU1,149 which I consider a ridiculous price that I would not pay given the market for used phones etc. If I had a choice of $1,149 or a “feature phone” I’d pay $1,149. But the FLX1s for $863 is a much better option for me. If all I had to choose from was a new Pixel 10 or a FLX1s for my parents I’d get them the FLX1s.

For a FOSS developer a FLX1s could be a mobile test and development system which could be lent to a relative when their main phone breaks and the replacement is on order. It seems to be fit for use as a commodity phone. Note that I give this review on the assumption that SMS and VoLTE will just work, I haven’t tested them yet.

The UI on the FLX1s is functional and easy enough for a new user while allowing an advanced user to do the things they desire. I prefer the Android style and the Plasma Mobile style is closer to Android than Phosh is, but changing it is something I can do later. Generally I think that the differences between UIs matter more when on a desktop environment that could be used for more complex tasks than on a phone which limits what can be done by the size of the screen.

I am comparing the FLX1s to Android phones on the basis of what technology is available. But most people who would consider buying this phone will compare it to the PinePhone Pro and the Librem 5 as they have similar uses. The FLX1s beats both those phones handily in terms of battery life and of having everything just work. But it has the most non free software of the three and the people who want the $2000 Librem 5 that’s entirely made in the US won’t want the FLX1s.

This isn’t the destination for Debian based phones, but it’s a good step on the way to it and I don’t think I’ll regret this purchase.

Related posts:

  1. Phone Charging Speeds With Debian/Trixie One of the problems I encountered with the PinePhone Pro...
  2. Pixel 6A I have just bought a Pixel 6A [1] for my...
  3. More About the Librem 5 I concluded my previous post about the Purism Librem 5...

06:14

Girl Genius for Monday, January 19, 2026 [Girl Genius]

The Girl Genius comic for Monday, January 19, 2026 has been posted.

02:35

Workflow Analysis [QC RSS]

is that an org chart in your pants or are you just happy to see me

00:49

Dima Kogan: mrcal 2.5 released! [Planet Debian]

mrcal 2.5 is out: the release notes. Once again, this is mostly a bug-fix release en route to the big new features coming in 3.0.

One cool thing is that these tools have now matured enough to no longer be considered experimental. They have been used with great success in lots of contexts across many different projects and organizations. Some highlights:

  • I've calibrated extremely wide lenses
  • and extremely narrow lenses
  • and joint systems containing many different kinds of lenses
  • with lots of cameras at the same time. The biggest single joint calibration I've done today had 10 cameras, but I'll almost certainly encounter bigger systems in the future
  • mrcal has been used to process both visible and thermal cameras
  • The new triangulated-feature capability has been used in a structure-from-motion context to compute the world geometry on-line.
  • mrcal has been used with weird experimental setups employing custom calibration objects and single-view solves
  • mrcal has calibrated joint camera-LIDAR systems
  • and joint camera-IMU systems
  • Lots of students use mrcal as part of PhotonVision, the toolkit used by teams in the FIRST Robotics Competition

Some of the above is new, and not yet fully polished and documented and tested, but it works.

In mrcal 2.5, most of the implementation of some new big features is written and committed, but it's still incomplete. The new stuff is there, but is lightly tested and documented. This will be completed eventually in mrcal 3.0:

mrcal is quite good already, and will be even better in the future. Try it today!

Sunday, 18 January

18:42

Link [Scripting News]

I've been trying to stay out of politics here lately (did you notice), but I don't get how Americans, no matter who they voted for, can watch what's happening in Minneapolis and not feel like we have to protect the people there from the thugs who are attacking them. And of course that's exactly how we're supposed to feel. I watched a video of a woman, a disabled army veteran, being dragged from her car by the ICEs, and hearing cop car sirens in the background, imagining, hoping -- they were coming to stop the attack. We never did find out. How can you stand for this if you're an American. Forget about Democrats or Republicans, what about you? Where did you learn to ignore the feelings you must have when you see people, fellow human beings, attacked with such cruelty? Snap out of it, if you have any empathy left, or any love for our country. Tell your representatives to step in and stop this, and no excuses, Democrat or Republican, I don't care.

Link [Scripting News]

Why now? Because there are probably still enough in the military who believe in the rule of law and will obey an act of Congress.

16:28

XML-RPC links from 2019 [Scripting News]

In 2019, I did an overhaul of XML-RPC, and created a reference implementation in JavaScript, both client and server (Node.js).

The missing links from yesterday's podcast.

16:07

12:21

You can apparently use Windows 7’s compositor in GNOME, and vice versa – or something [OSnews]

There’s cursed computing, and then there’s cursed computing. It turns out that you can render GNOME’s windows with the compositor from Windows 7, dwm.exe. Yes.

tl;dr of how this clusterfuck works: this is effectively just x11 forwarding an x server from windows to linux. the fun part is a) making gnome run with an already existing window manager (namely dwm.exe lol), b) making gnome run over x11 forwarding (it is Not a fan, last time it tried running gnome on windows this is what broke it and made it quit trying), and c) actually ripping out parts of the gnome compositor again to make dwm instead of gnome render window decorations to achieve ✨️aero gnome✨️

↫ ⬡-49016 at Mastodon

This is already one of the most cursed things I’ve ever seen, but then things got so much worse. How about Windows 7’s dwm.exe, but composited by GNOME?

  • firefox and vscode are rendered by gnome
  • the start menu and gadgets are rendered by dwm, and then composited by gnome
  • ghostty, which literally goes above and beyond the gadgets (which you cannot do by just streaming one compositor to the other), is rendered by gnome
  • and the cherry on top is gnome-control-center, which exclusively runs in gnome sessions, being managed by gnome, rendered by dwm, and composited by gnome again

this is powered by about 7 layers of duct tape and a couple hundred lines of the worst C the world has ever seen

↫ ⬡-49016 at Mastodon

I need an adult.

10:49

Fun things to do with your VM/370 machine [OSnews]

Virtualisation is a lot older than you might think, with (one of?) the first implementation(s) being IBM’s VM/CMS, the line of operating systems that would grow to include things like System/370, System/390, all the way up until IBM/Z, which is still being developed and sold today; only recently IBM released the IBM z17 and z/OS 3.2, after all.

