Wish's River of News

2022: "And while we were effectively silenced in the public debate, men do vote and that's a private thing."

15:07

Podcast: Why men hate the Dems. I tell my perspective of MeToo, and how that imho created enough anti-Dem energy to push Trump over the top. Polls won't tell you how the Dems got the rep of being the party run by women to cancel men, but I'm sure if we could cure that somehow, we could do everything we need to do to get American democracy working again. I did this in response to a Frum podcast where he and his guest conclude that the young folks are making a big mistake, they don't want the same old bullshit people coming back into power. Frum and Miller thought that the young men don't want was democracy, foolishly (I would agree) but there is real anger there, I know about it because I have it too. I still vote for Dems, but I also fear what happens if we snap back to the political correctness of Kirsten Gillibrand.

Another point -- I don't think any of us realize what an un-democratic US will be like. When the things that make us furious these days are just the normal way of the USA. I got that from listening to a New Yorker podcast yesterday about the Iranian perspective of what's happening (spoiler alert, since then the American war with Iran has started). They are so weary of the Islamic Revolution, they say and are right that Iran could be top 10 country, economically, except their government thinks this is the Middle Ages. They want to live in modernity, and they're probably the only ones who think a war with the US is a good idea. Because living in an autorcacy is unthinkable for Americans. We don't really appreciate what we're becoming. If we did, we still could do something about it. For us there will be no USA to save our asses (not that the US can save the Iranians, clearly we can't).

If you want to heal the country, watch out for ways you add division, and stop. It's probably the biggest power any of us has.

Neil Munro: Ningle Tutorial 15: Pagination, Part 2 [Planet Lisp]

BTW, I know Al Franken is an idiot. We're all idiots.

14:49

Introduction

Welcome back! We will be revisiting the pagination from last time, however we are going to try and make this easier on ourselves, I built a package for pagination mito-pager, the idea is that much of what we looked at in the last lesson was very boiler plate and repetitive so we should look at removing this.

I will say, my mito-pager can do a little more than just what I show here, it has two modes, you can use paginate-dao (named this way so that it is familiar to mito) to paginate over simple models, however, if you need to perform complex queries there is a macro with-pager that you can use to paginate. It is this second form we will use in this tutorial.

There is one thing to bear in mind, when using mito-pager, you must implement your data retrieval functions in such a way to return a values object, as mito-pager relies on this to work.

I encourge you to try the library out in other use-cases and, of course, if you have ideas, please let me know.

Changes

Most of our changes are quite limited in scope, really it's just our controllers and models that need most of the edits.

ningle-tutorial-project.asd

We need to add the mito-pager package to our project asd file.

- :ningle-auth)
+ :ningle-auth
+ :mito-pager)

src/controllers.lisp

Here is the real payoff! I almost dreaded writing the sheer volume of the change but then realised it's so simple, we only need to change our index function, and it may be better to delete it all and write our new simplified version.

(defun index (params)
  (let* ((user (gethash :user ningle:*session*))
         (req-page (or (parse-integer (or (ingle:get-param "page" params) "1") :junk-allowed t) 1))
         (req-limit (or (parse-integer (or (ingle:get-param "limit" params) "50") :junk-allowed t) 50)))
    (flet ((get-posts (limit offset) (ningle-tutorial-project/models:posts user :offset offset :limit limit)))
      (mito-pager:with-pager ((posts pager #'get-posts :page req-page :limit req-limit))
        (djula:render-template* "main/index.html" nil :title "Home" :user user :posts posts :pager pager)))))

This is much nicer, and in my opinion, the controller should be this simple.

src/main.lisp

We need to ensure we include the templates from mito-pager, this is a simple one line change.

 (defun start (&key (server :woo) (address "127.0.0.1") (port 8000))
    (djula:add-template-directory (asdf:system-relative-pathname :ningle-tutorial-project "src/templates/"))
+   (djula:add-template-directory (asdf:system-relative-pathname :mito-pager "src/templates/"))

src/models.lisp

As mentioned at the top of this tutorial, we have to implement our data retrieval functions in a certain way. While there are some changes here, we ultimately end up with less code.

We can start by removing the count parameter, we wont be needing it in this implementation, and since we don't need the count parameter anymore, the :around method can go too!

- (defgeneric posts (user &key offset limit count)
+ (defgeneric posts (user &key offset limit)
-
- (defmethod posts :around (user &key (offset 0) (limit 50) &allow-other-keys)
-   (let ((count (mito:count-dao 'post))
-         (offset (max 0 offset))
-         (limit (max 1 limit)))
-     (if (and (> count 0) (>= offset count))
-       (let* ((page-count (max 1 (ceiling count limit)))
-              (corrected-offset (* (1- page-count) limit)))
-         (posts user :offset corrected-offset :limit limit))
-       (call-next-method user :offset offset :limit limit :count count))))

There's two methods to look at, the first is when the type of user is user:

-
- (defmethod posts ((user user) &key offset limit count)
+ (defmethod posts ((user user) &key offset limit)
...
      (values
-         (mito:retrieve-by-sql sql :binds params)
-         count
-         offset)))
+         (mito:retrieve-by-sql sql :binds params)
+         (mito:count-dao 'post))))

The second is when the type of user is null:

-
- (defmethod posts ((user null) &key offset limit count)
+ (defmethod posts ((user null) &key offset limit)
...
    (values
-       (mito:retrieve-by-sql sql)
-       count
-       offset)))
+       (mito:retrieve-by-sql sql)
+       (mito:count-dao 'post))))

As you can see, all we are really doing is relying on mito to do the lions share of the work, right down to the count.

src/templates/main/index.html

The change here is quite simple, all we need to do is to change the path to the partial, we need to simply point to the partial provided by mito-pager.

- {% include "partials/pager.html" with url="/" title="Posts" %}
+ {% include "mito-pager/partials/pager.html" with url="/" title="Posts" %}

src/templates/partials/pagination.html

This one is easy, we can delete it! mito-pager provides its own template, and while you can override it (if you so wish), in this tutorial we do not need it anymore.

Conclusion

I hope you will agree that this time, using a prebuilt package takes a lot of the pain out of pagination. I don't like to dictate what developers should, or shouldn't use, so that's why last time you were given the same information I had, so if you wish to build your own library, you can, or if you want to focus on getting things done, you are more than welcome to use mine, and of course, if you find issues please do let me know!

Learning Outcomes

Level	Learning Outcome
Understand	Understand how third-party pagination libraries like `mito-pager` abstract boilerplate pagination logic, and how `with-pager` expects a fetch function returning `(values items count)` to handle page clamping, offset calculation, and boundary correction automatically.
Apply	Apply `flet` to define a local adapter function that bridges the project's `posts` generic function with `mito-pager`'s expected `(lambda (limit offset) ...)` interface, and use `with-pager` to reduce controller complexity to its essential logic.
Analyse	Analyse what responsibilities were transferred from the manual pagination implementation to `mito-pager` — count caching, boundary checking, offset calculation, page correction, and range generation — contrasting the complexity of both approaches.
Create	Refactor a manual pagination implementation to use `mito-pager` by simplifying model methods to return `(values items count)`, replacing complex multi-step controller calculations with `with-pager`, and delegating the pagination template partial to the library.

Github

The link for the custom pagination part of the tutorials code is available here.

Common Lisp HyperSpec

Symbol	Type	Why it appears in this lesson	CLHS
`defpackage`	Macro	Define project packages like `ningle-tutorial-project/models`, `/forms`, `/controllers`.	http://www.lispworks.com/documentation/HyperSpec/Body/m_defpac.htm
`in-package`	Macro	Enter each package before defining models, controllers, and functions.	http://www.lispworks.com/documentation/HyperSpec/Body/m_in_pkg.htm
`defgeneric`	Macro	Define the simplified generic `posts` function signature with keyword parameters `offset` and `limit` (the `count` parameter is removed).	http://www.lispworks.com/documentation/HyperSpec/Body/m_defgen.htm
`defmethod`	Macro	Implement the simplified `posts` methods for `user` and `null` types (the `:around` validation method is removed).	http://www.lispworks.com/documentation/HyperSpec/Body/m_defmet.htm
`flet`	Special Operator	Define the local `get-posts` adapter function that wraps `posts` to match `mito-pager`'s expected `(lambda (limit offset) ...)` interface.	http://www.lispworks.com/documentation/HyperSpec/Body/s_flet_.htm
`let*`	Special Operator	Sequentially bind `user`, `req-page`, and `req-limit` in the controller where each value is used in subsequent bindings.	http://www.lispworks.com/documentation/HyperSpec/Body/s_let_l.htm
`or`	Macro	Provide fallback values when parsing `page` and `limit` parameters, defaulting to 1 and 50 respectively.	http://www.lispworks.com/documentation/HyperSpec/Body/m_or.htm
`multiple-value-bind`	Macro	Capture the SQL string and bind parameters returned by `sxql:yield` in the model methods.	http://www.lispworks.com/documentation/HyperSpec/Body/m_multip.htm
`values`	Function	Return two values from `posts` methods — the list of results and the total count — as required by `mito-pager:with-pager`.	http://www.lispworks.com/documentation/HyperSpec/Body/a_values.htm
`parse-integer`	Function	Convert string query parameters (`"1"`, `"50"`) to integers, with `:junk-allowed t` for safe parsing.	http://www.lispworks.com/documentation/HyperSpec/Body/f_parse_.htm

12:35

Who is the Kimwolf Botmaster “Dort”? [Krebs on Security]

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher’s home. This post examines what is knowable about Dort based on public information.

