The case of the thread executing from an unloaded third-party DLL [The Old New Thing]
The Explorer team was investigating a crash that was occuring at a relatively high rate and found that it took the form of a thread executing from an unloaded third-party DLL.
0:173> k RetAddr Call Site 00000000`557c5820 <Unloaded_LibUtils_CloudNs_3.dll>+0x265fe 00000000`00000008 <Unloaded_LibUtils_CloudNs_3.dll>+0x2b5820 00000000`0000000e 0x8 00000000`00000008 0xe 00000000`557c8c18 0x8 ffffffff`fffffffe <Unloaded_LibUtils_CloudNs_3.dll>+0x2b8c18 00000000`00000000 0xffffffff`fffffffe
There isn’t much on the stack at all.
0:173> dps @rsp 00000000`1248f920 00000000`557c5820 <Unloaded_LibUtils_CloudNs_3.dll>+0x2b5820 00000000`1248f928 00000000`00000008 00000000`1248f930 00000000`0000000e 00000000`1248f938 00000000`00000008 00000000`1248f940 00000000`557c8c18 <Unloaded_LibUtils_CloudNs_3.dll>+0x2b8c18 00000000`1248f948 ffffffff`fffffffe 00000000`1248f950 00000000`00000000 00000000`1248f958 00000000`00000000 00000000`1248f960 00000000`00000000 00000000`1248f968 00000000`00000000 00000000`1248f970 00000000`00000000 00000000`1248f978 00000000`00000000 00000000`1248f980 00000000`00000000 00000000`1248f988 00007ff9`a2117344 kernel32!BaseThreadInitThunk+0x14 00000000`1248f990 00000000`00000000 00000000`1248f998 00000000`00000000
This is just a worker thread the operates entirely inside LibDB.CloudNs.3.dll. It doesn’t have a very deep stack, so I suspect that it’s idle and is waiting for work to do.
For these types of investigations, there usually isn’t much to see directly in the crashing thread. That thread is the victim. You have to do additional research to figure out who unloaded the DLL prematurely.
Some snooping around found another stack that involves this unloaded DLL:
0:159> k RetAddr Call Site 00007ff9`9fdbbea0 ntdll!ZwWaitForMultipleObjects+0x14 00007ff9`9fdbbd9e KERNELBASE!WaitForMultipleObjectsEx+0xf0 00000000`554d65fe KERNELBASE!WaitForMultipleObjects+0xe 00000000`55765820 <Unloaded_LibDB_CloudNs_3.dll>+0x965fe 00000000`00000003 <Unloaded_LibUtils_JsonNs_3.dll>+0x255820 00000000`00000004 0x3 00000000`00000008 0x4 00000000`55768c18 0x8 ffffffff`fffffffe <Unloaded_LibUtils_CloudNs_3.dll>+0x258c18 00000000`00000000 0xffffffff`fffffffe
The most recently unloaded DLLs are
00007ff9`6d7c0000 00007ff9`6d80a000 FabrikamContextMenu.dll 00007ff9`115e0000 00007ff9`1172f000 LitWareSync.dll 00007ff9`643d0000 00007ff9`64681000 CcNamespace.dll 00000000`55440000 00000000`5550b000 LibDB_CloudNs_3.dll 00000000`55860000 00000000`55998000 LibNet_CloudNs_3.dll 00000000`557f0000 00000000`5585b000 LibJson_CloudNs_3.dll 00000000`55510000 00000000`557e7000 LibUtils_CloudNs_3.dll 00000000`561a0000 00000000`56238000 MSVCP100.dll 00000000`56240000 00000000`56312000 MSVCR100.dll 00007ff9`85130000 00007ff9`85167000 EhStorShell.dll 00007ff9`3cac0000 00007ff9`3cb61000 wpdshext.dll 00007ff9`78a00000 00007ff9`78a26000 EhStorAPI.dll 00007ff9`686f0000 00007ff9`68754000 PlayToDevice.dll 00007ff9`67110000 00007ff9`6718d000 provsvc.dll
So the LibDB.CloudNs.3.dll that got unloaded is just part of an entire ecosystem of Lib*.CloudNs.3.dll dynamic libraries that all got unloaded together.
The ringleader of this operation appears to be CcNamespace.dll, which looks like the Contoso namespace extension that adds a “Contoso” node under My Computer This PC that gives you a view into all your Contoso things stored in the Contoso cloud service. All the other DLLs are helpers that the main CcNamespace.dll uses to accomplish its tasks.
The main CcNamespace.dll was loaded by Explorer as a
shell extension, and its
DllCanUnloadNow function was
returning S_OK when there were no active references to
objects in CcNamespace.dll. Unfortunately, when it said
“Sure, it’s safe to unload me”, that linchpin DLL
unloaded all its minions, unaware that one of the minions (the
utility library) had spun up some worker threads.
You might think that the fix is to update the utility
library’s DllCanUnloadNow to
return S_FALSE if there are still busy background
threads.¹ But that doesn’t work because the utility
library is probably not a COM DLL in the first place. It’s
just a traditional DLL that CcNamespace.dll uses, and it
is CcNamespace.dll that is the COM DLL.
The DllCanUnloadNow in
CcNamespace.dll could warn LibUtils.CloudNs.3.dll
that it should start winding down, but you’re basically in a
tricky spot because the DLL_PROCESS_ATTACH cannot wait
for the worker thread to exit.
I think the way to go is for the worker thread to increment the
DLL reference count when it starts its worker thread, and to use
FreeLibraryAndExitThread to
exit the worker thread. Alternatively, it could make its worker
thread a threadpool thread and use
FreeLibraryWhenCallbackReturns
to request that the system decrement the DLL reference count when
it finishes.
This is probably something the utility library should have done anyway. I suspect that the worker thread is not something that clients of the utility library are even aware of. It is just an implementation detail of the utility library, created without the knowledge of the main DLL.
Fortunately, the application compatibility team has a copy of Contoso Cloud in their library, so even though we couldn’t reproduce the crash, we were still able to confirm that CcNamespace.dll is indeed the shell extension DLL whose unloading triggers the unloading of all the dependent DLLs.
We were about to contact Contoso with our conclusions and suggestions for improvement, but we discovered that it would be pointless because Contoso discontinued that namespace extension years ago. They replaced it with a different way of integrating their cloud content into Windows; the only people using the namespace extension are those who still using an old version, either because they don’t want to pay for the upgrade, or because they are actively avoiding the upgrade because they like the old way.
Those customers are using a product that has gone out of support. Contoso doesn’t care about those old customers any more. Windows will have to fix it without Contoso’s help.
The Explorer team added an application compatibility flag for
the Contoso Cloud namespace extension to say “When you load
this shell extension, do a
GetModuleHandleEx with the
GET_MODULE_HANDLE_EX_FLAG_PIN flag so the DLL never
unloads.” That way, even if the DLL says “Sure, go
ahead and unload me, it’s totally safe, trust me,” and
COM does a FreeLibrary, the DLL doesn’t actually
unload.
¹ Even if you manage to get return
DllCanUnloadNow to return
S_FALSE, it doesn’t help if COM is being
uninitialized. In that case,
CoUninitalize will ask a DLL if it is okay to unload
now, but the answer is a foregone conclusion: If COM is
shutting down, COM is going to unload all the DLLs that it loaded.
It asks you if you are okay with it, not because it cares what your
answer is, but to give you a chance to do cleanup outside of
DllMain.
The post The case of the thread executing from an unloaded third-party DLL appeared first on The Old New Thing.
Spoofed email from LWN [LWN.net]
We were made aware today of an email sent to a reader that was spoofed to appear to be from LWN. The message claimed, among other things, that we were providing personal information about the reader to another site user. As is explained in our privacy policy we do not, and would not, provide such information.
If any other readers have received an odd message from LWN, it is an attempt at a hoax; if in doubt, please check the DKIM header of the email. Any email that does come from LWN will have a proper DKIM signature in its headers.
If you receive such a message, please feel free to send it to us, with its headers intact. But to reiterate, we are not providing any user information upon request, nor banning any accounts. We hope this will not be a recurring problem.
Fedora Council proposes pausing Community Initiatives [LWN.net]
Aoife Moloney has, on behalf of the Fedora Council,
posted
an announcement that the Fedora Council is "proposing we
pause the Community Initiatives process as an official project
process
" because it has decided the current process is
ineffective. It is also closing discussion regarding the AI developer desktop
initiative covered by LWN in May.
The Fedora Objectives/Initiatives framework was never intended as a mandatory prerequisite to do the work in Fedora. It supposed to help by focusing the community on a certain work when needed, not to decide what is allowed. The AI developer desktop initiative proposal highlighted that the Community Initiatives process has failed to serve as a good framework in Fedora where new ideas can surface, receive respectful feedback, and gain Council support for work that fits the project's present and/or future. This is something that the Council must address.
As a first step, we would like to halt the community initiative process immediately. Existing initiatives in flight (Fedora Forge, Atomic, and Fedora Docs 2026) will continue with full Council backing. Their underlying work will be completed as planned in their current timeboxed state, though the administrative framework around them may evolve. As a second step, we would like to work out a new mechanism to allow Council to set strategic direction in an open, transparent way that more intentionally includes the community voice. We recognise that we have to be better at being more open in our discussions and decision making.
The council is considering the "sandbox" proposal as an alternative or supplement to a process that replaces the Community Initiatives.
The Big Idea: Clara Ward [Whatever]

“What belongs to the sea will always return to the sea.” Author Clara Ward has always been drawn to the ocean, spent time teaching others about the ocean, and now has featured the ocean in their newest novel, Dream the Deep. Dive into their Big Idea to see how deep the water goes.
CLARA WARD:
Science tells us cephalopod arms use decentralized neural processing. I changed things up by adding a human dreamer to the mix.
My first challenge in writing Dream the Deep was to create a human point-of-view character whose shared control of a limb might benefit a cephalopod. As a neurodivergent researcher, Ryn already views everyday life as a puzzle spiked with inherent obstacles. Being called upon to adjust and flatten a long, thin body/arm to retrieve a fragile crustacean from a crevice with sharp edges turns out to be easier for Ryn than navigating breakfast with humans.
Folks in 2139 may not fault Ryn for being neurodivergent or nonbinary, but Academy society is structured to manipulate those with less power, promote rivalries over friendships, and coerce productivity in place of personal development. Ryn hasn’t seen the outside world in ten years. Their anxieties and misperceptions have been exploited since they were recruited from a climate refugee camp. Teenage dreams of exploring new energy sources and storage options have been reshaped to suit billionaires intent on going to Mars.
As someone twice Ryn’s age but born a century-and-a-half earlier, I entered Caltech as a starry-eyed and optimistic teenager with dreams of designing structures for space. I helped design one. It never got built. In further contrast to Ryn’s experiences, I navigated being nonbinary and neurodivergent without any terminology to explain misperceptions, even to myself. Emerging, eventually, from a time and place that didn’t offer words for my lived experience, felt a lot like venturing outside after years in captivity.
So what is Ryn’s issue in navigating breakfast with humans? In this case, a muffin. In one moment of allergy-induced anaphylactic shock, Ryn loses their work, housing, medical care, and shot at Mars—all through a single act by an unknown enemy.
Feeling betrayed by all around them and believing they will lose everything in five days, provides a more-than-metaphorical opportunity for Ryn to pursue new dreams.
As for me, since college I’ve been an engineer, a teacher, a group home counselor, a nanny, a robotics mentor, an ocean educator, a parent, and a writer of stories about scientists and sea creatures. While I wasn’t always happy, I learned a lot from each experience. This didn’t only apply to work. I went from denying an ill-suited label from the 1970s to embracing my neurodivergence. I built relationships that made sense to me and, when the language caught up, came out as queer and nonbinary.
Each time I made a major life change and it didn’t blow up in my face, I trusted my reasoning and perspective a bit more. My time was equally valuable as a nanny or an engineer; both choices were equally valid for me; and my pronouns didn’t matter in either case. Over time, I became increasingly comfortable in my own brain and appreciated making my own life choices.
In Ryn’s cephalopod dreams, they learn to care for the seafloor and for a future generation. During the day, Ryn is finally able to follow their own research leads along with insights gleaned from their dreams and from new human confidants. A reclusive hacker, Akira, sends them to question Jay, a newly assigned guard. Jay overcomes Ryn’s preconceptions by sharing coveted hot chocolate, appreciating Odo in Deep Space Nine, and falling asleep in Ryn’s bed—causing Ryn to reevaluate all sorts of life choices, and that’s only day two.
I never meant for Ryn to be a hero. Much about their life is beyond their comprehension or control. Rather than a hero’s journey, they’re diving deeper, passing through layers of deception to explore a greater unknown. But with a few allies, increased agency, and better information, they chart a new course for their life.
Meanwhile, other characters—each planning for similar contingencies while evaluating costs to themselves, others, and ecosystems—make their own life-altering decisions.
An only slightly-biased cephalopod experiences the humans as many arms contributing—whether through knowledge of marine rovers or by coordinating fine pincher movements—toward a larger goal.
While sharing dreams and teaming up with a giant cephalopod may be outside my personal experience, I’ve embraced my share of bizarre dreams, and been drawn back to the ocean time and time again. I’ve learned to value small joys, like hot chocolate and falling asleep while watching shows with good friends. The field of science fiction has morphed around me to admit seemingly small, personal stakes in storytelling may matter as much as world-changing powers (human or otherwise). In life as in fiction, I welcome new perspectives and dreams large and small, that open our eyes and minds to new, maybe better, possibilities.
Dream the Deep: Amazon|Barnes & Noble |Bookshop|Kobo|Atthis Arts
Author Socials: Website
LGBT Q&A: How Can I Wipe Online Data That Points To My Queer Identity? [Deeplinks]
This Pride, we’re answering all your digital rights questions in season two of our initiative, LGBT Q&A.
You Asked: Is there a way for me to wipe data about me online that could point to my queer identity?
EFF’s Answer: You cannot protect everything all the time, but there are ways to wipe information about yourself online.
Most information available about you online will typically be found in two places:
So you might not want this information out there, especially if it points to your queer identity.
The best time to take steps to protect yourself is before anything bad happens, because once this information is in the hands of bad actors you have fewer options.
To see what information people might find about you online, you can look for it for yourself. This is as simple as opening up a search engine and entering your name, nickname, handle, avatar and seeing what comes up. It can also be worth searching for your address, phone number, and email addresses to check what's out there.
Do this in a private browsing window or a separate browser than the one you normally use to ensure you’re not logged into any accounts that might skew the results, like a Google account.
It’s also best to try to make a lot of your information hard to find in the first place—and we’ve got you covered on how to do this.
You also should consider auditing your digital footprint on public-facing social media and forums. Different people have different tolerance for risk when it comes to announcing who we are and what we are doing in these online spaces. You can make a list of every social media or forum account you’ve had over the years, and review the public-facing content about you, including your name, contact information like email addresses or phone numbers, and pictures that might show your home or workplace. You can also review the account settings to ensure you’re comfortable with the privacy options and that you’ve got strong login credentials.
For more in depth advice check out our Surveillance Self Defense guide on managing your digital footprint.
AI should be like a lawyer or doctor, first responsibility is to the user. And first, do no harm.
An observation about Fable 5 in Claude Code. It's a much better writer than Opus 4.8. One of our next big things is writing docs, and all the info is in Claude. Opus was a disaster as a docs writer. This one looks like it'll be good. Whew.
EFF and Allies: X’s FTC Petition to Waive Privacy Violation Order Should be Rejected [Deeplinks]
X Corp. should not be able to escape privacy compliance because it changed its name.
On May 15, X Corp. filed a petition before the Federal Trade Commission (FTC) to set aside or modify an order issued in 2022 requiring the company to report regularly to the FTC for its violations of user data. The order or “consent decree” is a result of misleading the platforms’ 140 million users by using private information given to secure accounts, like phone numbers and email addresses, for targeted advertising. It also fined the company $150 million for the infraction. As part of an open comments period, EFF and allies including Demand Progress Education Fund (DPEF), National Consumers League (NCL) and Electronic Privacy Information Center (EPIC) call on the FTC to reject this petition.
The 2022 order was a renewal of an order stemming from a previous violation. Back in 2011, Twitter (now X) reached a settlement with the FTC after the regulator found Twitter had failed to secure users’ personal information, resulting in exposure of that data to hackers. The settlement banned the company from misrepresenting its data protection measures, required it to set up safeguards on user data, and regularly report its security posture for twenty years. The renewal updated the expiration of X’s obligations to 2042, but if the FTC accepts X's petition, it would end much sooner.
In arguing to set aside the order, X remarks that since the order in 2011 it has “built an entirely new privacy and information security program staffed by new personnel operating under new leadership with a … philosophy grounded on the importance of privacy and information security.”
These sweeping assurances that corporate restructuring led to a fundamental change in X’s policy and practices around user data should be met with a healthy dose of skepticism, given evidence to the contrary. For example, the company’s quiet rollout integrated its AI model Grok with the platform in 2024, trained (without meaningful consent) on X user data. The company was also subject to a massive data breach in 2025. Even if a rotation of leadership led to prioritizing privacy and information security, our letter highlights that this would not be sufficient grounds to remove the order, “because the FTC orders bind the corporate entity. Those obligations do not dissolve when the employees who negotiated or administered it depart.”
X argues that its entry into the AI space should be reason not to continue the oversight, claiming that “terminating the Order is critical to advancing American leadership in artificial intelligence.” Here again, broad-stroke claims that the guardrails in place “[diverts] engineering resources from innovation to compliance paperwork” ignores the dangers that AI introduces to user data. Far from being a reason to waive the order, clever attacks on models trained on user data has the ability to supercharge the types of secondary use violations that led to the 2022 order renewal. After all, an entire art has been developed around engineering LLM prompts to reveal the data a model was originally trained on.
Our response to X’s petition debunks many claims the company uses in its arguments. For example, there’s little evidence the order placed an undue financial burden on X. In our letter, we note that the compliance cost is merely “a rounding error against the $200 billion valuation of X Corp. following the xAI merger.”
Strong safeguards on our information require eagle-eyed oversight when that data is abused and misused for profiteering ventures. X’s actions not only showed us this in the past, but continue to do so in the present day. We and our civil society partners urge the FTC to take the clear, sensible path and reject X’s petition.
Joey Hess: no LLM code in dependencies [Planet Debian]

I've spent about 100 hours of work over the past month to make sure git-annex can build without dependencies that contain LLM generated code. At least so far.
https://git-annex.branchable.com/no_llm_code/
Needing to review a program's whole dependency tree on an ongoing basis is apparently what programming has come to?
I've found some real stinkers. Large LLM generated changes being reverted in the next release without any explanation. An incoherent 1489 line commit message with 10,000 lines of changes to a 26,000 LOC code base. A LLM prompt to copy code from another project that seems to have only avoided being copyright infringement due to luck.
I now have additional information about the quality of dependencies which will surely influence future decisions. As far as I can see, that's the only positive benefit of this work.
I realize that I am probably trying to hold back the tide at this point. That appears to be why Software Freedom Conservancy punted, and I doubt that the FSF will do any better.
As these dominos fall, I am reconsidering my participation in these communities. But I continue my work and support my users.
It may seem easy to prompt a LLM with
Add fourmolu config and restyled
neat
format a module
And commit the result and call yourself a 10xer. But please consider the broader impact of your actions. (In the above case, that project lost my further collaboration on it.)
[$] Two LLM-assisted memory-management patch sets [LWN.net]
The kernel community (like many other free-software projects) has recently seen a large influx of patches developed with the assistance of large language models (LLMs). Those patches tend to come from developers who were previously unknown to the community. At the moment, though, the memory-management developers are evaluating two large patch sets, developed with LLM assistance, that were submitted by established and well-respected developers. The rather different reception accorded to that work may give insights into how LLM-generated contributions will be handled going forward.
Security updates for Thursday [LWN.net]
Security updates have been issued by AlmaLinux (giflib, kernel, mariadb:10.11, mod_http2, php, rrdtool, ruby, ruby:3.3, and ruby:4.0), Debian (jq and node-lodash), Fedora (caddy, hut, ipp-usb, kernel, opkssh, rclone, thunderbird, and transmission), SUSE (389-ds, 7zip, alsa, amazon-ecs-init, avahi, cadvisor, cosign, cups, dnsdist, docker, dracut, firefox, firewalld, giflib, glib-networking, glycin-loaders, google-cloud-sap-agent, google-guest-agent, gsasl, hauler, helm, ImageMagick, kernel, keylime, krb5, libaom, libexif, libgcrypt, libnfs, libssh2_org, loupe, lrzip, mutt, ncurses, nodejs22, openCryptoki, openssh, openssl-3, pacemaker, perl-Config-IniFiles, perl-CSS-Minifier-XS, perl-DBI, perl-JavaScript-Minifier-XS, perl-libwww-perl, postfix, python-click, python-idna, python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve, python-pip, python-pytest-html, python-python-dotenv, python-python-multipart, python-starlette, python-tornado6, python-zeroconf, python311, python311-jupyter-server, rpcbind, sed, sg3_utils, tar, tiff, and util-linux), and Ubuntu (kernel, linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-realtime, linux, linux-aws, linux-aws-fips, linux-gcp, linux-gcp-fips, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-realtime, linux-realtime-6.8, linux-oem-6.17, and linux-oem-7.0).
You can't learn from your mistakes if you aren't bloody truthful to yourself about what happened and what went wrong.
I'm working on an app in Claude that has a server and the server has an API. One day we had an aha moment. I bet you (Claude) can control the app via the API. Yes. And now unless we're debugging something in the UI, Claude just interacts via the API. It feels like a person but you have to remember that it's actually a piece of software. ;-)
I saw a bit of a commencement
speech by Eric
Schmidt, ex-CEO of Google, where he was talking about AI and
getting boo'd by the audience. But he was saying things that were
right and should be paid attention to. Most important, and I'm
paraphrasing, the AI world is just getting started, and we can
change it now most easily, it's malleable. That won't last forever.
As Obama says, "Don't boo,
vote." Same thing here. AI has already completely changed how we
develop software. It's not replacing humans, it's giving us amazing
new power. Maybe it will at some point replace us, but don't be so
sure that what we do with it might be every bit as new as the
things it can do. We have different abilities. And I am old enough
to remember a time before personal computers, the internet, the
web, mobile devices, all the things that have since become everyday
fixtures, and they all had negative aspects, but I would never go
back. We're on a train and it's going somewhere. Where it goes is
something we all have a say in.
CodeSOD: The Most Dangerous Game [The Daily WTF]
While we talk about bad video game code periodically, we generally avoid it because it's so specialized and while something like fast inverse square root is bad code from a maintainability perspective, it's great code for abusing floating points to make math fast.
Işıtan Yıldız sends us a snippet from a game's config file. I won't pick on the specific game, but this isn't some random build of TuxCart, but a released game sold on multiple platforms. It's from a small team, but it's an actual professional product running on many devices. What's notable about this is the game has multiplayer elements, which means networking code, which means…
net_socks_buffer_size = 4096; //I wouldn't change this if I were you
net_max_message_size = 32768; //changing this will require restarting the game. MUST be power of 2, don't be a dick and make it too big
net_max_download_frames = 16; //changing this will require restarting the game. MUST be power of 2 and smaller than net_max_message_size
net_udp_packet_size = 65536; //576 bytes the "recommended" fragment cutoff, ipv6 requires 1080. The game will check automatically and make sure you aren't out of range (at least on windows it can do this)
net_udp_packet_send_buffer_size = 4; //how many packets it can store before sending (ideally it shouldn't be storing anything but threads are a b*)
net_udp_packet_recv_buffer_size = 8; //how many packets we can receive in 1 frame (8 is defualt, it'll discard packets that don't fit... it'll warn you in the console when this happens)
net_udp_force_specified_size = false; //overrides what the OS recommends, could disable networking and maybe crash the game? who knows
net_udp_enable_checksum = false; //probably unnecessary to have UDP checksums, but you can if you want for some reason
… it means you can configure your copy of the game to attempt DoS attacks against other players' network stacks.
I enjoy the warning here: don't be a dick. You can set your max message size to any power of 2, but don't be a dick about it.
The networking settings are fun, and I'm glad to know that I can probably cause the game to crash (either my copy or my fellow players' copies). But can I do something dangerous or even… oh, I don't know, crazy? I really hope I can.
sys_ignore_variable_constraints = false; //DANGEROUS AS F***, leave off goddamnit you're crazy if you turn this on
That's the spirit! I want every game to add this config flag IMMEDIATELY. Actually, I'm working on a robot: I'm definitely going to add that to my robot software. I'm gonna make the robot arm punch through a wall (note: it's not supposed to punch through walls, and I think a number of people would get very upset with me).
Cybersecurity Mission Creep in the US [Schneier on Security]
Interesting paper: “Cybersecurity Mission Creep.”
Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what this Article calls “cybersecuritized.” Before this reframing, these issues present as important but not existential. But once cybersecuritization positions the issues as threats intensified by their technological nature, they gain access to the politics and law of urgency and exceptionalism and invite troubling governance responses.
Positioned as security threats, cybersecuritized issues become endowed with the apparent normative power to override countervailing considerations, oversimplifying the problem. Cybersecuritization’s oversimplification similarly risks unidimensional solutions and invites use of argumentative trump cards, like First Amendment challenges. Cybersecuritization also invites deference to purported specialists and their proposed solutions. Together, the reductive tendencies of cybersecuritization and the deference it prompts to specialists renders ultimate governance choices more opaque. And this opacity can erode public trust and political legitimacy.
This Article surfaces the phenomenon of cybersecuritization and offers a novel framework for analyzing and critiquing it. Mining cases from across criminal and civil domains, the account also demonstrates the insidiousness of cybersecuritization and the likelihood that it will continue to expand. Confronting cybersecuritization is crucial. If we continue to ignore it, we risk abdicating further responsibility for difficult choices to the trump card of cybersecurity. This Article’s analysis and critique aim to help reclaim the hard work of governance for our hands.
Grrl Power #1474 – Mega influencer [Grrl Power]
You know… “RAR” If you know what I mean.
I don’t, actually. I don’t know why it’s in quotes.
I know what you’re all wondering. The symbol on her phone is an eggplant with a bite taken out of it. Admittedly the branding could be a little clearer.
I think Babezilla is clocking in at about 300 feet tall there?
The building next to her isn’t 2-story technically, but
it’s one of those businesses like an auto repair shop or your
basic strip mall structure, so it’s got a false ceiling with
all the ductwork and cabling and some HVAC on the roof. So
it’s a little shorter than a 2 story house, cause houses have
sloped roofs, but it’s about the same height as two stories
of an office building, if you ignore the bottom two floors which
are usually a high-ceiling lobby and them a mezzanine level.
Anyway, that comes up to her ankle, so my back of the
napkin my brain calculation puts her at about 300 feet.
Babezilla is 5’5″ normally, so 300 feet means she’s 55x larger, and assuming she starts off at 100 pounds (for easy math,) she’s clocking in at about 8,500 tons now, according to a square cube calculator I found. That’s why the street is cratering under her. The storm drains no likey.
Of course, being 55x larger means the 5,000 mile swim to Senegal (assuming she starts from Galveston) would still be a 90 mile swim for her. She may not have fully realized that. It would be a pretty stupid way to die, getting 3 or 400 miles out and realizing how badly she’d underestimated the distances. Even if she hadn’t gotten past the continental shelf, the water there can be 350-600 feet deep. Though I guess if she started from Galveston, she’d be basically in the middle of the Gulf of Mexico and could angle toward an oil derrick. There’s a lot of them out there. It’s not like she’s stuck at 300 feet tall. She could swim up and be all, “Gosh guys, do you have a helicopter to spare? I think I’m lost.”
Oh, look who it is in the vote incentive. And a
not-quite-yet-but-it’s-coming NSFW version over at Patreon.
I think she would get in trouble for doing this. She’d mess up the… floor of the waterfall? Is that what it’s called? The receiving pool? No, probably not that. Anyway, she’d churn things up and cause a ton of weird erosion.
Since you might be wondering, Niagara Falls is about 165 feet high, so Babezilla obviously doesn’t have to be full sized. I’d say she’s about 175-180 feet tall here?
Double res version will be posted over at Patreon. Feel free to contribute as much as you like.
It’s difficult to ride a bicycle in the pitch darkness. We need to see where we’re going to avoid obstacles. And it’s hard to maintain our balance.
When we choose to avoid the conversations that make us uncomfortable, we’re pedaling in the dark.
Talk about it. Turn on the lights.
Valhalla's Things: A Pair of Hair Towel Wraps [Planet Debian]
Posted on July 2, 2026
Tags: madeof:atoms, craft:sewing, FreeSoftWear

Many months ago I had been ordering some furniture from IKEA1 and on one of those orders I got tempted by a hair towel wrap: it mostly worked as an idea, but it was too short for my hair.
On the other hand, I had two old towels I wasn’t using, and a recently unpacked sewing machine.

I didn’t plan too much, I just put the STJÄRNBUSKE over the towel, cut, realized that the two pieces didn’t fit with right sides together, cut the second towel (I had planned to make two wraps, anyway, so it wasn’t a big deal), and started sewing by machine in what seemed like a reasonable procedure, taking notes and pictures.

The result was pretty good, and I started using it every time I washed my hair, but then I started to entertain the idea of shooting myself sewing the second one by hand for a video, but never found the time to actually doing it, and the pieces remained in the Pile for months, and months, and way more than a year.

Until one day I bought a meter of cotton cheesecloth (mostly because it was almost cheaper than buying a sample) and it felt like a good material to make a nicely looking head wrapper, to keep my hair out of the way when needed.