The VM series of operating systems is designed exclusively for mainframes, and works by giving every user their own dedicated virtual machine running on top of the Control Program, the hypervisor. Inside this virtual machine the user can run a wide variety of operating systems, from the simple, single-user classics like IBM’s Conversational Monitor System, to more complex systems like Linux or AIX.

Early versions of VM were released as open source and are now in the public domain, and enthusiasts have continued to build upon it and expand it, with the latest incarnations being the VM/370 Community Edition releases. They contain the Control Program and Conversational Monitor System, augmented by various fixes, improvements, and other additions. You can run VM in an emulator like Hercules, and continue on from there – but what, exactly, can you do with it?

That’s where Fun things to do with your VM/370 machine comes in. This article will give you an introduction to the system, and a number of first and later steps you can take while exploring this probably alien environment. If you’ve always dreamt of using an early IBM mainframe, this is probably the easiest way to do so, because buying one is a really, really bad idea.

10:28

Fake news and trust [Seth's Blog]

Celebrity gossip, fortune-telling and superstitions are the original forms of fake news, but now it’s increasingly widespread. In every field from science to world affairs, it’s troubling to see. People who are familiar with reality can’t understand why it’s popular–in a low-trust world, why would people engage with made-up noise disguised as information?

The irony is that it’s easier to trust fake news. It’s consistent, simplified, coherent and predictable, all the things that humans look for when we’re seeking solace.

The challenge for all of us is that while it’s easier to trust in the short run, it ultimately disappoints.

The trust we earn with complex and consistent analyses of reality takes more effort, but it’s worth more in the long run.

What sort of trust are you selling? And what are we buying?

09:49

03:07

A Photo of Johnscalzi, No, Not Me, the Minor Planet [Whatever]

It comes courtesy of the Cline Observatory at Guilford College (I have used Photoshop here to lower the noise in the image and to raise the relative brightness of the asteroid). The folks there took it as a challenge to find the minor planet with my name on it (figurately, not literally), and having located what looks to be it, compared the image to an earlier image of the same patch of sky to make sure that what they thought as the asteroid was indeed wandering through. Johnscalzi is currently at magnitude 17 (extremely dim), so the fact they managed to image it at all is kind of remarkable.

If you’re looking for it yourself, it’s currently in the vicinity of the constellation of Leo, near the lion’s butt. The precise location, for this or any other day, can be had by going here, then clicking on the “Ephemeris” link near the top, and having done that, clicking the “generate ephemeris” button at the page you’re taken to. It’ll then generate all the information you need to find it. That said, again, it’s at about magnitude 17 right now, so you’ll need a big telescope, or the ability to do time-lapse image stacking, or, probably both.

I have neither at the moment, so I’m thrilled that the folks at the Cline Observatory took a little bit of time out their evening to give it view. As I’ve mentioned before, I’m hugely thrilled to have a minor planet named for me. Being able to see it, even just a little, is also hugely thrilling.

— JS

00:28

Smuggled tech in Iran [Richard Stallman's Political Notes]

Iran is hunting down the Starlink connections that are still running, trying to eliminate all external communication.

People think that Iran is planning to sever its domestic internet entirely from the rest of the world.

It could be you next [Richard Stallman's Political Notes]

Robert Reich: *If agents of the federal government can murder a 37-year-old woman in broad daylight who, as videotapes show, was merely trying to get out of their way, they can murder you.

Even if Trump and his vice president and his secretary of homeland security all claim, contrary to the videotapes, that Renee Macklin Good was trying to kill an agent who acted in self-defense, they could make up the same about you.

Even if Trump describes her as a “professional agitator” and his goons call her a “domestic terrorist,” they could say the same about you regardless of your political views or activism. If you have left-wing political views and are an activist, you’re in greater danger.

How can we believe what the FBI turns up in its investigation, when the FBI is working for Trump and is headed by one of his goons, and is investigating possible connections between Renee Good and groups that have been protesting Trump’s immigration enforcement?*

When a corrupt and dishonest president packs government agencies with his corrupt and dishonest henchmen, everything they say and everything they do becomes suspect.

As Reich put it,

We must commit to peacefully fighting this regime, to ending Republican control of Congress in 2026, and to sending this dangerous gang packing in 2028 — assuming we’re still free and alive by then.

Bipartisan war powers resolution [Richard Stallman's Political Notes]

*Subject: Trump Bullies Flip-Flopping Senators Into Defeating Vote to Block Venezuela War.*

That was just barely enough to defeat the resolution.

Global survey [Richard Stallman's Political Notes]

*[the bully] is making China – not America – great again, global survey suggests.*

Urgent: Prevent Big Oil from Destroying Chaco Canyon [Richard Stallman's Political Notes]

US citizens: Call on Interior Secretary Burgum not to let Big Oil destroy Chaco Canyon.

Horses response to human sweat [Richard Stallman's Political Notes]

An experiment demonstrates that horses respond to odor of human sweat differently depending on whether the human was feeling fear at the time of collection.

ICE agents intimidation [Richard Stallman's Political Notes]

Deportation thugs on streets around Minneapolis have been observed on various occasions making slightly veiled threats to shoot protesters.

They have become a murderous criminal gang that shelters under a distortion of legal authority.

ICE job offer [Richard Stallman's Political Notes]

Journalist Laura Jedeed applied for a job with the deportation thugs, expecting to write a story later about the process and how they rejected her for what their background investigation would reveal about her politics. But they did not bother to investigate — they accepted her even though she had not actually even filled out the forms.

She is concerned that they may be accepting all sorts of violent criminals without bothering to check.

Mandated Danish Forces [Richard Stallman's Political Notes]

Denmark has ordered its soldiers to fight any armed attack on Danish territory, including in Greenland.

Denmark's army cannot militarily stop the US army from seizing Greenland. The point of this order seems to be to prevent the imperialist from sending his troops to seize Greenland and then pretending that the attack didn't start a war.

EPA pollution rules [Richard Stallman's Political Notes]

The EPA been ordered to give weight to the cost of pollution control but not to the cost of the human damage done by pollution, as a basis for relaxing the limits on soot pollution.