A public “dox” created in 2020 asserted Dort was a teenager from Canada (DOB August 2003) who used the aliases “CPacket” and “M1ce.” A search on the username CPacket at the open source intelligence platform OSINT Industries finds a GitHub account under the names Dort and CPacket that was created in 2017 using the email address jay.miner232@gmail.com.

Image: osint.industries.

The cyber intelligence firm Intel 471 says jay.miner232@gmail.com was used between 2015 and 2019 to create accounts at multiple cybercrime forums, including Nulled (username “Uubuntuu”) and Cracked (user “Dorted”); Intel 471 reports that both of these accounts were created from the same Internet address at Rogers Canada (99.241.112.24).

Dort was an extremely active player in the Microsoft game Minecraft who gained notoriety for their “Dortware” software that helped players cheat. But somewhere along the way, Dort graduated from hacking Minecraft games to enabling far more serious crimes.

Dort also used the nickname DortDev, an identity that was active in March 2022 on the chat server for the prolific cybercrime group known as LAPSUS$. Dort peddled a service for registering temporary email addresses, as well as “Dortsolver,” code that could bypass various CAPTCHA services designed to prevent automated account abuse. Both of these offerings were advertised in 2022 on SIM Land, a Telegram channel dedicated to SIM-swapping and account takeover activity.

The cyber intelligence firm Flashpoint indexed 2022 posts on SIM Land by Dort that show this person developed the disposable email and CAPTCHA bypass services with the help of another hacker who went by the handle “Qoft.”

“I legit just work with Jacob,” Qoft said in 2022 in reply to another user, referring to their exclusive business partner Dort. In the same conversation, Qoft bragged that the two had stolen more than $250,000 worth of Microsoft Xbox Game Pass accounts by developing a program that mass-created Game Pass identities using stolen payment card data.

Who is the Jacob that Qoft referred to as their business partner? The breach tracking service Constella Intelligence finds the password used by jay.miner232@gmail.com was reused by just one other email address: jacobbutler803@gmail.com. Recall that the 2020 dox of Dort said their date of birth was August 2003 (8/03).

Searching this email address at DomainTools.com reveals it was used in 2015 to register several Minecraft-themed domains, all assigned to a Jacob Butler in Ottawa, Canada and to the Ottawa phone number 613-909-9727.

Constella Intelligence finds jacobbutler803@gmail.com was used to register an account on the hacker forum Nulled in 2016, as well as the account name “M1CE” on Minecraft. Pivoting off the password used by their Nulled account shows it was shared by the email addresses j.a.y.m.iner232@gmail.com and jbutl3@ocdsb.ca, the latter being an address at a domain for the Ottawa-Carelton District School Board.

Data indexed by the breach tracking service Spycloud suggests that at one point Jacob Butler shared a computer with his mother and a sibling, which might explain why their email accounts were connected to the password “jacobsplugs.” Neither Jacob nor any of the other Butler household members responded to requests for comment.

The open source intelligence service Epieos finds jacobbutler803@gmail.com created the GitHub account “MemeClient.” Meanwhile, Flashpoint indexed a deleted anonymous Pastebin.com post from 2017 declaring that MemeClient was the creation of a user named CPacket — one of Dort’s early monikers.

Why is Dort so mad? On January 2, KrebsOnSecurity published The Kimwolf Botnet is Stalking Your Local Network, which explored research into the botnet by Benjamin Brundage, founder of the proxy tracking service Synthient. Brundage figured out that the Kimwolf botmasters were exploiting a little-known weakness in residential proxy services to infect poorly-defended devices — like TV boxes and digital photo frames — plugged into the internal, private networks of proxy endpoints.

By the time that story went live, most of the vulnerable proxy providers had been notified by Brundage and had fixed the weaknesses in their systems. That vulnerability remediation process massively slowed Kimwolf’s ability to spread, and within hours of the story’s publication Dort created a Discord server in my name that began publishing personal information about and violent threats against Brundage, Yours Truly, and others.

Dort and friends incriminating themselves by planning swatting attacks in a public Discord server.

Last week, Dort and friends used that same Discord server (then named “Krebs’s Koinbase Kallers”) to threaten a swatting attack against Brundage, again posting his home address and personal information. Brundage told KrebsOnSecurity that local police officers subsequently visited his home in response to a swatting hoax which occurred around the same time that another member of the server posted a door emoji and taunted Brundage further.

Dort, using the alias “Meow,” taunts Synthient founder Ben Brundage with a picture of a door.

Someone on the server then linked to a cringeworthy (and NSFW) new Soundcloud diss track recorded by the user DortDev that included a stickied message from Dort saying, “Ur dead nigga. u better watch ur fucking back. sleep with one eye open. bitch.”

“It’s a pretty hefty penny for a new front door,” the diss track intoned. “If his head doesn’t get blown off by SWAT officers. What’s it like not having a front door?”

With any luck, Dort will soon be able to tell us all exactly what it’s like.

Update, 10:29 a.m.: Jacob Butler responded to requests for comment, speaking with KrebsOnSecurity briefly via telephone. Butler said he didn’t notice earlier requests for comment because he hasn’t really been online since 2021, after his home was swatted multiple times. He acknowledged making and distributing a Minecraft cheat long ago, but said he hasn’t played the game in years and was not involved in Dortsolver or any other activity attributed to the Dort nickname after 2021.

“It was a really old cheat and I don’t remember the name of it,” Butler said of his Minecraft modification. “I’m very stressed, man. I don’t know if people are going to swat me again or what. After that, I pretty much walked away from everything, logged off and said fuck that. I don’t go online anymore. I don’t know why people would still be going after me, to be completely honest.”

When asked what he does for a living, Butler said he mostly stays home and helps his mom around the house because he struggles with autism and social interaction. He maintains that someone must have compromised one or more of his old accounts and is impersonating him online as Dort.

“Someone is actually probably impersonating me, and now I’m really worried,” Butler said. “This is making me relive everything.”

But there are issues with Butler’s timeline. For example, Jacob’s voice in our phone conversation was remarkably similar to the Jacob/Dort whose voice can be heard in this Sept. 2022 Clash of Code competition between Dort and another coder (Dort lost). At around 6 minutes and 10 seconds into the recording, Dort launches into a cursing tirade that mirrors the stream of profanity in the diss rap that Dortdev posted threatening Brundage. Dort can be heard again at around 16 minutes; at around 26:00, Dort threatens to swat his opponent.

Butler said the voice of Dort is not his, exactly, but rather that of an impersonator who had likely cloned his voice.

“I would like to clarify that was absolutely not me,” Butler said. “There must be someone using a voice changer. Or something of the sorts. Because people were cloning my voice before and sending audio clips of ‘me’ saying outrageous stuff.”

11:49

Pluralistic: California can stop Larry Ellison from buying Warners (28 Feb 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

California can stop Larry Ellison from buying Warners: These are the right states' rights.
Hey look at this: Delights to delectate.
Object permanence: RIP Octavia Butler; "Midnighters"; Freeman Dyson on "The Information"; Korean Little Brother filibuster; Privacy isn't property; With Great Power Came No Responsibility; Unsellable A-holes; Cardboard Cthulhu; Chinese map fuzzing.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

California can stop Larry Ellison from buying Warners (permalink)

For months, the hottest will-they/won't-they drama in Hollywood concerned the suitors for Warners, up for sale again after being bought, merged, looted and wrecked by the eminently guillotineable David Zaslav:

https://www.youtube.com/watch?v=izC9o3LhnVk

From the start, it was clear that Warners would be sucked dry and discarded, but the Trump 2024 election turned the looting of Warners' corpse into a high-stakes political drama.

On the one hand, you had Netflix, who wanted to buy Warners and use them to make good movies, but also to kill off movie theaters forever by blocking theatrical distribution of Warners' products.