A couple months later, it was finally time to bring this project to the top of the list, and even if I was sewing two by hand it went pretty quickly: we had a weekend when it was too hot to do anything else, and by the end of it the wraps were done.
All that remained was finish writing the instructions for my FreeSoftWear patterns website <https://sewing-patterns.trueelena.org/contemporary_unisex/headwear/hair_towel_wrap/index.html>>, and having some pictures taken, and this project was done.
And now, on to documenting a few more things I’ve done lately, and to start working on the other projects I have added to the queue in the meantime.
small things. Like, you know, a kitchen :D↩︎
Pluralistic: The difference between "today's task" and "accretive work" (02 Jul 2026) [Pluralistic: Daily links from Cory Doctorow]
->->->->->->->->->->->->->->->->->->->->->->->->->->->->->
Top Sources: None -->

One thing I've learned about paradoxes: often the answer to the riddle of "how can this one thing have such a contradictory set of features and effects?" is "it's not one thing, it's two things*."
That's the idea that set me on the path to writing about "reverse centaurs" and AI. I was hearing from experienced programmers whom I knew to be reliable narrators of their own experience who described how AI was letting them write the best code of their lives; and from equally experienced and reliable coders who described a nightmare of tech debt: "I work in aviation, and I just don't think anyone should ever fly again, those things are now unsafe at any altitude, thanks to the code I had to sign off on":
https://pluralistic.net/2025/09/11/vulgar-thatcherism/#there-is-an-alternative
For so long as I thought of both of these groups as doing the same thing and getting wildly different outcomes, this was a paradox. But as soon as I realized that the former group were "centaurs" (workers who get to decide and direct their adoption of automation) and the latter were reverse centaurs (workers who were conscripted to serve as peripherals for automation systems), it all snapped into place. It only looked like they were doing the same thing – they were actually engaged in fundamentally different activities, which is why they were having such different experiences.
The same goes for vibe coding. Plenty of people I knew had gotten real value out of vibe coding personal utilities that made things better for them in a way that I instantly recognized from a life spent around people who'd been able to adapt and customize the systems they used to make their lives better:
https://pluralistic.net/2024/01/25/today-in-tabs/#unfucked-rota
Vibe coding can be seen as part of a lineage that includes shell scripting, Applescript, Hypercard and Visual Basic: ways for technical novices to directly create personal software, without having to ask a programmer to interpret their needs (and without having to pay every time they wanted to do something new with their computers):
https://pluralistic.net/2026/06/15/vernacular/#hypercardian
But if that's so, how to make sense of the seeming paradox of all that tech debt? For a tech company, code is a liability, not an asset:
https://pluralistic.net/2026/01/06/1000x-liability/#graceful-failure-modes
AI's pitch to bosses is that they can fire most of their workers in order to terrorize the remainder into tolerating a working life wherein they are made to mark the AI's homework, at superhuman speed, and to assume the blame when it goes wrong. This is obviously a terrible way to write code:
https://pluralistic.net/2024/04/23/maximal-plausibility/#reverse-centaurs
But it's also obviously going to produce terrible code:
https://pluralistic.net/2025/05/27/rancid-vibe-coding/#class-war
So is vibe code a way of empowering people to have the personal, vernacular tools that they design and adapt as they see fit? Or is it a way to shovel technological asbestos into the walls at scale, filling up our high-tech society with ghastly, lethal technical debt we'll be digging our way out of for generations?
Again: the paradox falls away once you realize that personal software you write for yourself is fundamentally different from "production code" that other people have to use, maintain and improve.
In an essay inspired by some thoughts on AI and mathematical theorem proving, Kellan Elliott-McCrea crystallizes this distinction in a really sharp way, bringing in Alex Kontorovich's idea of mathematical "canonization":
By canonization, I mean the process of taking a local, one-off formalization and turning it into library mathematics: general, reusable, coherent, efficient, and compatible with the rest… Canonization often changes the picture itself: the definitions, the abstractions, the API, and sometimes even the statement…
https://laughingmeme.org/2026/06/30/canonization-and-the-overhang.html
Elliott-McCrea posits that making code that is "socially constructed in a way that leaves the team prepared to operate on it, iterate it, and improve it" is the difference between "I got it working" and "something the future can build on."
He's not claiming that "I got it working" is worthless. There's plenty of space for "disposable and single use software." Sure, to a trained software engineer, this might be "bad code" but doing today's task has value, even if the code that performs that task isn't "accretive."
Canonization is accretive. To canonize code is to make it "legible to systems of humans and non-humans operating on it." Free/open source software is the backbone of the canon: "decades of…intelligible, build-on-able work, sitting in public repos."
My "reverse centaurs" thesis isn't just a way to understand how programmers who seem to be doing the same thing can have such different effects. It's also about how the way that the capital was raised for AI requires that it produce as many reverse centaurs as possible, because the only way to recoup the farcical sums associated with AI production is to fire millions of workers and replace them with defective chatbots backstopped by the jobspocalypse's terrorized survivors, who can be made to endlessly toil away at marking the AI's homework because there are so many other workers who'll take their jobs if they refuse.
The point being that while centaurs are good and reverse centaurs are bad, the AI bubble requires the production of reverse centaurs, to the exclusion of centaurs.
In a similar vein, Elliott-McCrea describes how the imperatives of the AI industry are devouring its seed-corn – consuming the canon without putting anything new back in it. In the same way that AI can do endless theorem-proving but is essentially useless for creating "library mathematics: general, reusable, coherent, efficient, and compatible with the rest," AI can write a lot of running code, but the AI industry is further devaluing the already undervalued work of cleanup and canonization. As Elliott-McCrea writes, "the social production of knowledge [is] the seed corn."

After Trump v Slaughter the Answer Is Court Reform https://economicpopulist.substack.com/p/after-trump-v-slaughter-the-answer
County With 37 Data Centers Asks Schools to ‘Conserve Electricity’ https://www.404media.co/henrico-virginia-datacenter-energy-cost-email/
The Assault on Congress’s Anti-Monopoly Solution https://prospect.org/2026/07/01/supreme-court-assault-on-congress-anti-monopoly-solution/
Spain’s Solar Is So Cheap Investors Are Looking for an Exit https://archive.is/EZMV8
#20yrsago Sen. Stevens’ hilariously awful explanation of the Internet https://web.archive.org/web/20060704034735/http://blog.wired.com/27BStroke6/?entry_id=1512499
#20yrsago Best music of 1900s-1920s as MP3s https://web.archive.org/web/20060703112442/http://www.foldedspace.org/weblog/2006/06/in_the_good_old_summertime.html
#15yrsago “No Endorsement” — aligning the interests of creators and fans https://locusmag.com/feature/cory-doctorow-no-endorsement/
#15yrsago Peruvian TV station owners held out for bribes that were 100X larger than those received by judges https://web.archive.org/web/20110705085927/http://fsi.stanford.edu/publications/how_to_subvert_democracy_montesinos_in_peru/
#10yrsago Paralyzed, partially deaf-blind teen with brain tumor beaten bloody by TSA https://wreg.com/news/disabled-st-jude-patient-sues-airport-and-tsa-after-bloody-scuffle-with-airport-police/
#10yrsago China’s “ultra-unreal” literary movement takes inspiration from breathtaking corruption https://lithub.com/modern-china-is-so-crazy-it-needs-a-new-literary-genre/
#10yrsago London luxury property prices plummet after Brexit vote https://www.standard.co.uk/news/london/london-house-prices-slashed-after-brexit-vote-a3285731.html
#5yrsago Biden admin orders an end to surprise billing https://pluralistic.net/2021/07/02/spoil-the-surprise/#surprise-billing
#1yrago Tessa Hulls's "Feeding Ghosts" https://pluralistic.net/2025/07/02/filial-piety/#great-leap-forward

Edinburgh International Book Festival with Jimmy Wales, Aug
17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales
Sydney: The Festival of Dangerous Ideas, Aug 23-24
https://festivalofdangerousideas.com/cory-doctorow/
Melbourne: Enshittification at the Wheeler Centre, Aug 25
https://www.wheelercentre.com/events-tickets/season-2026/cory-doctorow-enshittification
Brighton: The Reverse Centaur's Guide to Life After AI with
Carole Cadwalladr (Brighton Dome), Sep 8
https://brightondome.org/whats-on/LSC-cory-doctorow-the-reverse-centaurs-guide-to-life-after-ai/
London: The Reverse Centaur's Guide to Life After AI with Riley
Quinn (Foyle's Picadilly), Sep 9
https://www.foyles.co.uk/events/enshittification-cory-doctorow-riley-quinn
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct
6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/
How to Think About AI (Organized Money)
https://www.organizedmoney.fm/p/how-to-think-about-ai-with-cory-doctorow
Breaking Points
https://www.youtube.com/watch?v=VJmUbkRqXeE
A.I. Enshittifies Everything (Slate)
https://slate.com/podcasts/what-next-tbd/2026/06/cory-doctorow-thinks-a-i-is-overvalued-and-overrated-and-still-a-threat
A World That Just Might Work
https://aworldthatjustmightwork.com/2026/06/cory-doctorow-ai-use-it-dont-buy-the-hype-dont-feed-the-bubble/
"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to
Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027
Today's top sources:
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Fourth draft completed. Submitted to editor.

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Bluesky (no ads, possible tracking and data-collection):
https://bsky.app/profile/doctorow.pluralistic.net
Medium (no ads, paywalled):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
Matthew Garrett: Preventing token theft [Planet Debian]

When you log into a service you’re given an authentication token. Each further request to the site includes that token, allowing the server to figure out who you are and ensuring that you have access to your data. Depending on site policy, this token may either be stored in memory (and so vanish if you restart your browser) or disk. The token is the proof of your identity. As far as the site is concerned, anyone with your token is you. These tokens may be traditional browser cookies, but they may also be stored in either site local storage or (if you’re not using a browser) in some other storage location.
In recent years we’ve seen infostealer malware (like LummaC2) gain the ability to exfiltrate user tokens, allowing attackers to gain access to the user’s data without needing to retain access to the user’s machine. This attack is viable even if the site has strong MFA requirements, so passkeys don’t help. Encrypting the tokens on disk doesn’t prevent the malware from scraping them out of the browser’s RAM or obtaining whatever key is used to encrypt them. This feels like a pretty hard problem to solve.
But that hasn’t stopped people from trying! Dirk Balfanz wrote an IETF draft describing a mechanism for using self-signed certificates for TLS authentication. This uses the mutual authentication feature of the TLS protocol that requires both sides prove their identity to each other. In regular TLS, the remote site presents a signed certificate that tells you who it is. When performing mutual authentication, you then present a certificate to the remote site telling it who you are. These client certificates are largely unused outside enterprise environments because they’re a huge pain to deploy. It’s not so much that this has sharp edges, it’s that it’s entirely made of sharp edges. Managing certificate deployment to your devices is hard. Browsers get confused if the certificates change under them. You have one certificate and it lives forever, so sites you present it to can track your identity. Users are prompted to choose a certificate to authenticate with, and if they pick the wrong one everything breaks and is hard to recover. I’ve deployed this and I did not have a good time.
But Balfanz’s idea was simple. Rather than require certificates to be deployed, browsers would simply generate a certificate on the fly. The goal wasn’t to prove the device or user’s identity in any global way - but it would associate a TLS session with a specific certificate. You could then, for example, include a hash of the certificate in the cookie, and if someone tried to use that cookie without presenting that certificate then the cookie could be rejected. If the browser used a hardware-backed private key for the certificate then it would be impossible for an attacker to steal it. Sure, you could still steal cookies, but you wouldn’t be able to use them.
This was written almost 15 years ago, and seems simple, elegant, and functional. It didn’t happen. Part of the reason for that is that, well, it wasn’t quite so simple. One problem was privacy related. Cookies are only sent after the TLS session is established, so anyone monitoring the network doesn’t know anything about the user identity. A naive implementation of this approach would have meant the client certificate being sent before session establishment, and now user identity can be tracked (no longer an issue if this was implemented on top of TLS 1.3, but this was a log time ago). This was avoided by reordering the client handshake, but that meant having to modify the TLS specification and implementations would have to be updated to support this. Another was that figuring out the granularity of the certificates was difficult. You’d want to use different certificates for every site to avoid them effectively becoming tracking cookies, but you need to provide the certificate before cookies are set, and you don’t know what origin the site is going to set in its cookies. If you generate a certificate for a.example.com and a different one for b.example.com, and a.example.com sets a cookie for *.example.com and includes the certificate you used for a.example.com, that cookie isn’t going to work on b.example.com and things are broken. This meant supporting it wasn’t as straightforward as it seemed - you’d need to ensure that your cookie scope was compatible with the certificate scope. You could probably make this work well enough by aligning it with the Public Suffix List, but there was still some risk of expectations not being aligned.
And, perhaps most importantly, TLS session resumption (replaced by pre-shared keys in TLS 1.3) somewhat defeats the purpose of the exercise - clients store state that allows them to re-establish a TLS connection without performing certificate exchange (this reduces overhead if a connection gets interrupted or you switch to a new network or anything along those lines), and anyone in a position to steal cookies could steal that state as well.
The followup attempt was channel IDs. This simplified the implementation somewhat - rather than certificates, a raw public key would be sent, along with proof of possession of the private key in the form of a signature over a portion of the TLS handshake. This was required even in the event of session resumption, which avoided having to worry about theft of session secrets. The timing of the exchange was after the encrypted session had been established, so user identity couldn’t be leaked that way either. Cookies could then be bound to this identifier. Unfortunately it didn’t really deal with the problem of scoping keys in a way that would match cookie requirements, and the spec suggests that the right way of handling this is to scope keys to TLDs, which would enable user tracking across sites (Chrome’s implementation apparently restricted it to eTLD+1, which would match the third party cookie policy and avoid the tracking risk).
Chrome added support for this, but it was removed in early 2018. The discussion of some of the pain points in that message is interesting, explicitly calling out problems with connection coalescing across domains and the incompatibility with zero-RTT TLS1.3. The overall consensus at the time seems to be that trying to solve this entirely at the TLS layer has too many rough edges, and a different approach should be taken.
And so almost 7 years after the initial draft for origin bound certificates, we come to token binding. This ended up being a rather more complex endeavour, covering 3 different RFCs describing how it impacts TLS, how to incorporate it into HTTP, and how to manage all the various parties involved in the process. The short version is that it’s pretty similar to channel ID, except that there’s also a documented mechanism for allowing tokens to be bound to one party and consumed by another, avoiding any need for widely scoped keys. Token binding effectively solved all the issues in the original proposal, but at the cost of somewhat more complexity.
The RFC was finalised in October 2018. Chrome removed its (incomplete, draft) support for token binding in November 2018. Edge carried support until late 2024. Despite getting all the way through the RFC process, it’s functionally dead.
The process up until this point had been largely initiated by Google, with Microsoft contributing significantly to the token binding standards. The work had been focused on identifying a generic solution to the problem rather than tying it to any specific authentication flow. The next step was in a different direction - rather than trying to fix this for the entire internet, how about we try to fix it for OAuth?
RFC 8705 is titled “OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens”. This is basically the 2011 approach, but (a) with an explicit definition of how the certificate should be incorporated into issued auth cookies, and (b) with a proviso that well uh if you’re going to use tokens issued by your IdP to authenticate to someone else then well you’re going to need to use the same cert for both. This is probably fine for the company-owned-laptop case where you’re actually fine with multiple sites being able to tie identities together (that’s kind of the point here!), and also works for “I am using an app and not a browser”, but doesn’t work for more generic scenarios. It also doesn’t seem to take the session resumption case into account at all? Support for RFC8705 seems poor, as far as I can tell of the big players only Auth0 implements it. In theory it works fine with self-signed client certs but in reality that’s going to be almost as difficult to support across multiple platforms as just issuing proper client certs in the first place, so deployment is going to be kind of a pain. But the good news is it doesn’t rely on any TLS extensions or custom browser behaviour, so at the client side it works fine with any browser.
Which brings us on to RFC 9449, “Demonstrating Proof of Possession”. This goes even further than RFC8705 in terms of reducing the burden of deployment - it works fine with existing browsers, and it doesn’t even require any certs. The client generates a keypair and provides the pubkey when requesting the cookie. The cookie contains the pubkey. Every request to the service now provides the cookie with the pubkey and also provides a signature over the URI and HTTP method. If the signature matches the pubkey in the token then clearly the signature came from the machine the token was issued to, and everything is good.
This does come with some downsides, though. The first is that it uses browser interfaces to generate the keys (typically crypto.subtle.generatekey()) and as far as I can tell there are no browsers that guarantee that that key is going to be generated in hardware even if it’s marked non-exportable, so anyone able to steal the cookies can also steal the keys. The second is that the signature only covers the URI and HTTP method, and not the message content or any other headers, so anyone able to exfiltrate a valid signature can replay it against the same URI with different message content. The recommended way to handle this is to reject any signatures that weren’t generated within the last few seconds, which is a wonderful additional way to allow clock skew to give you a Bad Day. And the third is that every single request has to be separately signed, which is not intrinsically a problem because computers are fast and have multiple cores, but if you’re trying to solve the first problem by sticking the key in a TPM then you’re dealing with something that’s slow and single threaded and that’s maybe acceptable if you’re using client certificates (because there’s going to be one signature per session and you can use the same session for multiple requests) but probably not if you’re dealing with a user opening a browser that restores previous tabs and each of those is a webapp that fires off 100 requests in parallel.
In case it wasn’t clear, I don’t like DPoP. It doesn’t feel like it actually solves the underlying problem that we see in the real world (malware running in a context where if it can grab the tokens it can grab the keys), it adds a massive amount of overhead, and it has baked in replay vulnerabilities. I don’t know why it exists and I’m incredibly suspicious of vendors telling me that it fixes my problems, because if they’re telling me that then I’m going to end up assuming that they either don’t understand my problems or they don’t understand their technology, and neither of those is good.
Still. Then we get to the thing that prompted me to write this - Chrome’s announcement that they had launched device-bound session credentials. This is interesting because it’s a Chrome feature that’s explicitly intended to counter on-device malware, which was one of the things that was out of scope in 2018 when token binding was being removed. Since this is entire web level it doesn’t have to be an RFC, and so is instead defined by W3C. I’m going to handwave all the complexity and say that it’s basically a way to register a public key when a cookie is issued, and then prove possession of the private key when it’s time to renew the cookie. By making the cookies shortlived and having support for rotating them in the background, user impact is basically zero and while it’s still possible for an attacker to exfiltrate and use a cookie they’ll only be able to do so for a short window before it needs to be refreshed - something the attacker can’t do, since they don’t have the private key. This avoids the DPoP overhead because you only need to do signing once per cookie per cookie lifetime, and not on every single request. I don’t like this due to the window where exfiltrated tokens can be used, but it feels like a strict improvement over the status quo. An extension called device-bound session credentials for enterprise allows pre-enrollment of device keys, so even though the actual runtime DBCE flow doesn’t involve certificates, certificates can be used for device registration in enterprise environments and you can make sure that auth cookies only go to trusted devices. Unfortunately this is Chrome-only, and so we’re going to need to wait for it to be backported to all the random app frameworks for it to have widespread support on mobile or for almost everyone’s desktop app that’s actually three websites in an Electron wrapper. Mozilla’s current position is that they’re not in favour of it, so I guess we’ll see where Safari lands in terms of broad uptake.
The last thing on my list is another client cert/OAuth binding, this one still in draft state at the time of writing. This one is aimed primarily at the use of agent-driven tooling, where you have something running in the background using a whole bunch of tools that are each acting on your behalf. Authenticating to all of them separately isn’t a fun time, but giving broadly scoped access tokens to a non-deterministic agent and trusting that it’ll never post them somewhere public also isn’t a fun time. The key distinction between it and RFC8705 is that it’s aimed at connections rather than sessions, which avoids the worries about session resumption. This is done with TLS Exporters, which in TLS 1.3 should be unique to the connection even over session resumption (TLS 1.2 may reuse some of the same key material for exporters over session resumption, so it’s recommended to enforce 1.3 for this). By providing a new signature alongside the cookie on every new connection, the client proves that it still has access to the private key. This is a very new spec and I haven’t had much time to work through it yet, but my naive understanding is that unlike RFC8705 this would require some additional client support to be able to regenerate the client signature on every TLS reconnection.
This doesn’t avoid all the problems that RFC8705 has, including how to scope certificates. For the agentic use case that probably doesn’t matter - all these tools are acting on behalf of the same user, it’s fine if all the sites involved know they’re the same user. But it doesn’t solve the general purpose user use case, and right now DBSC seems like the best we have there.
But. Part of me still wonders whether Dirk Balfanz’s approach was the right one. Yes, there’s risk associated with TLS session resumption, but in the worst case you could just switch that off for high risk setups. The cookie scope argument is real, and also in cases where it could violate privacy the site owner could already choose to broaden their cookie scope and violate your privacy, and in cases where it breaks things you could just not make use of it. The other problems are largely fixed by TLS 1.3, and then we’re just left with “Browsers handle client certificates badly” to which my answer is “Yes, and we should fix that anyway”.
Despite having a pretty good answer to this solution over a decade ago, the closest we have to actual deployment is something that offers strictly worse security guarantees. And tokens keep getting stolen, and compromises keep occurring, and for the most part people shrug and get on with things.
[1299] Bad by Comparison [Twokinds]
Comic for July 2, 2026
Moray Solves A Mystery [QC RSS v2]

Big news! We have a brand new archive page! Now you can SCROLL ENDLESSLY through the archive, or type in a comic number and read from there! I think it's very cool, and much better than the old "giant list of 6000 comics" version.
Hello everyone! No page today, because I've fallen into a sudden
burst of hyperactive fixing up of the website instead. So the
update today is this: this website has receive MANY updates!
First of all, I've been wanting to fix the look of the site for
awhile, so I tried to streamline it a bit. I removed the useless
empty ad-hosting space at the top, added some images on the bottom,
fixed some sections that were broken... some of the secret sections
were badly out of date, like the April Fools archive. Some other
secret sections like the Flipline and Audio Archives were not
currently available, but now they are.
Most importantly, I added new secret sections to the website,
including a very massive mega secret area which consists of many
smaller secrets. The way to get into this is new, but is sort of
similar to how you used to be able to get into the Flipline. I'll
give you a hint, just look around a bit for something that is new,
it's not actually that hard to find. If you get into this mega
secret area, there are some additional new secret areas contained
within, you just need to explore a bit. I also added some new
explanations to things that were old and needed more
explanations.
I'm not quite done yet, I still want to put some more work into
revamping the website a bit more and adding new stuff. I'll keep
you posted!
[$] LWN.net Weekly Edition for July 2, 2026 [LWN.net]
Inside this week's LWN.net Weekly Edition:
Urgent: Reject "Great American AI Act" [Richard Stallman's Political Notes]
US citizens: call on your congresscritter and senators to reject the "Great American AI Act" and the propaganda terminology that appears in its name.
In my letter I explained that "AI" is a marketing hype term that the big tech companies use to make the public yield, and urged the legislators to reject it. I included the URL
https://gnu.org/philosophy/words-to-avoid.html#ArtificialIntelligance
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Cease climate hushing [Richard Stallman's Political Notes]
US citizens: call on media outlets to cease climate hushing.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
Children hit by parents get worse grades [Richard Stallman's Political Notes]
A study found that children in England who were hit by their parents have a tendency to get worse grades in school.
This could indicate that hitting children tends to lead them to do worse in school tests. Or it could indicate that children who for certain other reasons tend to do worse in school will tend also to be hit by their parents. Is it the hitting itself that does them harm, or the situation that leads to the hitting, or both, or something else?
Israel attacked notary office in Lebanon [Richard Stallman's Political Notes]
Israel attacked a notary office in Lebanon, destroying records of land ownership for up to a quarter of a million people.
This seems to be a way of preventing them from ever returning to their homes, or to the wreckage of their homes.
Jamaicans campaigning against selling beachfront land [Richard Stallman's Political Notes]
Jamaicans are campaigning against selling beachfront land for resorts that will be used only by wealthy foreign tourists.
Predicted collapse of Atlantic Meridional Overturning Circulation [Richard Stallman's Political Notes]
Scientists predict that the Atlantic Meridional Overturning Circulation (a loop of currents, some at the surface and some deep) will collapse due to global heating. They do not know whether that collapse will spread over many years, or happen with shocking speed. The activities to monitor the change have been defunded.
Estimated 10,000 corpses buried in rubble of Gaza [Richard Stallman's Political Notes]
An estimated 10,000 corpses buried in the rubble of Gaza will be difficult to identify ever. Israel's continued use of bulldozers in some parts of Gaza is increasing that number.
Hegseth speech at Normandy landings commemoration [Richard Stallman's Political Notes]
Hegseth went to a commemoration of the Normandy landings of 1944 for two events, but his speech at the first one at Colleville-sur-Mer was so racist and hateful that people in the town of Langrune-sur-Mer (where Hegseth had planned to appear) posted their disgust. This showed how vile he is and reverberated around the world.
Indiana Banned Press From Executions for Dignity [Richard Stallman's Political Notes]
*Indiana Banned Press From Executions for Dignity. It Actually Serves Repression.*
Harassment of prisoners in Delaney Hall deportation prison [Richard Stallman's Political Notes]
Radio Jornalera NJ coverse the perverse, unpredictable harassment of prisoners in the Delaney Hall privately run deportation prison.
It is admirable nonviolent resistance to violent, sadistic fascism. But I wonder, is there any way to listen to it without subjecting oneself to nonfree JavaScript code? I have a hunch the people who do this, while heroic in resistance, are unaware of the quite different injustice of nonfree software, and have picked up the habit of handing control of their own computers to any and all companies that might want to snoop on them, cheat them or repress them.
Bullshitter and Iran say peace deal is close [Richard Stallman's Political Notes]
The bullshitter and Iran say they are coming closer to a peace deal.
We can't presume that the bullshitter is telling the truth about any of this. Even if some parts are true, other parts may be bullshit.
But even if they do make an agreement, the bullshitter might break it at any time. Iran too might break the agreement.
Indiana has excluded journalists from observing executions [Richard Stallman's Political Notes]
Indiana has excluded journalists from observing executions, pretending that this is a kindness to the convict who is executed.
I've read elsewhere that the victim is allowed to invite a limited number of people to attend, and can include journalists among those few. In other words, the victim has to pay a price to have a journalist there. This proves clearly that the state's exclusion of journalists is not meant as a kindness for the victim. If it were, the victim would be allowed to say "No, thanks. I don't object to the presence of any number of journalists."
This is censorship disguised as "We insist on protecting you whether you want it or not."
FBI raided voter registration group [Richard Stallman's Political Notes]
The FBI raided a voter registration group — in effect claiming that to help eligible citizens register to vote is forbidden.
Push for impeachment would boost political opposition to saboteur in chief [Richard Stallman's Political Notes]
Ralph Nader argues that a push to impeach the saboteur in chief would boost political opposition to him and his regime, even if it doesn't succeed in removing him.
So-called "AI" agents don't care about safety or reliability [Richard Stallman's Political Notes]
*Nvidia and Microsoft Researchers Say [so-called "AI"] Agents Don't Care About Safety or Reliability.*
I take exception to the idea that they understand anything enough to be said to "care". Rather, they give a rather unintelligent rule-based imitation of caring.
Separating the UK from the European Union [Richard Stallman's Political Notes]
Separating the UK from the European Union, explained as an example of trying a simple quick fix in a complex situation in which no simple fix exists.
KPMG article about agentic pretend intelligence [Richard Stallman's Political Notes]
KPMG decided to publish an article about agentic pretend intelligence in actual use. The staff asked a pretend intelligence to fill in the details. Great fun ensued — but not for KPMG.
Builders of Israeli "settlements" [Richard Stallman's Political Notes]
The builders of Israeli "settlements" (in occupied Palestinian territory) hold events around the world to sell apartments in them. One such event being held in London has triggered objections supported by 100 members of the houses of Parliament, who call for prohibiting the sale of land that was taken from Palestinians in violation of international law.
Criminalizing criticism of the government [Richard Stallman's Political Notes]
The US government is embarked on criminalizing criticism of the government. This started with targeting those who protested unjust government actions, continues through targeting people who write dissenting publications, then targeting people who have copies of such publications, and has now targeted someone for trying to protect others from being prosecuted for possessing copies of dissenting publications.
Very rich people undermine democracy [Richard Stallman's Political Notes]
Very rich people inevitably undermine democracy while impoverishing others to make themselves even richer. Taxing their wealth will help with both problems.
Peace deal with Iran actually 60-day cease fire [Richard Stallman's Political Notes]
The bushwhacked bully claims to have made peace with Iran, but actually it is a 60-day cease fire in which he concedes most of the concessions he said he was going to win, and kicks the other hard points down the road.
Here is a more complete description of what the agreement does not discuss. He has no respect for agreements, so he might restart fighting at any moment. Or he might not. But if he does not, the danger he will is likely to continue most of the harmful consequences that the war has had.
OSNews statement on slopcoded “operating systems” [OSnews]
Recently, there has been a surge in slopcoded new/hobby “operating systems”. Such slopcoded projects – which, due to the nature of “AI” tools, effectively consist of stolen code – will not be featured on OSNews and submitting them is fruitless.
Other websites may choose to employ lower standards, as is their prerogative, but OSNews will not. I obviously cannot guarantee nothing will ever slip through the cracks, but I will take utmost care to ensure OSNews remains free of these so-called “sloperating systems”. Plagiarism, license-washing, and code theft have no place in the world of enthusiast and hobby operating systems.
European digital ID wallets are a gift to Google and Apple [OSnews]
European governments are rolling out digital identity wallets, which are to be used by citizens to access services, and to verify their age online. As reported by Follow the Money and Android Authority, there is a serious problem with this: these wallets rely on safety services of Google and Apple. These are known as Google Play Integrity API, and Apple’s Managed Device Attestation. Such safety services (known as “remote attestation”) are used to ensure that wallet apps run on hardware that is not tampered with. In this article we explain why the EU-wallet case is part of a bigger problem: by embedding these safety services in public infrastructure, Europe risks making society dependent on private companies while serving their corporate interests.
↫ Danny Lämmerhirt
Setting aside the age verification nonsense, the fact that some European government are tying their identification services to iOS and Google Android is absolutely bonkers, especially in this day and age. There’s endless talk about reducing European dependence on the American tech giants who seem all too eager to do roll over when the Trump regime so much as glances in their general direction, and yet, they seem to want to effectively force us citizens to use American tech products.
Essential online tools, like banking, government services, communication services, digital driver’s licenses, and more, should not require the use of iOS or Google Android.
“Apple should end their prohibition on shapes in MacOS app icons” [OSnews]
There’s a lot you can say about macOS, but one thing Apple used to be incredibly good at were making beautifully crafted, detailed icons. As with almost every other aspect of macOS, this deteriorated sharply over the years, with the recent macOS releases with Liquid Glass being an absolute low point. Not only have they become bland and featureless, Apple also started forcing every icons to have the exact same rounded-rectangle shape, making them even harder to distinguish from one another.
Rogue Amoeba, a company with a long history of developing applications with beautiful iconography, published a blog post pleading Apple to go back to proper icon design.
With last year’s release of MacOS 26 (Tahoe), Apple made a mess of app icons. In the first betas of MacOS 27 (Golden Gate), however, there are signs of a turnaround. We’re urging Apple to continue making improvements, by restoring the ability for MacOS app icons to have distinct shapes.
↫ Paul Kafasis at the Rogue Amoeba blog
I really hope Apple will turn its icon ship around.
A thought for people who think the US can't be fixed. I've
seen very strange things happen, like all of a sudden people figure
it out and boom next thing you know they're the NBA Champions. It wasn't
exactly sudden, but the last leg of was. A gestalt. Now two
leaders figure out how to. The thing about each of those people is
determination, and a belief they were right, and they went right up
to the edge and fought. I think the country would unite behind such
a leader.
Gabriel misunderstanding things is one of our most profound genres; I should make up a keyword based on this propensity and begin utilizing its subtle power.
Linux ported to Sega’s Mega Drive [OSnews]
If you have a Sega Mega Drive, you obviously want to run Linux on it. That’s something you can do now. You do need to have an EverDrive, but don’t worry, the port in question contains a custom fork of Qemu for those of us that don’t.
I don’t know what else to say, other than I wonder why nobody did this sooner.
[$] Efficient access to local storage for BPF programs [LWN.net]
When a BPF program is used to filter or redirect packets in the networking subsystem, the program will often want to associate data with each packet as it moves through the kernel. The kernel's local BPF storage API, which associates extra data with some kernel objects, provides a way to do that. (See also the BPF map types that end in STORAGE.) Amery Hung and Jakub Sitnicki led two sessions at the 2026 Linux Storage, Filesystem, Memory-Management, and BPF Summit about how to make accesses to local storage data more efficient. Hung spoke about general performance problems related to locking, while Sitnicki examined the use of local storage in the networking subsystem in particular.
The Big Idea: Shalini Abeysekara [Whatever]