The economic cost of a person's death is a callous way to judge the importance of saving a person's life. But ignoring it, as an excuse for allowing more toxic pollution, is even worse.

In defense of Greenland [Richard Stallman's Political Notes]

How can Europe defend Greenland (and the rest of Europe) from the bully?

Imminent logging [Richard Stallman's Political Notes]

A special company in New South Wales, Australia, is authorized to fell trees in areas that are a habitat for endangered native species (plants and animals). It is supposed to take care not to harm those species, but it seems to take insufficient care.

It is so prone to mistakes that I wonder who profits from them.

Immigrant visa processing [Richard Stallman's Political Notes]

The wrecker has halted immigration visa consideration for 75 countries, ostensibly because too large a fraction of immigrants from those countries end up needing some sort of public support.

This is not a rational response to the problem. I was treated a couple of times by doctors that had immigrated from Albania — I am sure their income was adequate not to need welfare. By lumping everyone from each country together, the US shoots itself in the foot.

Iranian tensions [Richard Stallman's Political Notes]

After the imperious bully told Iran he would launch an attack if Iran executes protesters, the Iranian regime reacted just as I expected: by saying executions would start soon.

The bully is cruel and unpredictable. The mullahs are cruel and rigid.

Saturday, 17 January

23:07

Simon Josefsson: Backup of S3 Objects Using rsnapshot [Planet Debian]

I’ve been using rsnapshot to take backups of around 10 servers and laptops for well over 15 years, and it is a remarkably reliable tool that has proven itself many times. Rsnapshot uses rsync over SSH and maintains a temporal hard-link file pool. Once rsnapshot is configured and running, on the backup server, you get a hardlink farm with directories like this for the remote server:

/backup/serverA.domain/.sync/foo
/backup/serverA.domain/daily.0/foo
/backup/serverA.domain/daily.1/foo
/backup/serverA.domain/daily.2/foo
...
/backup/serverA.domain/daily.6/foo
/backup/serverA.domain/weekly.0/foo
/backup/serverA.domain/weekly.1/foo
...
/backup/serverA.domain/monthly.0/foo
/backup/serverA.domain/monthly.1/foo
...
/backup/serverA.domain/yearly.0/foo

I can browse and rescue files easily, going back in time when needed.

The rsnapshot project README explains more, there is a long rsnapshot HOWTO although I usually find the rsnapshot man page the easiest to digest.

I have stored multi-TB Git-LFS data on GitLab.com for some time. The yearly renewal is coming up, and the price for Git-LFS storage on GitLab.com is now excessive (~$10.000/year). I have reworked my work-flow and finally migrated debdistget to only store Git-LFS stubs on GitLab.com and push the real files to S3 object storage. The cost for this is barely measurable, I have yet to run into the €25/month warning threshold.

But how do you backup stuff stored in S3?

For some time, my S3 backup solution has been to run the minio-client mirror command to download all S3 objects to my laptop, and rely on rsnapshot to keep backups of this. While 4TB NVME’s are relatively cheap, I’ve felt that this disk and network churn on my laptop is unsatisfactory for quite some time.

What is a better approach?

I find S3 hosting sites fairly unreliable by design. Only a couple of clicks in your web browser and you have dropped 100TB of data. Or by someone else who steal your plaintext-equivalent cookie. Thus, I haven’t really felt comfortable using any S3-based backup option. I prefer to self-host, although continously running a mirror job is not sufficient: if I accidentally drop the entire S3 object store, my mirror run will remove all files locally too.

The rsnapshot approach that allows going back in time and having data on self-managed servers feels superior to me.

What if we could use rsnapshot with a S3 client instead of rsync?

Someone else asked about this several years ago, and the suggestion was to use the fuse-based s3fs which sounded unreliable to me. After some experimentation, working around some hard-coded assumption in the rsnapshot implementation, I came up with a small configuration pattern and a wrapper tool to implement what I desired.

Here is my configuration snippet:

cmd_rsync    /backup/s3/s3rsync
rsync_short_args    -Q
rsync_long_args    --json --remove
lockfile    /backup/s3/rsnapshot.pid
snapshot_root    /backup/s3
backup    s3:://hetzner/debdistget-gnuinos    ./debdistget-gnuinos
backup    s3:://hetzner/debdistget-tacos  ./debdistget-tacos
backup    s3:://hetzner/debdistget-diffos ./debdistget-diffos
backup    s3:://hetzner/debdistget-pureos ./debdistget-pureos
backup    s3:://hetzner/debdistget-kali   ./debdistget-kali
backup    s3:://hetzner/debdistget-devuan ./debdistget-devuan
backup    s3:://hetzner/debdistget-trisquel   ./debdistget-trisquel
backup    s3:://hetzner/debdistget-debian ./debdistget-debian

The idea is to save a backup of a couple of S3 buckets under /backup/s3/.

I have some scripts that take a complete rsnapshot.conf file and append my per-directory configuration so that this becomes a complete configuration. If you are curious how I roll this, backup-all invokes backup-one appending my rsnapshot.conf template with the snippet above.

The s3rsync wrapper script is the essential hack to convert rsnapshot’s rsync parameters into something that talks S3 and the script is as follows:

#!/bin/sh

set -eu

S3ARG=
for ARG in "$@"; do
    case $ARG in
    s3:://*) S3ARG="$S3ARG "$(echo $ARG | sed -e 's,s3:://,,');;
    -Q*) ;;
    *) S3ARG="$S3ARG $ARG";;
    esac
done

echo /backup/s3/mc mirror $S3ARG

exec /backup/s3/mc mirror $S3ARG

It uses the minio-client tool. I first tried s3cmd but its sync command read all files to compute MD5 checksums every time you invoke it, which is very slow. The mc mirror command is blazingly fast since it only compare mtime’s, just like rsync or git.