On the other hand, you had Paramount, owned by the spray-tan cured tech billionaire jerky Larry Ellison, though everyone is supposed to pretend that Ellison's do-nothing/know-nothing/amounts-to-nothing son Billy (or whatever who cares) Ellison is running the show.

Ellison's plan was to buy Warners and fold it into the oligarchic media capture project that's seen Ellison replace the head of CBS with the tedious mediocrity Bari Weiss:

https://www.wnycstudios.org/podcasts/otm/articles/the-centurylong-capture-of-us-media

This is a multi-pronged media takeover that includes Jeff Bezos neutering the Washington Post, Elon Musk turning Twitter into a Nazi bar, and Trump stealing Tiktok and giving it to Larry Ellison. If Ellison gains control over Warners, you can add CNN to the nonsense factory.

But for a while there, it looked like the Ellisons would lose the bidding. Little Timmy (or whatever who cares) Ellison only has whatever money his dad parks in his bank account for tax purposes, and Larry Ellison is so mired in debt that one margin call could cost him his company, his fighter jet, and his Hawaiian version of Little St James Island.

Warners' board may not give a shit about making good media or telling the truth or staving off fascism, but they do want to get paid, and Netflix has money in the bank, whereas Ellison only has the bank's money (for now).

But last week, the dam broke: Warners' board indicated they'd take Paramount's offer, and Netflix withdrew their offer, and so that's that, right? It's not like Trump's FTC is going to actually block this radioactively illegal merger, despite the catastrophic corporate consolidation that would result, with terrible consequences for workers, audiences, theaters, cable operators and the entire supply chain.

Not so fast! The Clayton Act – which bars this kind of merger – is designed to be enforced by the feds, state governments, and private parties. That means that California AG Rob Bonta can step in to block this merger, which he's getting ready to do:

https://prospect.org/2026/02/27/states-can-block-paramount-warner-deal/

As David Dayen writes in The American Prospect, state AGs block mergers all the time, even when the feds decline to step in – just a couple years ago, Washington state killed the Kroger/Albertsons merger.

The fact that antitrust laws can be enforced at the state level is a genius piece of policy design. As the old joke goes, "AG" stands for "aspiring governor," and the fact that state AGs can step in to rescue their voters from do-nothing political hacks in Washington is catnip for our nation's attorneys general.

Bonta is definitely feeling his oats: he's also going after Amazon for price-fixing, picking up a cause that Trump dropped after Jeff Bezos ordered the Washington Post to cancel its endorsement of Kamala Harris, paid a million bucks to sit on the inaugural dais, millions more to fund the White House Epstein Memorial Ballroom and $40m more to make an unwatchable turkey of a movie about Melania Trump.

Can you imagine how stupid Bezos is going to feel when all of his bribes to Trump cash out to nothing after Rob Bonta publishes Amazon's damning internal memos and then fines the company a gazillion dollars?

It's a testament to the power of designing laws so they can be enforced by multiple parties. And as cool as it is to have a law that state AGs can enforce, it's way cooler to have a law that can be enforced by members of the public.

This is called a "private right of action" – the thing that lets impact litigation shops like Planned Parenthood, EFF, and the ACLU sue over violations of the public's rights. The business lobby hates the private right of action, because they think (correctly) that they can buy off enough regulators and enforcers to let them get away with murder (often literally), but they know they can't buy off every impact litigation shop and every member of the no-win/no-fee bar.

For decades, corporate America has tried to abolish the public's right to sue companies under any circumstances. That's why so many terms of service now feature "binding arbitration waivers" that deny you access to the courts, no matter how badly you are injured:

https://pluralistic.net/2025/10/27/shit-shack/#binding-arbitration

But long before Antonin Scalia made it legal to cram binding arbitration down your throat, corporate America was pumping out propaganda for "tort reform," spreading the story that greedy lawyers were ginning up baseless legal threats to extort settlements from hardworking entrepreneurs. These stories are 99.9% bullshit, including urban legends like the "McDonald's hot coffee" lawsuit:

https://pluralistic.net/2022/06/12/hot-coffee/#mcgeico

Ever since Reagan, corporate America has been on a 45-year winning streak. Nothing epitomizes the arrogance of these monsters more than the GW Bush administration's sneering references to "the reality-based community":

We're an empire now, and when we act, we create our own reality. And while you're studying that reality – judiciously, as you will – we'll act again, creating other new realities, which you can study too, and that's how things will sort out. We're history's actors…and you, all of you, will be left to just study what we do.

https://en.wikipedia.org/wiki/Reality-based_community

Giving Ellison, Bezos and Musk control over our media seems like the triumph of billionaires' efforts to "create their own reality," and indeed, for years, they've been able to gin up national panics over nothingburgers like "trans ideology," "woke" and "the immigration crisis."

But just lately, that reality-creation machine has started to break down. Despite taking over the press, locking every reality-based reporter out of the White House, and getting Musk, Zuck and Ellison to paint their algorithms spray-tan orange, people just fucking hate Trump. He is underwater on every single issue:

https://www.gelliottmorris.com/p/ahead-of-state-of-the-union-address

Despite the full-court press – from both the Dem and the GOP establishment – to deny the genocide in Gaza and paint anyone (especially Jews like me) who condemn the slaughter as "antisemites," Americans condemn Israel and are fully in the tank for Palestinians:

https://news.gallup.com/poll/702440/israelis-no-longer-ahead-americans-middle-east-sympathies.aspx

Despite throwing massive subsidies at coal and tying every available millstone around renewables' ankles before throwing all the solar panels and windmills into the sea, renewables are growing and – to Trump's great chagrin – oil companies can't find anyone to loan them the money they need to steal Venezuela's oil:

https://kschroeder.substack.com/p/earning-optimism-in-2026

Reality turns out to be surprisingly stubborn, and what's more, it has a pronounced left-wing bias. Putting little Huey (or whatever who cares) Ellison in charge of Warners will be bad news for the news, for media, for movies and TV, and for my neighbors in Burbank. But when it comes to shaping the media, Freddy (or whatever who cares) Ellison will continue to eat shit.

Hey look at this (permalink)

Newspapers Did Not Kill Themselves https://prospect.org/2026/02/26/newspapers-did-not-kill-themselves-jeffrey-epstein-mort-zuckerman-daily-news/
Democrats Should Launch a “Nuremberg Caucus” to Investigate the Crimes of the Trump Regime https://www.thenation.com/article/politics/democrats-nuremberg-caucus-trump-administration-crimes/
Two-thirds of Americans want term limits for Supreme Court justices https://www.gelliottmorris.com/p/two-thirds-of-americans-want-term
On the Democratic Party Style https://coreyrobin.com/2026/02/26/on-the-democratic-party-style/
Hannah Spencer gives DEFIANT victory speech as she wins Gorton & Denton for the Greens https://www.youtube.com/watch?v=KrzLQ294guI&t=473s

Object permanence (permalink)

#25yrsago Mormon guide to overcoming masturbation https://web.archive.org/web/20071011023731/http://www.qrd.org/qrd/religion/judeochristian/protestantism/mormon/mormon-masturbation

#20yrsago Midnighters: YA horror trilogy mixes Lovecraft with adventure https://memex.craphound.com/2006/02/26/midnighters-ya-horror-trilogy-mixes-lovecraft-with-adventure/

#20yrsago RIP, Octavia Butler https://darkush.blogspot.com/2006/02/octavia-butler-died-saturday.html

#20yrsago Disney hiring “Intelligence Analyst” to review “open source media” https://web.archive.org/web/20060303165009/http://www.defensetech.org/archives/002199.html

#20yrsago MPAA exec can’t sell A-hole proposal to tech companies https://web.archive.org/web/20060325013506/http://lawgeek.typepad.com/lawgeek/2006/02/variety_mpaa_ca.html

#15yrsago Why are America’s largest corporations paying no tax? https://web.archive.org/web/20110226160552/https://thinkprogress.org/2011/02/26/main-street-tax-cheats/

#15yrsago Articulated cardboard Cthulhu https://web.archive.org/web/20110522204427/http://www.strode-college.ac.uk/teaching_teams/cardboard_catwalk/285

#15yrsago Freeman Dyson reviews Gleick’s book on information theory https://www.nybooks.com/articles/2011/03/10/how-we-know/?pagination=false

#15yrsago 3D printing with mashed potatatoes https://www.fabbaloo.com/2011/02/3d-printing-potatoes-with-the-rapman-html

#15yrsago TVOntario’s online archive, including Prisoners of Gravity! https://web.archive.org/web/20110226021403/https://archive.tvo.org/

#10yrsago _applyChinaLocationShift: In China, national security means that all the maps are wrong https://web.archive.org/web/20160227145529/http://www.travelandleisure.com/articles/digital-maps-skewed-china