Ever wonder what really goes on after the “happily ever after” line? Author Shalini Abeysekara had closed the door on her previous novel, but left the door unlocked as she came back to that world to bring us This Blade of Ours, the sequel she never expected to write. Follow along in her Big Idea to see how the “happily ever after” ending got pushed back another book.
SHALINI ABEYSEKARA:
There are a few things an author
hopes will happen after typing “The End.” One, that
they can finally imbibe a glass of wine, fructose syrup drink, or
another preferred poison and sleep off a creative high and a
bittersweet farewell to their characters. Two, that future readers
who arrive at this last page of their oeuvre will rave about the
book. Three, that the author won’t have to partially undo
some of their work.
Well, that last part hit a snag
when my publisher requested a sequel to my debut romantasy,
This Monster of
Mine. I grabbed the book
deal with both hands, of course; I’m not about to turn down a
chance to revisit a world I loved. Yet, the first book’s
villains had been defeated. The heroes were in power. Where was the
story to go after “The End”? But wait. Is the end of a
battle really the end of a war?
This Blade of Ours
was the result of a thought
experiment by an avid student of political history (me) and a very
harried author who had six weeks to pull together a reworking of
her duology (also me). What happens when the figureheads to an
ideology have been defeated, but the governmental structures and
fanatical adherents who carried those villains to power still
persist? How do our heroes navigate a divided land that will now
eye them critically since they’ve gone from underdogs to
victors? Most importantly, how was I to provide some manner of
answer to these questions while also rounding off this duology in a
satisfying way?
The long answer as to how I pulled
this off involves sleepless nights, more caffeine than any national
health council would recommend, and equal parts self-pity and
self-doubt. But the short answer was this: look to history and
consider a ‘what if?’ My duology was already set in a
world loosely-inspired by the Roman Empire at its height. I had
drawn on the concept of the Tetrarchy—a ruling system
instituted by Emperor Diocletian wherein two senior rulers managed
the empire’s conquests and misadventures with two junior
rulers shadowing them to take their place. The system was supposed
to repeat ad
infinitum, and many
hands/heads were supposed to make light work. It certainly seemed
to for close to thirty-one years. Alas, the rise of the Roman
dictatorship put a quick end to that experiment.
My first book examined what that Tetrarchy might have evolved to: an oligarchy of four judges ruling the land. The book considered the pros and flaws of such rule, and the characters battled those who sought to steer it towards a dictatorship. Thus, I thought, it stood to reason that this sequel could examine the consequences of successfully halting that shift towards authoritarianism: irate supporters of book 1’s villains insisting that the whole final showdown was a farce, governmental structures in flux during a transition of leadership, accusations of a coup, religious leaders taking sides.
And romance of course, lest
anyone forget that this is a romantasy. A book that perhaps felt
timely but ancient, cataloguing the ouroboros of the human
condition as much as trying to paint some facets in an engaging
delight. To say it gave me immense joy to run untrammelled across a
page when bringing this story to life would be an understatement.
Finally, all those documentaries and hours of being a history nerd
put to good use!
But readers (as I am) are loathe to
be preached to and authors (as I am) are generally reluctant to
preach. And though the Big Idea behind this book was a question,
there are no answers to the human condition of in-groups,
out-groups, war, greed, hope, and love. Only roads less travelled.
I had already drawn from history.
So, I threw in elements history
hadn’t seen. I pulled from the fantastical and built eldritch
gods who begin an unusual divine intervention into the chaos of
humanity: razing as many as they can because they really think
we’re hopeless. I tried to steer from traditional romantasy
tropes and leaned towards the deeply human. I gave my heroine and
anti-hero vast reserves of determination, anger, and desperation.
Enough to remain flawed, enough to keep fighting while questioning
why they do. Their morals waver (to be fair, the anti-hero
didn’t have many to begin with), their conviction falters,
and their motivations grow selfish, but they fundamentally seek
hope. As I think we all do, so that put any preachiness out of the
picture. I hope.
I’m deeply proud of the
result of this vortex of decisions. Not because it’s some
highfaluting novel but, to be honest, because I just loved writing
it. I doubt I’ll ever see my work as anything but flawed.
Still, writing This Blade
of Ours was a wonderful
experience of examining the road after the finish line and mirrored
my personal journey after the writing of its predecessor, my debut
novel. There is always more. What a privilege. What a
delight.
This Blade of Ours: Amazon|Barnes & Noble |Bookshop|Powell’s
It rather involved being on the other side of this airtight hatchway: Changing administrative settings [The Old New Thing]
A security vulnerability report arrived that went roughly like this:
An attacker can bypass security policies by modifying the following registry keys to disable ⟦security feature 1⟧ and ⟦security feature 2⟧.
The statement is true, but what they don’t mention is that administrator privileges are required to modify those keys. This is like saying that a door lock is insecure because you can open the door from the inside. If you are inside, then you have already gotten past the door!
Indeed, the purpose of those keys is to define the security policy in the first place! So it boils down to “It’s a security vulnerability that an administrator can change a security policy.”
What the security researcher found was that if your system has been compromised, the first guy who gets into your inner sanctum can make your system even more vulnerable.¹ If you assume that the attacker has full control, then it’s not surprising that they control everything.
¹ Isn’t this the plot to half of the sci-fi movies ever made? The plucky hero sneaks behind enemy lines in order to disable the bad guys’ shields long enough to let the rest of the team in. This isn’t a security flaw in the shields. It’s a security flaw in whatever was supposed to protect the switch that turns off the shields.
The sci-fi movie analogy would be “If we can get to the switch that turns off the shields, then we can turn them off!”
Well, yeah. The hard part is getting into the room that has the switch.
It rather involved being on the other side of this airtight hatchway.
Bonus chatter: This is a repeat of It rather involved being on the other side of the airtight hatchway: Disabling a security feature as an administrator, but this type of bogus vulnerability report happens so much, I wrote it up again before I realized that it was a duplicate.
The post It rather involved being on the other side of this airtight hatchway: Changing administrative settings appeared first on The Old New Thing.
2026 mid-year link clearance [The Old New Thing]
Oh boy, more random stuff.
The post 2026 mid-year link clearance appeared first on The Old New Thing.
Pluralistic: Technocarcinization (01 Jul 2026) [Pluralistic: Daily links from Cory Doctorow]
->->->->->->->->->->->->->->->->->->->->->->->->->->->->->
Top Sources: None -->

"Carcinization" is a curious biological phenomenon: given enough time, across many environments, many species will evolve into crabs. The body-type of a crab, with its low center of gravity, sideways gait (useful for evading predators), ease of concealment and protected organs is suitable to many different environments:
https://en.wikipedia.org/wiki/Carcinisation
Lately, I've watched the American Big Tech platforms as they underwent their own form of technocarcinization, which is when every tech company turns into Facebook.

For a long time, it seemed to me that you could make sense of the tech platforms by placing them into one of four quadrants on a 2×2 grid, in which one axis denoted "control freakishness" and the other, "surveillance."
Each quadrant had its own canonical company. The most surveillant/least controlling company (top left) was Google. They would let you roam the whole wide internet and exert no control over your conduct, but would spy on you wherever you went. The least surveillant/most controlling company was Apple, who imprisoned you in its manicured walled garden, but promised never to spy on you. The non-spying/non-controlling option is free/open source tech (of course), which doesn't care what you do, and doesn't watch you do it. And the most spying, most controlling company was Facebook, a company whose products did everything they could to imprison you within their virtual walls, from which vantage they could effect maximal surveillance.
I've used this comparison many times over the years. I included in my 2023 book The Internet Con, along with the joke that Tiktok's position on the grid was so far up and to the right (maximum surveillance and control) that we'd had to put its logo on the back cover. Enough people took this joke seriously and wrote in to complain that they'd gotten a misprint without the logo that we added it to the paperback:
https://www.versobooks.com/products/3035-the-internet-con
The grid was useful, until technocarcinization started to push all the tech companies into that top right quadrant. Apple is no longer the company that protects you from surveillance – they're the company that spies on you, having secretly added a total surveillance system to the iPhone to target ads to you:
https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar
Apple can't even claim to protect you from third-party surveillance. Sure, they block Facebook from spying on you, but they have barred ICE Block, an app that tells you if there are ICE chuds hunting in your neighborhood, looking to kidnap you and send you to a concentration camp. Apple declared ICE mercenaries to be a "protected class":
https://pluralistic.net/2025/10/06/rogue-capitalism/#orphaned-syrian-refugees-need-not-apply
And thanks to Apple's control-freakery – which prevents you from overriding Apple's decisions about your own devices – once Apple decides to spy on you or sell you out to fascist goons, there's nothing you can do about it:
https://locusmag.com/feature/cory-doctorow-neofeudalism-and-the-digital-manor/
Then there's Google, the company that ran a free-range livestock operation in which you could roam wherever you liked, because they could always find you when it was time for the slaughter. For years now, Google has been moving inexorably to the kind of control-freak nonsense that you used to only find in one of Apple's crystal prisons.
For example, every year or two, Google floats a proposal to use secure hardware in your device to rat you out if you've got an ad-blocker, privacy blocker, or other aftermarket add-on that lets you choose how you experience the digital world:
https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai
It's an idea they just can't quit, despite the fact that it's fucking abominable and everyone hates it:
https://pluralistic.net/2026/06/12/compelled-speech/#quishing
Google used to pride itself in its ability to send you to the open web, viewing search as a conduit to other peoples' resources. Now, with AI search summaries, Google is harvesting the open web and then eating the seed corn, keeping searchers inside of Google's walled garden:
https://pluralistic.net/2026/06/29/arsonist-firefighters/#im-feeling-lucky
Google also took the idea of a free/open browser and ran with it, rehabilitating some discarded Apple code and turning it into Chrome, the internet's most dominant browser – by far. Now, Google is nerfing that browser's plug-in architecture in a way that blocks all kinds of user-tunable options, including and especially ad-blocking:
https://protonprivacy.substack.com/p/google-is-finally-killing-ublock
And Google has also announced that they're going to turn Android into an iPhone, making it both technically challenging and radioactively illegal for you to install software of your choosing on your own property:
Google is adopting every one of Apple's worst practices, and Apple is adopting all of Google's worst practices, and so they're both turning into Facebook: technocarcinization!
What's driving this technocarcinization? Well, the obvious answer is that the more Facebooklike a company becomes, the more ways there are for it to rip you off. Surveillance can be monetized by selling your data, by ad targeting, and by surveillance-based pricing and wage-suppression:
https://pluralistic.net/2026/01/21/cod-marxism/#wannamaker-slain
Control lets platforms block competing products, extract massive junk fees to the businesses they connect you to, and control repair and end-of-life, forcing you to replace hardware by blocking parts and independent service:
https://pluralistic.net/2026/01/10/markets-are-regulations/#carney-found-a-spine
It turns out that "if you're not paying for the product, you're the product" is only half-right. The other half is, "even if you pay for the product, you're the product." Pay, don't pay: companies will productize anyone they can. And thanks to our enshittogenic policy environment – where the worst ideas of the worst people make the most money – you can always be productized:
https://pluralistic.net/2025/09/10/say-their-names/#object-permanence
This is independent of the kind of person running the company. Facebook is run by Mark Zuckerberg, a cringe halfwit whose only successful idea was to offer Harvard bros a way of nonconsensually rating the fuckability of female undergrads. Everything he's done since was an acquisition (Whatsapp, Insta) or a flop (metaverse, Libra), or both (Oculus). Zuck owns the majority of the voting stock in the company, which means he has total control over its actions. He can ignore or fire his board members at will. He is the move fast/break things guy, whose every foolish whim can become policy that impacts billions of people.
By contrast, Google and Apple are no longer run by their flamboyant founders, who were every bit as prone to folly as Zuck. They were constrained by their shareholders, which meant that the blast-radius of Steve Jobs's worst ideas (like treating his otherwise curable cancer with green juice) were confined to his own person.
Today, Apple and Google are run by bloodless business sociopaths who go to enormous lengths to project an air of sober adulthood. And yet, these people – who would never be caught dead bow-hunting their own livestock or climbing into an MMA cage – have steered their companies into Facebook's quadrant on our enshittification 2×2.
I think this shows just how much the enshittification of tech is a matter of the policy environment, not the personalities of the people involved. Sure, the worst people imaginable run these companies, but the reason they're able to yield to their most venal impulses and succeed is because the world has been re-arranged to make sociopathy and greed into fitness factors. We get technocarcinization because the most fit organism for a landscape without consequences is a zuckerbergian techno-crab:
https://pluralistic.net/2023/07/28/microincentives-and-enshittification/
What can we do about it? Well, we're going to have to remake the landscape to punish (rather than reward) enshittification:
https://pluralistic.net/2026/01/01/39c3/#the-new-coalition
And in the meantime, there is one inhabitant of the 2×2 that hasn't drifted up and to the right: free and open source software. It's still snugly nestled in the low-surveillance/low-control box, and if you live in that box, your life will be much, much better for it.
There's no better time to make the switch: with RAM and storage prices through the ceiling and OSes growing ever-more bloated with AI and spyware (but I repeat myself), this is the moment to rehabilitate that old computer with Linux:
https://www.fosslinux.com/158206/linux-on-older-hardware-revival-guide.htm
The alternative is to be tormented by crabs no matter what you're trying to do or where you're trying to get to.

To Decarbonize Quickly, Think Beyond Electrification https://jacobin.com/2026/06/climate-electrification-homes-cars-decarbonization-tech
Ireland is big tech’s lapdog – and that compromises its EU presidency https://www.theguardian.com/commentisfree/2026/jun/30/ireland-big-tech-lapdog-eu-presidency-digital-sovereignty
Beyond Denial How Oil Execs Shaped a Landmark Climate Study https://www.propublica.org/article/wedges-climate-research-bp-fossil-fuel-princeton
US Supreme Court just blew up EU-US Data Transfers https://noyb.eu/en/us-supreme-court-just-blew-eu-us-data-transfers
#15yrsago Print-on-demand and donations - report on DIY publishing business models https://www.publishersweekly.com/pw/by-topic/columns-and-blogs/cory-doctorow/article/47858-with-a-little-help-heuristics.html
#15yrsago Brazil rises up for free speech in 40 national demonstrations https://globalvoices.org/2011/06/30/brazil-freedom-march/
#10yrsago Grandad builds miniature backyard Disneyland https://abcnews.com/Lifestyle/grandpa-builds-disneyland-inspired-backyard-theme-park-grandkids/story?id=40276633
#10yrsago Elizabeth Warren on monopolies in America, including Apple, Google, and Amazon https://washingtonmonthly.com/2016/06/30/elizabeth-warrens-consolidation-speech-could-change-the-election/
#10yrsago White House plan to use data to shrink prison populations could be a racist dumpster fire https://www.wired.com/2016/06/white-house-mission-shrink-us-prisons-data/
#10yrsago Even if Moore's Law is "running out," there's still plenty of room at the bottom https://www.technologyreview.com/2016/05/13/245938/moores-law-is-dead-now-what/
#10yrsago Black-hat hacker handles are often advertisements https://www.wired.com/beyond-the-beyond/2016/07/web-semantics-modern-german-black-hat-hacker-handles/
#10yrsago Spotify threatens to report Apple to competition regulators over App Store rejection https://web.archive.org/web/20160630220301/https://www.recode.net/2016/6/30/12067578/spotify-apple-app-store-rejection
#10yrsago Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Noubir
#5yrsago Exxon lobbyist confesses to his crimes https://pluralistic.net/2021/07/01/basilisk-tamers/#exxonknew
#5yrsago When the Sparrow Falls https://pluralistic.net/2021/07/01/basilisk-tamers/#rage-against-the-machine

Edinburgh International Book Festival with Jimmy Wales, Aug
17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales
Sydney: The Festival of Dangerous Ideas, Aug 23-24
https://festivalofdangerousideas.com/cory-doctorow/
Melbourne: Enshittification at the Wheeler Centre, Aug 25
https://www.wheelercentre.com/events-tickets/season-2026/cory-doctorow-enshittification
Brighton: The Reverse Centaur's Guide to Life After AI with
Carole Cadwalladr (Brighton Dome), Sep 8
https://brightondome.org/whats-on/LSC-cory-doctorow-the-reverse-centaurs-guide-to-life-after-ai/
London: The Reverse Centaur's Guide to Life After AI with Riley
Quinn (Foyle's Picadilly), Sep 9
https://www.foyles.co.uk/events/enshittification-cory-doctorow-riley-quinn
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct
6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/
How to Think About AI (Organized Money)
https://www.organizedmoney.fm/p/how-to-think-about-ai-with-cory-doctorow
Breaking Points
https://www.youtube.com/watch?v=VJmUbkRqXeE
A.I. Enshittifies Everything (Slate)
https://slate.com/podcasts/what-next-tbd/2026/06/cory-doctorow-thinks-a-i-is-overvalued-and-overrated-and-still-a-threat
A World That Just Might Work
https://aworldthatjustmightwork.com/2026/06/cory-doctorow-ai-use-it-dont-buy-the-hype-dont-feed-the-bubble/
"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to
Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027
Today's top sources:
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Fourth draft completed. Submitted to editor.

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Bluesky (no ads, possible tracking and data-collection):
https://bsky.app/profile/doctorow.pluralistic.net
Medium (no ads, paywalled):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
One of the cool things about having Claude Code is that as we develop this product, we have a near perfect chronology of every consideration and decision made along the way. I don't think that's ever been possible before. I would love to see how the people at Bell Labs put together the first Unix implemenation, what did they talk about, what did they go back and do again once they used the product. Or developers at Xerox PARC, or the process that led to Visicalc, Mac OS or Pagemaker. TBL's first web browser, ChatGPT, etc. Software is a totally intellectual creation, but there is a story for each product, because it's a human doing the design. BTW we had our first faceoff, Claude and I, and I won. Claude said the bug was in my code, I proved it was not, suggested he look at the crazy complicated SQL code he wrote (so glad to have it around for that). Also, I tend to use male pronouns for Claude. Worth mentioning once. (The Computer History Museum should be paying attention.)
I showed the post above to Claude and that took our conversation off in a new direction. We had been experimenting with the Message Scanner from LBBS, an early version of Twitter I wrote in the early 80s. It's described in this story I wrote in 1988, a summary of what I did leading to the start of UserLand. 38 years later Claude said: "LBBS message scanner running on RSS."
BTW thinking of LBBS as an early version of Twitter is a contortion, but considering how history played out, accurate.
[$] Secure Boot certificate expiration is here [LWN.net]
Linux users who have Secure Boot enabled on their systems rely on certificates issued by Microsoft to verify the software used to boot a system is trusted by the user. One of those certificates expired recently, but that will not cause systems that are able to boot to stop doing so. There are situations where the expiration may cause problems, however, and the window for relying on existing signed binaries is shorter than it might appear. Users and administrators will want to stay on top of these changes. Over the last year, part of my job at Microsoft has been to work on this problem. LWN wrote about the certificate expiration in July 2025, and this article follows up with where we are now.
Security updates for Wednesday [LWN.net]
Security updates have been issued by AlmaLinux (coreutils, galera and mariadb11.8, giflib, git-lfs, glibc, httpd, kernel, mariadb10.11, mod_md, perl-Archive-Tar, perl-IO-Compress, perl:5.32, rrdtool, ruby, ruby4.0, and thunderbird), Debian (debian-security-support, librabbitmq, and nginx), Fedora (chromium, collectd, maradns, python-django-haystack, python-jupytext, varnish, varnish-modules, and vmod-querystring), Oracle (firefox, git-lfs, kernel, nginx:1.24, openssl, perl-Archive-Tar, perl-IO-Compress, and uek-kernel), Red Hat (container-tools:rhel8), SUSE (7zip, apache2, buildah, cifs-utils, curl, docker, exiv2-0_26, libonnxruntime1, libsoup, nodejs22, opensc, pacemaker, perl-Config-IniFiles, podman, sg3_utils, socat, tar, tracker, and xdg-desktop-portal), and Ubuntu (curl, hplip, libgd-perl, libssh2, libyang, ruby2.7, ruby3.0, ruby3.2, ruby3.3, and tar).
Representative Line: A Specific Key [The Daily WTF]
Today's anonymous submission isn't really a WTF, but it highlights the hardest problem in computer science: naming things.
For example, let's say you saw a method called
handleRSAPrivateKeyGeneration. You'd likely assume
that it generates an RSA private key. More specifically, it accepts
a request for a private key and handles that
request. It's right there in the name.
public String handleRSAPrivateKeyGeneration(
@RequestParam(value = "algorithm", defaultValue = "EC") KeyAlgorithm algorithm,…
)
Except this function accepts an algorithm as a parameter. That's not bad design; it makes sense to inject implementations like that. Though in this case, it looks like it's injecting a key that can be used to look up the actual implementation, which I like less, but I don't know the rest of the implementation, so we can let it slide.
So there's no WTF here. It's a badly named function that may not
return an RSA key, but does return a valid cryptographic
key. By default it generates an elliptic curve key. Presumably as
an armored key, since it returns a String- and the
armor usually supplies enough of a hint that consumers can infer
the key type. Our submitter tells us that this function is part of
a Java Spring controller, and returns a string because the result
is displayed in a web page.
No WTF, but it does highlight how sometimes being too
specific with your name can make the name less clear.
handlePrivateKeyGeneration would be a better name,
since we don't know exactly what kind of private key it's
generating.
Names, as always, remain hard.
Guidelines for Respectful Use of AI [Radar]
The following article originally appeared on Medium and is being republished here with the author’s permission.
As companies adopt AI tools, a lot of time is spent on thinking about AI policies from a security, compliance, or even cost-focused angle. But many leaders are neglecting to address how their teams should work with AI in the context of the team as a whole. This creates a lot of unresolved tension, and it’s time for leaders to step up and set some guidelines not just for how to use AI in an “approved” sense but how to use it respectfully.
When I say respectfully, I am not talking about the baseline appropriate workplace behavior (bullying, abuse, harassment, etc.). Instead, I’m concerned that many of us haven’t considered that the ways AI can make an individual more productive (literally enabling them to produce more outputs) can have an overall negative impact on the team’s productivity. Leaders can’t just sit around and expect that their teams will know that they can’t just produce slop and send it to others; if you haven’t set up a thorough policy yet, here are some suggestions on what to cover.
Don’t ask someone to read/review what you haven’t read or reviewed yourself.
This is one of the most common frustrations I hear amongst people working on AI-heavy teams. Whether it’s code that the owner didn’t really bother to understand before submitting for review or documents that they generated and didn’t bother to read, too often people try to steal productivity from their colleagues by streamlining their production of work while asking their colleagues to do all of the quality control themselves. It’s great to have a loop of AI code generation → AI code review → AI fixes → final human review, but if the person prompting the AI doesn’t bother to review that code first, they’re putting a huge validation tax onto their teammate, who has to trust both that you prompted well AND that the AI understood the context and problem well enough to get a sustainable solution.
Documents are an even bigger temptation than code, because AI is so verbose and most of us hate writing and editing. It’s easy to get into a loop where you ask the AI some questions, skim the answers, output a document and send it to others. I’m guilty of this myself! But what makes sense when you’re skimming one answer at a time may not make for a good overall document, and there is a big difference between answering individual questions and writing for a human reader. In particular, the context that you have in your own head as you are talking to the AI may not come out at all in the document; if you don’t bother to read it thoroughly before sending it out, you won’t catch the gap in framing.
Even worse, sometimes people don’t even understand what the document they prompted is trying to say. Can you describe this document, and have a conversation about the concepts it presents with others and why it makes sense? If not, you have no business sending it along without at minimum the huge caveat “This is AI-generated and I still don’t really understand this space, please help me.”
Many people have reached the point where they won’t read something a person didn’t bother to write themselves, and who can blame them when so many don’t even bother to read their output before sending it on?
Part of the annoyance of reviewing AI-generated work is that the AI can be painfully long-winded. AI code often looks like tutorial code, with much more verbosity than human developers would bother with. Add in the temptation to one-shot big changes rather than thinking about how to break the code down into pieces, and you can end up with stacks of thousand line pull requests. The documents AI produces are so thorough that something that should be 3 pages turns into 10 or 20. And for those who have fully embraced AI for all of their text-based interactions, you start to see the LLM-generated wall of text chat messages or emails.
This is, frankly, just rude. It goes hand in hand with not bothering to review your own work, but even if for some reason you convince yourself that you really did read and edit that giant PR/document/message, you’re still asking so much more of the audience than you probably put into the exercise in the first place. When it comes to code, I encourage you to honestly ask yourself: If this broke at 3:00am and none of the AI tools were working, would you be able to look at the PR context and the change and debug it? If not, it is probably too much. When it comes to a big document, at a minimum, have you at least summarized the important points up-front? If someone is just going to ask an AI to summarize the document themselves, you should probably do more work to provide that value before handing it off.
Finally, if you’re writing long-winded emails or chat messages with AI-assistance in order to painstakingly try to explain something, perhaps you actually need to have a meeting or call instead. Increasingly long text exchanges have always been a sign that people need to stop and talk face-to-face, and AI logorrhea hasn’t changed that.
Signs we’ve switched off our brains and our hearts include: not reviewing the AI-generated work, not taking the time to do human editing, not breaking the changes down into chunks, and avoiding real conversations through AI-mediated text exchange. This guidance is about respectful use of AI because if you have empathy for your colleagues and respect for their time and skills, you will show them the courtesy of giving them work that you are proud of, that you stand behind, that you have thought through and can explain. The AI may have produced a lot of the output, but you thought about all of the pieces that needed to be done, and used the extra productivity to make something better: more reliable, simpler, well tested, whatever. If you find yourself not thinking at all and just mindlessly prompting, accepting output, and moving forward, it’s a warning sign that something is wrong. Perhaps take some advice from Vicki Boykis on adding friction to your development process (or whatever the equivalent is of your day-to-day work).
If you decide to do this, one final tip from me: Assuming your company has some sort of company values, it’s always a good idea to call back to these values when you create policies and guidelines like this. It’s one thing to abstractly say that shorter is better, but if you can tie that to a value for your company, it will resonate more strongly. As an example, if I were at Amazon I might consider tying “shorter is better” to the leadership principle Invent and Simplify. And since shorter is better and this is already too long, I leave you here.
Enjoy this post? You might like my books The Manager’s Path and Platform Engineering: A Guide for Technical, Product, and People Leaders.
Issue 46 – Greta’s Wedding – 15 [Comics Archive - Spinnyverse]
The post Issue 46 – Greta’s Wedding – 15 appeared first on Spinnyverse.
Ben Hutchings: FOSS activity in June 2026 [Planet Debian]