First you need to store credentials for your S3 bucket. These are stored in plaintext in ~/.mc/config.json which I find to be sloppy security practices, but I don’t know of any better way to do this. Replace AKEY and SKEY with your access token and secret token from your S3 provider:

/backup/s3/mc alias set hetzner AKEY SKEY

If I invoke a sync job for a fully synced up directory the output looks like this:

root@hamster /backup# /run/current-system/profile/bin/rsnapshot -c /backup/s3/rsnapshot.conf -V sync
Setting locale to POSIX "C"
echo 1443 > /backup/s3/rsnapshot.pid 
/backup/s3/s3rsync -Qv --json --remove s3:://hetzner/debdistget-gnuinos \
    /backup/s3/.sync//debdistget-gnuinos 
/backup/s3/mc mirror --json --remove hetzner/debdistget-gnuinos /backup/s3/.sync//debdistget-gnuinos
{"status":"success","total":0,"transferred":0,"duration":0,"speed":0}
/backup/s3/s3rsync -Qv --json --remove s3:://hetzner/debdistget-tacos \
    /backup/s3/.sync//debdistget-tacos 
/backup/s3/mc mirror --json --remove hetzner/debdistget-tacos /backup/s3/.sync//debdistget-tacos
{"status":"success","total":0,"transferred":0,"duration":0,"speed":0}
/backup/s3/s3rsync -Qv --json --remove s3:://hetzner/debdistget-diffos \
    /backup/s3/.sync//debdistget-diffos 
/backup/s3/mc mirror --json --remove hetzner/debdistget-diffos /backup/s3/.sync//debdistget-diffos
{"status":"success","total":0,"transferred":0,"duration":0,"speed":0}
/backup/s3/s3rsync -Qv --json --remove s3:://hetzner/debdistget-pureos \
    /backup/s3/.sync//debdistget-pureos 
/backup/s3/mc mirror --json --remove hetzner/debdistget-pureos /backup/s3/.sync//debdistget-pureos
{"status":"success","total":0,"transferred":0,"duration":0,"speed":0}
/backup/s3/s3rsync -Qv --json --remove s3:://hetzner/debdistget-kali \
    /backup/s3/.sync//debdistget-kali 
/backup/s3/mc mirror --json --remove hetzner/debdistget-kali /backup/s3/.sync//debdistget-kali
{"status":"success","total":0,"transferred":0,"duration":0,"speed":0}
/backup/s3/s3rsync -Qv --json --remove s3:://hetzner/debdistget-devuan \
    /backup/s3/.sync//debdistget-devuan 
/backup/s3/mc mirror --json --remove hetzner/debdistget-devuan /backup/s3/.sync//debdistget-devuan
{"status":"success","total":0,"transferred":0,"duration":0,"speed":0}
/backup/s3/s3rsync -Qv --json --remove s3:://hetzner/debdistget-trisquel \
    /backup/s3/.sync//debdistget-trisquel 
/backup/s3/mc mirror --json --remove hetzner/debdistget-trisquel /backup/s3/.sync//debdistget-trisquel
{"status":"success","total":0,"transferred":0,"duration":0,"speed":0}
/backup/s3/s3rsync -Qv --json --remove s3:://hetzner/debdistget-debian \
    /backup/s3/.sync//debdistget-debian 
/backup/s3/mc mirror --json --remove hetzner/debdistget-debian /backup/s3/.sync//debdistget-debian
{"status":"success","total":0,"transferred":0,"duration":0,"speed":0}
touch /backup/s3/.sync/ 
rm -f /backup/s3/rsnapshot.pid 
/run/current-system/profile/bin/logger -p user.info -t rsnapshot[1443] \
    /run/current-system/profile/bin/rsnapshot -c /backup/s3/rsnapshot.conf \
    -V sync: completed successfully 
root@hamster /backup#

You can tell from the paths that this machine runs Guix. This was the first production use of the Guix System for me, and the machine has been running since 2015 (with the occasional new hard drive). Before, I used rsnapshot on Debian, but some stable release of Debian dropped the rsnapshot package, paving the way for me to test Guix in production on a non-Internet exposed machine. Unfortunately, mc is not packaged in Guix, so you will have to install it from the MinIO Client GitHub page manually.

Running the daily rotation looks like this:

root@hamster /backup# /run/current-system/profile/bin/rsnapshot -c /backup/s3/rsnapshot.conf -V daily
Setting locale to POSIX "C"
echo 1549 > /backup/s3/rsnapshot.pid 
mv /backup/s3/daily.5/ /backup/s3/daily.6/ 
mv /backup/s3/daily.4/ /backup/s3/daily.5/ 
mv /backup/s3/daily.3/ /backup/s3/daily.4/ 
mv /backup/s3/daily.2/ /backup/s3/daily.3/ 
mv /backup/s3/daily.1/ /backup/s3/daily.2/ 
mv /backup/s3/daily.0/ /backup/s3/daily.1/ 
/run/current-system/profile/bin/cp -al /backup/s3/.sync /backup/s3/daily.0 
rm -f /backup/s3/rsnapshot.pid 
/run/current-system/profile/bin/logger -p user.info -t rsnapshot[1549] \
    /run/current-system/profile/bin/rsnapshot -c /backup/s3/rsnapshot.conf \
    -V daily: completed successfully 
root@hamster /backup#

Hopefully you will feel inspired to take backups of your S3 buckets now!

22:21

ChaosBSD: a FreeBSD fork to serve as a driver testing ground [OSnews]

ChaosBSD is a fork of FreeBSD. It exists because upstream cannot, and should not, accept broken drivers, half-working hardware, vendor trash, or speculative hacks.

We can.

↫ ChaosBSD GitHub page

This is an excellent approach to testing drivers that simply aren’t even remotely ready to be included in FreeBSD-proper. It should be obvious that this is not, in any way, meant to be used as a production operating system, as it will contain things that are broken and incomplete on purpose. The name’s also pretty great.

How to write modern and effective Java [OSnews]

This is a book intended to teach someone the Java language, from scratch.

You will find that the content makes heavy use of recently released and, for the moment, preview features. This is intentional as much of the topic ordering doesn’t work without at least Java 21.

↫ Modern Java GitHub page

Some light reading for the weekend. This sure is one hell of a detailed book.

20:49

Jonathan Dowland: Honest Jon's lightly-used Starships [Planet Debian]

No man’s Sky (or as it’s known in our house, "spaceship game") is a space exploration/sandbox game that was originally released 10 years ago. Back then I tried it on my brother‘s PS4 but I couldn’t get into it. In 2022 it launched for the Nintendo Switch1 and the game finally clicked for me.