#10yrsago Teaching kids about copyright: schools and fair use https://www.youtube.com/watch?v=hzqNKQbWTWc

#10yrsago Ghostwriter: Trump didn’t write “Art of the Deal,” he read it https://web.archive.org/web/20160229034618/http://www.deathandtaxesmag.com/264591/donald-trump-didnt-write-art-deal-tony-schwartz/

#10yrsago The biggest abortion lie of all: “They do it for the money” https://www.bloomberg.com/features/2016-abortion-business/

#10yrsago NHS junior doctors show kids what they do, kids demand better of Jeremy Hunt https://juniorjuniordoctors.tumblr.com/

#10yrsago Nissan yanks remote-access Leaf app — 4+ weeks after researchers report critical flaw https://www.theverge.com/2016/2/25/11116724/nissan-nissanconnect-app-hack-offline

#10yrsago Think you’re entitled to compensation after being wrongfully imprisoned in California? Nope. https://web.archive.org/web/20160229013042/http://modernluxury.com/san-francisco/story/the-crazy-injustice-of-denying-exonerated-prisoners-compensation

#10yrsago BC town votes to install imaginary GPS trackers in criminals https://web.archive.org/web/20160227114334/https://motherboard.vice.com/read/canadian-city-plans-to-track-offenders-with-technology-that-doesnt-even-exist-gps-implant-williams-lake

#10yrsago New Zealand’s Prime Minister: I’ll stay in TPP’s economic suicide-pact even if the USA pulls out https://www.techdirt.com/2016/02/26/new-zealand-says-laws-to-implement-tpp-will-be-passed-now-despite-us-uncertainties-wont-be-rolled-back-even-if-tpp-fails/

#10yrsago South Korean lawmakers stage filibuster to protest “anti-terror” bill, read from Little Brother https://memex.craphound.com/2016/02/26/south-korean-lawmakers-stage-filibuster-to-protest-anti-terror-bill-read-from-little-brother/

#5yrsago Privacy is not property https://pluralistic.net/2021/02/26/meaningful-zombies/#luxury-goods

#1yrago With Great Power Came No Responsibility https://pluralistic.net/2025/02/26/ursula-franklin/#franklinite

Upcoming appearances (permalink)

Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Should Democrats Make A Nuremberg Caucus? (Make It Make Sense)
https://www.youtube.com/watch?v=MWxKrnNfrlo
Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1022 words today, 40256 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

11:21

CURRENT Events [The Non-Adventures of Wonderella]

There's a Bitcoin joke here if I knew enough about Bitcoin to make one.

10:21

How to win a bidding war [Seth's Blog]

Pundits are saying that Netflix “lost” the bidding for Warner.

Actually, they won. They didn’t just win because they got a nearly $3 billion breakup fee.

They won because in just about every contentious public auction, the winner is the one who is willing to overpay the most.

The best way to win a bidding war is to not bid.

09:35

Irregular Webcomic! #3050 [Irregular Webcomic!]

Irregular Webcomic! #3050

02:49

Pop Loser: This Week in Music News [The Stranger]

This week's music news. by Audrey Vann

The 2026 Capitol Hill Block Party lineup is here. This year’s lineup dives back into the pop sphere with gems like MUNA, Magdalena Bay, Wet Leg, and Parcels, plus DJ sets from Trixie Mattel and Tinashe. The festival will once again be 21+ in an effort, according to Daydream State, to “[optimize] the footprint across the Pike/Pine corridor to deliver an elevated fan experience while supporting neighborhood flow and local businesses,” aka hopefully avoid Chappell Roan–sized crowds. (I was there, and I was afraid for my life—can someone please make commemorative shirts that say “I Survived Chappell Roan at CHBP 2024?”)

The ZooTunes lineup has also dropped, and it’s really good this year. Highlights include Pavement, the Breeders (with Team Dresch!), and Belle and Sebastian, celebrating the 30th anniversary of If You’re Feeling Sinister with Quasi. See the full lineup over on the ZooTunes website.

Pioneering French electronic musician Éliane Radigue has died at 94. Known for reinventing the synthesizer through “meditative and feedback-drenched sonic explorations” (the Guardian), Radigue released over two dozen albums in her lifetime that pushed the boundaries of what music can be. The best way I could describe her sound is like holding your ear up to a seashell (which there happens to be a beautiful image of her doing). Her 1986 ambient composition, Jetsun Mila, remains one of my favorite things to listen to while I write.

RIP Willie Colón and Lil Poppa. On Saturday, family confirmed that pioneering salsa trombonist Willie Colón died at the age of 75. Along with his 40-plus-album discography, he was also known for musical partnerships with artists ranging from Celia Cruz to David Byrne. Jacksonville rapper Lil Poppa died by suicide on Thursday at 25. The young artist began making music at 7 years old, writing religious raps for his church before pivoting to secular music, which led to his breakthrough single “Purple Hearts” at just 18.

LEAVE LIZA ALONE! While promoting her new memoir, Kids, Wait Till You Hear This!, legend, icon, and my president Liza Minnelli has claimed that the Academy “inexplicably ordered” her to sit in a wheelchair at her 2022 Oscars appearance with Lady Gaga. She told Variety, “I was told it was because of my age, and for safety reasons, because I might slip out of the director’s chair, which was bullshit. I will not be treated this way, I said. I was heartbroken. I was much lower down than I would have been in the director’s chair. Now I couldn’t easily read the teleprompter above me.”

Bad Bunny represents the USA better than the president, survey finds. A recent poll, conducted by Yahoo! and YouGov after the Super Bowl, found that more Americans feel better represented by the Puerto Rican star than the president. What is surprising is that slightly more participants identified themselves as Republicans than Democrats.

Did you watch Alysa Liu’s free skate!? I have watched it at least 15 times with tears streaming down my face. The 20-year-old team USA figure skater won a gold medal with her joyful performance to Donna Summer’s “MacArthur Park.”

00:28

Erasing Gates [The Stranger]

In light of the Epstein files, should Bill Gates' name be on a building at University of Washington? by Marcus Harrison Green

There's a specific kind of lie that powerful men tell when the walls start closing in: the minimizing lie, the "it wasn't what it looked like" lie, the "I was barely there" lie. Bill Gates tried that last one earlier this month, insisting his relationship with convicted child sex offender Jeffrey Epstein was limited to dinners.

"It's factually true that I was only at dinners," Gates said. He claimed he "never met any women." The Epstein Files just proved otherwise—young women were present, and there are photos. According to some, no amount of philanthropic goodwill should erase that.

But in Seattle, philanthropic goodwill has erased a lot. A name on a building is a command: suspend memory, smooth the sharp edges, turn biography into infrastructure, and controversy into cornerstone. It dares you to forget that the name above the door still belongs to someone who breathes, errs, and benefits from the power that placed it there.

For years at the University of Washington, the Gates name has been exactly that: civic wallpaper. It crowns the Bill and Melinda Gates Center for Computer Science and Engineering in large letters, like a title for the simple story this city tells itself. Local boy becomes tech titan, tech titan becomes global humanitarian, city becomes beneficiary. Clean. Uncomplicated. Unquestioned. In the wake of the Epstein files, one 22-year-old journalism student couldn't let that story go unchallenged.

Last week, UW student Jaya Parsons published an op-ed in The Daily, the university's student newspaper, calling for Gates' name to be removed from campus buildings. The headline was unambiguous—Bill Gates is in the Epstein files. UW should take his name off its buildings in response—and the message pointed.

Gates' repeated appearances in the files, coupled with his admitted meetings with Epstein after Epstein's 2008 conviction for soliciting a minor, were "more than enough to make anyone uncomfortable to see Gates' name on their way to class." Parsons walked by the Bill and Melinda Gates Center everyday.

The column landed like a match in dry grass because it named something that has been hovering at the edge of Seattle's civic life for years: the quiet bargain institutions make when a benefactor becomes too big to criticize.

"I definitely did not expect as many people to see it as people did," Parsons told me over Zoom.

Classmates and professors thanked her for saying what they had been thinking, a surprise.

"I hadn’t really heard people talk about it," she said. "So I wanted to at least let people know that this is something that could be happening and maybe we should pay attention to it."

UW did not respond to her two requests for comment.

She wasn't expecting demolition orders, just acknowledgement. "I mostly just wanted to hear why these buildings are named after him, and what we think about seeing his name every day."

The university didn’t respond to The Stranger either.

Silence, in moments like this, becomes its own posture.