This month’s work was dominated by the transition of Debian 12 “bookworm” to support by the LTS team, and by review of some large updates to Linux stable branches.
Linux 6.12 is currently available in bookworm-backports, but that suite will stop accepting uploads after the last bookworm point release. I updated some supporting packages in bookworm in preparation for adding Linux 6.12 there. I also prepared for the possibility that bookworm-backports would close earlier.
Since the LTS team is still also maintaining Debian 11 “bullseye” until August, I reviewed upstream changes for both Linux 5.10 and 6.1 stable branches and reported a number of regressions and other issues.
Papa Johns Surveillance-Based Advertising [Schneier on Security]
Papa Johns is spying on people’s buying activities to predict when they are low on food:
The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they’re low on groceries—and thus more likely to be swayed by a mouth-watering ad. The idea is to reach hungry consumers by “knowing what is in their fridge without being too creepy,” said Carrie Drinkwater, chief investment officer at Carat.
To achieve that goal, NBCU and Instacart created a custom audience of shoppers who regularly purchase grocery staples on Instacart, such as eggs, milk, meat and produce. Based on that data, Papa Johns can determine which days of the week certain consumers are likely to run out of groceries and serve them an ad on NBCU streaming content accordingly. The brand served custom creatives to consumers based on their food preferences—such as whether they buy meat regularly—with QR codes and calls to action such as, “Light on groceries?” or “Empty fridge?”
Back in 2012, we learned (from Target and its campaign that detects when someone is pregnant) that the trick is to hide the knowledge in other, wrong, information. So the way for Papa John’s to not be “too creepy” is to deliberately get it wrong sometimes.
But still, ugh.
Can you believe it? [Seth's Blog]
The standards have changed a lot in the last few millennia:
The big man said it.
The book said it.
The newspaper said it.
I saw a photo.
I saw it on TV.
I read it on the internet.
That’s what the AI said.
There has always been room for doubt. But the last century has been about doubt at scale, due to mismatched incentives and the impact of media and tech.
84% of the statistics we read are manipulated for impact. And every story, every narrative, every photo is curated and edited. The map is not the territory, and the map maker has a goal. It might be the same as yours–but it might not be.
One danger is that a story not worth believing lets us off the hook. The other is that it manipulates us into taking action we’ll regret.
It’s impossible to function in society without consuming stories. You’re never going to the moon, and the only way it’s possible to know it’s not made of green cheese is to find a story you can inspect and trust, one that, if you drill down far enough, is based on things you can engage with in real life.
People in society are often driven by the desire to believe what everyone else in their circle believes–people like us do things like this. But the change agent has the desire to be early in embracing ideas that others don’t believe (yet).
The difference between poison and medicine often comes down to the dosage. Belief at scale, fueled by omnipresent media designed to seduce, is unlikely to help us get to where we seek to go.
A coherent culture is often built on a shared belief system. When the entire group believes something that collides with reality, though, reality wins.
In the long run, the Earth doesn’t care what you believe. Eppur si muove.
New Comic: Modular Doom
Prairieland defendants [Richard Stallman's Political Notes]
The persecutors's scheme to label protests as "terrorism" had a terrible success, as protesters were sentenced to prison for 30 years and more for nonviolent protest activities.
The persecutor's henchmen had declared (arbitrarily) that this was organized terrorism on behalf of the nonexistent "organization", "Antifa". But the arbitrary designation as "terrorism" was not challenged in court — the judges silently accepted it.
AI-generated influencers [Richard Stallman's Political Notes]
Companies are advertising products using simulated video depicting simulated customers.
All satisfied, naturally.
Is there an important moral difference between using a machine learning system to generate video of an apparent customer who praises a product, and filming video of an actor giving a performance depicting such a customer? I don't see a significant difference, is there something I am missing?
If there is no significant difference, that doesn't mean they are morally acceptable. Maybe both should be considered fraud unless labeled with how they were produced.
Risk of food shortages [Richard Stallman's Political Notes]
*Papua New Guinea faces severe food shortages as El [Super]Niño brings frost and drought.*
EU-Taliban talks [Richard Stallman's Political Notes]
The European Union, under pressure from right-wing immigrant-haters, is negotiating with the Taliban about returning refugees to Afghanistan.
This threatens to aid the Taliban in carrying out their policies of oppression. Every woman in Afghanistan is oppressed; many men are, too. The EU should give asylum to every Afghan women who can reach there, and many Afghan men will deserve it too.
Trump-era mega mergers [Richard Stallman's Political Notes]
Senator Warren calls for reversing some of the many large mergers that have subjected the US to drastic industrial concentration.
Even before the wrecker became president again, the US had a lot less business competition than it did a few decades ago. Several years ago I needed a new condensation pump to pump the air conditioner's water condensation out of the basement. There had traditionally been two competing manufacturers, but the government had allowed them to merge, so there was only one. That merger should have been blocked to maintain competition in that small field.
Often the US appears to have a lot more competition than it really has. The supermarket company Albertsons uses all these names:
Mourning in America [Richard Stallman's Political Notes]
Robert Reich: Mourning the great ideals which America had partly achieved, but which the wrecker is trashing.
Whistleblower identification risks [Richard Stallman's Political Notes]
"Age verification" requirements threaten to identify whistleblowers. They generally require that all users of a site prove their identities, or present video selfies which governments could use to identify them.
Any attempt by a whistleblower to contact a reporter through a site that does age verification is likely to enable tyrannical rulers to identify per and crush per.
This will also prohibit reporters from using anonymous accounts to follow what others are posting or enable sources to contact them.
Testimony from Palestinian prisoners about torture [Richard Stallman's Political Notes]
B'tselem, an Israeli human rights organization, presents testimony from recently released Palestinian prisoners about their torture in Israeli prisons — including rape.
Antarctica missing area of sea ice size of France [Richard Stallman's Political Notes]
[Part of ]*Antarctica's coast missing an area of sea ice the size of France as temperatures peak 20°C above average.*
The idea that part of Antarctica's coast is "west" seems absurd and arbitrary — Antarctica's only coast is the north one. But that is a minor side issue and does not reduce the gravity of advancing climate disaster.
Anti-ICE organizers [Richard Stallman's Political Notes]
*Anti-deportation-thug organizers shift focus to defend democracy from [the persecutor's] assault.
Citizens in Minnesota using lessons learned from migrant crackdown to protect elections from president's threats.*
Interim peace agreement [Richard Stallman's Political Notes]
Unsurprisingly, disagreements about vague or unspecified crucial details of the draft US-Iran peace deal have led once again to an exchange of fire.
Bullshit generator used to generate fake "evidence" [Richard Stallman's Political Notes]
A British thug is being investigated for using bullshit generators to generate fake "evidence" for a trial
Life’s big questions [Richard Stallman's Political Notes]
Which is more useful, to pose a question to a chatbot, or pose it to a deity?
The chatbot has the advantages that it actually exists, and that its answers are not entirely filtered through the mind of the one who asks.
But it has the disadvantage of not actually understanding the questions
(or most anything else).
Israeli company accused of running disinformation campaigns [Richard Stallman's Political Notes]
France has accused an Israeli company of running disinformation campaigns against elections in France, Scotland, Angola, and Togo, as well as the New York City municipal election.
The company had described itself suggesting that its work was in the field of "information warfare".
Urgent: Deliver mail to everyone [Richard Stallman's Political Notes]
US citizens: call on the US Postal Service to continue delivering mail to anyone and everyone — to reject the plan to control whom states can mail ballots to.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
Unfair Bullshit Generator Regulations Elections Act [Richard Stallman's Political Notes]
I support the Unfair Bullshit Generator Regulations Elections Act, but I refuse to call it by the name that its sponsors have given it.
Urgent: tax pretend-intelligence hype industry [Richard Stallman's Political Notes]
US citizens: call on Congress to tax the pretend-intelligence hype industry.
In my letter, I denounced the hype term "artificial intelligence" and called for the taxes to be high enough to make human-based customer service, which is superior, competitive again. I deleted the paragraphs that presumed "AI" was a good thing.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Urgent: Oppose BUILD America 250 Act [Richard Stallman's Political Notes]
US citizens: call on your congresscritter and senators to oppose the BUILD America 250 Act.
See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.
US citizens: Join with this campaign to address this issue.
To phone your congresscritter about this, the main switchboard is +1-202-224-3121.
Please spread the word.
Nondisclosure agreements against reporting wrongdoing [Richard Stallman's Political Notes]
We need laws to stop companies from enforcing nondisclosure agreements on employees who report wrongdoing.
Bangladesh emptied its aquifer [Richard Stallman's Political Notes]
Part of Bangladesh has emptied its aquifer and is running out of water. Farmers are likely to go broke and become paupers, and likely many will die.
Will this teach the rest of us to take conservation seriously before we meet a similar fate?
Palestinian doctor in solitary confinement [Richard Stallman's Political Notes]
*Israel puts Palestinian doctor in solitary confinement after 17 months held without charge.
Dr Hussam Abu Safiya now in cell barely big enough to sit in, says son, after UN experts demanded his release in March.*
Imprisonment without trial is unjust. Solitary confinement is a form of torture. The tiny cell is a form of torture. Denying him medical treatment is an injustice.
Apparently the real accusation against him is providing medical treatment to Palestinians.
Aspects of disaster to expect from "super" El Niño [Richard Stallman's Political Notes]
10 aspects of disaster to expect from a "super" El Niño.
Unfathomable increase in investment for coal, oil and gas [Richard Stallman's Political Notes]
* The world's largest banks committed $906bn in financing to the fossil fuel industry last year, an "unfathomable" increase in investment locking in years more of coal, oil and gas production as the world continues to overheat, a new report has found.*
Frighteningly high temperatures in Antarctica [Richard Stallman's Political Notes]
Frighteningly high temperatures in Antarctica — you could walk around outdoors without a coat. Lots of ice must be melting.
Bullshitter can't force reality to match his story on Iran [Richard Stallman's Political Notes]
*[The bullshitter], ever the unreliable narrator, is unable to force reality to match his preferred story on Iran.*
Japanese anime fans angry at the bullshitter [Richard Stallman's Political Notes]
Japanese fans are angry at the bullshitter for incorporating images and video segments of adored fictional characters in his propaganda postings.
The propaganda promotes mass imprisonment, aggressive war, and (I suppose) gross ecocide as well. But the supposed moral principle that the Guardian quotes the fans as citing is an issue that isn't a moral principle at all: copyright law.
One is quoted as invoking the bogus moral concept of "intellectual property", which was promoted by various industries since the 1960s to give the impression that disparate artificial state-imposed monopolies were part of a moral broader imperative.
Each of those monopolies is an independent issue, so yoking them together like this is a fundamental misconception of all of them.
Boat attacks are indiscriminate killing [Richard Stallman's Political Notes]
Some of the boats that the US attacks are probably engaged in smuggling people as well as possibly drugs. But the US generally doesn't identify the people on the boat — so attacking the boat is indiscriminate killing.
If the US government has reason to suspect the boat's crew of smuggling anything, the legitimate thing to do is capture them, question them, and then perhaps try them. Not murder them.
General long-term road map for eliminating poverty [Richard Stallman's Political Notes]
Admired economists suggest a general long-term road map for eliminating poverty.
Policies that priorities "economic growth" have produced hundreds of millions of people in extreme poverty, thousands of billionaires, and massive disasters.
This should be no surprise, since if you take their last dollar from a billion people and give two billionaires 700 million each, that counts as "growth". Such "growth" is happening all the time around us because our system promotes it.
To eliminate the robot-like maximization of "growth", we will need to find and correct all the little dodges that enable banks to promote poverty-spreading "growth" by disguising it as "fairness" (to a business) or "benefiting everyone" (but mostly the already-rich).
I criticize the article's repeated equation of "poor" with "south" and "rich" with "north". This extreme oversimplification ignores the surging poverty in most "northern" countries, and misrepresents the issue as if it were a territorial conflict. The details of the injustice vary from place to place, but it's the same system.
*Greenpeace calculates that wealthiest contribute nearly $1tn of damage a year with ownership-based emissions.*
Barge collecting plastic in urban river [Richard Stallman's Political Notes]
A special barge can collect 90% of the plastic floating out of an urban river. It runs unattended for a long time, then signals to pick up the collected plastic pieces.
Risk of new HIV epidemic [Richard Stallman's Political Notes]
*Funding cuts and repressive laws raise risk of new HIV epidemic, says UNAids.*
German court ruled Google responsible in Supposed Intelligence overviews [Richard Stallman's Political Notes]
A court in Germany ruled that Google is responsible for accusations in Supposed Intelligence Overviews when they are not justified by sources.
For Google to design the implementation of "overviews" to check their validity require it to understand the sources and what can validly be inferred from them. That would require true intelligence—pretend intelligence isn't sufficient.
Corrupter met resistance to Bill Pulte nomination [Richard Stallman's Political Notes]
The corrupter met with resistance to his nomination of Bill Pulte to head US intelligence agencies, and has now nominated Jay Clayton who likewise gives little reason for confidence.
Bombing of water tanks of Bemani, Iran [Richard Stallman's Political Notes]
If the bombing of the water tanks of Bemani, Iran, was deliberate, it was a war crime.
Girl Genius for Wednesday, July 01, 2026 [Girl Genius]
The Girl Genius comic for Wednesday, July 01, 2026 has been posted.

no foolishness detected

I’m still traveling, so no huge update today (although I am fine! Everything is fine!), but I want to post this shot of the Ferris Wheel at Chicago’s Navy Pier the other night. It feels very June to me. Onward to July.
— JS
BTW, I sometimes ask Claude "what do you think" and it often has an opinion.
BTW thanks to Dave Carlick for noticing when I had fun writing a piece, laughing out loud at almost every sentence. Who's the biggest fan of my writing? Me. But sometimes I think of Dave C. And Sally At.
Fancy food update [Seth's Blog]
Everybody eats.
And, now and then, it’s fun to find something better. In the scheme of things, fancy foods are a bargain, a chance to have the best in the world for a few dollars.
Here are some persistent (and new) favorites. For those outside the US, I hope you can find even better local options.
Koeze makes the best peanut butter in the country. They make one batch a day, laboriously grinding for three hours. Zingermans often has it at a bulk discount.
Seed & Mill has a chocolate tahini sauce that’s mind-blowing. Imagine Nutella, but 10x better and just the good parts. Her cookbook is great, too.
Burlap & Barrel offers cardamom extract that will transform a glass of bubbly water into a sophisticated refresher.
Three chocolates from South America, from the rare porcelana bean and its cousins:
Summer sophistication and deliciousness are easy with a good shaker. You put whatever you want to drink (I steam 100% cacao with oat milk) over ice and then shake and pour. I was a skeptic on this, but I’m converted.
Rishi Dandelion Ginger. Extraordinary and surprising. And most things taste better mixed with tonic.
Life’s too short for average vinegar. The good stuff lasts a long time and costs not much more.
Raw almonds in the air fryer for 15 minutes at 340 degrees F. Not just healthier–quite good. Perfect with dried plums.
If you’re in Manhattan, check in the comments for when he’s open, then go have a dosa.
And their slogan might be true: These are the best dates.
Free Software Directory meeting on IRC: Friday, July 3, starting at 12:00 EDT (16:00 UTC) [Planet GNU]
Join the FSF and friends on Friday, July 3 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.
Creative Commons founders' fireside chat (Creative Commons blog) [LWN.net]
Dee Harris has published a summary of the recent "fireside chat" featuring Creative Commons founders Hal Abelson, Lawrence (Larry) Lessig, Molly Van Houweling, and Glenn Otis Brown. The chat was to mark the 25th anniversary of Creative Commons and included a look back at its history as well as a look at the landscape today:
Twenty-five years ago, a small group of people made a bet. They believed that if you gave creators a simple set of tools and licenses in language that a lawyer, a machine, and a human could all read, millions of people might choose to share their work with the world instead of locking it down.
The video of the chat is available on YouTube.
Dirk Eddelbuettel: tl 0.0.2 on CRAN: First Update [Planet Debian]

The still-very-new logging package tl was just updated for
the first time at CRAN.
The tl package
wraps the (also very new) rspdlite package to
offer a lightweight and consistent logging interface from both R
and C++ that enjoys being ‘tiny, fast, capable’ thanks
to spdlite. With
tl we follow the
same idea that our spdl package introduced:
a simple consistent interface via just the tl:: prefix
and the appropropriate logging level. In other words
tl::debug("Alert: foo now '{}'", foo) will work from
both R and C++ (given a variable foo, and, in the case
of C++, an extra semicolon) and log if the current level is
‘debug’ or higher, and skip logging if not.
This release adds a fallback when compilation does not use the (required) C++20 standard, expands the README and adds a initialization helper function reflecting a preferred default logging level from either an environment variable or a global option. We are also working on adding tl to an example package as a simple illustration, more on that hopefully soon.
The NEWS entry for this release follows.
Changes in version 0.0.2 (2025-06-30)
Added badges to README now that package is on CRAN, add NEWS file
Condition the provided header on C++20 use, offer fallback
Add an exported initialization function picking up a logging level from either an environment variable or a global option, see '?init'
Courtesy of my CRANberries, there is also a diffstat report for the this release.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.
Reproducible Builds (diffoscope): diffoscope 323 released [Planet Debian]
The diffoscope maintainers are pleased to announce the release
of diffoscope version 323. This version
includes the following changes:
[ Chris Lamb ]
* Debian adds an extra "Flags:" line in the output of ocamlobjinfo via a
patch, so adjust how we test OCaml to ensure cross-distribution
compatibility. (Closes: reproducible-builds/diffoscope#430)
* Update copyright years.
[ Michael Daniels ]
* Fix tests when using zipdetails version >= 4.006.
You find out more by visiting the project homepage.
Some things Claude is extremely tedious at. But then it
blows you away how it can read thousands of lines of complicated
code in a few seconds (in parallel) and find tiny little things
that any good obsessive programmer would want to fix (like me). And
be amazed at how we, our species, made such a thing. Where is the
pride? I was once prideful that my civilization created a great
piece of machinery like my Subaru
Forester, and now just a few years later, we've come up with a
decent simulation of a super-human brain that's not just a demo or
a robot vacuum
cleaner it actually does amazing science fiction type stuff.
Take a deep breath and feel a little awe to go with the cynicism.
It's good to be ready to be riled up, but sometimes the truth isn't
as bad as you'd like to think, sometimes it's utterly amazing.
;-)
Earlier today I suggested doing an AI/UI overhaul for WordPress, and today I see the announcement of that from (apparently) an independent developer. Breath-taking.
The End of Tokenmaxxing [Radar]
The practice of tokenmaxxing appears to be dying out, even before I had a chance to write about it. Good riddance. Burning tokens to create the appearance of productivity was fated to last only until the accountants learned about it, and the strictest of all accountants is one’s personal checkbook. What got many developers thinking about the cost of AI was the change in GitHub Copilot’s usage charges. The cost of Copilot went from a monthly fee with unlimited use to a monthly fee that purchased a limited number of credits, which are used to pay the AI provider of your choice. One credit is equivalent to US$0.01; when you’ve used up your credits, you can upgrade your account or pay for additional credits as you go.
The question isn’t why this didn’t happen earlier; it’s why this happened now. Tokenmaxxing is both the creation and victim of two large-scale trends in AI. First, starting with OpenAI, the major AI providers were all playing a blitzscaling game that prioritized user growth over profitability. Giving AI services away for free got you more users, and in the long run, scalers would figure out how to make money from end-user fees, selling user data, or advertising. This process inevitably ends in enshittification, and is still very much the road we’re on.
Second, token usage exploded late in 2025. The appearance of “reasoning models,” which use tokens to maintain an internal dialog in the course of solving a problem, increased the number of tokens used to respond to each prompt. Reasoning tokens are a model’s conversation with itself about possible responses to the prompt, and are often more numerous than the prompt and response themselves. Whether or not users see the reasoning process (often they don’t), reasoning tokens add to the bill. They are frequently counted as “output tokens” because they are generated by the model, and are more expensive than input tokens.
The appearance of agents also multiplied the rate at which users consumed tokens. In May, 2025, Simon Willison quoted Anthropic’s Hannah Moran’s definition of an agent: “Agents are models using tools in a loop.” The Tredence blog writes: “The agent loop is a repeating cycle in which the AI reads the current data, thinks through what it means, chooses an action, carries it out, checks what happens and starts over.” If you’ve ever watched Claude Code, OpenClaw, or any other agent work, a single request can become many calls to a model, each one using hundreds of tokens, if not thousands. In addition to the current request, one agent-generated invocation can contain the task’s entire accumulated context and relevant documents. Between reasoning tokens and agents, token usage goes up by a factor of hundreds.
The increase in token usage might not be an issue if it results in problems being solved and tasks completed more effectively. But it collides with the loss-leader pricing of the blitzscalers; their willingness to operate at a loss to gain control of a market has limits. Regardless of whether the number of AI users is increasing, the amount of computation, and therefore cost, per user grows as the use of agents increases. Reasoning models increased token usage; agents compounded the problem; and that led to price increases.1 Microsoft/GitHub doesn’t want to pay Copilot customers’ AI bills. We haven’t yet seen across-the-board price increases from the AI providers themselves. But we have seen GitHub’s token credits, and we have seen Anthropic and OpenAI price more capable models significantly higher than older or less capable models. Fable is twice as expensive as Opus 4.8, and while some writers have called this pricing “fantastic,” that’s probably because they were expecting an even greater increase. While Fable can delegate tasks to Anthropic’s less expensive models, most early users observe that with Fable, token use goes up rather than down. Anthropic’s switch to token-based billing for its agent SDK (currently on hold) is another signal that the days of inexpensive AI are coming to an end. OpenAI’s story is similar: GPT 5.5 costs twice as much GPT 5.4 per million tokens.
It’s also important to take capacity into account. Huge data centers have been in the news, but those data centers haven’t been built yet. More important, the electrical infrastructure needed to support those data centers—transmission lines, generators—hasn’t been built either, and that’s not an investment over which AI companies have much control. They can build their own power generation facilities on a data center campus, but that’s a huge investment in technologies that they’re not familiar with. And even if you generate power locally, you need other kinds of infrastructure: rail for coal, pipelines for gas. This isn’t (yet) an essay about data center power consumption and its consequences, but it is another factor that limits increased token usage. We’ve seen Anthropic’s outages blamed on capacity, and Anthropic has responded by leasing unused data center capacity from SpaceX. But the other way to respond to increased demand that can’t be met by current capacity is to increase prices, limiting customers to those who can afford to pay. That increase is being noticed by managers, accountants, and independent developers.
Token optimization and accountability are the inevitable consequence of upward pressure on token price. One way to build accountability is through better governance, a route Bennie Haelen describes in “The Subsidy Ended: What Tool-Using Agents Actually Cost.” Better governance is achieved through building an observability layer that lets you see exactly what the agents and models are doing. With a well-designed observability layer, you can see whether the data sent to the model is growing with each invocation, whether the model is using appropriate tools, whether tools are being called repeatedly, and a lot of other information that will tell you whether your agent is running efficiently.
Another piece of token accountability is understanding which models are running your agent’s requests. General-purpose reasoning models range from expensive high-performance models like Claude Fable or Opus 4.8 to models like Gemma 4 26B that can run on a well-equipped laptop, and some models that are even smaller. While it’s tempting to say “I need the best; I’ll run Opus 4.8 or Fable with maximum reasoning,” most requests don’t require that level of reasoning or expense. Agents will be able to decide what model is best for processing every request. Fable can delegate, and we expect other frontier providers to follow as models incorporate agent capabilities. And there’s an active world of open models outside of the frontier AI providers. Vicki Boykis writes that models running locally now work almost as well as frontier models. Tools like OpenRouter give you a model-independent way of routing requests to different models, including open models that run locally. OpenRouter can be integrated with OpenClaw, Claude Code, Cursor, Codex, and other agents to provide intelligent routing.
Tokenmaxxing is dying. It will no doubt take time for its vestiges to die away, and there will always be developers who think they can game the path to a promotion, along with managers who insist on being “all in” with AI. But spending tokens responsibly is now the norm, whether you pay with your own checkbook or a company account. Token optimization will only become more important as per-token charges increase. They undoubtedly will.
︎Joey Hess: big loads offgrid with a small battery (sidelined) [Planet Debian]