I play it very casually. I mostly don’t play at all, except sometimes when there are time-limited “expeditions” running, which I find refreshing, and usually have some exclusives as a reward for play.

One of the many things you can do in the game is collect star ships. I started keeping a list of notable ones I’ve found, and I’ve decided to occasionally blog about them.

The Horizon Vector NX spaceship

The Horizon Vector NX is a small sporty ship that players on Nintendo Switch could claim within the first month or so after it launched. The colour scheme resembles the original “neon” switch controllers. Although the ship type occurs naturally in the game in other configurations, I think differently-painted wings are unique to this ship.

For most of the last 4 years, my copy of this ship was confined to the Switch, until November 2024, when they added cross-save capability to the game. I was then able to access the ship when playing on Linux (or Mac).

  1. The game runs very well natively on Mac, flawlessly on Steam for Linux, but struggles on the origins switch. It’s a marvel it runs there at all.

17:42

Ravi Dwivedi: My experiences in Brunei [Planet Debian]

This post covers my friend Badri and my experiences in Brunei. Brunei — officially Brunei Darussalam — is a country in Southeast Asia, located on Borneo island. It is one of the few remaining absolute monarchies on Earth.

On the morning of the 10th of December 2024, Badri and I reached Brunei International Airport by taking a flight from Kuala Lumpur. Upon arrival at the airport, we had to go through the immigration, of course. However, I forgot to fill my arrival card, which I filled while I was in the queue for my immigration.

The immigration officer asked me how much cash I was carrying of each currency. After completing the formalities, the immigration officer stamped my passport and let me in. Take a look at Brunei’s entry stamp in my passport.

Brunei entry stamp

Brunei entry stamp on my passport. Picture by Ravi Dwivedi, released under CC-BY-SA 4.0.

We exchanged Singapore dollars to get some Brunei dollars at the airport. The Brunei dollar was pegged 1:1 with the Singapore dollar, meaning 1 Singapore dollar equals 1 Brunei dollar. The exchange rate we received at the airport was the same.

Our (pre-booked) accommodation was located near Gadong mall. So, we went to the information center at the airport to ask how to get there by public transport. However, the person at the information center told us that they didn’t know the public transport routes and suggested we take a taxi instead.

We came out of the airport and came across an Indian with a mini bus. He offered to drop us at our accommodation for 10 Brunei dollars (₹630). As we were tired after a sleepless night, we didn’t negotiate and took the offer. It felt a bit weird using the minibus as our private taxi.

In around half-an-hour, we reach our accommodation. The place was more like a guest house than a hotel. In addition to the rooms, it had common space consisting of a hall, a kitchen and a balcony.

Our room in Brunei

Our room in Brunei. Picture by Ravi Dwivedi, released under CC-BY-SA 4.0

Upon reaching the place, we paid for our room in cash, which was 66.70 Singapore dollars (4200 Indian rupees) for two nights. We reached before the check-in time, so we had to wait for our room to get ready before we entered.

The room had a double bed and also a place to hang clothes. We slept for a few hours before going out at night. We went into Gadong mall and had coffee at a café named The Coffee Bean & Tea Leaf. The regular caffe latte I had here been 5.20 Brunei dollars. On another note, the snacks we got us from Kuala Lumpur covered us for the dinner.

The next day—11th of December 2024–we went to a nearby restaurant named Nadj for lunch. The owner was from Kerala. Here we ordered:

  • 1 paneer pepper masala for 5 Brunei dollars (320 rupees)
  • 1 Nasi goreng pattaya biasa for 4.50 Brunei dollars (290 rupees)
  • 1 plain naan for 1.50 Brunei dollars (100 rupees)
  • 1 butter naan for 1.80 Brunei dollars (115 rupees)

So, our lunch cost a total of 12.80 Brunei dollars (825 rupees). The naan was unusually thick, and didn’t like the taste.

After the lunch, we planned to visit Brunei’s famous Omar Ali Saifuddien Mosque. However, a minibus driver outside of Gadong Mall told us that the mosque would be closed in half-an-hour and suggested we visit the nearby Jame’ Asr Hassanil Bolkiah Mosque instead.

Jame' Asr Hassanil Bolkiah Mosque

Jame’ Asr Hassanil Bolkiah Mosque. Picture by Ravi Dwivedi, released under CC-BY-SA 4.0

He dropped us there for 1 Brunei dollar per person. The person hailed from Uttar Pradesh and told us about bus routes in Hindi. Buses routes in Brunei were confusing, so the information he gave us was valuable.

It was evening, and we had an impression that the mosque and its premises were closed. However, soon enough, we stumbled across an open gate entering the mosque complex. We walked inside for some time, took pictures and exited. Walking in Bandar Seri Begawan wasn’t pleasant, though. The pedestrian infrastructure wasn’t good.

Then we walked back to our place and bought some souvenirs. For dinner and breakfast, we bought bread, fruits and eggs from local shops as we had a kitchen to cook for ourselves.

The guest house also had a washing machine (free of charge) which we wanted to use. However, they didn’t have detergent. Therefore, we went outside to get some detergent. It was 8 o’clock, and most of the shops were closed already. Others had had detergents in large sizes, the ones you would use if you lived there. We ended up getting a small packet at a supermarket.

The next day—12th of December–we had a flight to Ho Chi Minh City in Vietnam with a long layover in Kuala Lumpur. We had breakfast in the morning and took a bus to Omar Ali Saifuddien Mosque. The mosque was in prayer session, so it was closed for Muslims. Therefore, we just took pictures from the outside and took a bus for the airport.

Omar Ali Saifuddien Mosque

Omar Ali Saifuddien Mosque. Picture by Ravi Dwivedi, released under CC-BY-SA 4.0

When the bus reached near the airport, the bus went straight rather than taking a left turn for the airport. Initially, I thought the bus would just take a turn and come back. However, the bus kept going away from the airport. Confused by this, I asked other passengers if the bus was going to the airport. The driver stopped the bus at Muara Town terminal— 20 km from the airport. At this point, everyone alighted, except for us. The driver went to a nearby restaurant to have lunch.