Gates has not been accused of criminal conduct by any of Epstein's victims. But his explanations have shifted, narrowed, and widened again under pressure. Gates has buckled, if only a little. This week, in a town hall with Gates Foundation staff, he called his relationship with Epstein a "huge mistake," and apologized to employees for bringing foundation executives into contact with Epstein. But still he insisted "I did nothing illicit. I saw nothing illicit."

The problem is not that Gates has been charged with a crime. It’s that new disclosures are overtaking his lies: meetings around the globe, flights on Epstein's plane, the presence of young women at gatherings, and evolving acknowledgments about the scope of their contact. What was once framed as peripheral now appears more sustained, like a relationship between two fabulously wealthy men. What was described as trivial now reads as misjudged at best.

"If these buildings around campus were called the 'Jeffrey Epstein Library,'" Parsons wrote in The Daily, "they'd have hopefully been changed long ago."

But we treat proximity to harm differently when the proximity comes with billions attached. Money is like duct tape over the mouth.

As of 2017, the Bill & Melinda Gates Foundation had awarded UW more than 250 grants totaling nearly $1.25 billion. This philanthropy has been woven so deeply into the institution's financial and research infrastructure that the prospect of removing Gates' name is not simply a reputational concern. It is a reckoning with dependency.

It is easier to leave the letters in place when Trump is a threat to higher education funding and the university has already faced layoffs tied to budget shortfalls. Staying in the good graces of a “good billionaire” is security.

Tim Schwab, author of The Bill Gates Problem: Reckoning with the Myth of the Good Billionaire, has long argued that Gates’ philanthropy has discouraged scrutiny.

If this were only a matter of reputation, it would be confined to op-eds and campus debates. But the Gates Foundation is not merely a personal vehicle for his generosity; it is an $86 billion institution operating under a tax-advantaged status that effectively subsidizes its power with public dollars. That scale alone raises regulatory questions, precisely because philanthropy, as currently structured, enjoys massive public subsidy with comparatively minimal democratic oversight. But they’re not actually above scrutiny, legal or otherwise.

So the question becomes: does anyone actually have the authority to hold it accountable? When I asked Washington Attorney General Nick Brown's office, Deputy Communications Director Mike Faulk responded bluntly:

“We don’t speculate about our decision-making regarding any potential investigatory matters… If the question is just whether we have the authority to investigate nonprofits and charities, the answer is yes, state law does give us that kind of authority.”

At UW, naming decisions sit with the Board of Regents, and policy allows for reconsideration in certain circumstances. Parsons doesn’t believe they’ll do anything.

But she rejects the idea that raising the question is trivial or performative. "I think there's nothing wrong with caring about something like this. That's not some waste of time."

For her, the point is not immediate victory; it is civic muscle. Universities are places where people are supposed to question power, not rehearse deference to it. Even if the name never comes down, she argues, asking why it’s there, and whether it still reflects the institution’s values, is exactly the kind of scrutiny higher education claims to teach.

Friday, 27 February

23:42

Windows Server Insider builds can now boot from ReFS [OSnews]

The file system of the Windows operating system is NTFS, whether you’re running it on a desktop/laptop or server. It’s the only file system Windows can run on and boot from, at least officially, so you’re not even given a choice of file systems for the boot volume like you are on, say, desktop Linux. That’s about to change, though: Microsoft has finally announced that Windows Server will be able to boot from ReFS.

We’re excited to announce that Resilient File System (ReFS) boot support is now available for Windows Server Insiders in Insider Preview builds. For the first time, you can install and boot Windows Server on an ReFS-formatted boot volume directly through the setup UI. With ReFS boot, you can finally bring modern resilience, scalability, and performance to your server’s most critical volume — the OS boot volume.
↫ chcurlet-msft at Microsoft’s Tech Community

Without diving too much into the weeds, ReFS can roughly be seen as Microsoft’s answer to modern file systems like ZFS and Btrfs, with comparable design goals and feature sets. It’s been around since 2012, but only for Windows Server, and with every Windows Server release since, the company has improved performance, added new features, and fixed bugs. Now, in 2026, it seems Microsoft thinks ReFS is ready to be used as a bootable file system for Windows Server.

If you want to try this for yourself, you need to be a Windows Insider and make sure you have Windows Server build 29531.1000.260206-1841 or newer. During installation, the Windows installer will ask you to choose between NTFS and ReFS; the rest of the installation process will be pretty much the same as before. Now all we need is to wait for ReFS to become an option on client versions of Windows too, which would mark – arguably – only the second time in history Windows transitioned from one default filesystem to the another.

Councilmember Kettle Insists Surveillance Tech Is Safe [The Stranger]

Let’s set the record straight on Mr. Kettle's claims. by Micah Yip

Councilmember Bob Kettle wanted to dispel “misconceptions” about Seattle’s surveillance program. Ahead of Tuesday’s Public Safety Committee meeting, which he chairs, Kettle issued a press release arguing that tools like CCTV cameras, automatic license plate readers (ALPRs) and the Real-Time Crime Center (RTCC) are an effective crime deterrent that doesn’t jeopardize vulnerable populations as severely as has been reported.

In his release, he argued that the “implementation of ALPR, CCTV and RTCC technology in Seattle is not a choice between public safety and personal privacy—it is a smart and responsive commitment to both.” His argument was a bizarre combination of misdirects (claiming we’re safe because we don’t use Flock-brand cameras for our license plate readers), irrelevant details (assuring Seattleites that cops aren’t watching all of the cameras at all times) and anecdotal evidence (arguing that CCTV cameras reduce crime, based on vibes).

This stunt comes amid public outcry against surveillance technology. Community members and advocacy groups worry that surveillance data can leave marginalized communities vulnerable to federal tracking. And their concerns aren’t theoretical—in Washington state and across the country, federal authorities have accessed local surveillance data, raising questions about how much protections local guardrails actually provide.

So let’s set the record straight on his four claims.

Deterring Violent Crime

When we talk about CCTV cameras, researchers most commonly cite a 40-year systematic review by CUNY that found no evidence that CCTV cameras reduce violent crime. But in his press release, Kettle wanted his constituents to focus on another line in the study, which said the results support the use of cameras to deter (non-violent) crime. “It can help address property crime and has always been intended to help with a variety of crimes beyond violent crime,” he wrote.”

However, at the Tuesday press conference, Kettle doubled down on the idea that the program could still deter violent crime. He gave an example of a recent shooting at Second Avenue and James Street. Using surveillance footage, police were able to quickly identify and apprehend a suspect, said Kettle.

You may notice that that’s an example of footage used in solving a crime, not deterring it.

But according to Kettle’s logic, being able to rapidly identify and arrest suspects prevents future crimes by removing repeat offenders from the streets. “If somebody is so blatant to shoot someone in the back of the head, they may have done some other crimes,” he said.

When asked again what evidence Kettle has that Seattle’s CCTV deters violent crime before it happens, Kettle acknowledged the city hasn’t yet completed its formal evaluation, which is currently in progress by the University of Pennsylvania. But he still doubled down on his argument that the cameras are a deterrent, because if bad actors know they’re being watched, their operations will be disrupted and delayed, allowing local authorities more time to investigate and apprehend. What evidence does Kettle have of that? “I believe it to be true based on anecdotal,” he said.

But It’s Not Flock!

He’s right. Seattle doesn’t contract with Flock, the notoriously fed-friendly tech vendor. But we do have our own automatic license plate readers (ALPRs), provided by a surveillance company called Axon. And according to Tee Sannon, ACLU of Washington’s technology policy program director, there are no laws in Washington state that govern ALPRs.

The State Senate is currently considering Senate Bill 6002, which would regulate how jurisdictions in Washington handle ALPR data. It would create a 21 day retention period, meaning after 21 days, the data would be deleted, unless it had been pulled within that time frame for an investigation. The 21-day-retention schedule isn’t much of a reform, as jurisdictions in Washington generally stick to a 30 day time limit. Seattle’s is much longer—the Seattle Police Department keeps ALPR data for 90 days. “Thirty days is a very long time to keep basically a database of almost entirely [data of] people that are not associated with wrongdoing,” Sannon says.

ACLU-WA (and Kettle) both support the bill.

Surveillance Data Isn’t Safe From the Feds

In his press release, Kettle specifically focused on the argument that surveillance data might be insecure because it’s stored out-of-state, and therefore outside of Washington’s protective laws. “DHS has no access to SPD data regarding civil matters (such as immigration) unless the federal government subpoenas footage from the vendor. SPD owns this data, regardless of where it is stored,” he wrote.

Requiring a subpoena doesn’t eliminate the potential for federal access—it formalizes it. He also pointed to the guardrail added by Councilmember Alexis Mercedes Rinck, which triggers a 60-day shutdown of the CCTV program if the feds subpoena any data—which still allows data to get into their grubby hands before it’s paused.