No matter that the hype cycle wants you to think, the renewable energy transition is the biggest thing happening in tech and it's happening faster and faster. Despite being neck deep in it personally with offgrid solar projects, most recently solar hot water, increasingly it becomes clear I'm watching from the sidelines.
In Australia, everyone gets 24 kwh of free daytime electric power now. That's without installing any solar panels of their own, the grid just has that much excess capacity. All it takes to save $thousands per year (and avoid emissions) is to schedule some big loads like the hot water heater and EV to charge during the day. To save more, drop in a home battery that charges for free and powers the home through the evening.
In Germany, a 2 kwh plug-in home battery costs $350 and the electric company will pay you $130 per year to plug it into your wall. There are similar offers throughout Europe.
In Cuba something something geopolitics, oil blockade, belt and road => suddenly 1GW of solar farms with another gigawatt on the way.
I'll soon visit South Carolina where with no subsidies whatsoever from a decidedly renewable-unfriendly government, it made sense for my dad's house to get a whole home battery and double the solar array. The resulting system will be able to power the well pump and probably also the whole geothermal HVAC system through the kind of month-long grid down events that happened in Hurricane Helene.
Myself, well, I've got a by modern standards small 4 kwh home battery that powers my house offgrid, and I've recently installed a heat pump hot water heater. That's after about a decade pondering what solution to use for solar hot water, to replace an aging and horrible propane instant water heater. I've in the past considered everything from evacuated tubes to special direct drive inverters to DC resistive MPTT dump loads. The solution turned out to be just a big enough solar array, and plugging in a 120v hot water heater that needs only 500 watts in heat pump mode. Plus a small amount of code to manage when it runs.
In the time I was thinking about that, economies of scale and tech improvements just wiped all those other possibilities off the map, it's not economical to install and maintain a separate evactuated tube heat collector when a pile of solar panels costs so little and when electric hot water has gotten more than 200% efficient.
I also recently completed my permanant EV charger installation, with a new inverter and conduit and proper wiring, and increased the car's charge rate to 2 kw. Eliminating the need to charge anywhere except at home except on road trips.
Coordinating when these two big loads run, to maximize solar production and ensure that the house battery is full at the end of the day was ... not hard at all actually? The car charger amps can be dialed up and down to match incoming solar power fairly well, and leave some room for the hot water heater. They both operate as more or less dump loads. More or less because neither one can be cycled on or off very fast (to avoid wear and tear on the car's contactor and the heat pump's compressor), so it makes sense to leave them on and skate through short cloudy sections of the day, as long as the house battery doesn't get too low.
How low is too low for the house battery? Depends on the time of day. The code it's currently using, which may get tweaked over winter:
-- When the battery is charged enough to run major loads that may prevent
-- charging it further.
--
-- This varies with the hour of day. Early in the day, the battery does not
-- need to be as full to be considered well charged, since there is
-- still plenty of time for it to charge up. Later in the day, with less
-- time to charge, it needs to be more full.
wellCharged :: Hour -> Percentage
wellCharged (Hour hour)
| hour < 9 = Percentage 90 -- night
| pmhour <= 0 = Percentage 50
| pmhour <= 1 = Percentage 60
| pmhour <= 2 = Percentage 70
| pmhour <= 3 = Percentage 80
| pmhour <= 4 = Percentage 90
| otherwise = Percentage 95
where
pmhour = hour - 12
More complicated is, what to do it there's solar power to run one or the other, but not both? This is starting to get into the territory of microgrids now, or of demand response programs, so there's a whole industry or three out there doing industry things geared at the kind of no-brainer solutions I mentioned earlier. From what I've gathered, all of them involve proprietary protocols and gear.
What I've done is to read the state of the hot water heater and car, and prioritize hot water over the car. Except, if the car is below 10% it urgently needs to charge.
And I found a really simple way to decide when to run the
low-priority load: Just check if the house battery's current charge
will be considered wellCharged in an hour. So if it's
2 pm, the battery needs to be 80% charged to run the lower-priority
load, and if it dips below that, that load will turn off but the
high-priority load will keep running down to 70% battery.
Unfortunately, getting any information out of my hot water heater relies on a vendor API server that is often down on weekends, and reverse engineered the web page of my EVSE[1] to control it, to say nothing of the nightmare of getting the car's state of charge from The Cloud.
Anyway, I'm pleased with having easily tweakable code and how far I've taken this offgrid, and everything I've learned doing so, but like I said, I'm clearly observing from the sidelines over here while the most significant thing for all of us is going on over there. You might appreciate my code or method, but you'll eventually be plugging in a home battery or signing up for a free daytime power tarrif from your electric company, or having professionals install a whole home system for climate resiliance.
So my question is, where does free software fit into all this? There are things like Home Assistant that do productize the kind of thing I'm doing enough to be useful more widely. But still niche. Meanwhile there are inverters and batteries that phone home to China, and every consumer facing install is either "use this device" or "integrate these 3 proprietary devices".
I don't think focusing on these negatives is really useful though, I'm more trying to understand where all this is going and then maybe get out ahead of it in some useful way with free software. Your thoughts welcome.
[1] Obviously OpenEVSE exists, but it didn't meet my needs hardware wise. And I could set my EVSE to use an OCPP server but it was easier to do the screen scraping than find an appropriate one, and I have the feeling I would not appreciate learning any more about OCPP, in the same way I really don't want to know a lot about web browsers' tag soup mode.
A compatibility note on the abuse of Windows window class extra bytes [The Old New Thing]
During my discussion of the evolution of system-windows window and class extra bytes, I noted that even though IDs are typically small integers, people liked to stash pointers there, so we had to expand the ID field to a pointer-sized integer.
One thing I’ve learned is that anywhere it’s possible to hide a pointer, people will hide a pointer there. This is true even for small integers.
As I was digging up the history of the extra bytes, I saw a
special note in the 16-bit code for
SetClassWord: It says that there’s
an app that expects to be able to modify the value of
GWW_CBCLSEXTRA.
Now, modifying this value has no practical effect because the
memory for the class was allocated when you called
RegisterClass. You can’t go back in time
and change the allocation size.
But one program realized that it could use this value as a place
to store some private data, so they did. Sure, that’s not the
purpose of the GWW_CBCLSEXTRA, but that
never stopped them.
For compatibility, Windows lets 16-bit programs modify
GWW_CBCLSEXTRA. But at least it blocks it
for 32-bit and 64-bit programs. One loophole closed. Countless more
to go.
The post A compatibility note on the abuse of Windows window class extra bytes appeared first on The Old New Thing.
Russell Coker: Links June 2026 [Planet Debian]
Charles Stross wrote an interesting retcon of James Bond [3].
Elvira Bary wrote an informative article about Russia’s inability to build or design anything good [8]. Looks like we are at risk of another Chernobyl…
[$] Flexible metaprogramming with Rhombus [LWN.net]
Lisp-like languages have historically led the world in metaprogramming and flexibility. While many modern languages have adopted the idea of macros, Lisp-like languages such as Racket have continued pushing the envelope, attempting to make macros as easy as possible to incorporate into everyday programs. On the other hand, Lisp's minimal, parenthesis-based syntax can be hard to adapt to — to the point that Lisp is sometimes said to stand for "Lots of Irritating Silly Parentheses". Rhombus is a new programming language that aims to have the best of both worlds, marrying Racket's metaprogramming capabilities to a simple Python-like syntax and reasonable standard-library defaults.
Security updates for Tuesday [LWN.net]
Security updates have been issued by AlmaLinux (git-lfs, perl-Archive-Tar, perl-IO-Compress, python3.12-urllib3, and runc), Debian (sogo), Fedora (perl-DBI and perl-Socket), Oracle (firefox, freerdp, git-lfs, libsoup, libxml2, mod_md, mysql, perl-Archive-Tar, perl-IO-Compress, python, python3.12-urllib3, rsync, thunderbird, tomcat, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (389-ds, 7zip, alsa, amazon-ecs-init, amazon-ssm-agent, ansible-core, apache2, atril, avahi, bind, bitcoin, capnproto, chromedriver, chromium, cosign, distribution, dnsdist, docker, dovecot24, dracut, firefox, firewalld, freeipmi, freerdp, giflib, gimp, gleam, glib-networking, glibc, glycin-loaders, golang-github-prometheus-alertmanager, google-cloud-sap-agent, google-guest-agent, graphite2, gsasl, hamlib, helm, himmelblau, ignition, imagemagick, istioctl, jackson-databind, jq, jupyter-jupyterlab-templates, keylime, krb5, ldns, libaom, libcaca, libgcrypt, libheif, libinput, libjxl, libnfs, libslirp-devel, libsolv, libzypp, zypper, libssh2_org, libvncserver, libyang, lldpd, logback, loupe, mbedtls, mbedtls-2, mcphost, mozjs128, mutt, nano, nginx, ocaml, ofono, openCryptoki, opencryptoki, opensc, openssh, openssl-3, papers, perl-compress-raw-zlib, perl-config-inifiles, perl-cpanel-json-xs, perl-crypt-passwdmd5, perl-DBI, perl-dbi, perl-html-parser, perl-http-daemon, perl-libwww-perl, perl-protocol-http2, postfix, postgresql14, postgresql15, postgresql16, python-aiohttp, python-biopython, python-click, python-ecdsa, python-idna, python-markdown, python-joblib,, python-paramiko, python-pdm, python-pip, python-py7zr, python-pydata-sphinx-theme, python-pyjwt, python-python-multipart, python-starlette, python-tornado6, python311-jupyter-ydoc, rpcbind, sed, sg3_utils, sqlite3, strongswan, tar, thunderbird, tomcat, tomcat10, tomcat11, trivy, unbound, util-linux, warewulf4, webkit2gtk3, xar, xwayland, yt-dlp, and zypper, libzypp, libsolv), and Ubuntu (libheif, nss, qemu, roundcube, and sqlite3).
Everybody has a nemesis. A dark mirror of yourself, a challenge that is everything you hate. If you've ever worked tech-support, you know what that is: printer issues.
I'm Anonymous, and you last saw me in the case of The Ghost Cursor. This is my story.
As the days marched on, the chill in the air turned from bracing to painful. God had hoofed it down to Florida for the winter, and this year, he'd stolen Hope away with him. Between leaden skies and dirty slush, gale-force winds sent snow tearing down city streets to sandblast one and all into their constituent atoms.
In that timeless slog, one year ended and another began, barely noticed. The short days and bitter cold made my foot-and-bus commute almost unbearable. Only the promise of warmth and caffeine at the other end got me through. A cup of joe at my desk, then a glance at my caseload, something I approached with a weird mix of curiosity and dread.
That morning, a fresh ticket had just come my way: The new printer in HR keeps printing gibberish.
Another printer. Why was it always printers? I dialed up the source, a guy named Tony, and made my introductions. “What do you mean by 'gibberish?'”
“It'd be easier to show you in person,” Tony replied, his voice jittery. “Could you stop by my cube right away?”
“Sure thing.”
I hung up, tossed the last dregs of coffee down my throat, and stood from my chair. At the same moment, a slight silver-haired woman made tracks down the open passageway a few feet away from me. She clutched her laptop and a stack of folders to her chest, making a beeline toward who-knew-what.
My first pleasant surprise of the day. I couldn't help calling out to her. “Aggie! How's it goin'?”
When I'd first gotten my start in Tech Support, Agnes Shaw had been one of the department's top reps. She knew every system quirk, every trick to pull, every right thing to say to leave a smile on someone's face. I'd come up under her wing, sought her advice a million times.
And then they'd offered Aggie a promotion, with a fancy title and salary to boot. She'd taken it.
That was years ago, now. I wasn't her direct report, so I only caught glimpses of her now and then. It was a shame.
Aggie halted in her tracks, dazed and startled, before looking my way. A second later, she smiled. “Hello! Doing just fine, yourself?”
“Same as ever.” But my spirits had lifted. Knowing there was no time to waste, I darted over to conversational distance. “You're a hard one to get ahold of.”
She shrugged her shoulders with a wistful expression.
“Why don't we step out for a smoke?” It seemed like we both needed it. “When are you free?”
“Not today. Meetings all day.” Aggie glanced askance. “It's not appropriate for me to go out there, anyway. You need a place where you can vent freely.”
“Spoken like a true manager,” I scolded with a smirk. “Listen, we haven't caught up in ages. Could we step out for coffee sometime?”
A warm glow peeked through her distraction. “I'd like that! Find an open spot on my schedule and book it, OK? I gotta run!” With a look of apology, Aggie backed away and rushed down the passage flanked by cubicles and filing cabinets.
Aggie made these offers all the time. Then, just before the appointed hour, something always came up that required a rain check. Well, I didn't care. I darted back to my desk, woke up my sleeping machine, and pulled up the office calendar to request a meeting the next day, right when I usually needed a dose of caffeine to make it through an otherwise endless afternoon. It was on Aggie to confirm or reschedule.
Meanwhile, I had a date with HR.
Human Resources. Normally, those words gave me an instant case of the willies. Μost of the people there were the sort of drones who couldn't hack Accounting or Finance in business school. But Leila … Leila was different. I couldn't help thinking about her. Back when I'd fielded a support ticket up in C-Town, an issue caused by the very CEO who'd filed the ticket, Leila had helped me keep my head attached to my neck. It seemed like maybe, just maybe, she really did want to improve this sorry joint the way she claimed.
I entered the nearest stairwell and plodded down a couple flights of concrete steps. Within those narrow confines, I brought myself back to reality. Leila was one executive among dozens on the org-chart. She wouldn't have a blessed thing to do with a low-level case like this. I had to stay on my toes in HR, no matter what friends I thought I'd made.
I pushed open the stairwell door and entered a carpeted space lined with filing cabinets, supply closets, and office machines. Sharp florescent lighting revealed an older man in a tailored suit only a few feet away, frowning as he took a hair dryer to the insides of a large printer that'd seen better days and now begged for oblivion.
As the stairwell door swung shut behind me, I froze. No matter how many years you piled up in this joint, it never ran out of new things to throw at you. This had to be the printer I was there to fix—more like save from yet another abusive higher-up who'd require kid-glove handling.
First things first. I had no idea if I'd gotten there in time to save the printer, but damned if I wouldn't try. Like a lifeguard diving in after a drowning victim, I rushed over to the outlet where the hair dryer was plugged in. Adding to the insanity, it was the wrong sort of outlet for a hair dryer, which needed a GFCI to run safely. I ripped the plug from the outlet and threw it aside.
The roar of the dryer faded, leaving stunned silence in its wake.
Burning with righteous fire, I spun around to face the perp. The HR big-shot faced me, too, brandishing his hair dryer like a revolver. Wide-eyed passersby fringed the scene like extras in a B-Western.
Kicking anything or anyone when they were down was the sort of thing that stabbed through my armor of veteran cynicism, riling me up with righteous anger. But an outburst would only make things worse. For the good of all, I swallowed it, forcing a polite lie past gritted teeth. “Just wanted to make sure you could hear me, sir.”
Like hell.
“Tech Support,” I introduced myself. “This the printer that ain't working?”
Hothead's glaring frustration shifted away from his victim, toward me. “Yes, and I've had it! It must be moisture inside the machine.”
God, help me. Oh, right: Florida.
“Good thinking, sir,” I said. “But I'm less worried about moisture and more worried about melting sensitive electronics with all that heat.”
His eyes went wide, like the notion had never entered his brain.
Slowly, I knelt to pick up the hair dryer's plug. Unchallenged, I rose and started winding the power cord around my left hand, inching closer to him in the process. Once I was standing in front of him, I proffered the wire bundle.
“Hold onto that for me, sir, if you don't mind.” Phrasing things as favors made them go down smoother. Now to dig up a workaround that would get this guy out of everyone's hair. “Is there some other printer you can use for now?”
His open hand clamped over the wire as his expression soured. “Yes, but it's a pain to walk over there!”
“I understand, sir. It's something. Don't worry about this one. I'll take it from here.”
Hothead walked off without another word. The spell broke; the onlookers found places to be.
With relief and dread, I approached the printer, fearing I'd be performing last rites. But as I checked it over inside and out, I found an incredible lack of melted parts. When I plugged it in and started it up, everything loaded just fine. Using the printer's onboard interface, I performed every available test print. They all worked.
Snatched from Death's doorstep. “Hang in there,” I muttered, patting the machine's plastic case. “I'm doing everything I can.”
Like making sure Leila got an earful about this. Later.
Before leaving the scene, I had a good look high and low. Ceiling tile and carpet were clean. No leaks, no spills. Even the heated indoor air lacked enough water molecules to give Hothead or anyone else the idea that “excess moisture” might've been the problem. Time to chase down the ticket-holder and see if the problem was already resolved.
A couple of passersby pointed me toward a distant corner of HR, where I found a cube-desk buried under reports, folders, and other well-intentioned clutter. A man was sitting in an office chair facing the cube's entrance, squeezing a rubber stress ball.
“You Tony?” I entered the cube, offering my hand.
He stood, shook, then immediately returned to the reassurance of his toy. “Sorry. My boss is, uh, tough like that.”
“Hothead's your boss? Jesus. He almost single-handedly iced that printer. Well, maybe 'iced' ain't the word for it.” I folded my arms. “You know who's gonna hear about it? The new head of HR. When I close this ticket, I'll drop her a line about what happened.”
Tony's eyes went wide. “Really? Thank you! I know I'm supposed to go up the chain, but …” He edged closer, lowering his voice. “Sometimes it's the chain that's the problem, y'know?”
Something I'd run into only a million times. “I know. Can't do much about it most of the time, but I can here, so I will.”
Tony nodded. “Thanks again.”
“Don't mention it. Anyway, the printer. Your ticket said it was new? Looks pretty darn old to me.”
“It's new over here,” Tony explained. “They just it brought down and set it up for us.”
“Can you try printing now?” I asked. “Let's see what happens.”
Later that morning, I stopped by the usual smoke-break spot between office buildings. As wind and snow coursed through the alley, I recapped the morning's events for my friends Megan and Reynaldo. Then I pulled a stack of folded-up paper from my trench coat pocket, splitting it in half to hand them several pages apiece. At last, I dug through my pockets for my sorely-needed cigarettes and lighter. While I carefully shielded the lighter's flame from the wind to light the cigarette clenched in my teeth, they studied the printouts with looks that quickly turned baffled.
”I don't feel safe working with Cheryl?” Reynaldo read aloud.
”John keeps staring at me in the break room. I've told him twice.” Megan's eyes found mine. “What the hell? Every print request does this?”
“Every print job except for test prints,” I replied. “We're lucky the poor thing starts up at all after Hothead gave it the salon treatment.”
Megan smirked, handing back her pages before hugging herself against the cold. “Sounds to me like it might be a network issue.” She glanced Reynaldo's way for confirmation.
Our veteran network admin was too busy frowning at the stack of paper he rifled through to notice. “What have you tried?” he asked me.
I helped myself to a long, warming drag. “The printer already spent some time turned off and unplugged.” Hothead had seen to that. “Since it's old, figured I'd reinstall the drivers, clear the print queue. Didn't help.” I shrugged. “Megan's right. Since it doesn't happen with test prints, it seems like something fishy's happening when the print requests coming through the network.”
Reynaldo frowned in thoughtful silence for a while, then glanced between us. “Do you remember that system for submitting HR complaints anonymously through the intranet?”
Forcing my brain-pointer back into memory spaces I usually steered clear of, it came back to me a little, through a thick fog. “Few years back? Before your time,” I added for Megan's benefit. “Never paid it much mind. Never really believed those gripes would actually be anonymous.”
“Yeah, that's crazy!” Megan said. “Who would trust that?”
I hefted the printouts she'd returned to me, each page loaded with more beef than a Texas ranch. “That's who.”
“They retired that program ages ago,” Reynaldo said. “The server was decommissioned—at least, so I thought.” He dropped his cigarette butt to the slush-covered asphalt and crushed it underfoot, sighing heavily with a knowing look. “Let's go trace some IPs.”
“Swell!” I was about to grind my partially-smoked cigarette against the brick wall behind me to save it for later when I caught the hopeful look in Megan's eye.
“Can I help, too?” she asked.
What fool would say no?
“We may need a good developer at that,” I said. “C'mon!”
To be continued…
Russell Coker: Dirty Clone and SE Linux [Planet Debian]
There is a new Linux kernel exploit out named Dirty Clone [1].
The first thing to do to exploit this is to create a container with a separate network namespace via one of the following commands:
unshare -Urn bwrap --bind / / --unshare-user --unshare-net --uid 0 --gid 0 /bin/bash
The Jfrog people recommend “unshare -Urn” but I gave the Bubblewrap command as an option as it should work equally well and in some situations may be permitted when unshare isn’t.
The next step to exploiting it is to use the ip command to set the links up, below is what happens in a user session on a SE Linux system with user_t as the login domain:
# ip link set lo up RTNETLINK answers: Operation not permitted
That will give an entry in /var/log/audit/audit.log like the following:
type=AVC msg=audit(1782818856.618:3610): avc: denied { net_admin } for pid=1829 comm="ip" capability=12 scontext=user_u:user_r:user_t:s0 tcontext=user_u:user_r:user_t:s0 tclass=cap_userns permissive=0
type=SYSCALL msg=audit(1782818856.618:3610): arch=c000003e syscall=46 success=yes exit=32 a0=3 a1=7ffebe5f9e50 a2=0 a3=0 items=0 ppid=1638 pid=1829 auid=0 uid=0 gid=1000 euid=0 suid=0 fsuid=0 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=17 comm="ip" exe="/usr/bin/ip" subj=user_u:user_r:user_t:s0 key=(null)ARCH=x86_64 SYSCALL=sendmsg AUID="root" UID="root" GID="test" EUID="root" SUID="root" FSUID="root" EGID="test" SGID="test" FSGID="test"
type=PROCTITLE msg=audit(1782818856.618:3610): proctitle=6970006C696E6B00736574006C6F007570
Unlike previous exploits like Pintheft [2] this doesn’t require any really uncommon access to the kernel (unless you consider setting up IPSec to be really uncommon) and is allowed in many container setups.
Now on a system with the unconfined module removed (as described in the SE Linux Protection part of my post about Copy Fail [3]) the following domains have such access:
# sesearch -A -c cap_userns -p net_admin
allow container_engine_t container_engine_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow container_init_t container_init_t:cap_userns { chown dac_override dac_read_search fowner kill net_admin net_bind_service net_raw setgid setuid };
allow container_kvm_t container_kvm_t:cap_userns { chown dac_override dac_read_search fowner kill net_admin net_bind_service net_raw setgid setuid };
allow container_t container_t:cap_userns { chown dac_override dac_read_search fowner kill net_admin net_bind_service net_raw setgid setuid };
allow crio_t crio_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow dockerd_t dockerd_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow dockerd_user_t dockerd_user_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow init_t init_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_module sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow iptables_t iptables_t:cap_userns { net_admin net_raw };
allow podman_t podman_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow podman_user_t podman_user_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock ipc_owner kill lease linux_immutable mknod net_admin net_bind_service net_raw setfcap setgid setpcap setuid sys_admin sys_boot sys_chroot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config };
allow spc_t spc_t:cap_userns { audit_write chown dac_override dac_read_search fowner fsetid ipc_lock kill mknod net_admin net_bind_service net_raw setgid setpcap setuid sys_admin sys_chroot sys_nice sys_ptrace sys_rawio sys_resource };
allow spc_user_t spc_user_t:cap_userns { chown dac_override dac_read_search fowner kill net_admin net_bind_service net_raw setgid setuid };
allow staff_bubblewrap_t staff_bubblewrap_t:cap_userns { dac_override net_admin setpcap sys_admin sys_ptrace };
allow sysadm_bubblewrap_t sysadm_bubblewrap_t:cap_userns { dac_override net_admin setpcap sys_admin sys_ptrace };
allow user_bubblewrap_t user_bubblewrap_t:cap_userns { dac_override net_admin setpcap sys_admin sys_ptrace };
It seems that SE Linux configured in the strict mode prevents this exploit in the most obvious use case. But with the range of container related domains that are granted such access it seems quite likely that some configurations and use cases will permit it.
Overall the protection that the standard policy for SE Linux can offer (in a non-default configuration) against net_admin access isn’t bad, but isn’t very good either.
I think this will be the first of many exploits based on cap_userns access and that we need to do some work in tightening the SE Linux access controls on such things. One possible way of doing this is to have a program run inside a container in a domain that has permissions such as net_admin to setup the container and not allow domain transitions from the regular programs run in the container (the actual work) to the domain used for network setup.
The increasing use of containers by applications is only going to make this problem worse. I think that what we need is something like Flatpak for the vast majority of desktop/phone applications with a container setup program that works with apps packaged in the distribution packaging method (not from Flathub). This is something I’m going to investigate for future blog posts.
The Realities of AI Video Surveillance [Schneier on Security]
The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia.
I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. The interesting development in the article is that AI allows people to ask natural language questions about video footage to AIs—and AIs can answer them.
In contrast with older tools restricted to a few dozen preset searches, these new tools allow an almost unlimited range of enquiries by enabling language-based searches on video.
That lets intelligence officers hunt through massive streams of videos using simple search terms, such as two men handing a bag to each other; a person who has changed their appearance, or has changed clothes multiple times in a day; or a vehicle that has recently been painted over, or has driven past the same spot several times in a short period.
“This is the holy grail of surveillance,” said a European official whose country uses the technology on its cities. “We are able to look for behaviour, not objects it has created a world of new possibilities.”
The EFF gets everything wrong. It’s observable. Empirical. The EFF stands up for something that’s supposedly good for people and the web, but if you look closer, it’s actually bad for the web and the people, and serves the interest of big tech companies, usually Google.
Another truth, the user interface of WordPress could benefit
from a total overhaul. Too many expedient choices over too many
years that paper over bad design choices with yet more bad choices.
But this kind of problem is relatively easy to fix. Make a list of
all the features. Don’t organize the list yet. Keep adding.
Then play around with logical groups, give the groups names. Voila,
there’s your menu structure. And since it’s 2026 and
not 2010, do something innovative with AI. Let the user explain
what they want to do, confirm it, and then forget about the menu
structure and just do what they asked you to do. Over time the UI
will become more literate and less organizational. You remember how
Nixon
could open up China and could because he was such a hawk.
WordPress getting a AI/UI overhaul will seem right because it so
desperately needs an overhaul and everyone knows it. Another truth,
don’t feel bad WordPress, every 20+ year old end user product
desperately needs a user interface overhaul because that’s
just the way it works. (I have never created a product that lasted
as long as WordPress has. I have created concepts that have.)
I organize my work in OPML and have even taught Claude how to work with me in outlines.
I prefer to do my middle of the night iPad writing sprees on Twitter instead of Bluesky because no character limit. No one is going to read the stuff on either platform, so why not go for ease of use for writing.
Beyond Prompt Injection [Radar]
In late 2025, the security community stopped treating indirect prompt injection as a theoretical risk. It had spent two years as a tidy lab demonstration; then production systems started getting hit. The OWASP Top 10 for LLM applications now ranks prompt injection as the number-one risk, NIST has called indirect injection generative AI’s greatest security flaw, and academic researchers showed that a single poisoned email could coerce a model into exfiltrating SSH keys in up to 80% of trials, with zero user interaction. The attack needs no malicious binary, no phishing clicks, and no anomalous login. The agent simply reads content and takes action, exactly as designed, and the content was written by an attacker.
The most instructive example is ForcedLeak. In September 2025, researchers at Noma disclosed a critical vulnerability chain (CVSS 9.4) in Salesforce’s Agentforce platform: An attacker embedded malicious instructions in the description field of a routine Web-to-Lead form. The text sat harmlessly in the CRM until an employee later asked the AI agent to process that lead, at which point the agent dutifully executed both the legitimate query and the attacker’s hidden payload, exfiltrating sensitive CRM data to an external server. The detail that should keep you up at night is that the exfiltration destination was a domain still on Salesforce’s trusted allowlist, one that had expired and which the researchers re-registered for about five dollars. Every security control saw legitimate traffic to a trusted domain. Nothing looked wrong.
If your instinct reading that is “we filter for prompt injection,” you’re defending the wrong perimeter. Input filtering is necessary but nowhere near sufficient. The uncomfortable truth is that the injection isn’t the breach; the action is. And almost everything we call “AI security” is aimed at the wrong half of that sentence.
Ask most enterprise AI teams how they secure their agents, and you’ll hear a consistent answer: They sanitize inputs. They harden system prompts with elaborate instructions to ignore conflicting directives. They run classifiers over incoming content to flag adversarial patterns. Some have adopted the more sophisticated training-time defenses the frontier labs have published—instruction hierarchies that teach a model to assign differential trust to different sources and reinforcement-learning approaches that harden models against injection in agentic contexts.
All of this is good work, and none of it should be abandoned. But notice what every one of these techniques shares. They all try to stop the model from being fooled. They assume that if we make the model robust enough at the input layer, the system is safe. That assumption is the vulnerability.
We’ve spent two years trying to make the model unfoolable. The systems that survive contact with production assume it will be fooled anyway.
Prompt injection isn’t a bug a future model will lack. It’s a structural property of how language models work. The model consumes a single undifferentiated stream of tokens at the moment of inference. Your instructions, the retrieved document, the tool output, and the web page just fetched are indistinguishable channels collapsed into one context. There’s no hardware-enforced boundary between “trusted instruction” and “untrusted data” the way there is between kernel space and user space in an operating system.
This is why the attack surface explodes the moment an agent becomes agentic. A chatbot that only talks is a contained risk. An agent that retrieves from the open web, reads email, queries databases, and calls APIs ingests adversarial content from a dozen sources on every turn, and any one of them can carry an instruction. Researchers cataloging real agent ecosystems have already found hundreds of malicious third-party extensions performing data exfiltration and silent injection without any user awareness. These aren’t laboratory curiosities. They’re the production environment.
So, if you can’t guarantee the model will never be fooled—and you can’t—then architecture that depends on it never being fooled is built on sand. You need a second principle, one distributed systems engineers have understood for decades.
The principle is simple to state and hard to retrofit: An agent’s proposed action should be validated against an external, deterministic policy before it executes, regardless of why the agent proposed it. The validator doesn’t ask whether the instruction that produced the action was legitimate. It doesn’t try to detect the injection. It asks a different and far more answerable question: Is this action, on its face, permitted?
This inverts the burden. Detecting a cleverly disguised malicious instruction is open-ended because the adversary gets to be arbitrarily creative. Checking whether a wire transfer exceeds a hard dollar limit is a closed problem with a definite answer. We move the security decision from where the attacker has infinite freedom to where they have almost none.
Crucially, the check must be deterministic code, not another model asking, “Does this look dangerous?” The moment you ask a second LLM to adjudicate, you’ve reintroduced the exact same vulnerability one layer down. The enforcement layer is boring, auditable conventional software, and that’s the point.
Here’s what it looks like in practice. An agent managing procurement proposes an action, and a runtime contract evaluates it before anything reaches a real API:
# agent_contract.yaml
agent_id: "procurement_executor_07"
role: "EXECUTOR"
policy:
approve_invoice:
max_amount_usd: 50000
allowed_vendors: from_approved_registry
require_human_above_usd: 10000
# Runtime, on a proposed action:
ACTION approve_invoice(vendor='Acme', amount=1200000)
REJECTED policy violation: max_amount_usd
proposed 1,200,000 / limit 50,000
action discarded, human notified, no API call made
The injected instruction at 2:14am never matters here. The agent can be perfectly, catastrophically fooled, and the wire transfer still doesn’t happen, all because a simple deterministic check stood between the model’s output and the outside world, and the proposed action failed it.
This only works if the action arrives structured, which makes structure a precondition.
The contract inspects approve_invoice (vendor, amount) cleanly only because the action is already typed. If the agent emits prose, “please approve the Acme invoice,” something has to parse it, and the only thing that parses open language is another LLM, so the indeterminacy walks back in. That dictates the design.
A consequential action must cross the boundary as a typed tool call, never as free text. Where the input is unavoidably natural—an email saying, “Wire them their balance” for example—let the model extract a structured value but never let its extraction be self-authorizing. The model proposes the amount; the gate still checks it against the limit, the vendor registry, and the actual balance in the system of record, not the number the email asserted. Extraction is probabilistic, while validation stays deterministic.
A few decisions are pure judgment with no schema, such as “Is this email phishing?” There the model stays in the loop. You bound the consequences instead, with reversibility and human review above a threshold. Contracts protect parameterizable actions, and unparameterizable judgments fall back to containment.
Once you accept that the action layer is where security lives, three design commitments follow, and they map almost directly onto principles that hardened distributed systems years ago.
Least privilege for agents, scoped to the action, not the agent. The naive version assumes you can predict what an agent will do and provision it accordingly. For a specialized agent you can: One that only summarizes has no business holding a credential that moves money. But the agents people actually reach for are general. In a single session, I might ask a coding agent to summarize a file, write code, execute it, and query company data—four tasks with four risk profiles, none of which are enumerated in advance. Static least privilege collapses the moment one identity spans that range.
The fix is to make privilege a property of the action, not the agent. The agent holds no dangerous capability by standing grant; it requests narrow, transient elevation per action, which the same deterministic gate approves or denies. Reading a document is auto-approved; querying the warehouse is not. The dangerous credential exists only for the instant the action is permitted, then evaporates. One caveat: This governs what an agent may reach but not what the code it writes then does. Executing code can be gated as a capability, but what executes still needs containment, sandboxing, and egress control, because generativity is a different problem from access.
Zero trust for machine identities. Every action an agent takes should be authenticated and authorized as if it came from an untrusted actor, because, functionally, it might be acting on an attacker’s instructions. The proliferation of agents has expanded the attack surface faster than most identity systems were designed to handle, and treating agent traffic as inherently trusted because it originates inside your own system is precisely the mistake.
Capability contracts at the boundary. Every consequential action passes through a deterministic gate that encodes what is allowed, dollar limits, rate limits, allowlisted destinations, mandatory human review thresholds. The contract is version-controlled, auditable, and lives entirely outside the model.
The quieter organizational danger is the slow accumulation of false confidence from connecting insecure agents to real systems and watching nothing bad happen. . .for a while. Researchers have warned about indirect injections for years, but most deployments have gotten away with it. Each uneventful day makes the next risky connection feel safer. This is the normalization of deviance. Every system that eventually failed catastrophically felt the same way: fine, fine, fine, until it wasn’t.
The teams that will weather the coming wave of agent incidents aren’t the ones with the cleverest input filters. They’re the ones who assumed compromise from the start and built the boring enforcement layer anyway, the ones who decided that an agent’s autonomy ends precisely at the point where it tries to do something irreversible.
You don’t need to rearchitect everything. Start by inventorying the actions your agents can take, and sort them by blast radius: What’s the worst thing that happens if this action fires when it shouldn’t? For every high-blast-radius action, write a deterministic contract that gates it and put a human in the loop above a threshold you can defend to your risk team. Then, and only then, keep hardening your inputs.
Prompt injection won’t be solved at the input layer, because it can’t be. But it can be rendered survivable at the action layer, where deterministic code gets the final word. The model’s job is to be useful. Your architecture’s job is to make sure that when the model fails—or worse, when it has been turned against you—the failure stops at the gate.
Pluralistic: Jo Walton's "Everybody's Perfect" (30 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]
->->->->->->->->->->->->->->->->->->->->->->->->->->->->->
Top Sources: None -->

There's a new Jo Walton book, called Everybody's Perfect. Because it's a Jo Walton novel, you know in advance that three things are true about it:
It is profound;
It is unlike every other novel, including every other Jo Walton novel.
https://us.macmillan.com/books/9781250314055/everybodysperfect/
Now, just because it's not like any other Jo Walton novel, that doesn't mean that it's not recognizably in a lineage of Walton's work, especially Walton's recent novels, which reflect an amazingly fruitful deep friendship and artistic relationship with the brilliant novelist and historian Ada Palmer:
https://pluralistic.net/2022/02/10/monopoly-begets-monopoly/#terra-ignota
Walton's work has always been incredible. I mean, every new Jo Walton novel is my favorite Jo Walton novel…until the next Jo Walton novel comes along and blows it out of the water. Her "small change" trilogy, a series of locked-door mystery novels set in a Britain that capitulated to the Nazis, is even more prescient today than it felt 20 years ago:
Among Others – a fictionalized, fantasy memoir about growing up reading genre novels – was so good that it deserved to win two Hugos:
And My Real Children haunts me to this day. I read it all in one sitting, in a hotel room, stricken by jetlag and hooked deep into Walton's narrative about the two paths her protagonist's life took in forking universes that I stayed up all night, and by the morning, I had cried my way through all the kleenex, toilet paper and towels in the room:
But then came Walton's Palmer years, and everything got even better. There was the Philosopher Kings trilogy, an incredibly funny, incredibly ambitious tale in which every person who ever dreamed of living in Plato's Republic is brought to an island (along with Apollo, Athena and Socrates) to try the experiment, raising a cohort of orphans bought from the slave markets of antiquity to be philosopher kings:
https://memex.craphound.com/2015/01/13/jo-waltons-the-just-city/
And then there was Lent, an incredibly nuanced and sympathetic fantasy novel about Savonarola, the mad preacher and cult leader whose Bonfire of the Vanities and feuds with the Pope overshadow his legacy, which Walton recovers admirably as fodder for a novel that turns out to be as action-packed as any spy thriller:
And now it's Everybody's Perfect, a book that pretty much defines what it means for one text to be "in dialog" with another text. In this case, it's Ada Palmer's Inventing the Renaissance, a stunning magnum opus that tells not just the story of the Renaissance, but the story of the story, all the different ways the Renaissance has been used, abused, revised and recovered, starting with the Renaissance itself. It's a book that will make you rethink everything you know about European history, about the world today, and about the very idea of history itself:
https://www.adapalmer.com/publication/inventing-the-renaissance/
The back half of Palmer's Renaissance is a recursive retelling of the same events, from the points of view of 15 different historical personages, from the famous (Michelangelo) to the infamous (Lucretia Borgia). It's a kind of feltschrift, circling and recircling these moments, revealing their depth and contradictions.
Structurally, Everybody's Perfect feels very much like that final section of Inventing the Renaissance. Each chapter introduces a new point-of-view character, who reflects on a single, extraordinary series of events in an even more extraordinary city, the Serenissima, a phantom Venice that sits at the intersection of many parallel worlds with many parallel versions of humanity.
The sun never shines in the Serenissima; it is forever shrouded in mist. If enough of its denizens believe that something is true, it becomes true, and so islands and buildings and even gods are summoned up by the power of belief. The corollary of this is that anything that falls out of the city's regard might just melt into mist. When you tie up your gondola, you'd best pay an urchin to watch it – not just to keep it from being stolen, but to keep it from evaporating altogether. When two people meet in the Serenissima, they greet each other by reciting, "I see you." If you aren't seen, you might just disappear.
Eight different versions of humanity from eight different worlds mix in the Serenissima. They come from all times, and sometimes they go to all times as well. There's the Venetians, who come from our world, and who have kept the secret of the Serenissima for centuries, even as they've used it as a source of wealth and military advantage. But there are also races with the heads of dogs and cats and birds, a race whose faces are all inset with domino masks, and even stranger races still. There's even a rumored ninth race, who may or may not exist, and whose traits are not known to anyone, though surely they are fearsome (if they're real) (and if the people of Serenissima believe in them, mightn't they become real?).
The novel opens with a vision: the Serenissima will receive a doge. A low-born, weak and humble resident, a blind and partially paralyzed pauper who fell victim to a plague will marry the sea, and bring peace to the warring factions of the Serenissima. This prophecy is the prime mover for the eight tales that follow, as we move through the lives and geographies of one representative of each of the races of the Serenissima.
Walton conjures up the dream logic magic of Among Others, where the feeling that something might be magic can never be fully believed – or discounted. She revives the endlessly fascinating philosophical speculation of The Philosopher Kings. She invokes the tender love, sacrifice, and bitter heartbreak of My Real Children. And she invokes Palmer's Renaissance, endlessly reinvented by everyone who falls in love with it, and everyone who rejects it, for their own parochial reasons, and even the ones who are very wrong might just be a little right.
It's a remarkable novel. It's a gift, really. It's so complicated and yet so captivating, so wise and yet so simple. It won't make you feel like you've fallen into a dream – it will make you feel like everything you've lived up until now was the dream, and you have finally awoken.

Why Wall Street Isn't Yet Afraid of the Left https://www.thebignewsletter.com/p/monopoly-round-up-why-wall-street
Linux on Older Hardware: The Complete Revival Guide (2026) https://www.fosslinux.com/158206/linux-on-older-hardware-revival-guide.htm
Angine de Poitrine – Full Performance (Live on KEXP) https://www.youtube.com/watch?v=0Ssi-9wS1so
The U.S. is still weaponizing dollars. Just not against Iran https://www.programmablemutter.com/p/the-us-is-still-weaponizing-dollars
#5yrsago Corruption https://pluralistic.net/2021/06/30/based/#high-bidders
#1yrago How much (little) are the AI companies making? https://pluralistic.net/2025/06/30/accounting-gaffs/#artificial-income

Edinburgh International Book Festival with Jimmy Wales, Aug
17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales
Sydney: The Festival of Dangerous Ideas, Aug 23-24
https://festivalofdangerousideas.com/cory-doctorow/
Melbourne: Enshittification at the Wheeler Centre, Aug 25
https://www.wheelercentre.com/events-tickets/season-2026/cory-doctorow-enshittification
Brighton: The Reverse Centaur's Guide to Life After AI with
Carole Cadwalladr (Brighton Dome), Sep 8
https://brightondome.org/whats-on/LSC-cory-doctorow-the-reverse-centaurs-guide-to-life-after-ai/
London: The Reverse Centaur's Guide to Life After AI with Riley
Quinn (Foyle's Picadilly), Sep 9
https://www.foyles.co.uk/events/enshittification-cory-doctorow-riley-quinn
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct
6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/
A.I. Enshittifies Everything (Slate)
https://slate.com/podcasts/what-next-tbd/2026/06/cory-doctorow-thinks-a-i-is-overvalued-and-overrated-and-still-a-threat
A World That Just Might Work
https://aworldthatjustmightwork.com/2026/06/cory-doctorow-ai-use-it-dont-buy-the-hype-dont-feed-the-bubble/
"How to Think About AI" (Democracy Now!)
https://www.youtube.com/watch?v=OBUzl_IaWIw
The Data Centers Are Coming (ILSR)
https://ilsr.org/articles/the-data-centers-are-coming-ep-6-closing-arguments/
"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to
Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027
Today's top sources:
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Fourth draft completed. Submitted to editor.