I felt very uncomfortable stranded in a town which was 20 km from the airport. We had a lot of time, but I was still worried about missing our flight, as I didn’t want to get stuck in Brunei. After waiting for 15 minutes, I went inside the restaurant and reminded the driver that we had a flight in a couple of hours and needed to go to the airport. He said he will leave soon.

When he was done with his lunch, he drove us to the airport. It was incredibly frustrating. On a positive note, we saw countryside of Brunei that we would have seen otherwise. The bus ride cost us 1 Brunei dollars each.

A couple of houses with trees in the background.

A shot of Brunei’s countryside. Picture by Ravi Dwivedi, released under CC-BY-SA 4.0.

That’s it for this one. Meet you in the next one. Stay tuned for the Vietnam post!

17:21

The Regicide Report [Charlie's Diary]

The Regicide Report, the last novel in the main Laundry Files series, is coming out on January 27th in the US (from Tor.com Publishing) and the UK (from Orbit).

The Regicide Report US cover
The Regicide Report UK cover

If you want to order signed hardcovers, contact Transreal Fiction in Edinburgh. (I believe Mike is currently willing to send books to the USA, but don't take my word for it: check first, and blame Donald Trump if there are customs/tariff obstacles.)

Audiobooks: there will be audio editions. The Audible one is showing a January 27th release date on Amazon.com; Hachette Digital will be issuing one in the UK but it's not showing up on Amazon.co.uk yet. (For contractual reasons they're recorded and produced by different companies.)

Ebooks and DRM: The ebook will be available the same day as the hardcover. Tor.com does not put DRM on their ebooks, but it's anybody's guess whether a given ebook store will add it. (Amazon have been particularly asshole-ish in recent years but are promising DRM-free downloads of purchases will be available from late January.) Orbit is part of Hachette, who are particularly obstreperous about requiring DRM on everything electronic, so you're out of luck if you buy the Orbit edition. (I could tell you how to unlock the DRM on purchases from the UK Kobo store, but then my publisher would be contractually obliged to assassinate me. Let's just say, it can be done.)

What next?

The Regicide Report is the last Bob/Mo/Laundry novel. It's set circa March-May 2015 in the time line; the New Management books are set circa November 2015 through May 2017, so this one slots in before Dead Lies Dreaming.

There may be a Laundry Files short story collection, and/or/maybe including a final New Management novella (it's half-written, but on "hold" since mid-2024), at some point in the future. But not this year or next. (I'm taking time off to get back in touch with space opera.)

None of the above precludes further Laundry Files novels getting written, but it's up to the publishers and market forces. If it does happen, I expect they'll be set in the 2020s in the internal chronology, by which time the Laundry itself is no more (it's been superseded by DEAT), and we may have new protagonists and a very new story line.

No, but really what's next?

I don't know for sure, but I'm currently working on the final draft of Starter Pack, my Stainless Steel Rat homage, and planning yet another rewrite of Ghost Engine, this time throwing away my current protagonists and replacing them with the ones from Starter Pack (who need another heist caper). Do not expect publication before 2027, though! I'm also awaiting eye surgery again, which slows everything down.

16:42

Link [Scripting News]

A brief podcast with the fascinating story of how XML-RPC came together in 1998.

15:49

Pluralistic: The world needs an Ireland for disenshittification (17 Jan 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


A green Irish pillarbox, standing before a verdant, rolling Irish countryside. The pillarbox is emblazoned with the poop emoji from the cover of 'Enshittification,' with angry eyebrows and a grawlix-scrawled black bar over its mouth.

The world needs an Ireland for disenshittification (permalink)

Ireland is a tax haven. In the 1970s and 1980s, life in the civil-war wracked country was hard – between poverty, scarce employment and civil unrest, the country hemorrhaged its best and brightest. As the saying went, "Ireland's top export is the Irish."

In desperation, Ireland's political class hit on a wild gambit: they would weaponize Ireland's sovereignty in service to corporate tax evasion. Companies that pretended to establish their headquarters in Ireland would be able to hoard their profits, evading their tax obligations to every other country in the world:

https://en.wikipedia.org/wiki/Ireland_as_a_tax_haven

A single country – poor, small, at the literal periphery of a continent – was able to foundationally transform the global order. Any company that has enough money to pretend to be Irish can avoid 25-35% in tax, giving it an unbeatable edge against competitors that lack the multinational's superpower of magicking all its profits into a state of untaxable grace somewhere over the Irish Sea.

The effect this had on Ireland is…mixed. The Irish state is thoroughly captured by the corporations that pretend to call Ireland home. Anything those corporations want, Ireland must deliver, lest the footloose companies up sticks and start pretending to be Cypriot, Luxembourgeois, Maltese or Dutch. This is why Europe's landmark privacy law, the GDPR, has had no effect on America's tech giants. They pretend to be Irish, and Ireland lets them get away with breaking European law. The Irish state even hires these companies' executives to regulate their erstwhile employers:

https://pluralistic.net/2025/12/01/erin-go-blagged/#big-tech-omerta

But there is no denying that Ireland has managed to turn the world's taxable trillions into its own domestic billions. The fact that Ireland is cashing out less than 1% of what it's costing everyone else is terrible for the world's tax systems and competitive markets, but it's been a massive windfall for Ireland, and has lifted the country out of its centuries of colonial poverty and privation.

There are many lessons to be learned from Ireland's experiment with regulatory arbitrage, but one is unequivocal: even a small, poor, disintegrating nation can change the world system by offering a site where you can do things that you can't do anywhere else, and if it does, that poor nation can grow wealthy and comfortable.

What's more, there are plenty of "things that you can't do anywhere else" that are very good. It's not just corporate tax evasion.

First among these things that you can't do anywhere else: it's a crime in virtually every country on earth to modify America's defective, enshittified, privacy-invading, money-stealing technology exports. That's because the US trade representative has spent the past 25 years using the threat of tariffs to bully all of America's trading partners into adopting "anti-circumvention" laws:

https://pluralistic.net/2026/01/15/how-the-light-gets-in/#theories-of-change

There is nothing good about this. The fact that local businesses can't sell you a privacy blocker, an alternative client, a diagnostic tool, a spare part, a consumable, or even software for your American-made devices leaves you defenseless before US tech's remorseless campaign of monetary and informational plunder – and it means that your economy is denied the benefits of creating and exporting these incredibly desirable, profitable products.