“Is it perfect? Probably not,” Kettle said at his press conference. “I’m not making that claim that we’re 100 percent intact.”

Translation: Our surveillance data isn’t safe.

Seattle Police Officers aren’t constantly monitoring cameras at the RTCC.

His final note in his press release ensured Seattleites that there isn’t a desk monkey watching your every move through the city’s CCTV program. No one thinks they are. Thanks, Bob.

22:56

US lawmakers push for age verification at the operating system level [OSnews]

Encryption backdoors, social media bans for children, creepy age verification for applications – what will they think of next? The latest brilliant idea by US lawmakers sure is a hell of a doozy: legally mandated age verification in every single operating system.

Colorado’s SB26-051, introduced last month, would require operating systems to register the owner’s age, which third-party apps can then leverage to determine if the user is an adult. The bill calls for the device owner to register their birthdate or age, but for the purposes of creating an “age bracket,” which can then be shared to an app developer through an API to learn their age range, according to BiometricUpdate.com.
[…]
Ball also said the legislation was based on California’s bill AB 1043, which was passed last year. It too requires OS makers to create a way for the device owner to register their age bracket, which can then be shared to app developers over an API. The California law starts to take effect January 1, 2027.
↫ Michael Kan at PCMag

Age verification to protect children sounds innocent enough, but if you have more than two brain cells to rub together it’s crystal clear that what we’re really looking at is the true end of privacy and online anonymity. If age verification is only used by certain applications, it’s easy enough to avoid them, but if it becomes part of Windows, desktop Linux, Android, it’s truly game over. Nobody will be anonymous online ever again, and nobody will have any sense of privacy left when opening up their computer.

Worse yet, if you do end up using an operating system that doesn’t adhere to this law, or you hack out or circumvent the age verification nonsense, you’ll automatically become an easy target for law enforcement. Clearly, if you circumvent age verification, you must be up to no good, right? Of course, as we’ve seen in countries with heavily deteriorating democracies and freedoms, like the US or Hungary, even merely opposing the government will be classified as “up to no good”, and let’s not even get started about the various minorities these countries are actively trying to eradicate.

If something like this is enshrined in law in your country, you’re fucked.

22:21

Friday Squid Blogging: Squid Fishing in Peru [Schneier on Security]

Peru has increased its squid catch limit. The article says “giant squid,” but they can’t possibly mean that.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

22:07

Petter Reinholdtsen: Free software toolchain for the simplest RISC-V CPU in a small FPGA? [Planet Debian]

On Wednesday I had the pleasure of attending a presentation organized by the Norwegian Unix Users Group on implementing RISC-V using a small FPGA. This project is the result of a university teacher wanting to teach students assembly programming using a real instruction set, while still providing a simple and transparent CPU environment. The CPU in question implements the smallest set of opcodes needed to still call the CPU a RISC-V CPU, the RV32I base set. The author and presenter, Kristoffer Robin Stokke, demonstrated how to build both the FPGA setup and a small startup code providing a "Hello World" message over both serial port and a small LCD display. The FPGA is programmed using VHDL, the entire source code is available from github, but unfortunately the target FPGA setup is compiled using the proprietary tool Quartus. It is such a pity that such a cool little piece of free software should be chained down by non-free software, so my friend Jon Nordby set out to see if we can liberate this small RISC-V CPU. After all, it would be unforgivable sin to force students to use non-free software to study at the University of Oslo.

The VHDL code for the CPU instructions itself is only 1138 lines, if I am to believe wc -l lib/riscv_common/* lib/rv32i/*. On the small FPGA used during the talk, the entire CPU, ROM, display and serial port driver only used up half the capacity. These days, there exists a free software toolchain for FPGA programming not only in Verilog but also in VHDL, and we hope the support in yosys, ghdl, and yosys-plugin-ghdl (sadly and strangely enough, removed from Debian unstable) is complete enough to at least build this small and simple project with some minor portability fixes. Or perhaps there are other approaches that work better? The first patches are already floating on github, to make the VHDL code more portable and to test out the build. If you are interested in running your own little RISC-V CPU on a FPGA chip, please get in touch.

At the moment we sadly have hit a GHDL bug, which we do not quite know how to work around or fix:

******************** GHDL Bug occurred ***************************
Please report this bug on https://github.com/ghdl/ghdl/issues
GHDL release: 5.0.1 (Debian 5.0.1+dfsg-1+b1) [Dunoon edition]
Compiled with unknown compiler version
Target: x86_64-linux-gnu
/scratch/pere/src/fpga/memstick-fpga-riscv-upstream/
Command line:

Exception CONSTRAINT_ERROR raised
Exception information:
raised CONSTRAINT_ERROR : synth-vhdl_expr.adb:1763 discriminant check failed
******************************************************************

Thus more work is needed. For me, this simple project is the first stepping stone for a larger dream I have of converting the MESA machine controller system to build its firmware using a free software toolchain. I just need to learn more FPGA programming first. :)

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Jails for NetBSD [OSnews]

FreeBSD has its jails technology, and it seems NetBSD might be getting something similar soon.

Jails for NetBSD aims to bring lightweight, kernel-enforced isolation to NetBSD.
[…]
The system is intended to remain fully NetBSD-native. Isolation and policy enforcement are integrated into the kernel’s security framework rather than implemented in a separate runtime layer.

It does not aim to become a container platform. It does not aim to provide virtualization.
↫ Matthias Petermann

It has all the usual features you have come to expect from jails, like resource quota, security profiles, logging, and so on. Processes inside jails have no clue they’re in a jail, and using supervisor mode, jails are descendent from a single process and remain visible in the host process table. Of course, there’s many more features listed in the linked article.

It’s in development and not a default part of NetBSD at this time. The project, led by Matthias Petermann, is developed out of tree, with an unofficial NetBSD 10.1 ISO with the jails feature included available as well.

Dental Formulas [xkcd.com]

21:21

Intercepting messages inside IsDialogMessage, fine-tuning the message filter [The Old New Thing]

Last time, we used a MSGF_DIALOGBOX message filter to hook into the IsDialogMessage so that we had the option to grab the ESC before it gets turned into an IDCANCEL. There are some problems with our initial foray.

One is the problem of recursive dialogs. If the first dialog shows another copy of itself (for example, a certificate dialog showing a dialog for its parent certificate), then the thread-local variable gets overwritten, and the first dialog’s information is lost.

We could solve that by having each dialog remember the original value and restore it when the dialog dismisses. Alternatively, we could maintain an explicit stack of dialogs, pushing when a new dialog is created and popping when it is destroyed.

However, this fails to handle the case where the dialog is modeless. In that case, the two dialogs could be running concurrently rather than recursively. Instead of a stack, we really need a per-thread set of active dialogs.

Another thing to worry about is that if this code is put into a static library, and two components in the same thread both use that static library, then you have to be careful that the two copies of the library don’t conflict with each other.

I came up with this initial idea:

#define DIALOG_WANTS_ESC_PROP TEXT("DialogWantsEsc")

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUint(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage &&
                !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                             msg->wParam, lParam) &
                         (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE))) {
                return SendMessage(hdlg, customMessage, 0, lParam);
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

The idea here is that instead of having to manage a table of per-thread registrations, we just let dialogs self-register by setting the DIALOG_WANTS_ESC_PROP property to the message number they want to receive when the user presses ESC.

If there are two copies of this hook installed, then the DialogEscHookProc is called twice. The first one sends the custom message and gets the dialog’s response, and returns it; it never passes the message down the hook chain. Therefore, the second and subsequent hooks never get to run, so we don’t have a problem of the custom message getting sent multiple times for the same call to IsDialogMessage.

This design has the advantage that multiple DLLs using this pattern can coexist because the first hook (whichever it is) does all the work for everybody.

An alternate, more complex, design would pass the call down the chain if the dialog box declined to handle the ESC key, in case some other hook wanted to do something special. The catch is that if there are multiple copies of this hook installed, each one will send the custom message to the dialog, which would be bad if the handler for the custom message had side effects like showing a confirmation dialog.

So we can add the rule that the custom message must be safe to call multiple times if it returns FALSE. This means that if it wants to display a confirmation dialog, it should always return TRUE even if the user cancels.

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUInt(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage &&
                !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                             msg->wParam, msg) &
                         (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE)) &&
                 SendMessage(hdlg, customMessage, 0, lParam)) {
                 return TRUE;                                  
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

Or we can have the first hook leave a note for the other hooks that the message has already been handled and that they shouldn’t try to handle it again.