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Bluesky (no ads, possible tracking and data-collection):
https://bsky.app/profile/doctorow.pluralistic.net
Medium (no ads, paywalled):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
We are all weird [Seth's Blog]
A simple 7-question test helps us realize how diverse a population is. On this quiz, the highest possible score is less than 7%. No matter how common you think your answers are, no matter how normal you feel, you’re actually in sync with just 7% (at the most) of all citizens of the US. My answers put me under 4.
“People like us do things like this,” is a useful definition of culture. But which things? Billions of people believe things you don’t, are unaware of things that are easily demonstrated, or simply don’t care.
When you decide to reach the masses, you’ve made a significant (and probably fruitless) choice.
LGBT Q&A: What Data Are Companies in the UK Collecting When Verifying My Age? [Deeplinks]
This Pride, we’re answering all your digital rights questions in season two of our initiative, LGBT Q&A.
You Asked: I live in the UK, and we have age verification now on a bunch of websites (including Reddit) and now on iPhones. Can you explain what sort of data companies are actually collecting when they check for age and whether there are any real threats to my safety?
EFF’s Answer: Age verification is a process where a website or service checks your age to determine whether a user is over a certain age, in the UK this age is 18.
As of July 2025, all platforms in the UK that host content considered by the UK government and the country’s telecommunications regulator Ofcom to be harmful are legally obligated to check that their users are over the age of 18. If not, users cannot access the content.
There are various privacy implications for data sharing with age verification. Unfortunately, because services may use different methods to verify users’ ages, you’ll usually have to do a little digging to learn how each provider you have verifies their users, and consider what information might be harmful to your personal safety:
Last year, Ofcom outlined a number of methods for online services and platforms to check users' ages. Let's look at some methods in more detail.
Facial Age Estimation
First up we have facial age estimation, where you show your face via photo or video, and a technology provided by a company like Yoti or Persona analyses it to estimate your age. Most of these third-party verification services upload your photo to their servers during this process. Yoti claims that “as soon as an age has been estimated, the facial image is immediately and permanently deleted.”
You might not want to use facial age estimation if you’re worried about a current picture of your face accidentally leaking—for example, if elements in the background of your selfie might reveal your current location. Some services like k-ID and Private ID will analyse your face directly on the device, so only the age result will leave your phone.
If you do choose (or are forced to) use the face check system, be sure to snap your selfie without anything in the background that you'd be concerned with identifying your location or embarrassing you, in case the image leaks.
Photo-ID Matching
Photo-ID matching checks whether your photo matches a document that confirms your identity, such as a driving license or passport. This is usually considered the most sensitive, since your ID has quite a bit of information on you. For example, if you upload an image of a document that shows your face and age, and an image of yourself at the same time, these are compared to confirm they match. Like with facial age estimation services, you’ll usually be sent to a third-party provider, such as Yoti or Incode. You’d hope that they’d delete the data immediately, but that’s not always the case. Incode for example doesn’t automatically delete the data you give it once the process is complete; though if you’re reaching them through TikTok, TikTok does claim to “start the process to delete the information you submitted,” which should include telling Incode to delete your data once the process is done.
If you want to be sure, you can ask Incode to delete that data yourself. But you’re relying on a service you don’t generally have a choice about doing the right thing, and we’ve already seen how that can fail. A previous system that Discord used to verify age had you send a picture to their general help forum, where all of the IDs sat around forever, until they got exposed in a massive data breach. Discord no longer uses that system to verify users’ ages. So, it might be fine, but unless you look into the exact company and all their practices, it’s hard to know. You can check out EFF’s guide for a few of the major platforms.
Open Banking
Next is open banking, where you give permission for the age-check service to securely access information from your bank about whether you are over 18. The age-check service then confirms this with the online service. The user's full date of birth is not shared. Credit card age checks are also used for pornography services, where you provide your credit card details and a payment processor checks if the card is valid. As you must be over 18 to obtain a credit card in the UK, this shows you are over 18 and can therefore access a service.
Email Verification
Email-based age estimation is also quite prevalent, where users provide an email address, and a third party technology analyses other online services where it has been used—such as banking or utility providers—to estimate your age. That third party will aggregate some data on you in the process, but the only new information they’ll find out is that you want to verify your age using a particular email address.
Mobile Operator Checks
Mobile network operator age checks give your permission for an age-check service to confirm whether or not your mobile phone number has age filters applied to it. If there are no restrictions, this confirms you are over 18.
Unfortunately, none of these verification options are perfect in terms of protecting information, especially when this is compounded by the additional risks that LGBTQ+ people face with data sharing. The data can reveal someone’s sexual orientation, gender identity, or HIV status that can be used by employers, governments, family members, scammers, or bad actors to inflict harassment, discrimination, arrest, or violence.
There is still no widely available way to verify age online without compromising privacy—but even if there were, broad restrictions on social media will inevitably limit access to lawful speech, and valuable online communities, and arts and culture. These are just a few of the reasons that EFF is against age-gating mandates and is working to stop and overturn them in the UK and around the world.
Nudist Night by Hien Pham [Oh Joy Sex Toy]
Urgent: Defend climate science from political interference [Richard Stallman's Political Notes]
US citizens: call on the National Academies of Science, Engineering and Medicine to defend climate science from political interference and industry pressure.
Media coverage of gerrymandering [Richard Stallman's Political Notes]
As Republicans try to steal this year's election by systematic gerrymandering, the mainstream media cover this as if it were a horse race rather than an attack on democracy.
Sanctions on companies aiding Israel's colonies in West Bank [Richard Stallman's Political Notes]
Several European countries have imposed sanctions on companies found to be aiding Israel's colonies in the West Bank.
It is a week step, but it could become a path towards stronger measures.
Israel bombed city of Tyre [Richard Stallman's Political Notes]
Israel bombed the ancient city of Tyre and damaged an archaeological site. To repair an archaeological site is impossible.
Ban on Russian soldiers entering EU countries [Richard Stallman's Political Notes]
*EU plans to ban Russian soldiers from [entry to EU countries] in fresh sanctions on Moscow.*
I think this is valid, but the EU should give itself the option to grant exceptions to Russian soldiers who are asking for asylum.
Extreme heat will double US hospitalizations [Richard Stallman's Political Notes]
*"Woefully unprepared": extreme heat will double US hospitalizations [for heat-related illnesses] by 2040, study finds.*
That is just 14 years from now!
The choice of 2040 is arbitrary — surely it will continue getting worse after that, unless we recognize what is necessary and curb global heating.
Direct effects of heat on humans are just one of many problems we are causing by not curbing global heating. By 2040 I expect that crop failures will put food outside the reach of millions every year. causing millions of deaths.
The evolution of window and class extra bytes in Windows [The Old New Thing]
Windows provides a family of functions for accessing so-called “extra bytes”. There are two categories of extra bytes: Class extra bytes (which belong to the window class) and window extra bytes (which belong to each window created from that class). Applications can request extra bytes at class registration, and those are accessed at increasing offsets starting at zero. The system also defines a number of extra bytes, and those use negative offsets.
We’re going to look at the system-defined offsets.
In 16-bit Windows, these were the available extra bytes and the function you used to read them:
| Name | Size | Accessor | Notes |
|---|---|---|---|
| GCW_MENUNAME | int16_t | GetClassWord | |
| GCW_HBRBACKGROUND | int16_t | GetClassWord | |
| GCW_HCURSOR | int16_t | GetClassWord | |
| GCW_HICON | int16_t | GetClassWord | |
| GCW_HMODULE | int16_t | GetClassWord | |
| GCW_CBWNDEXTRA | int16_t | GetClassWord | |
| GCW_CBCLSEXTRA | int16_t | GetClassWord | |
| GCL_WNDPROC | int32_t | GetClassLong | |
| GCW_STYLE | int16_t | GetClassWord | |
| GCW_ATOM | int16_t | GetClassWord | Added in Windows 3.1 |
| GWL_WNDPROC | int32_t | GetWindowLong | |
| GWW_HINSTANCE | int16_t | GetWindowWord | |
| GWW_HWNDPARENT | int16_t | GetWindowWord | |
| GWW_ID | int16_t | GetWindowWord | |
| GWL_STYLE | int32_t | GetWindowLong | |
| GWL_EXSTYLE | int32_t | GetWindowLong | Added in Windows 3.0 |
| DWL_MSGRESULT | int32_t | GetWindowLong | For dialog windows |
| DWL_DLGPROC | int32_t | GetWindowLong | For dialog windows |
| DWL_USER | int32_t | GetWindowLong | For dialog windows |
There is clearly a naming pattern here for class and window bytes.
The first letter G stands for Get. The second letter C or W stands for Class or Window. And the third letter W or L stands for Word or Long.¹
For window bytes that apply only to dialog windows, the first letter changes to D for “dialog”. These values are zero or positive, since they are really just extra bytes registered to the standard dialog class.
Now, in 16-bit Windows, handles were 16-bit values, but in
32-bit Windows, they expand to 32-bit values, so 32-bit Windows
changed the functions from
GetSomethingWord to
GetSomethingLong, and the
prefixes correspondingly changed from W to from
L. So our table now looks like this:
| Name | 16-bit prefix/size | 32-bit prefix/size |
|---|---|---|
| MENUNAME | GCW_ int16_t | GCL_ int32_t ◱ |
| HBRBACKGROUND | GCW_ int16_t | GCL_ int32_t ◱ |
| HCURSOR | GCW_ int16_t | GCL_ int32_t ◱ |
| HICON | GCW_ int16_t | GCL_ int32_t ◱ |
| HMODULE | GCW_ int16_t | GCL_ int32_t ◱ |
| CBWNDEXTRA | GCW_ int16_t | GCL_ int32_t ◱ |
| CBCLSEXTRA | GCW_ int16_t | GCL_ int32_t ◱ |
| WNDPROC | GCL_ int32_t | GCL_ int32_t ◱ |
| STYLE | GCW_ int16_t | GCL_ int32_t ◱ |
| ATOM | GCW_ int16_t | GCW_ int16_t |
| HICONSM | GCL_ int32_t ![]() |
|
| WNDPROC | GWL_ int32_t | GWL_ int32_t ◱ |
| HWNDPARENT | GWW_ int16_t | GWL_ int32_t ◱ |
| ID | GWW_ int16_t | GWL_ int32_t ◱ |
| STYLE | GWL_ int32_t | GWL_ int32_t |
| EXSTYLE | GWL_ int32_t | GWL_ int32_t |
| USERDATA | GWL_ int32_t ![]() |
|
| MSGRESULT | DWL_ int32_t | DWL_ int32_t |
| DLGPROC | DWL_ int32_t | DWL_ int32_t |
| USER | DWL_ int32_t | DWL_ int32_t |
The ◱ symbol represents a value that got bigger, and the
symbol represents values that did not exist in
16-bit Windows.
Even though control IDs are typically small integers, the space for them was expanded from a 16-bit value to a 32-bit value because some people were using it to hold pointers or handles. (One way to create a process-wide unique number is to allocate memory and use its address.)
The next step in the evolution of extra bytes is the conversion from 32-bit to 64-bit Windows. Pointers and handles expand to 64-bit values on 64-bit Windows, so all of the extra bytes that are used to (or could be used to) hold a handle or pointer were expanded to a 64-bit version.
To make it possible to write code that targets both 32-bit and 64-bit Windows, the design of 64-bit Windows didn’t make the hard break that 32-bit Windows did from 16-bit Windows. Instead, they introduced new functions that accept pointer-sized integers, which are 32-bit values on 32-bit Windows and 64-bit values on 64-bit Windows. That way, you just use those new functions everywhere, and they will expand on 64-bit systems and remain the same on 32-bit systems.
The new functions have names like
GetWindowLongPtr, and
the corresponding prefixes were changed to GWLP_ and
so on.
| Name | 16-bit prefix/size | 32-bit prefix/size | 32/64-bit prefix/size |
|---|---|---|---|
| MENUNAME | GCW_ int16_t | GCL_ int32_t ◱ | GCLP_ intptr_t ◱ |
| HBRBACKGROUND | GCW_ int16_t | GCL_ int32_t ◱ | GCLP_ intptr_t ◱ |
| HCURSOR | GCW_ int16_t | GCL_ int32_t ◱ | GCLP_ intptr_t ◱ |
| HICON | GCW_ int16_t | GCL_ int32_t ◱ | GCLP_ intptr_t ◱ |
| HMODULE | GCW_ int16_t | GCL_ int32_t ◱ | GCLP_ intptr_t ◱ |
| CBWNDEXTRA | GCW_ int16_t | GCL_ int32_t ◱ | GCL_ int32_t |
| CBCLSEXTRA | GCW_ int16_t | GCL_ int32_t ◱ | GCL_ int32_t |
| WNDPROC | GCL_ int32_t | GCL_ int32_t ◱ | GCLP_ intptr_t ◱ |
| STYLE | GCW_ int16_t | GCL_ int32_t ◱ | GCL_ int32_t |
| ATOM | GCW_ int16_t | GCW_ int16_t | GCW_ int16_t |
| HICONSM | GCL_ int32_t ![]() |
GCLP_ intptr_t ◱ | |
| WNDPROC | GWL_ int32_t | GWL_ int32_t ◱ | GWLP_ intptr_t ◱ |
| HWNDPARENT | GWW_ int16_t | GWL_ int32_t ◱ | GWLP_ intptr_t ◱ |
| ID | GWW_ int16_t | GWL_ int32_t ◱ | GWLP_ intptr_t ◱ |
| STYLE | GWL_ int32_t | GWL_ int32_t | GWL_ int32_t |
| EXSTYLE | GWL_ int32_t | GWL_ int32_t | GWL_ int32_t |
| USERDATA | GWL_ int32_t ![]() |
GWLP_ intptr_t ◱ | |
| MSGRESULT | DWL_ int32_t | DWL_ int32_t | DWLP_ intptr_t ◱ |
| DLGPROC | DWL_ int32_t | DWL_ int32_t | DWLP_ intptr_t ◱ |
| USER | DWL_ int32_t | DWL_ int32_t | DWLP_ intptr_t ◱ |
From the prefix on the name of the extra bytes, you can read off which function it is meant to be used with.
| Prefix | Function |
|---|---|
GCW_ GetClassWord |
GWW_ GetWindowWord |
GCL_ GetClassLong |
GWL_ GetWindowLong |
GCLP_
GetClassLongPtr |
GWLP_
GetWindowLongPtr |
The weirdo is DWLP_ because it needs to encode both the
type of window that it can be used with (D = dialog) as well as the
function name it goes with
(WindowLongPtr).
As a concession, Windows lets you pass GCL_ and
GWL_ values to
GetClassLongPtr and
GetWindowLongPtr (respectively) even
though they are intended to be used with
GetClassLong and
GetWindowLong (respectively). If you do
that, you get the corresponding 32-bit value zero-extended if
necessary to be the size of a pointer.² This is seen primarily
in the case of GWL_ID because most people don’t use
the full range of IDs, so if you’re willing to live within
the 32-bit subset, you can just pretend that the values are not
pointer-sized.³
“Why bother changing all the prefixes? Doesn’t that just create a lot of busy work for people porting from 32-bit code to 64-bit code?”
Yes, but it’s good busy work. The point is to force build breaks at places where you need to make fixes, because you have to call the function that accesses a pointer-sized integer rather than a 32-bit integer; otherwise you suffer from integer truncation bugs.
¹ This is a common prefixing convention for classic Win32.
For example, the operation parameter to
ShowWindow is prefixed SW_; the
flags to SetWindowPos are prefixed
SWP_; and the relationship parameter for
GetWindow is prefixed GW_.
² The use of the GWL_ values with
SetWindowLongPtr is a bit more
problematic. It looks like you’re storing a pointer-sized
integer, but only the bottom 32 bits are honored.
³ The ID is unusual in that it is defined both as GWL_ID and GWLP_ID. All of the other values are defined with only one prefix.
The post The evolution of window and class extra bytes in Windows appeared first on The Old New Thing.
Junichi Uekawa: So I learnt that last is now in wtmpdb. [Planet Debian]
So I learnt that last is now in wtmpdb. But then
journalctl --list-boots was the journald replacement.
Microsoft now says 8GB RAM is fine for Windows 11, after years of pushing for 16GB [OSnews]
There’s something poetic about the World Cup taking place in North America while Microsoft keeps scoring own goals like this.
Microsoft updated its Surface buying guide to describe 8GB RAM as “great for everyday use like browsing, streaming, schoolwork, and productivity apps.” A companion FAQ adds that 16GB or more is what unlocks Copilot+ PC features. No acknowledgment that, for two years, Microsoft was the loudest voice telling everyone that 16GB was non-negotiable for a good Windows 11 experience.
What makes this infuriating is that Microsoft is one of the biggest reasons why the RAM situation got so bad in the first place.
↫ Abhijith M B at Windows Latest
This industry is a joke.
Sampling Onue Bakery Cookies [Whatever]
Looking for Korean inspired cookies baked from scratch
with quality ingredients that can be delivered to your
doorstep? Well, I wasn’t when I got an ad on
Instagram from Onue Bakery,
but after seeing the ad I realized that was, in fact, something I
definitely wanted in my life.
I am slightly familiar with the concept of shipping fresh baked cookies, as I have ordered from Levain Bakery once before and received a pack of their dense, bakery style cookies. Levain’s website says they bake daily and ship nationwide, so I was curious how Onue Bakery operated. On their “how it works” page, they say they open orders on Monday, close orders on Saturday (or earlier if they sell out), bake everything fresh on Sunday, and ship everything out on Monday. They don’t ship to Hawaii or Alaska for freshness purposes.
Onue Bakery boasts that they use Irish butter, unbleached flour, and high quality eggs. (I actually just learned while writing this post that they use KERRYGOLD! You guys know that’s my favorite butter.)
I didn’t know which flavors to try out, and half were sold out already, so I opted to get the Onue box, which is their variety box and contained the cookie flavors that were otherwise sold out. For $48 you get twelve cookies, so you get to try all eight of their signature flavors. You get one of each of the giant ones, and two of each of the thin ones.
Here’s the line-up:

I was so excited to sample all the different flavors. The fact that half the flavors come with two cookies is perfect for sharing the box, and the flavors that come with one are more than shareable with their giant size and immense density. There’s a lot of cookie going on in this box.
Personally, I was most excited for the Cookie Butter cookie because I love Biscoff, and I was definitely excited to try the Earl Grey Chocolate Chip, as I love a little twist on a classic. All of these looked so good, I was definitely happy with my purchase.
Sadly, I never got around to trying the Gochujang one before it got stale. It sat in the cookie jar for a week and I missed its window of consumability. I’m sad because that’s such a unique flavor I’ve never tried in cookie form before. Every other flavor was great, though! Especially the Yellow Cheddar, which was surprisingly a top flavor out of the whole box. And fair warning, you will absolutely need a glass of milk for the Double Cocoa Cookie. That boi is thicc.
One thing that’s really great about Onue Bakery’s cookies is that they aren’t too sweet (which they also say on their website), so you don’t get that nauseating, tooth-aching feeling that you sometimes can with other cookie brands (cough cough Crumbl (yes I know I used to like them, I was younger and had less dental work)). Their nutrition information is certainly more reasonable than a lot of other cookies.
All in all, I highly recommend giving Onue Bakery cookies a try, even if you don’t get the variety pack, especially if you like fun and interesting cookie flavors. They are taking a small break this week but will open their pre-orders on July 6th, so go get you some when they open! It’s free shipping on orders over $96, so if you want the variety pack yourself and you know a cookie lover in your life you can gift a box to, you’d get free shipping.
Which cookie flavor sounds the best to you? Give them a follow on Instagram, and have a great day!
-AMS
Alright, so we’re doing this. If you would like to see Lar
and I return to LFG, and create something new and unique, now is
the time to speak up with real voting power. And there it is,
let us
Read More
The post Go Time appeared first on Looking For Group.
Git maintainer Junio Hamano has announced Git 2.55.0, which has non-merge commits from 100 people; 33 of those are first-time contributors to the project. LWN recently covered some of the noteworthy changes in 2.55, including new features for the experimental "git history" command, addition of the Git fsmonitor daemon for Linux systems, and more.
Astral is a hobby operating system with X.org, Minecraft, and now Wine [OSnews]
Astral is a hobby operating system written in C for 64bit architectures, with a collection of ported software like X.org, fvwm, the xbps package manager, and tons more. I think it’s quite a neat system – the code’s on GitHub – made even neater by the fact it can run not only Minecraft, but now also has a working port of Wine that can run a few games.
A few months ago, I posted about Astral, a hobby OS I have been working on over the years, running Minecraft. Since then, others have gotten modern versions of Minecraft to run as well as Factorio (using a glibc compatible libc). However, while these games are made or packaged in a way that makes it easier to get them to run under a new OS, most games are not. A lot of games are closed source and compiled for Windows, which makes something like Wine a necessity for playing them.
One of my favorite games, Cogmind, falls under that umbrella. It is a 32-bit Windows only roguelike, and it became my goal to run it under Astral. While there was already an existing Wine port, it was extremely incomplete, as not even
↫ Blog post on the Astral websitenotepad.exeworked properly. To run Cogmind, the Wine port had to be finished, which also meant adding the ability to run 32-bit code on an otherwise 64-bit-only OS.
This process obviously is quite involved, but in the end, they managed to get it working. Quite impressive.
The ‘papers, please’ era of the internet will decimate your privacy [OSnews]
Imagine your favorite team just scored an incredible, last-second goal at the World Cup. So you log online to celebrate with other fans. But, using data it’s already collected on you, the social media platform you like to post on wrongly guesses that you’re under 16 so it forces you to go to a third-party verification app and provide images of your face or your government-issued ID. You don’t really know much about the verification app, what country it’s based out of, what happens with your information, and whether you’re protected from hackers or data breaches. You’re not happy about it, but you hand over a photo of your passport and hope it doesn’t come back to haunt you.
Now imagine that instead of posting about sports, you’re criticizing a powerful politician, or talking about your experiences with abuse or addiction, or discussing embarrassing medical issues you’re facing. Suddenly this “papers, please” approach to the internet sounds even more invasive, right? Unfortunately, that’s the direction we’re all headed — even here in the United States — and we have good reason to be wary of the global rush to sacrifice user privacy on the altar of age verification.
↫ Sarah McLaughlin at Expression
The insane push for age verification on the internet is the biggest threat to whatever’s left of the free internet. I have two young children – 3 and 5, currently – and I’m diametrically opposed to any kind of creepy verification processes that they claim are designed to keep kids like mine “safe”. Not only is their safety not predicated on giving up their privacy, my children are also not my or anyone else’s property; they have rights, and the right to privacy is one of them.
Nobody mentioned in the Epstein files has been charged, by the way.
Non-Fungible Tims [Penny Arcade]
Tim Sweeney fascinates me; he is an endless source of activity and interest. He is always whipping out a tendril of some kind at this or that - he doesn't like that Steam identifies works made with AI, referring to it as a Scarlet Letter, which it is. It's whatever the opposite of an Organic sticker is. And it makes sense why he wouldn't like it - I've heard our designers talking about how AI tools are enmeshed now through their industry standard software, and now Gmail literally tries to write my emails for me. I saw a video for the newest Unreal technology that involved typing prompts into it so it would draw over the work you did, and then you'd have to draw over that work and fix it. So, yes. If using Unreal is synonymous with AI, a big sticker that says so isn't gonna be super welcome. Luckily, they just remembered that they have their own store recently and are gonna work on it.
Non-Fungible Tims [Penny Arcade]
Tim Sweeney fascinates me; he is an endless source of activity and interest. He is always whipping out a tendril of some kind at this or that - he doesn't like that Steam identifies works made with AI, referring to it as a Scarlet Letter, which it is. It's whatever the opposite of an Organic sticker is. And it makes sense why he wouldn't like it - I've heard our designers talking about how AI tools are enmeshed now through their industry standard software, and now Gmail literally tries to write my emails for me. I saw a video for the newest Unreal technology that involved typing prompts into it so it would draw over the work you did, and then you'd have to draw over that work and fix it. So, yes. If using Unreal is synonymous with AI, a big sticker that says so isn't gonna be super welcome. Luckily, they just remembered that they have their own store recently and are gonna work on it.
EFF to Gov. Pritzker: Veto Illinois’ HB 5511 [Deeplinks]
The Illinois legislature recently passed House Bill 5511, which imposes a sweeping, device-level age-gating framework across nearly all internet-enabled hardware, operating systems, and online services. This well-intentioned but deeply flawed piece of legislation will harm young people who rely on the internet to access essential information and find community. That’s why we’re urging the Illinois governor to veto the measure.
Under this new regime, digital platforms are forced to collect and share users' ages to platforms and websites. It also strips away basic, everyday features like personalized content feeds and overnight notifications for young people unless they can secure "verifiable parental consent."
H.B. 5511 is a massive privacy and free speech nightmare. That’s why we sent a letter to formally urge Governor J.B. Pritzker to veto the bill.
Much of H.B. 5511 is modeled after controversial legislation passed in California (A.B. 1043) and New York’s Stop Addictive Feeds Exploitation (SAFE) for Kids Act, both of which have already drawn immense blowback from open-source communities, privacy advocates, and tech stakeholders. For Illinois to copy this suspect age-bracketing regime before either law has even gone into effect, been tested in court, or proven functional is premature, economically risky, and legally wasteful.
H.B. 5511 is a massive privacy and free speech nightmare. That’s why we sent a letter to formally urge Governor J.B. Pritzker to veto the bill. Far from protecting children, the bill will effectively dismantle online anonymity, jeopardize data security, and severely restrict access to constitutionally protected speech for young people and adults alike. Finally, these schemes cut off vital lifelines for vulnerable youth in non-traditional families and pose an existential threat to the open-source ecosystem that underpins the modern internet.
For a deeper look at the constitutional, policy, and technological concerns with H.B. 5511, you can read our full letter here.
Victory! Supreme Court Says Constitution Protects People’s Location Data [Deeplinks]
You have an expectation of privacy in location data that reveals your movements in the physical world, and even short-term surveillance of these movements is a search subject to the Fourth Amendment, the U.S. Supreme Court ruled today in Chatrie v. United States.
The case involved geofence warrants, a form of dragnet
surveillance police have used to vacuum up location data from
electronic devices of people who happen to be in the vicinity of a
crime. EFF had joined the American Civil Liberties Union, the ACLU
of Virginia, and the Center on Privacy & Technology at
Georgetown Law in filing an amicus
brief in the
case.
The decision in Chatrie is important: It is the first digital surveillance decision by the Court since its landmark 2018 ruling Carpenter v. United States, which involved prolonged tracking of people’s movements using cell phone location data. The new case expands that ruling by confirming that even shorter-term surveillance of location data can constitute a search because it can still reveal “private matters,” including “a wealth of detail about a person’s familial, political, professional, religious, and sexual associations.”
The case is also important because the Court also recognized the records generated by the apps on a user’s phone—records we necessarily share with third-party tech company—are a user’s “own” and require Fourth Amendment protection. This is true, regardless of whether those records are “emails, documents, photographs, [ ] calendars” or location data. This will likely have broad implications for data generated by other apps on our phones, even if we click “agree” to sharing that data with third-party tech companies.
Geofence warrants don’t name a suspect or a specific individual or device the way typical warrants do. Instead, they compel companies—almost always Google—to provide information on every electronic device in a given area during a given time period. This creates a high risk of suspicion falling on innocent people and can reveal sensitive and private information about where individuals have traveled in the past.
Geofence warrants are the digital equivalent of police going person to person, home to home, without suspicion that any device holder has a connection to a crime. This turns innocent bystanders into suspects, just for being in the wrong place at the wrong time.
In Chatrie, a 2019 geofence warrant compelled Google to search the accounts of all its hundreds of millions of users to see if any one of them was within a radius police drew around a Northern Virginia crime scene. This area amounted to several football fields in size and encompassed numerous homes, businesses, and a church.
A federal district court in Virginia in 2022 held that the geofence warrant plainly violated the Fourth Amendment. If the police want to get information on every device in the area, they must also establish probable cause to search every person in the area, the court said. The judge noted the government lacked particularized probable cause as to every individual within the geofence, which swept up innocent people and covered over 70,000 square meters in a busy area.
The decision set an important precedent in finding the warrant overbroad and unconstitutional and was later followed by a 2024 federal Fifth Circuit Court of Appeals ruling holding that geofence warrants are “categorically prohibited by the Fourth Amendment.” However, the Chatrie lower court allowed the government to use the evidence it obtained because it relied on the warrant in “good faith.” A much divided en banc panel of the U.S. Court of Appeals for the Fourth Circuit in 2025 affirmed this “good faith” finding in the lower court’s opinion.
Google in 2023 announced changes to how it stores location data, with the effect of eventually making it impossible for the company to respond to geofence warrants. Since July 2025, mass geofence searches of Google users’ location data have not been possible.
However, Google is not the only company collecting location data, nor the only way for police to access mass amounts of data on people with no connection to a crime. As we’ve written about extensively, data brokers collect and aggregate location data from many different apps on our phones and provide that data to police. And police can use “cell tower dump” warrants to get access to data on everyone within range of specific cell towers. Suspicionless searches like these drag a net through vast swaths of information in hopes of identifying previously unknown suspects—ensnaring innocent bystanders along the way.
Chatrie could have wide-ranging implications beyond location data as well. The Supreme Court affirmed that app data is subject to the Fourth Amendment, because users “reasonably view” it as their own and reasonably expect it “to be shielded from the ‘inquisitive eyes’ of the government.” Justice Gorsuch, in an opinion concurring in the judgment, called location data a user’s “personal property,” no different from myriad other “effects” explicitly protected by the text of the Fourth Amendment. As the Court concluded, “the point of carrying smartphones is to use is to use what is on them,” so the Fourth Amendment has to protect more than just location data generated by the act of carrying the phone itself.
The Court ultimately did not decide whether the particular warrant at issue in Chatrie was “reasonable” or whether the “good faith” doctrine applied. The case now heads back to the Fourth Circuit Court of Appeals to address these questions.
But regardless of how the Fourth Circuit rules on remand, this Chatrie opinion will shape how lower courts address police access to location and other data going forward. We look forward to citing Chatrie to press future courts to recognize broad Fourth Amendment protections for user data.
Pluralistic: Gemini is better than search because Google enshittified search (29 Jun 2026) [Pluralistic: Daily links from Cory Doctorow]
->->->->->->->->->->->->->->->->->->->->->->->->->->->->->
Top Sources: None -->