Incredibly, Trump deliberately blew up this multi-trillion dollar system of US commercial advantage. By chaotically imposing and rescinding and re-imposing tariffs on the world, he has neutralized the US trade rep's tariff threats. Foreign firms just can't count on exporting to America anymore, so the threat of (more) tariffs grows less intimidating by the minute:

https://pluralistic.net/2025/12/16/k-shaped-recovery/#disenshittification-nations

The time is ripe for the founding of a disenshittification nation, an Ireland for disenshittification. I have no doubt that eventually, most or all of the countries in the world will drop their anti-circumvention laws (the laws that ban the modification of US tech exports). Once one country starts making these disenshittifying tools, there'll be no way to prevent their export, since all it takes to buy one of these tools from a circumvention haven is an internet connection and a payment method.

Once everyone in your country is buying and using jailbreaking tools from abroad, there'll be no point in keeping these laws on your own books. But the first country to get there stands a chance of establishing a durable first-mover advantage – of reaping hundreds of billions selling disenshittifying products around the world. That country could be to enshittification-resistant technology what Finland was to mobile phones during the Nokia decade (and wouldn't you know it, the EU's newly minted "Tech Sovereignty" czar is a Finn!):

https://commission.europa.eu/about/organisation/college-commissioners/henna-virkkunen_en

The world has experimented with many kinds of havens over the centuries. In the early 18th century, Madagascar became a haven for British naval deserters, who were adopted into the island's matriarchal clans. Together, they founded an anarchist pirate utopia:

https://pluralistic.net/2023/01/24/zana-malata/#libertalia

The global system of trade has allowed America's tech companies to steal and hoard trillions, and to put every country at risk of being bricked when their IT systems are switched off at a single word from Trump:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

There are more than 200 countries in the world. There's also an ever-expanding cohort of brilliant international technologists whose Silicon Valley dreams have turned into a nightmare of being shot in the face by an ICE goon, or being kidnapped, separated from their families and being locked up in a Salvadoran slave-labor prison. These techies are looking for the next place to put down roots and "make a dent in the universe." Lots of countries could be that place.

The Ireland for disenshittification wouldn't just have their pick of international technologists – they'd have plenty of Americans hungering for a better life. Two-thirds of young Americans "are considering leaving the US":

https://www.newsweek.com/nearly-two-thirds-of-young-americans-are-considering-leaving-the-us-11010814

Ireland pulled off its tax-haven gambit by making influential people very rich, so that they would go to bat for Ireland. The Ireland for disenshittification will have the same chance. The new tech companies that unlock US Big Tech's trillions and turn them into their own billions (with the remainder being shared by us, tech users, in the form of lower prices and better products) will be a powerful bloc in support of this project.

Ireland showed us: it just takes one country to defect from this global prisoner's dilemma, and then everything is up for grabs.

(Image: Stuart Caie, CC BY 2.0; Sourabh.biswas003; CC BY-SA 3.0; modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrago Hollywood’s Member of Parliament makes national news https://web.archive.org/web/20060213161019/http://www.macleans.ca/topstories/politics/article.jsp?content=20060123_120006_120006

#20yrsago Skip $250/plate dinner for dirty MP, eat with copyfighters https://web.archive.org/web/20060118062522/http://www.onlinerights.ca/

#20yrago Octavia Butler’s “Fledgling”: subtle, thrilling vampire novel https://memex.craphound.com/2006/01/17/octavia-butlers-fledgling-subtle-thrilling-vampire-novel/

#10yrsago Revealed: the hidden web of big-business money backing Europe and America’s pro-TTIP “think tanks” https://thecorrespondent.com/3884/Big-business-orders-its-pro-TTIP-arguments-from-these-think-tanks/855725233704-2febf71a

#10yrsago The bizarre magnetic forest rings of northern Ontario https://www.bldgblog.com/2016/01/rings/

#10yrsago 2016 is the year of the telepathic election, and it’s not pretty http://www.antipope.org/charlie/blog-static/2016/01/some-american-political-marker.html

#10yrsago Trump Casinos lost millions every single year that Donald Trump ran it (but he’s still rich) https://memex.craphound.com/2016/01/17/trump-casinos-lost-millions-every-single-year-that-donald-trump-ran-it-but-hes-still-rich/

#10yrsago Oregon domestic terrorists now destroying public property in earnest https://www.theguardian.com/us-news/2016/jan/16/oregon-militias-behavior-increasingly-brazen-as-public-property-destroyed?CMP=edit_2221

#10yrsago Jeremy Corbyn proposes ban on dividends from companies that don’t pay living wages https://www.theguardian.com/politics/2016/jan/16/jeremy-corbyn-to-confront-big-business-over-living-wage

#10yrsago The Electable Mr Sanders https://web.archive.org/web/20160119083607/http://robertreich.org/post/137454417985

#10yrsago Suspicious, photo-taking “Middle Eastern” men were visually impaired tourists https://www.cbc.ca/news/canada/british-columbia/vancouver-mall-video-men-1.3406619

#5yrsago Fighting fiber was the right's dumbest self-own https://pluralistic.net/2021/01/17/turner-diaries-fanfic/#1a-fiber

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Memex Method," Farrar, Straus, Giroux, 2026

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1045 words today, 9348 total)

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

10:35

The sorting [Seth's Blog]

Until you look at the system.

Kevin Wilson wrote a great short story about the workers who have to sort the tiles that go into a Scrabble box. The hero is responsible for searching through the pile for the letter ‘q’. All day. On commission.

At this absurd level, it’s clear that the game isn’t made this way. They’d never produce all 26 letters, mix them up and then sort them. It pays to be thoughtful about the production process, so you simply make what you need in the first place.

But now, particularly with digital output, we’re doing it backwards. Making lots of stuff and then sorting it later. There’s very little cost to making more, and it’s getting more and more time-consuming to find what we’re looking for.