#define DIALOG_WANTS_ESC_PROP TEXT("DialogWantsEsc")
#define CURRENT_MESSAGE_PROP TEXT("DialogWantsEscCurrentMessage")

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (msg->message == WM_KEYDOWN &&
            msg->wParam == VK_ESCAPE) {
            auto hdlg = GetAncestor(msg->hwnd, GA_ROOT);
            auto customMessage = PtrToUInt(GetProp(hdlg,
                                           DIALOG_WANTS_ESC_PROP));
            if (customMessage) {
                auto previous = GetProp(hdlg, CURRENT_MESSAGE_PROP);
                if (previous != msg &&                              
                    !(SendMessage(msg->hwnd, WM_GETDLGCODE,
                                 msg->wParam, msg) &
                             (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE))) {
                    return SendMessage(hdlg, customMessage, 0, lParam);
                }
                SetProp(hdlg, CURRENT_MESSAGE_PROP, msg);                     
                auto result = CallNextHookEx(nullptr, nCode, wParam, lParam); 
                SetProp(hdlg, CURRENT_MESSAGE_PROP, previous);                
                return result;                                                
            }
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

The first hook will send the message to the dialog. and if the dialog declines to handle it, it passes the messages to the other hooks, but setes the “current message” property to the message that was already handled, so that other hooks won’t try to handle it again.

The last part of the puzzle is installing the hook. Since we are assuming that we cannot alter the dialog loop, the hook has to be installed by the dialog itself.

Let’s assume that this dialog box already allocates other dialog state, so we can add the hook handle to the state structure.

struct DIALOGSTATE
{
    wil::unique_hhook escapeHook;
    ⟦ other stuff ⟧
};

// each dialog can choose its own custom message
#define DM_ESCPRESSED (WM_USER+1000)

INT_PTR CALLBACK DialogProc(HWND hdlg, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message) {
    case WM_INITDIALOG:
        {
            DIALOGSTATE* state = new(std:nothrow) DIALOGSTATE();
            if (!state) { EndDialog(hdlg, -1); return FALSE; }
            SetWindowLongPtr(hdlg, DWLP_USER, (LONG_PTR)state);
            state->escapeHook.reset(SetWindowsHookEx(WM_MSGFILTER,     
                             DialogEscHookProc,                        
                             nullptr, GetCurrentThreadId()));          
            SetProp(hdlg, DIALOG_WANTS_ESC_PROP,                       
                    IntToPtr(DM_ESCPRESSED));                          
            ⟦ other dialog initialization as before ⟧
            ⟦ ending with "return (whatever)" ⟧
        }

    case DM_ESCPRESSED:
        if (⟦ we want to process the ESC key ourselves ⟧) {
            ⟦ do custom ESC key processing ⟧
            SetWindowLongPtr(hdlg, DWLP_MSGRESULT, TRUE);
            return TRUE;
        }
        break;

    case WM_DESTROY:
        {
            auto state = (DLGSTATE*)GetWindowLongPtr(hdlg, DWLP_USER);
            delete state;
        }
        break;

    ⟦ handle other messages ⟧
    }
    return FALSE;
}

The dialog installs the hook when it is created and removes it when it is destroyed. The hook has become an implementation detail of the dialog.

Now, I don’t recommend doing all this. Better is to just treat with the ESC like any other press of the (possibly imaginary) Cancel button. One of the few scenarios I can think of where this could be useful is if you want to display an extra confimation for the Close button (since its meaning is potentially ambiguous). This is still nonstandard, but at least it’s not too nonstandard. And for that, you can just intercept WM_CLOSE instead of trying to intercept the ESC. Intercepting the ESC was really just an excuse to show off message filters, which tend to be unappreciated.

The post Intercepting messages inside <CODE>IsDialogMessage</CODE>, fine-tuning the message filter appeared first on The Old New Thing.

20:00

10,000x [Penny Arcade]

I had sent Murgh an image on his phone, which... I mean, I guess I can just show it to you. It's gonna make a lot of sense when you see the strip:

19:49

The Best Bang for Your Buck Events in Seattle This Weekend: Feb 27–Mar 1, 2026 [The Stranger]

Shunpike Storefronts & Artist Residencies, Travessias Brazilian Film Festival, and More Cheap & Easy Events Under $20

by EverOut Staff

The weekend starts now. There's no time to waste, so dive in with our cheap and easy guide, pointing you to events from the Shunpike Storefronts & Artist Residencies Grand Opening to the Official Seattle Sounders FC Watch Party with Sammy the Orca and from the Travessias Brazilian Film Festival to the 50th Annual Kalevala Lecture. For more, check out our top picks of the week.

FRIDAY PERFORMANCE

So You Do Drag?! Kremwerk's Premiere Drag/Burlesque Competition
Oh, you do drag? Don’t be shy! Prove it at Kremwerk’s So You Do Drag?! It’s a new one-off competition dedicated to spotlighting the next generation of Seattle drag and burlesque performers. And not just by putting them on stage, but by giving Seattle’s rising stars a chance to prove “WHO they are and WHY they deserve stardom” in front of established icons like Clara Voyance and Pupusa. For this inaugural event, contestants Kimme Kash, Lizzie McHigher, and Nadia Nuff will strut, lip sync, and seduce their way through performances designed to show audiences exactly what they’ve got tucked deep down inside. Don’t overthink showing up, it’s gonna be a great time. LANGSTON THOMAS
(Cherry Nightclub, Downtown, $15)

19:21

Sampling Some Smackin’ Sunflower Seeds [Whatever]

I used to eat sunflower seeds when I played softball as a kid, and I can’t say I’ve ever eaten them since. For some reason, I was getting advertisements for Smackin’ Sunflower Seeds on Instagram. In that moment, I thought, you know what, sunflower seeds sound kind of good to snack on right now.

I would say in my life I’ve only had regular sunflower seeds, ranch, and BBQ flavored, so when I saw Smackin’s array of flavors, I was certainly intrigued. I am someone who believes variety is the spice of life, so of course I couldn’t choose just one flavor. I went ahead and bought a variety pack that included all their flavors (except the OG Original), and my dad and I gave them all a try.

I let my dad pick the first flavor we tried, and he chose “lemon pepper.” These definitely had a strong flavor, as advertised, and the taste actually reminded me a lot of a steakhouse. The peppery-ness wasn’t overwhelming, and my dad and I gave these ones a 6.5/10.

Up next, we went for a classic: Ranch. The ranch flavor reminded me a lot of a Hidden Valley Ranch seasoning packet, like the kind you mix into dips or salad dressings. Surprisingly, the ranch flavor was very subtle, which is certainly something that ranch never is. You get a Cool Ranch Dorito and that shit is RANCHED UP. In the case of these seeds, I could’ve used more ranch flavor. They were kind of weak, but the flavor that was present was good. These were a 6/10 from both of us.

We switched to a sweet flavor, their Cinnamon Churro. This flavor was actually really nice, it wasn’t just straight cinnamon, it had that nice churro-vanilla sort of flavor. I will say that the flavor wasn’t very long lasting, though. Like it wore off very quickly. The taste, while it lasted, was very nice and not too sweet, with just a little bit of saltiness to have a nice sweet-and-salty factor. This was a 7.5/10 from my dad and a 7/10 from me.

My dad wanted to get the Cheddar Jalapeno out of the way, since he feared it would be really hot and we’re not exactly known for loving spicy stuff. I’m happy to report that while these ones do have a real kick with a heat that lingers just a touch, it has a really nice actual jalapeno flavor and isn’t just hot to be hot. While there’s not so much of the cheddar flavor present, if you’re someone who likes a little bite in their snack, this one would be a great pick for you. I wouldn’t eat a whole bag, but they were pretty tasty. These were a 7/10 from both of us.

Onto Dill Pickle, which was one I was very excited for. Lemme just say, these bad boys were picklelicious. These had a super solid, bold pickle flavor that was very enjoyable and not too acidic, just had that nice dilly briny taste. These ended up being in my top two favorites overall, and we both gave them an 8.5/10.

Over to the Cracked Pepper, I was curious how this would compare to the Lemon Pepper. If you are someone who puts so much pepper on their steak or eggs that people around you are sneezing to high heaven, then this is the flavor for you. These were so peppery, like pretty overwhelmingly so. I honestly didn’t care for them, and gave them a 4/10, but my dad gave them a 6/10.

Next up was the Backyard BBQ. I do love barbecue chips, so I was looking forward to see how these compared flavor-wise. The BBQ was super bold! Just one seed was absolutely packed with BBQ flavor, and it was very tasty! More long-lasting flavor and very strong, these were super good and ended up being another favorite. My dad gave them an 8/10 and I gave them an 8.5/10.

Back to the sweet ones, we tried the Maple Brown Sugar. Like the Cinnamon Churro, they were really nice but not long-lived. They’re a bit subtle, like not a huge amount of maple flavor or anything, but still pretty good. My dad gave them a 7/10 and I went with a 6.5/10. The rating would be a lot higher if the flavor lasted longer or was stronger.