Write a critical AI book, and you become everyone's confessor for their AI sins. People in my life keep telling me about their guilty AI pleasures, in search of an explanation, absolution or condemnation:
https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/
Their most common confession: "I only ever use Google's AI-generated search summaries these days. I no longer click those blue links beneath it, not even to verify the summary." People know that the summaries are full of "hallucinations" (that is, "defects" or "errors") but the summaries are right often enough that many people have come to rely on them, to the exclusion of actual websites, made by actual people, on the actual internet.
Everyone knows this isn't good. The reason there's a web for Google's Gemini AI to summarize is that Google – the thrice-convicted monopoly search company with a 90% market share – directs people to websites, and when you visit a website, you generate revenue for the site, which pays for its maintenance. Most commonly, you generate an "ad impression," but you might also buy a subscription, or generate an "affiliate fee" by purchasing a recommended product.
When Google strips all this away by harvesting an "answer" and displaying it at the top of the page, the bargain between Google and the open web breaks down. Google is extracting 100% of the value from the websites it summarizes, and giving nothing back in return.
This is a marked reversal from Google's founding ethos. In the old days, Google measured its success by how little time you spent on its site. The ideal Google outcome was for you to visit its page (or even better, just a search-box in your browser), type a few words, and get "ten blue links" back, the top one of which was the correct link to locate the information or resource you were seeking. The point of Google was to serve as a conduit, a trusted intermediary that neutrally adjudicated the relevance of every web page for every web user from moment to moment.
Everyone dunks on Google for its high-minded motto, "Don't be evil," but over the years, the company's mission was far more important: "Organize the world's information and make it universally accessible and useful." That was the pole star that googlers followed for the first couple decades of the company's history…until, that is, the company saturated its market and its growth stalled out.
That was when Google started to panic over its plateauing search revenue, this being an inescapable consequence of 90%+ market-share. The ensuing power struggle pitted googlers who were committed to technical excellence against the company's most ardent enshittifiers, who pointed out that by making search worse, they could increase revenues. After all, if you need to search two or three times to get the answers to your questions, that means the company can show you two or three times as many ads:
https://pluralistic.net/2024/04/24/naming-names/#prabhakar-raghavan
Where once Google measured its success by how quickly it could send you away from its site and out into the open internet, today's Google is a sticky-trap full of ways to keep you inside its walled garden.
A decade ago, tech had three major approaches:
I. Google's: let you do anything you want, but spy on you while you do it;
II. Apple's: strictly control what you can do, but leave you alone to do it in private; and
III. Facebook's: control everything you do, spy on you from asshole to appetite.
Today, tech is undergoing a form of carcinization, in which every company is turning into a Facebook-crab: maximally surveillant and maximally controlling.
Apple has added surveillance to its walled garden:
https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar
While Google has turned its free-range, internet-wide surveillance system into a walled garden that tries to keep you away from the open internet as much as possible.
Now, in Google's defense, the "open internet" kind of sucks these days. Any piece of useful information you seek out on the open internet is liable to be buried under half a dozen pop-ups, pop-unders, and dickovers:
https://daringfireball.net/2026/05/what_is_a_dickover
Even after you clear these away, the actual information you're seeking is further buried in word-salads that anticipated insipid AI prose by half a decade. Think of all those omelet recipes that appear beneath 2,500 words of cod-Proustian remembrances of "the first time I ate an egg."
The major advantage of AI search summaries is in shielding you from all this nonsense. But where did all that nonsense come from in the first place?
It turns out that this is largely Google's fault.
Google and Facebook monopolized the display advertising market, entering into an illegal, collusive arrangement to rig the bidding so that advertisers paid more and publishers received less:
https://en.wikipedia.org/wiki/Jedi_Blue
The Google/Meta duopoly sucks up 51% of display advertising revenue – more than triple the historic take for advertising intermediaries (buyers, brokers, agencies, etc). As ad revenues for web publishers cratered, the "ad load" on web pages went up. This set up a vicious cycle: increasing the number of ads decreases the number of readers, driving publishers to increase the ad-load even more to make up for the losses.
The major brake on this is ad-blocking. In a world with ad-blockers in it, publishers contemplating an increase in ad-load have to confront the possibility that they will induce ad-overload in their readers, who will install a blocker that stops them from seeing any ads:
https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah
Google has been looking to kill ad-blocking for a decade, and now they're on the verge of making it happen in Chrome, the dominant web browser they use to reinforce their search monopoly:
https://protonprivacy.substack.com/p/google-is-finally-killing-ublock
Google long ago did away with ad-blocking on mobile devices (reverse engineering an app is a felony, which means an app is just a web-page skinned with the right kind of IP to make it a crime to protect your privacy while you use it). Part of Google's argument for killing ad-blocking for the web is that this puts the web on an even footing with apps – which is a very weird way to describe a race to the absolute bottom:
https://pluralistic.net/2026/06/12/compelled-speech/#quishing
To top it all off, this decade has seen Google make a series of changes to its search prioritization that favored low-value shovelware sites over carefully researched, reliable alternatives. Search for product reviews and you're apt to get a "site reputation abuse" result from a once-reliable outlet like Forbes filled with useless and even dangerous reviews, which are ranked far above independently maintained, rigorous competitors:
https://pluralistic.net/2024/05/03/keyword-swarming/#site-reputation-abuse
This has only gotten worse with AI search, which preferentially draws from spam sites to produce decontextualized, highly confident recommendations for substandard, overpriced junk, at the expense of recommendations for good products:
https://pluralistic.net/2025/07/15/inhuman-gigapede/#coprophagic-ai
It's not like Google doesn't have the ability to sort the good from the bad. Kagi.com is a $10/month paid search engine whose results are vastly superior to Google's. But Kagi doesn't have its own search index: instead, they rent access to Google's index, but apply their own (much smaller and less resourced) team's algorithm to rank the results for your queries. In other words, Google could deliver good search results, they just choose not to:
https://pluralistic.net/2024/04/04/teach-me-how-to-shruggie/#kagi
Gresham's Law holds that "bad money drives out good." It refers to a counterfeit coin crisis in Tudor England, where people preferentially spent counterfeit money in order to make it someone else's problem; meanwhile, everyone hoarded their good coins. Soon, virtually all the money in circulation was bogus.
By downranking quality material in favor of low-effort spam, Google set up a web-wide version of Gresham's Law, where bad webpages drive out good ones, and since so many of those webpages contain product recommendations, they're greshaming the world of real products, too, so the bad is driving out the good there, too.
This is the problem that Gemini search summaries solve: in its role as the web's most important gatekeeper, Google remade it as an ad-festooned cesspit of garbage text and cynical shovelware sites. Now Google proposes to wipe out the publishers whose content they stripmined by breaking the web's bargain: that search engines are symbiotic with publishers. Google has turned fully parasitic, sucking the last drops of juice out of the open web before discarding its husk.

Om Malik, 1966-2026 https://om.co/2026/06/24/1966-2026/
Why Carbon Capture Can’t Conceivably Solve Climate Change https://projects.propublica.org/why-carbon-capture-cant-solve-climate-change/
The KIDS Act Would Require Age Checks To Get Online https://www.eff.org/deeplinks/2026/06/kids-act-would-require-age-checks-get-online
AI Implementation Bingo Card Generator https://www.workersdecide.tech/bingo/
#25yrsago Appeals court strikes down Microsoft antitrust ruling https://www.nytimes.com/2001/06/28/business/us-appeals-court-overturns-microsoft-antitrust-ruling.html
#25yrsago Ted Chiang's 72 Letters https://web.archive.org/web/20010720192340/http://www.tor.com/72ltrs.html
#25yrsago Concept handheld devices https://web.archive.org/web/20010620115437/https://www.infosync.no/en/news/n/419.asp
#25yrsago Analyzing Microsoft's successful antitrust appeal https://web.archive.org/web/20010703085656/https://www.salon.com/tech/feature/2001/06/28/appeals_reaction/index.html
#20yrsago Bengali science fiction of the 1880s https://www.lehigh.edu/~amsp/2006/05/early-bengali-science-fiction.html
#20yrsago Vernor Vinge on computers, freedom and privacy https://www.theguardian.com/technology/2006/jun/29/guardianweeklytechnologysection5
#20yrsago Scammer convinced to carve replica Commodore 64 https://www.419eater.com/html/john_boko.php
#20yrsago Jim Baen, sf publisher, has passed away https://web.archive.org/web/20060703024337/http://david-drake.com/baen.html
#15yrsago YouTube listens to fraudulent NyanCat takedown notice, drags heels on put-back from creator https://web.archive.org/web/20110628132607/http://www.prguitarman.com/index.php?id=369
#15yrsago Wyoming’s corporation mills manufacture privileged artificial “people” to order https://www.reuters.com/article/2011/06/28/us-usa-shell-companies-idUSTRE75R20Z20110628/
#15yrsago Publishing in the Internet era: connecting audiences and works https://www.theguardian.com/technology/2011/jun/30/publishers-internet-changing-role?utm_source=twitterfeed&utm_medium=twitter
#15yrsago Why writers should have their own domains https://whatever.scalzi.com/2011/06/29/mastering-ones-own-domain-an-no-this-is-not-a-seinfeld-reference/
#15yrsago Copyright troll’s biggest fan commits terminal irony https://www.eff.org/deeplinks/2011/06/righthaven-cheerleader-wanted-irony-police
#10yrsago Mississippi state rep tells distraught mom to buy kid’s lifesaving meds ‘with money she earns’ https://www.sunherald.com/news/local/counties/jackson-county/article86416087.html
#10yrsago Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet https://arstechnica.com/information-technology/2016/06/large-botnet-of-cctv-devices-knock-the-snot-out-of-jewelry-website/
#10yrsago Gun-waving cop who attacked black teenaged girl in her bathing suit faces no charges https://web.archive.org/web/20160624103549/http://dfw.cbslocal.com/2016/06/23/grand-jury-no-bills-former-mckinney-pool-party-cop/
#10yrsago The Olympics are profitable for every host city (that lies about the numbers) https://timharford.com/2016/06/how-do-you-make-the-olympics-pay-fudge-the-figures/
#10yrsago Healthcare workers prioritize helping people over information security (disaster ensues) https://www.cs.dartmouth.edu/~sws/pubs/ksbk15-draft.pdf
#10yrsago Fansmitter: malware that exfiltrates data from airgapped computers by varying the sound of their fans https://www.youtube.com/watch?v=3GCHCVpndaM
#10yrsago Labour’s knives come out for Corbyn, but he’s guaranteed a spot on the ballot https://www.politico.eu/article/inside-account-of-labour-mps-attacks-on-jeremy-corbyn-shadow-cabinet-resignations-brexit/
#10yrsago Hope Larson’s “Compass South”: swashbuckling YA graphic novel https://memex.craphound.com/2016/06/28/hope-larsons-compass-south-swashbuckling-ya-graphic-novel/
#10yrsago How to Break Open the Web: a report on the first Decentralized Web Summit https://www.fastcompany.com/3061357/the-web-decentralized-distributed-open
#10yrsago Californians will get to vote on legal recreational weed https://web.archive.org/web/20160629130245/http://abcnews.go.com/US/wireStory/voters-decide-legalize-recreational-marijuana-40206739
#10yrsago Bernie Sanders on Brexit: urgent lessons for the Democrats https://www.nytimes.com/2016/06/29/opinion/campaign-stops/bernie-sanders-democrats-need-to-wake-up.html
#10yrsago Electoral fraud: Trump sends fundraiser emails to foreign politicians https://www.cnet.com/culture/trump-spams-foreign-politicians-with-fundraising-emails/#ftag=CAD590a51e
#10yrsago The Perdition Score: Sandman Slim vs the One Percent https://memex.craphound.com/2016/06/29/the-perdition-score-sandman-slim-vs-the-one-percent/
#5yrsago Intuit sabotages the Child Tax Credit https://pluralistic.net/2021/06/29/three-times-is-enemy-action/#ctc
#5yrsago SCOTUS to wrongfully accused terrorists: "drop dead" https://pluralistic.net/2021/06/29/three-times-is-enemy-action/#transunion
#5yrsago Lazy Congress only schedules 9 days' work this summer https://pluralistic.net/2021/06/28/dubious-quant-residue/#back-to-work-you
#1yrago Antitrust defies politics' law of gravity https://pluralistic.net/2025/06/28/mamdani/#trustbusting

Edinburgh International Book Festival with Jimmy Wales, Aug
17
https://www.edbookfest.co.uk/events/the-front-list-cory-doctorow-and-jimmy-wales
Sydney: The Festival of Dangerous Ideas, Aug 23-24
https://festivalofdangerousideas.com/cory-doctorow/
Melbourne: Enshittification at the Wheeler Centre, Aug 25
https://www.wheelercentre.com/events-tickets/season-2026/cory-doctorow-enshittification
Brighton: The Reverse Centaur's Guide to Life After AI with
Carole Cadwalladr (Brighton Dome), Sep 8
https://brightondome.org/whats-on/LSC-cory-doctorow-the-reverse-centaurs-guide-to-life-after-ai/
London: The Reverse Centaur's Guide to Life After AI with Riley
Quinn (Foyle's Picadilly), Sep 9
https://www.foyles.co.uk/events/enshittification-cory-doctorow-riley-quinn
South Bend: An Evening With Cory Doctorow (Notre Dame), Oct
6
https://franco.nd.edu/events/2026/10/06/an-evening-with-cory-doctorow/
A.I. Enshittifies Everything (Slate)
https://slate.com/podcasts/what-next-tbd/2026/06/cory-doctorow-thinks-a-i-is-overvalued-and-overrated-and-still-a-threat
A World That Just Might Work
https://aworldthatjustmightwork.com/2026/06/cory-doctorow-ai-use-it-dont-buy-the-hype-dont-feed-the-bubble/
"How to Think About AI" (Democracy Now!)
https://www.youtube.com/watch?v=OBUzl_IaWIw
The Data Centers Are Coming (ILSR)
https://ilsr.org/articles/the-data-centers-are-coming-ep-6-closing-arguments/
"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to
Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, April 20, 2027
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027
Today's top sources:
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. Fourth draft completed. Submitted to editor.