We’re replacing the magic of Google’s ability to sort through the miscellaneous with a new system based on simply making more, on demand.

Trust and attention remain the building blocks of brands and culture. We ignore this at our peril. There are no good shortcuts.

09:49

Feeds

FeedRSSLast fetchedNext fetched after
@ASmartBear XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
a bag of four grapes XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Ansible XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
Bad Science XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Black Doggerel XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
Blog - Official site of Stephen Fry XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Charlie Brooker | The Guardian XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Charlie's Diary XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
Chasing the Sunset - Comics Only XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Coding Horror XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
Cory Doctorow's craphound.com XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Cory Doctorow, Author at Boing Boing XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
Ctrl+Alt+Del Comic XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
Cyberunions XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
David Mitchell | The Guardian XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
Deeplinks XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
Diesel Sweeties webcomic by rstevens XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
Dilbert XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Dork Tower XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Economics from the Top Down XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
Edmund Finney's Quest to Find the Meaning of Life XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
EFF Action Center XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
Enspiral Tales - Medium XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
Events XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
Falkvinge on Liberty XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
Flipside XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Flipside XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
Free software jobs XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
Full Frontal Nerdity by Aaron Williams XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
General Protection Fault: Comic Updates XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
George Monbiot XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
Girl Genius XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
Groklaw XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
Grrl Power XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Hackney Anarchist Group XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Hackney Solidarity Network XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
http://blog.llvm.org/feeds/posts/default XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
http://calendar.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
http://eng.anarchoblogs.org/feed/atom/ XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
http://feed43.com/3874015735218037.xml XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
http://flatearthnews.net/flatearthnews.net/blogfeed XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
http://fulltextrssfeed.com/ XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
http://london.indymedia.org/articles.rss XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
http://planet.gridpp.ac.uk/atom.xml XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
http://shirky.com/weblog/feed/atom/ XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
http://thecommune.co.uk/feed/ XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
http://theness.com/roguesgallery/feed/ XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
http://www.baen.com/baenebooks XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
http://www.godhatesastronauts.com/feed/ XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
http://www.tinycat.co.uk/feed/ XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
https://anarchism.pageabode.com/blogs/anarcho/feed/ XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
https://broodhollow.krisstraub.comfeed/ XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
https://debian-administration.org/atom.xml XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
https://elitetheatre.org/ XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
https://feeds.feedburner.com/Starslip XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
https://feeds2.feedburner.com/GeekEtiquette?format=xml XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
https://hackbloc.org/rss.xml XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
https://kajafoglio.livejournal.com/data/atom/ XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
https://philfoglio.livejournal.com/data/atom/ XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
https://pixietrixcomix.com/eerie-cutiescomic.rss XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
https://pixietrixcomix.com/menage-a-3/comic.rss XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
https://propertyistheft.wordpress.com/feed/ XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
https://requiem.seraph-inn.com/updates.rss XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
https://studiofoglio.livejournal.com/data/atom/ XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
https://thecommandline.net/feed/ XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
https://torrentfreak.com/subscriptions/ XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
https://web.randi.org/?format=feed&type=rss XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
https://www.dcscience.net/feed/medium.co XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
https://www.DropCatch.com/domain/steampunkmagazine.com XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
https://www.DropCatch.com/domain/ubuntuweblogs.org XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
https://www.DropCatch.com/redirect/?domain=DyingAlone.net XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
https://www.freedompress.org.uk:443/news/feed/ XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
https://www.goblinscomic.com/category/comics/feed/ XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
https://www.loomio.com/blog/feed/ XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
https://x.com/statuses/user_timeline/22724360.rss XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
Humble Bundle Blog XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
I, Cringely XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
Irregular Webcomic! XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
Joel on Software XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
Judith Proctor's Journal XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
Krebs on Security XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
Lambda the Ultimate - Programming Languages Weblog XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
Looking For Group XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
LWN.net XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
Mimi and Eunice XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
Neil Gaiman's Journal XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
Nina Paley XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
O Abnormal – Scifi/Fantasy Artist XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
Oglaf! -- Comics. Often dirty. XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
Oh Joy Sex Toy XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
Order of the Stick XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
Original Fiction Archives - Reactor XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
OSnews XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
Paul Graham: Unofficial RSS Feed XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
Penny Arcade XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Penny Red XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
PHD Comics XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Phil's blog XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
Planet Debian XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
Planet GNU XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
Planet Lisp XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Pluralistic: Daily links from Cory Doctorow XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
PS238 by Aaron Williams XML 18:07, Thursday, 22 January 18:55, Thursday, 22 January
QC RSS XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
Radar XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
RevK®'s ramblings XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
Richard Stallman's Political Notes XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Scenes From A Multiverse XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
Schneier on Security XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
SCHNEWS.ORG.UK XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
Scripting News XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Seth's Blog XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
Skin Horse XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Spinnerette XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
Tales From the Riverbank XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
The Adventures of Dr. McNinja XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
The Bumpycat sat on the mat XML 18:49, Thursday, 22 January 19:29, Thursday, 22 January
The Daily WTF XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
The Monochrome Mob XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
The Non-Adventures of Wonderella XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
The Old New Thing XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
The Open Source Grid Engine Blog XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
The Stranger XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
towerhamletsalarm XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
Twokinds XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
UK Indymedia Features XML 18:35, Thursday, 22 January 19:17, Thursday, 22 January
Uploads from ne11y XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
Uploads from piasladic XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January
Use Sword on Monster XML 18:07, Thursday, 22 January 18:54, Thursday, 22 January
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 18:14, Thursday, 22 January 19:00, Thursday, 22 January
what if? XML 18:49, Thursday, 22 January 19:30, Thursday, 22 January
Whatever XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
Whitechapel Anarchist Group XML 18:14, Thursday, 22 January 19:03, Thursday, 22 January
WIL WHEATON dot NET XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
wish XML 18:14, Thursday, 22 January 18:59, Thursday, 22 January
Writing the Bright Fantastic XML 18:14, Thursday, 22 January 18:58, Thursday, 22 January
xkcd.com XML 18:14, Thursday, 22 January 18:57, Thursday, 22 January