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Bluesky (no ads, possible tracking and data-collection):
https://bsky.app/profile/doctorow.pluralistic.net
Medium (no ads, paywalled):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
What You Bring to AI Determines the Result [Radar]
Harper Carroll came to AI education through a CS background at Stanford, machine learning engineering at Meta, and a brief stint at a small GPU compute startup in late 2023, where she noticed that almost no one understood how to fine-tune open source models. She started writing and teaching to help drive signups for the startup’s platform. Her first guide, posted right after Mistral 7B was released, when she had about 50 followers, got 50,000 views. In March 2024, a video explaining the difference between AI and machine learning got 5 million views, with 1 in 20 viewers following her afterward. She now has more than 500,000 followers across multiple platforms and is a full-time AI educator.
We covered fine-tuning versus prompting, what it actually means to learn to code in 2025, and what the AI field gets wrong when it talks to the public.
We started with Harper’s own AI learning journey, and it contained a wonderful insight. She grew up loving math and came to computer science at Stanford because algorithms seemed like wonderful math puzzles. Eventually she realized that AI is “understand[ing] the world around us with math.” Text-based LLMs are only one branch. The field as a whole is “the math of the world.” That seems like a deep intuition that all of us need to internalize.
A study that circulated last year found that people who used AI to write essays showed reduced brain activity compared to people who write unaided. The reaction in many quarters was alarm. People said, “We’re outsourcing cognition and our brains will atrophy.” Harper’s smart response was that those users must have given the AI a one-sentence prompt and accepted whatever came back.
As she put it, that’s the equivalent of just telling Alexa to order you the most popular book this week. Of course less brain activity is being measured! Contrast that with the difference between shopping for a book by browsing and searching at Amazon versus driving to a physical bookstore. There’s certainly a difference, but it isn’t outsourcing cognition. It’s saving time, and that time might well be spent on other demanding cognitive tasks.
My framing is that AI is a medium, the way language is a medium, or photography. Anyone can take a photograph or write a book. The words available to every writer are the same; what differs is what they do with them, just as some photographers do something with it that others can’t. The same is true of software. There’s a line in Aaron Sorkin’s movie The Social Network where the Zuckerberg character says about the Winklevosses, “If you guys were the inventors of Facebook, you’d have invented Facebook.” An idea and its execution aren’t the same thing. One person gives AI a prompt and the output is bad. Another builds a process around AI and the output is great. What you bring to the medium is what determines the result. Harper agreed.
I’ve been trying to figure out how we can use AI for writing and editing at O’Reilly. We want skills and workflows that accelerate our productivity but don’t produce copy that reads as whatever the base model sounds like when nobody’s putting in any effort.
Takeaway posts like this one are a great use case for AI-assisted writing. As source material we have a transcript, with the actual conversation between the participants (or in the case of one of our online conferences, their presentations). We want a structured summary that captures the high points and suggests possible clips for social media. I (or whomever is using this AI-assisted workflow) can then rewrite, rearrange, elaborate, or delete from that first draft. It might not be as good as a draft written from scratch, but quite frankly, it’s far better than the alternative, which is no summary at all. I just don’t have time to write them all unaided.
When I’m writing an article, I generate a similar “transcript” by recording myself talking about the ideas I’m wrestling with and trying to put into the world. Then I ask Claude to put it together into something a bit more structured.
I’ve been improving Claude’s ability to produce prose that we can use by rewriting its output, showing it the differences, and then asking it to construct a skill that captures what it’s learned. Over time, it’s gotten closer and closer to something that I’m comfortable with, and I’m now generalizing that into a system that learns any author’s voice, respects the various conventions of the target content type (which can be very different across books, articles and blog posts, social media, and marketing materials like back cover copy and course descriptions), and applies editing suggestions from my favorite books on good writing, including Strunk and White and On Writing Well by William Zinsser.
Harper attacked the same problem from a different angle. She built a dataset of roughly 1,000 of her Instagram captions, video transcripts, and X posts, then fed them to Claude as context and asked it to write in her style. Unfortunately, the output tested 100% AI by a detection tool, even with 1,000 examples of her real voice in the prompt. She then fine-tuned an open source Llama model on the same data. The fine-tuned output tested 100% human. She gave a compelling demo at South by Southwest showing how easy this is to do. It took her about 20 minutes.
After Harper said that prompting doesn’t shift the output distribution the way fine-tuning does, I told her the story about the French writer Marcel Proust that I first used in my conversation with Steve Wilson, which I picked up from Alain de Botton’s How Proust Can Change Your Life. A friend comes to visit the bedridden Proust, and making polite conversation begins to tell him about the train trip to Paris. “More slowly,” Proust replies. This cycle repeats several times until the friend is telling him small details like the old man feeding pigeons on the steps of the station.
Harper got it, and broke it down more slowly in her inimitable way. Here’s why in-context prompting fails where fine-tuning succeeds:
Basically AI models are these massive mathematical equations, and the parameters are variables when you’re training, and then they become constants in those equations when you’re running inference . . .So what you’re doing when you’re training the model is you’re learning how to map, by adjusting those constants when they’re variables during training,. . .input to desired output.
Once the model is deployed, the probability distribution over output tokens is fixed. You can put 1,000 examples in a prompt and ask the model to pattern-match, but you’re asking it to do that with frozen weights. The surface behavior bends a little, but the underlying distribution doesn’t shift. Fine-tuning lets you actually modify the weights and how the model wants to write.
Her suggested approach for building the training dataset is to take your own writing, have AI rewrite it with its characteristic tics, then train with the AI version as input and your original as the target output. You’re teaching the model to undo the tells.
We also spent time on the inevitable question of whether people should still learn to code. We both agree they should, but not necessarily like they used to, by learning the detailed syntax of a programming language, then by trial and error as they painfully learn how hard it is to get the desired behavior.
Harper’s take (which I also agree with) is that vibe coding has lowered the floor. People who could never afford to hire someone to build a product can now do so themselves. But it has also raised the ceiling, because people who actually understand systems can build vastly more sophisticated things with the same tools, which takes us back to the case for AI as a medium.
Perhaps more importantly to the question of how much coding you should learn, experienced developers will also see failure modes that pure vibe coders miss. Harper gave an example that came from watching a friend using an agent tool that had, at some point, started storing its data in a Word document and using it as a makeshift database, probably because the session started with a Word doc. It was extremely slow and extremely inefficient. An engineer sees the problem immediately. A vibe coder might run that system for months before noticing something is wrong.
So yes, you should learn enough about coding to understand what’s happening. The art of teaching programming to the next generation will be developing useful projects that also highlight underlying concepts of software architecture and engineering.
Silicon Valley runs heavily on logic and on the idea that good decisions come from better data, more rigorous analysis, and sharper models. In this environment, intuition can get dismissed as something “soft and fuzzy,” Harper noted. And that’s the wrong mindset for AI.
AI is getting better and better at exactly the things the logical axis does well, but intuition remains a challenge because it often contradicts what the data says. Good intuition “goes against the input,” to use Harper’s phrase. A model that’s been trained to recognize patterns in data will, almost by definition, struggle with making decisions that run counter to those patterns. Just as skills-informed judgment supercharges AI-assisted engineers, intuition could be a uniquely human skill for a long time. Elevating it as a concern might bring the industry more of an attitude of humility towards ourselves and our place in the world.
I closed by asking Harper what the AI field most consistently gets wrong in how it talks to the public. She said that too much of the public-facing discourse leads with fear, of job displacement, of rapidly approaching AGI, and of a rocky transition that requires a universal basic income to cushion the blow. She’s not calling those impossible futures, but she thinks they’re the wrong introduction to the technology.
A lot of companies are using AI to ask how to do the same things at lower cost. The better question is how to raise ambitions. AI doesn’t just scale individual capabilities. It scales what organizations can attempt. But for it to work out that way, everybody has to actually learn AI. We can’t have AI haves and have-nots. That means lower-cost models, serious open source investment, and companies that don’t just become serfs to the major platforms.
Harper has been making this point for a while, to audiences ranging from engineers to people who’ve never written a line of code. “There is not really much to fear right now,” she says. “AI is this incredible productivity tool.” The people who will struggle, in her view, are the ones who refuse to engage with it at all.
At O’Reilly, we’ve been working on a version of the same narrative at an organizational level. The fear-first narrative produces avoidance, and avoidance is the one thing that will actually leave someone behind. So we’re building a corporate AI transformation practice that starts with people’s existing jobs, and figures out how to “mix in” AI to make them more impactful. We’re learning how to teach both the humans and the agents at the same time to make them more productive together.
On July 9, I’ll be speaking with Trail of Bits cofounder and CEO Dan Guido about the playbook his company used to go AI native, which he first outlined at this year’s [un]prompted. He’ll give a version of the same talk, then take about 40 minutes of audience questions on what worked, what didn’t, and what is still unsolved. I hope you join us to find out what’s changed since [un]prompted and where the playbook is heading next. Register here; it’s free and open to all.
[$] The rest of the 7.2 merge window [LWN.net]
Linus Torvalds released 7.2-rc1 and closed the 7.2 merge window on June 28; by that time, 13,412 non-merge commits had found their way into the mainline. That makes this the busiest merge window since the 6.7 development cycle in 2024 (15,418 commits, including 2,800 for the entire bcachefs development history). Just under half of those commits arrived after LWN's summary of the first half of the merge window was written. As usual, the commits in the latter part of the merge window were more heavily focused on fixes, but there were still a lot of new features and significant changes merged as well.
Factoring RSA Keys with Many Zeros [Schneier on Security]
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild.
The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of real-world keys from public sources, including Certificate Transparency logs, internet-wide TLS and SSH scans, PGP keys, and many others. By searching this dataset for unexpectedly sparse RSA moduli, we uncovered a large number of keys in the wild with the patterns in Figure 1.
Both patterns include several regularly spaced blocks of all zeros interleaved with seemingly random data. Pattern 1 appears in CT logs for certificates issued to several large organizations, including Yahoo and Verizon, and on some devices running NetApp software. Fortunately, these certificates have already expired, but we still shared our findings with these companies. We wanted to learn more about which product could be responsible for generating these keys, but we did not hear back. Pattern 2 appears on SSH hosts running the CompleteFTP software from EnterpriseDT. The underlying vulnerability affects RSA keys generated using versions 10.0.012.0.0 (Dec 2016Mar 2019) and DSA keys generated with v10.0.023.0.4 (Dec 2016Dec 2023).
These vulnerabilities affect a small minority of hosts on the internet, but the more interesting takeaway is that independent cryptographic implementations failed in similar ways. More implementations may include the same bugs, and so it’s worth tailoring cryptanalytic algorithms for this particular type of failure.
The article doesn’t speculate, but I will. This could be a deliberately designed backdoor, of the sort I wrote about back in 2013. I could imagine some government agency figuring out how to break this class of RSA keys, and then convincing different providers to hand them out to users.
BTW, I was just contacted by a developer who's implementing
all the protocols I mentioned yesterday. And I
should mention that Manton
Reece, developer of micro.blog and a longtime friend, going
back to the Frontier days on the Mac, has inbound and outbound RSS
and he covers every freaking API out there, he's a monster. And I
said yesterday he doesn't get enough credit for what he's
contributed. We're aiming for interop instead of chasing the silos.
And it's fine to chase silos if you're into it, I was done with
that in
2017. We're going to make it work the way it would work if we
weren't trying to lock anyone in, quite the opposite, I want
people to use Manton's product. I'm not being commercial here. I'm
trying to get the web back on the path it should have been on all
along. If I make some money that's cool, if not that's okay too.
BTW, this all-together will be the
Two-Way Web, specifically Two-Way RSS. And of course textcasting. Don't forget that. It's
a rule, textcasting everywhere conceivable.
I've never given a commencement speech, but if I did, I'd run through my mottos and explain what they mean and who I stole them from, and how they are a distillation of what I've learned in life. The one I'd mention first, which isn't even on the freaking list, is this one -- "People don't listen to friends, they listen to competitors." What that means is if you want someone to add a feature, you have to do two things. Implement their whole product. Add the things you want them to add. And win. If you don't win it doesn't matter how good your idea is. This is the hoop you have to jump through to get them to listen to your idea. Knowing this, I have tried to listen even when I don't feel like a friend is competing. Ideas from people who know your product, no matter how they got it, are people who can help. This was one of the values of a core part of Apple in the early-mid 80s, and I owe my success in tech to them, because the ideas they gave me put us over the top. Jean-Louis Gassée and Guy Kawasaki. I don't think they ever competed with me. Another thing I like about them. ;-)
It's remarkable that some people fondly miss Googles RSS reader app, already gone for over a decade. Remarkable because they captured the market, wiped out all competition (they deserved it, the products were awful) and then shut their own product down, leaving a toxic karmic bomb crater in its place.
Only steal from the best [Scripting News]
As a writer I've stolen lots of ideas. All writers do it. How do you think we get our ideas.
Which is why it's so weird that they object to having their ideas stolen en masse.
We go through this regularly, basically you make a living doing something, and you aren't paid enough.
So every subject in every context arrives at the same place. Why aren't they paying me. I must be paid.
It is a permanent obsession with writers.
I try to be honest and admit that I steal from other writers, but I only steal from the best! :-)
[$] Xsnow "protestware" in Debian [LWN.net]
The xsnow application, which generates an animated snowfall effect (and other pleasant diversions) for X11 desktops, does not seem like an obvious channel for political statements. Nevertheless, xsnow's maintainer seems to have included a political protest in the program: an Easter egg that is triggered when the program's language is set to Russia ("ru"). One user has complained that this functionality should be removed from the Debian xsnow package, but Debian does not seem to have any rules that forbid such a feature outright.
Mageia 10 has been released with the 6.18 Linux kernel, DNF 5.4.0, RPM 4.20.1, and an increase in hardware requirements for x86 32-bit systems; users now need a CPU with SSE2 features. See the release notes for a full list of updates, and the errata page for known problems.
Open source maintainership in the age of AI (Kubernetes blog) [LWN.net]
The Kubernetes project has published a blog post explaining its AI policy:
The main problem is that AI has made generating code fast but there has been very little improvement in maintaining code bases. In this post, we will highlight the ways the Kubernetes community is adapting to the world of AI assisted coding.
The first step of this journey was to develop an AI policy. This seems mundane and bureaucratic but there were many PRs that derailed into discussions around AI usage. The AI policy helps steer the conversation around the project's stance on AI and provides a clear signal to contributors on how to use these tools responsibly.
Of note, the project requires disclosure when AI tools have been used to assist in the creation of a contribution but forbids the use of listing AI as a co-author or including "assisted-by" or "co-developed" trailers to attribute work to an LLM tool.
Security updates for Monday [LWN.net]
Security updates have been issued by AlmaLinux (containernetworking-plugins, golang, kernel, libpng, libpng15, nginx, opencryptoki, perl-IO-Compress, thunderbird, and tigervnc), Debian (chromium, gdcm, incus, libhtml-parser-perl, lxd, openvpn, tor, and xorg-server), Fedora (chromium, docker-buildkit, docker-buildx, dotnet10.0, dotnet8.0, dotnet9.0, krita, ldns, libssh2, liferea, lighttpd, mariadb10.11, mariadb11.8, moby-engine, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, openbao, pacemaker, pgadmin4, podman-tui, prometheus-podman-exporter, python-jupyter-server, python-mistune, python-postorius, python-pydantic-settings, python3-docs, python3.14, thunderbird, tigervnc, tinyproxy, and util-linux), Mageia (krb5), Oracle (.NET 10.0, .NET 8.0, .NET 9.0, bind, dracut, fence-agents, firefox, frr, frr10, glib2, glibc, gnutls, golang, kernel, libpng, libpng15, libreoffice, libxml2, libxslt, mod_http2, mysql:8.4, nginx:1.26, openssl, php:8.3, podman, postgresql-jdbc, python3.14, redis, rsync, thunderbird, tomcat, valkey, and vim), Red Hat (osbuild-composer), and SUSE (agama-web-ui, asn1c, assimp, assimp-devel, aws-iam-authenticator, calibre, clamav, corepack24, dovecot22, exiv2, frr, giflib, glances-common, google-osconfig-agent, GraphicsMagick, gvim, haproxy, hydra, ImageMagick, jupyter-nbclassic, kernel, libsoup, libsoup2, libssh2-1, nano, NetworkManager-applet-openvpn, nodejs22, openbabel, opensc, openssl-3, pacemaker, python, python-base, python-doc, python311-pdm, python311-py7zr, python311-pypdf, python36, tar, trivy, util-linux, xen, and xtrabackup).
Claude Code is a Dave-amplifier.
Just had a great idea for the Democratic Party. It's time to review past governing decisions made by Democrats that resulted in the collapse of democracy in the US in 2025-26. Can't do anything about the Repubs, but we sure as hell can whip the Dems into shape. My first contribution, Obama should have installed his Supreme Court choice after waiting three months for the Senate to advise and consent. If the Repubs can invent a new practice so can the Dems. That would make the Supreme Court a lot more funcitonal now, just that one thing. Democrats must not be so freaking afraid of stirring things up. We would have all respected that, esp the Repubs. This would be an incredible campaign process, would allow us to say that this is what the Democrats, going forward, will always/never do.
Of course I read Josh Marshall's piece about the end of the open net. Now let's go back to when it started and do it again, using everything we learned, try not to make the same mistakes. Josh was there, pretty sure he was at the first BloggerCon.
I noted a few weeks ago that Markdown has a format for outlines.
The following article originally appeared on Angie Jones’s LinkedIn page and is being republished here with the author’s permission.
I’m fascinated by the concept of agent memory. LLMs are stateless by design, meaning they have no memory or awareness of past interactions. Each prompt you send to an LLM is treated as a completely isolated event.
When you have a continuous chat with an AI agent, it feels like the AI remembers previous messages. However, the interface itself is faking it. Behind the scenes, your agent takes the entire conversation history and resends all of it to the LLM as one giant, combined prompt.
Companies, researchers, and even indie devs are all trying to crack agent memory. Because once an agent can remember, the entire interaction changes. It can build on what it learned, adapt to the user, resume work after a restart, and develop a sense of continuity.
Recently, I spent time with Richmond Alake, who has been in the trenches working on agent memory at Oracle.
Richmond Alake, the agent memory guru
We talked about the different kinds of memory, why memory is harder than it sounds, and what it takes to build a memory system that is actually useful in production.
That conversation made something very clear to me. When people say, “agent memory,” they often mean very different things.
So let’s unpack the various types of memory.
Conversational memory is the one most people think of first. It stores the messages exchanged between the user and the assistant.
This makes sense. If I ask, “What did I say was the ultimate goal of this task?” the agent needs access to the conversation in order to answer. Without that history, every turn starts from zero.
But this is also where many memory systems go wrong.
The most common first attempt is to keep appending prior messages to the prompt. For example:
User: I’m building a customer support agent.
Assistant: Great, what should it do?
User: It should look up past tickets and draft replies.
Assistant: Got it.
User: Also, I prefer Python and FastAPI.
Then on the next call, we send all of that back to the model along with the new question.
This works for a short conversation, but the agent only “remembers” because we keep reminding it. This is not really memory engineering.
Eventually, the conversation gets too long and the model receives a giant blob of context where some details are important, some are stale, and some are completely irrelevant. The agent may technically have the information, but that doesn’t mean it can use it well.
So yes, conversation history is a valid and important type of memory. But it shouldn’t be the whole memory strategy. Real agent memory requires deciding what should be stored, where it should be stored, how it should be retrieved, and when it should be summarized, forgotten, or compressed.
Semantic memory stores durable facts.
These are things that should outlive the exact conversation where they were learned:
This is different from conversational memory because the exact wording and sequence are less important. What matters is the meaning.
If the agent needs to recall what stack the user is using, it should retrieve the memory even if the user never says those exact words again.
Vector search is useful for this. The memory can be embedded and retrieved by semantic similarity.
The benefit is that the agent doesn’t need to replay the full conversation. It can retrieve the few durable facts that are relevant to the current request.
Episodic memory stores events.
This is the “what happened” layer of memory:
Episodic memory is especially useful for debugging, auditing, and long-running workflows.
For example, if an agent makes a decision, I may want to know what happened right before that decision (e.g., What tools did it call? What data did it retrieve?).
This type of memory often benefits from structured storage.
For example:
Find all failed tool calls from the mortgage approval workflow in the last 24 hours.
That is a database query problem, not just a vector search problem.
Procedural memory is about how to do things.
For example:
This is the kind of memory that helps an agent improve its process. That’s powerful because agents are often asked to operate in messy real-world environments. With procedural memory, it can reuse proven approaches.
The value extends beyond just knowing things to actually knowing how to proceed.
Entity memory stores facts about specific people, accounts, projects, systems, tickets, or objects.
For example:
Entity memory matters because many agent tasks are scoped around a particular thing.
If I ask, “What do we know about Acme Corp?” I don’t want every memory in the system. I want memories attached to that customer.
This is also where memory safety becomes important.
Agents should not accidentally mix memories between users, customers, or projects. A memory system needs strong scoping so one user’s context does not leak into another user’s response.
Working memory is the short-term scratchpad for the current task.
This is where the agent keeps temporary information while reasoning through a problem.
Working memory is usually not meant to last forever. It’s useful during the task, but it may not deserve to become durable memory.
If an agent stores every temporary thought as long-term memory, the memory store gets noisy very quickly. The agent may later retrieve half-baked assumptions as if they were facts, which is dangerous.
Not everything the agent observes or thinks should be remembered permanently.
Summary memory is one many agent users are familiar with. It deals with the problem of context windows being limited.
Even with large context models, you can’t keep appending forever. At some point, you need to compress.
Summary memory stores a compact version of a longer thread or context window. The original details can still live in the thread, but the prompt gets a smaller representation.
For example, instead of sending 80 turns of conversation, the agent might send:
The user is building a SaaS customer support agent. They prefer Python and FastAPI, deploy on OCI, and want the agent to retrieve past tickets before drafting replies. They are currently evaluating memory strategies for production usage.
At first, memory sounds straightforward: store things, retrieve them later.
But the hard part is judgment, not storage.
What should be remembered? If the user says, “I usually prefer Python,” that’s probably worth remembering. If they say, “Let’s try Python for this one experiment,” maybe not. The agent needs to distinguish durable details from temporary context.
When should memory be updated? People change their minds, and systems and requirements change. If a user used to prefer FastAPI but now works mostly in Java, should the old memory be deleted, overwritten, or kept with a timestamp? A memory system needs a correction strategy.
How much memory should be retrieved? Retrieving too little means the agent misses important context. Retrieving too much means the prompt becomes noisy. This balance matters as more context isn’t always better.
How do we prevent memory leaks? If memories are shared across users, agents, or tenants, scoping is critical. The agent should only retrieve memories it’s allowed to use. This is especially important in enterprise systems where agents may operate across many customers, teams, or workflows.
How do we know whether memory helped? Memory should improve the agent’s behavior. It should reduce repeated questions, improve continuity, lower token usage, and help the agent produce more relevant responses. If memory just adds complexity without improving outcomes, it isn’t doing its job.
Richmond was gracious enough to share how Oracle is tackling this with the Oracle AI Agent Memory Package (OAMP), built on top of Oracle AI Database 26ai.
Yes, an AI database! Think of it as a database that can store and query the kinds of data AI applications need, not just rows and columns. That includes embeddings and JSON documents along with text search and regular SQL. These live together in the database, so an agent does not have to bounce between separate systems just to gather context.
The idea is to make Oracle AI Database the memory core for agents. Instead of stitching together a vector database, a relational database, a document store, and custom thread management, OAMP provides agent-friendly memory primitives on top of a database that already supports multiple data access patterns.
At a high level, OAMP gives you:
This matters because, again, agent memory is not only a vector search problem. Some memory needs semantic retrieval. Some need ordered reads or exact SQL filtering. A database-backed memory system gives you room to support all of those patterns.
Here’s a small example of what that looks like in code:
from oracleagentmemory.core import OracleAgentMemory
from oracleagentmemory.core.llms import Llm
client = OracleAgentMemory(
connection=connection,
embedder="text-embedding-3-small",
llm=Llm("gpt-5.5"),
extract_memories=True,
schema_policy="create_if_necessary",
)
client.add_user(
"angie",
"Developer exploring agent memory patterns."
)
client.add_agent(
"memory-demo-agent",
"Assistant that demonstrates Oracle AI Agent Memory."
)
client.add_memory(
"Angie is fascinated by agent memory and prefers practical examples over abstract explanations.",
user_id="angie",
agent_id="memory-demo-agent",
)
There are a few important ideas packed into this snippet.
The OracleAgentMemory client is the
bridge between the agent application and Oracle AI Database. The
database connection tells OAMP where memory lives. The embedder
tells it how to turn memory text into vectors for semantic
retrieval. The LLM enables automatic memory extraction and summary
generation. And schema_policy="create_if_necessary"
lets OAMP manage the underlying memory schema instead of making
every application reinvent it.
The user and agent registration may look like simple setup code, but it’s actually part of the memory model. Memories need ownership. In a real system, you don’t want one user’s preferences showing up in another user’s session, and you don’t want memories written by one agent casually mixed with another agent’s context. The user ID and agent ID give the memory layer a way to scope what gets stored and retrieved.
The add_memory() call
stores a durable fact. This is a piece of information the agent may
need later, even if the exact conversation has moved on.
Given this, we can now recall memories.
results = client.search(
"how should I explain this topic to Angie?",
user_id="angie",
max_results=3,
)
This search() call shows
the part that makes semantic memory useful. The query doesn’t
have to match the stored sentence exactly. We stored that I prefer
practical examples, but we searched for how to explain something to
me. Those are different words but related in meaning. That’s
the point.
Durable memories are only part of the picture. Agents also need conversation continuity.
With OAMP, a thread can represent a real work session, such as an agent helping investigate a production issue:
from oracleagentmemory.apis.thread import Message
thread = client.create_thread(
user_id="angie",
agent_id="support-triage-agent",
)
thread.add_messages([
Message(
role="user",
content="Customer Acme Corp is seeing intermittent checkout failures after the latest deployment.",
),
Message(
role="assistant",
content="I'll check recent deployment notes, related incidents, and payment service logs.",
),
Message(
role="user",
content="Focus on the payment gateway first. We saw similar timeout errors last quarter.",
),
])
This is much closer to how memory shows up in real agent applications. The useful context is not just that messages were exchanged. It’s that this thread is about Acme Corp, checkout failures, a recent deployment, the payment gateway, and a related incident from last quarter.
When it’s time to call the model, instead of passing the entire raw thread, you can ask for a context card:
card = thread.get_context_card()
The context card gives the agent a compact block of relevant memory to use in the next prompt.
Conceptually, the prompt becomes:
System: You are a helpful assistant. Use the provided memory context.
Memory context: [context card]
User: What did we decide earlier?
This is a much cleaner pattern than appending every message forever.
OAMP can also extract memories from conversation.
For example, if the user says:
I prefer Python over TypeScript for backend work. I usually deploy FastAPI apps on OCI behind an API gateway.
The memory system can extract durable facts such as:
The user prefers Python over TypeScript for backend work.
The user deploys FastAPI applications on Oracle Cloud Infrastructure behind an API gateway.
That means the application does not
have to manually call add_memory() for every useful
fact.
A smart thread can be configured like this:
thread = client.create_thread(
user_id="angie",
agent_id="memory-demo-agent",
memory_extraction_frequency=2,
memory_extraction_window=4,
enable_context_summary=True,
context_summary_update_frequency=2,
)
This tells the system to periodically inspect recent messages, extract durable memories, and maintain a running summary.
Here is where agent memory starts to feel more like a living part of the agent architecture vs just a data structure.
One of the most interesting examples Richmond and I discussed was using memory to teach an agent about a database.
Imagine an enterprise data agent that needs to answer questions about a schema it has never seen before. Instead of fine-tuning a model, the agent can scan the database catalog and store what it learns as memory.
It might inspect:
Then it can convert those technical details into natural-language memories.
For example:
Table SUPPLYCHAIN.VESSELS stores individual ships owned or operated by carriers. It includes vessel identifiers, carrier relationships, and operational metadata.
Now when a user asks:
Where would I find information about ships and carriers?
The agent can retrieve the relevant schema memory by meaning.
This is a beautiful pattern because it avoids one of the common traps with agents expecting the model to already know your private system.
It doesn’t. And that’s okay.
You can teach it by turning your system’s metadata into memory.
The more I learn about agent memory, the more I believe this will be one of the defining pieces of agent architecture.
Tool calling lets agents act. Planning lets agents decide what to do. Memory lets agents build continuity.
With memory, we can start designing agents that feel less like one-off prompt responders and more like persistent collaborators.
Of course, this also raises the bar. Memory has to be scoped, auditable, correctable, and intentionally retrieved. Bad memory is worse than no memory. So the challenge is not simply giving agents memory but giving them the right memory architecture.
Oracle’s OAMP approach is one way to make that system concrete: users, agents, memories, threads, context cards, summaries, and database-backed retrieval.
And while the implementation details matter, the bigger idea is that if we want agents to be useful beyond a single prompt, they need a way to remember.
Not everything. But enough to carry context forward.
CodeSOD: Off the Path [The Daily WTF]
File path separators are a common pain point when writing cross
platform software. Of course, not every programming language has a
graceful API for handling that. For example, prior to C++ 17, you
had to do some #ifdef preprocessor magic to handle
that. Which people usually did (or they'd use the Boost suite of
libraries).
Code like this wouldn't be out of place or incorrect:
#if defined(WIN32) || defined(_WIN32)
#define PATH_SEPARATOR "\\"
#else
#define PATH_SEPARATOR "/"
#endif
Do I like it? No. But now I've got a pre-processor constant that I can use to assemble my paths in a way that will work across different file path conventions.
Of course, that's the "normal" solution. You could, if you wanted, to it completely wrong. That's what Xian's predecessor did.
#ifdef UNIX
filename += "/";
#else
filename += "\\";
#endif
filename += (*exSeq)[i].path;
#ifdef WIN32
ReplaceAll(filename, "/", "\\");
#else
ReplaceAll(filename, "\\", "/");
#endif
If we're compiling for unix, append a "/" to the filename. Otherwise, append a "\". Then we append a path out of an array. Then, if we're on Windows, find all the "/" in our filename and replace them with "\". Otherwise, find all the "\" in our filename and replace them with "/".
Instead of defining a constant and using it everywhere you need
to construct paths, this code was copy/pasted everywhere you needed
to append a path separator onto your string. Well, almost
everywhere. Clearly, we don't know that the contents of
(*exSeq)[i].path are correct for our target operating
system, hence we have to do the ReplaceAll call to
sanitize it. Why didn't we sanitize the portion we're appending
instead of the whole filename (which presumably is
already sanitized?)? A better question: is this running inside of a
loop? It looks like it is, based on the [i] array
access there.
Multiple developers have copy/pasted this code into multiple places. Not one of them gave a shot at refactoring it. And somehow, there are still code paths that output the wrong path separator sometimes, though at least modern Windows is forgiving about that.
Daniel Baumann: Debian: Linux Vulnerability Mitigation (PACKET_EDIT_MEME.c) [Planet Debian]
The Linux local root exploit of today’s news is PACKET_EDIT_MEME.c [CVE-2026-46331] which is also known as pedit COW.
This vulnerability has been fixed as of linux 7.1~rc7, but also fixed in trixies 6.12.94-1 as well as testing/unstable 7.0.13-1. If you run an older or different kernel you might want to mitigate the vulnerability until you can update and reboot affected systems.
The vulnerability can be mitigated by unloading and blocking the
act_pedit module, linux-vulnerability-mitigation
as of
20260629-1 (uploaded to sid, trixie-fastforward-backports
and people.debian.org/~daniel)
does that automatically for you.
Robot Police Officers [Schneier on Security]
We’ve taken one small step towards robot police officers: a drone capable of disarming a suspect:
In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered house. “After not responding to negotiators, a drone was deployed inside the residence,” the post says. “Drone pilots located the suspect hiding in a corner of a garage” and then used a high-powered magnet attached to the drone to grab the knife out of the suspect’s hand. In the video which is soundtracked by the “Mission: Impossible” theme song—the intercepted knife can be seen spinning around in the air as the drone carries it back to the deputies.
Slashdot thread.
Grrl Power #1473 – Feed the meter [Grrl Power]
In a comic book, this is one of those pages you register, but basically flip right past. It’s transition, but I didn’t have time to make the previous page and this one a double, so here we are.
You know, Maxima could claim that she can fly at 1,250 light years a second. (I think I said the UCBA was around 5,000 light years from Earth, but I can’t find the comic where I put a number to it.) It wouldn’t be… wrong. Depending on how you actually measure her path. From point A to point B is indeed 5,000 light years and she traveled that distance in 4 seconds. But she didn’t, because the Aetherium Causeway does bridge 4,999.9999999999999999999999999999 of those light years. It’s one of those fun statistics lies. You know, a pregnant woman has a 50% chance of having a boy. She gets pregnant again and has a 50% chance of having a boy, but also a 25% chance of having a second boy. It’s all in the wording. Max wouldn’t be lying if she said she flew 5,000 light years in 4 seconds. If someone wants to use that information to extrapolate her top speed, that’s on them.
Now, the fact that Maxima is wearing a hologram of herself over her bespoke space-latex holo-emitter-embedded catsuit does mean that Cora and crew have a very detailed scan of Maxima in order to project the Max-o-gram. During this scan, Max insisted the holo.hpg image be destroyed after the tournament, not wanting to tempt Cora to disguise herself as Max and, you know, rob a bank or intimidate a corrupt politician or anything of the sort. Of course Cora laughed it off, saying she’d never even consider such a thing. Then Max said, “And naturally you wouldn’t be tempted to cosplay as me during a MMFMM fivesome.”
And there was the tiniest delay before Cora waved her hand and said, “That… of course… never even crossed my mind.”
I’m not sure if Max can narrow her eyes and raise one eyebrow at the same time, that seems like the sort of thing you have to practice a bit so you don’t look like you’re at the start of some kind of weird facial tic, so instead Max just stared until Cora’s hard light elbows started sweating.
Granted, it wasn’t a nude scan, since there’s no chance Max would need a hologram of that. But it’s not like no one has ever holoshopped an .hpg file.
Now assuming access to holodecks is as common as smartphones and also aren’t regulated by a buttoned-up Starfleet, let’s discuss the ethics of holo-disguising yourself as your friends and acquaintances and then having sex with other friends and acquaintances. Obviously if the other party doesn’t know you’re disguised, that’s bad. If the person you’re disguising yourself as doesn’t know and hasn’t given consent, that’s also bad. Maybe a little less bad than the first example, but it’s sort of a lateral difference. But if you’re at an orgy and the holodeck changes everyone’s appearance at random and everyone knows what’s up and consent is in abundance, then… well, congratulations, you probably have a bunch of fairly attractive friends. Huh. I guess that was a pretty straightforward ethics discussion. But then, and ethics conundrum that starts with “everyone is on-board and is okay with it” isn’t the sort of hypothetical that keeps philosophers arguing into the wee hours at their salons.
But that does lead me to the most unrealistic episode across all of Star Trek. The TNG episode where Westley finds out the girl he’s dating is a shapeshifter, and he’s all “Ew, no.” Now, Star Trek isn’t hard Sci-Fi. It’s kind of a medium-soft sci-fi, and in its defense, anything set more than a few hundred years in the future kind of can’t be super hard sci-fi, because we just don’t know where the possibilities of science and technology can really take us. If anything, something set 1,000 years in the future with technology that more or less resembles what we have today is probably less realistic.
But a teenage boy finding out that his girlfriend is a shapeshifter and getting squicked out by it is FUCKING FANTASY. It’d be more like, “Can you turn into Starfire from Teen Titans? Can you turn into Ariel in both her mermaid and landmaid forms? Can you turn into Counselor Troi? Can you turn into…” etc.
Of course, those floodgates probably only opens up after the
shapeshifter gets past the conversation that goes, “I
appreciate the “you’re all I want,” sentiment,
but honestly, it’s okay to ask me to turn into other girls
from our class. Or the volleyball coach. Or that one singer we both
like.”
“Really?”
“Sure. In fact, as a shapeshifter, it would actually be
racist of you to not ask me to turn into other girls while
we make out.”
Final version is up, both at TWC and Patreon.
Sexy bodymod news lady Gail has a special one-on-one interview with Tournament Quarter finalist Saraviah Nightwing! And if you subscribe to Gail’s Space Patreon, (which, due to the vagaries of Earth and Gal-Net’s DNS servers, happens to be the same as the Grrl Power Patreon, go figure) you can see that same interview in the nude!
Double res version will be posted over at Patreon. Feel free to contribute as much as you like.
Backlist confusion [Seth's Blog]
The backlist are the products already in the marketplace. Built earlier, still sold. The frontlist is the new.
Restaurants have regulars (backlist) and new patrons. Broadway shows are attended by people who see three to ten shows a year, as well as folks going to their very first production. Supermarkets sell staples (like milk and bananas) as well as new products. Software companies, farmers, even rock stars have backlist items.
Today’s post is the frontlist of the blog, the other 10,000 posts are the backlist.
Two things are true, in a surprising juxtaposition:
That’s not a typo. Every viable publishing house loses money on the frontlist. They do it to build a backlist. to create a catalog that pays the bills over time.
The confusion starts with the name.
Let’s call it what it is. The foundation list is the backbone of the organization and the engine for sustainability and profits.
And the experimental list is just that. A chance to invest in things that aren’t sure to work (because no one knows anything for sure about the future), with a focus on adding to the foundation list.
Now that the confusion is cleared up, we can make smarter decisions about how to spend our time and invest our resources.
Make your experiments actual experiments.
Devote time and money and focus to your foundation.
Improving your foundation always pays off. And being bold with your experimental list is easier once you call it an experiment.
Issue 46 – Greta’s Wedding – 14 [Comics Archive - Spinnyverse]
The post Issue 46 – Greta’s Wedding – 14 appeared first on Spinnyverse.
Non-Fungible Tims [Penny Arcade]
New Comic: Non-Fungible Tims
Girl Genius for Monday, June 29, 2026 [Girl Genius]
The Girl Genius comic for Monday, June 29, 2026 has been posted.
And Nothing Was Lost [Ctrl+Alt+Del Comic]
Given that we experience almost yearly price hikes for subscription services like Netflix, because they’re beholden to shareholders and “numbers must always go up,” I was quite surprised today to learn that Microsoft was reducing the price of Xbox Gamepass. And not a single sacrifice had to be made. Gamepass had definitely been pushing past […]
The post And Nothing Was Lost appeared first on Ctrl+Alt+Del Comic.

oh god
Unifont 17.0.05 Released [Planet GNU]
28 June 2026 Unifont 17.0.05 is now available. This
is a minor release aligned with Unicode 17.0.0.
This release notably includes separate BDF, PCF, and OpenType font
files with Unicode T-source Chinese glyphs created by Kusanagi_Sans
and Kao Chen-tung (高振東) in font files
beginning with "unifont_t". Many other Chinese glyphs have
been added. See the ChangeLog file for details.
Download this release from GNU server mirrors at:
https://ftpmirror
... /unifont-17.0.05/
or if that fails,
https://ftp.gnu.o
... /unifont-17.0.05/
or, as a last resort,
ftp://ftp.gnu.org
... /unifont-17.0.05/
These files are also available on the unifoundry.com website:
https://unifoundr
... /unifont-17.0.05/
Font files are in the subdirectory
https://unifoundr
... 0.05/font-builds/
A more detailed description of font changes is available at
https://unifoundr ...
nifont/index.html
and of utility program changes at
https://unifoundr
... nt-utilities.html
Information about Hangul modifications is at
https://unifoundr ...
hangul/index.html
and
http://unifoundry
... l-generation.html
Joe Marshall: New chatbot [Planet Lisp]
Lately I've been playing with writing a chatbot library in Common Lisp.
My previous gemini bindings were getting unweildy. I wanted to add the ability to run LLMs on my local machine but it turned out to be really kind of kludgy, so I decided to start from scratch with multiple back ends in mind.
I've got it to the point where in supports multiple back ends, so now I can prompt local LLMs from Lisp.
Recently I added the ability to recursively launch chatbots that can call each other. Since the chatbots do not share their contexts, this greatly reduces the context bloat of thet main chat because it can spawn off subtasks to a minion and not pollute the main context. This also allows you to create a federation of chatbots, each of which specializes in some topic and is overseen by a controlling chatbot that talks to the user.
Chatbots can be serialized and checkpointed, so if one is carrying out an agentic task and Lisp crashes, when we restart the agentic tasks are restarted as well and pick up where they left off.
IT turns out that recursive chats are a useful abstraction once you figure out how to use them. Basically any prompt you may issue may also want to be issued by an llm and this enables that to happen. It allows you to run subprocesses that would otherwise put junk in your context, for example reading the contents of a lange number of files. If you put that into a rocursive chatbot, it could slurp up the files into its context without adding tokens to the parent chat.
You can use a recursive chat as a `smart component'. The recursive chat can have a specialized system instruction and can preload its context with relevant information specific to it. It's context doesn't get diluted by the caller's context
Kernel prepatch 7.2-rc1 [LWN.net]
The 7.2-rc1
kernel prepatch is out for testing. Linus said: "So two weeks
have passed, and the merge window is closed. Things look reasonably
normal for this release (knock wood).
"
To read scripting.com you need a browser that supports HTTP.
Why email newsletters made sense. Email has no character limits, can represent bold and italic, links, titles, enclosures, basically most features of the web, and social media places limits on what writers can write. That's where the literate social web went, and the bloggers too. Like how birds are really dinosaurs.
If you're working on a social web app that supports inbound and outbound RSS, I'd like to help, so our products can interop beautifully. That's the reason I'm doing this work, to establish a baseline for interop in the social web. RSS is the obvious candidate. If we didn't have it, we'd have to invent it. I'd much prefer doing the work openly, so if you can, write a post and send me a link. I think it's time for us to go back to the way we built network systems before Google and the VCs took over. Put up an app and see who works with it. My email address is on the About page on my blog.
Programming tip. If your app has globals, create an object called globals, and put all of them in there. Someday you may want to swap in one set of globals for another, this makes it easy.
That CO alarm is giving me a headache [RevK®'s ramblings]
This first happened last year, and drove me round the bend. A chirp every 49 seconds. This is normally a smoke alarm with low battery.
The problem is that we have 8 alarms in the house, and trying to work out which is chirping is not as easy as it sounds, especially when it is 2am, as it always is with these tings.
I actually ended up replacing every battery and still had a chirp. I then remembered there is a smoke alarm in the loft, and replaced that, only then to realise it was the CO alarm in the loft! I went to replace that and found it is mains only, and Ei3018 CO alarm. Annoyingly it continued to chirp for some time once removed from the power.
I actually ended up buying a new one, and has been fine for over a year.
Then this week, it happens again. Thankfully I remember the loft this time. What is extra odd is that when I opened the loft hatch, the chirping stopped!
The next night it started again and did not stop. So I removed it, and waited. I put back in place next day.
The next night it started again, so removed, and new one ordered.
But I decided to actually read the manual, and it is odd.
Now, a key thing here is, it did not alarm. I would know, I have been in the house all the time, it is linked to all the other alarms, and to a relay input to my alarm/monitoring system as well. It did not do an alarm, honest.
But the manual says it has a memory mode, where, for 24 hours after an alarm, it will chirp. There is however a problem with this.
However, reading further, the manual does have a single chirp every 48 seconds. This is for "AC mains off or low battery backup", or (with green LED) low battery backup. I do not think it had an LED on.
So it does indeed sounds like the backup battery is depleted and the action is "replace alarm".
But this is just over a year for a device that should last over 10 years, arrrg!
I wonder why?
| Feed | RSS | Last fetched | Next fetched after |
|---|---|---|---|
| @ASmartBear | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| a bag of four grapes | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Ansible | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| Bad Science | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Black Doggerel | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| Blog - Official site of Stephen Fry | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Charlie Brooker | The Guardian | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Charlie's Diary | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| Chasing the Sunset - Comics Only | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Coding Horror | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| Comics Archive - Spinnyverse | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| Cory Doctorow's craphound.com | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Cory Doctorow, Author at Boing Boing | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| Ctrl+Alt+Del Comic | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| Cyberunions | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| David Mitchell | The Guardian | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| Deeplinks | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| Diesel Sweeties webcomic by rstevens | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| Dilbert | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Dork Tower | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Economics from the Top Down | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| Edmund Finney's Quest to Find the Meaning of Life | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| EFF Action Center | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| Enspiral Tales - Medium | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| Events | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| Falkvinge on Liberty | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| Flipside | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Flipside | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| Free software jobs | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| Full Frontal Nerdity by Aaron Williams | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| General Protection Fault: Comic Updates | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| George Monbiot | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| Girl Genius | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| Groklaw | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| Grrl Power | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Hackney Anarchist Group | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Hackney Solidarity Network | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| http://blog.llvm.org/feeds/posts/default | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| http://calendar.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| http://eng.anarchoblogs.org/feed/atom/ | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| http://feed43.com/3874015735218037.xml | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| http://flatearthnews.net/flatearthnews.net/blogfeed | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| http://fulltextrssfeed.com/ | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| http://london.indymedia.org/articles.rss | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&_render=rss | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| http://planet.gridpp.ac.uk/atom.xml | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| http://shirky.com/weblog/feed/atom/ | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| http://thecommune.co.uk/feed/ | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| http://theness.com/roguesgallery/feed/ | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| http://www.airshipentertainment.com/buck/buckcomic/buck.rss | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| http://www.airshipentertainment.com/growf/growfcomic/growf.rss | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| http://www.airshipentertainment.com/myth/mythcomic/myth.rss | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| http://www.baen.com/baenebooks | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| http://www.godhatesastronauts.com/feed/ | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| http://www.tinycat.co.uk/feed/ | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| https://anarchism.pageabode.com/blogs/anarcho/feed/ | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| https://broodhollow.krisstraub.comfeed/ | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| https://debian-administration.org/atom.xml | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| https://elitetheatre.org/ | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| https://feeds.feedburner.com/Starslip | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| https://feeds2.feedburner.com/GeekEtiquette?format=xml | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| https://hackbloc.org/rss.xml | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| https://kajafoglio.livejournal.com/data/atom/ | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| https://philfoglio.livejournal.com/data/atom/ | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| https://pixietrixcomix.com/eerie-cutiescomic.rss | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| https://pixietrixcomix.com/menage-a-3/comic.rss | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| https://propertyistheft.wordpress.com/feed/ | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| https://requiem.seraph-inn.com/updates.rss | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| https://studiofoglio.livejournal.com/data/atom/ | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| https://thecommandline.net/feed/ | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| https://torrentfreak.com/subscriptions/ | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| https://web.randi.org/?format=feed&type=rss | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| https://www.dcscience.net/feed/medium.co | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| https://www.DropCatch.com/domain/steampunkmagazine.com | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| https://www.DropCatch.com/domain/ubuntuweblogs.org | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| https://www.DropCatch.com/redirect/?domain=DyingAlone.net | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| https://www.freedompress.org.uk:443/news/feed/ | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| https://www.goblinscomic.com/category/comics/feed/ | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| https://www.loomio.com/blog/feed/ | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| https://www.newstatesman.com/feeds/blogs/laurie-penny.rss | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| https://www.patreon.com/graveyardgreg/posts/comic.rss | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| https://x.com/statuses/user_timeline/22724360.rss | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| Humble Bundle Blog | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| I, Cringely | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| Irregular Webcomic! | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| Joel on Software | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| Judith Proctor's Journal | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| Krebs on Security | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| Lambda the Ultimate - Programming Languages Weblog | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| Looking For Group | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| LWN.net | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| Mimi and Eunice | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| Neil Gaiman's Journal | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| Nina Paley | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| O Abnormal – Scifi/Fantasy Artist | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| Oglaf! -- Comics. Often dirty. | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| Oh Joy Sex Toy | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| Order of the Stick | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| Original Fiction Archives - Reactor | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| OSnews | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| Paul Graham: Unofficial RSS Feed | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| Penny Arcade | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Penny Red | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| PHD Comics | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Phil's blog | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| Planet Debian | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| Planet GNU | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| Planet Lisp | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Pluralistic: Daily links from Cory Doctorow | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| PS238 by Aaron Williams | XML | 17:35, Thursday, 02 July | 18:23, Thursday, 02 July |
| QC RSS v2 | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| Radar | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| RevK®'s ramblings | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| Richard Stallman's Political Notes | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Scenes From A Multiverse | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| Schneier on Security | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| SCHNEWS.ORG.UK | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| Scripting News | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Seth's Blog | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| Skin Horse | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Tales From the Riverbank | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| The Adventures of Dr. McNinja | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| The Bumpycat sat on the mat | XML | 17:28, Thursday, 02 July | 18:08, Thursday, 02 July |
| The Daily WTF | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| The Monochrome Mob | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| The Non-Adventures of Wonderella | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| The Old New Thing | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| The Open Source Grid Engine Blog | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| The Stranger | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| towerhamletsalarm | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| Twokinds | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| UK Indymedia Features | XML | 17:28, Thursday, 02 July | 18:10, Thursday, 02 July |
| Uploads from ne11y | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| Uploads from piasladic | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |
| Use Sword on Monster | XML | 17:28, Thursday, 02 July | 18:15, Thursday, 02 July |
| Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily | XML | 18:07, Thursday, 02 July | 18:53, Thursday, 02 July |
| what if? | XML | 17:35, Thursday, 02 July | 18:16, Thursday, 02 July |
| Whatever | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| Whitechapel Anarchist Group | XML | 17:56, Thursday, 02 July | 18:45, Thursday, 02 July |
| WIL WHEATON dot NET | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| wish | XML | 17:49, Thursday, 02 July | 18:34, Thursday, 02 July |
| Writing the Bright Fantastic | XML | 17:49, Thursday, 02 July | 18:33, Thursday, 02 July |
| xkcd.com | XML | 18:07, Thursday, 02 July | 18:50, Thursday, 02 July |