Starting to wrap up our sunflower adventure, Sour Cream and Onion was next. These tasted so classic and recognizable, like if you enjoy sour cream and onion chips, these are for you because they taste absolutely spot on. They honestly reminded me a lot of Philadelphia Cream Cheese Chive and Onion flavor. These were a 7.5/10 from both of us.

The final flavor before trying the mystery flavor was Garlic Parmesan. These were super garlicky, but didn’t offer up a whole lot of parmesan flavor. The garlic really stole the spotlight here, but it was still a tasty flavor, earning it a 7/10 from both of us.

Finally, the mystery flavor! I truly had no idea what to expect. Do you know how DumDums make their mystery flavors? Well, I can only assume that Smackin’ does the same thing, because the mystery flavor tasted exactly like the Cheddar Jalapeno and Ranch mixed together. It was like the Cheddar Jalapeno but less hot, and somehow even better! The mystery flavor earned an 8/10 from both of us.

Well, there you have it! Eleven flavors of sunflower seeds. The only one I didn’t get to try that I would’ve loved to is Cheeseburger! Honestly, these were pretty solid sunflower seeds. It felt kind of nostalgic to eat them, even if they are kind of tedious to get through. I felt like one of those dogs that has a “slow down” bowl because you can’t just plow through them like chips or crackers.

Anyways, if you’re interested in trying some for yourself, I have a 10% off code for you! Yippee!

Which flavor sounds the best to you? Do you eat sunflower seeds often? Let me know in the comments, and have a great day!

-AMS

18:14

Slog AM: More Seattle Budget Woes, Drunk of the Week Is House Majority Leader, White House Staffer is Johnny MAGA [The Stranger]

by Nathalie Graham

Another Bad Budget: The forecast for the city of Seattle's budget is grim. The analysts have looked into their cursed crystal ball and given Seattle its fortune (or, lack thereof): We'll be dealing with a $140 million deficit this year. Damn, those soothsaying nerds! In response, Mayor Katie Wilson asked city departments to prepare for the worst and issue plans for shaving off between 5 and 10 percent of their budgets. That's not a guarantee anything will happen—Bruce Harrell did the same thing last year before he pulled enough money out of a hat (read: the JumpStart Seattle tax's coffers) to balance the budget.

All of this was expected. For the last couple of years, the city's budget has been similarly cratered. A pandemic and a fascist president will do that to a liberal city. And, Harrell didn't do anything to find new revenue, he just pickpocketed the JumpStart tax to solve the problem in front of him. It will be very interesting to see if Wilson, who helped create the JumpStart tax to primarily fund the creation of affordable housing, will do what every other mayor has done and raid JumpStart to keep the city afloat.

Speaking of Forecasts: It'll be borderline pleasant in Seattle today. There will be sun. It will still be chilly, though. Don't plan a beach day just yet.

Spritzgibbon: House Majority Leader Rep. Joe Fitzgibbon apparently tied one on before Wednesday evening’s House Appropriations Committee meeting where legislators were passing the supplemental operating budget. Fitzgibbon's speech was “slurred and halting” and an unnamed Republican said Fitzgibbon appeared to be sleeping during parts of the night-time meeting. Fitzgibbon has apologized for having a little tipple before his important job. "Being impaired in that situation was harmful to my work and to my co-workers," he said in an apology.

Gig Harbor Stabbing: On Tuesday, a 32-year-old man stabbed and killed his mother and three of her neighbors outside her suburban home near Gig Harbor. According to KING 5, he lived in his younger sister's garage and suffered from bipolar disorder. His sister said he stopped taking his medication three days before the attack. His mother filed a protection order against her son in 2020 that lasted through 2022. In 2025, she petitioned for another one, which a court granted, but failed to serve him with the order. Therefore, it was not enforceable. The police didn't respond quickly because the order wasn't in effect.

Hey, Cut That Out: Someone shot a harbor seal in the face in Quilcene Bay near Hood Canal. Apparently, this is the second harbor seal that's been shot in the face in a matter of months. The law enforcement arm of the National Oceanic and Atmospheric Administration is investigating. Yeah, I am also surprised to hear there's a cop division in NOAA.

Good News: Capitol Hill's Seven Hills Park has been freed from prison. The Bruce Harrell administration locked up the park—and three other small parks across the city—six months ago to stop homeless people from camping there.

A Touch of TB: Someone at Rainier Beach High School was diagnosed with tuberculosis. According to Public Health, around 130 people in connection with RBHS may have been exposed to the airborne disease and will need to be tested. While this is serious, TB takes "repeated and prolonged exposure" to really spread. Tuberculosis remains the leading infectious cause of death around the world. But in wealthy countries, the risk and prevalence is low. Except, TB has been making a resurgence in the US.

War: Pakistan and Afghanistan are at war. Pakistan has bombed Afghanistan’s capital Kabul, and both countries claim to have inflicted substantial losses on the other.

I Did Not Have Sex-Offender Relations With That Man: In a closed-door deposition with members of Congress in Chappaqua, New York, former President Bill Clinton is testifying in the House’s Epstein investigation. A former sitting president has never been compelled to testify to Congress before. Hillary Clinton sat with lawmakers for her deposition yesterday.

I’m Just Chillin’ in Chappaqua: Hillary spent more than six hours with the House Oversight Committee. In a short press conference afterward, she told reporters she wished the proceedings had been public and that her attorneys have asked for transcripts and video to be available as soon as possible.

But Where Will We Watch It? Probably not on any of Warner Bros. Discovery’s subsidiaries. Netflix walked away from a deal to buy the company after David Ellison’s Paramount launched a hostile takeover. The deal may, in the words of WBD’s CEO David Zaslav, create “tremendous value for shareholders,” but it’s also putting a tremendous media empire in Ellison’s flag-waving, Trump-loving hands. It’s an antitrust nightmare, Democrats say.

Big Brother Burger: Burger King is testing new Open AI-powered headsets to assist employees and track if they’re saying “please” and “thank you.” Data on restaurant operations is shared with “Patty,” an AI that will speak to employees through their headsets. Patty can tell them if a drink machine is low on Diet Coke, or when a customer reports a bathroom disaster. Employees can ask Patty for instructions or ask it to remove out-of-stock items from the store’s digital menus. It sounds like torture.

Trump Staffer Runs X Account Johnny MAGA: By day, Garrett Wade is a rapid response manager for the Trump administration. Also by day, he runs a massive X account devoted to kissing his bosses’ feet. Wade tweets as Johnny MAGA and helps run the White House account that boosts Johnny MAGAs tweets. And when he tweets as Johnny MAGA, he tweets things like how great the administration is. OR how it was obvious Trump didn’t watch the entire video showing the Obamas as apes. If Trump had, he would’ve posted the entire thing. “It was a masterpiece,” wrote Johnny MAGA.

17:42

When I write a comment on someone else's blog I want it to automatically be on my blog. It should just appear to be on theirs, the original and only copy of the writing appears on mine. A truly distributed system.

Me as a comp sci grad student [Scripting News]

I bet Jeopardy champions would make great software developers. Their intelligence, ability to stay calm and their incredible memory, all are needed to squeeze the last bits of performance from software.

It's nice having Facebook around to show you your old posts. This one just came up and I thought it would be good to remind you all that I was once a young nerd creating Unix apps at UW-Madison.

Me as a grad student, doing more or less the same I do as an old coot.

17:07

[$] The troubles with Boolean inversion in Python [LWN.net]

The Python bitwise-inversion (or complement) operator, "~", behaves pretty much as expected when it is applied to integers—it toggles every bit, from one to zero and vice versa. It might be expected that applying the operator to a non-integer, a bool for example, would raise a TypeError, but, because the bool type is really an int in disguise, the complement operator is allowed, at least for now. For nearly 15 years (and perhaps longer), there have been discussions about the oddity of that behavior and whether it should be changed. Eventually, that resulted in the "feature" being deprecated, producing a warning, with removal slated for Python 3.16 (due October 2027). That has led to some reconsideration and the deprecation may itself be deprecated.

16:14

Maybe it's time to give awards for most our admired standards-makers. I would start with Jon Postel and Steve Wozniak.

15:28

Two new stable kernels, possible regression [LWN.net]

One of the items in Rules for Standards-makers is don't design the format before you make the app. Instead, make an app, and when you're ready, make the file format public so people can interop (ie compete) so as not to lock users to in your software. If you do that you can say you are "of the web." If we all do that always, voila! -- no more silos. Another rule is that you must use an existing format if it exists, because then you will interop with apps that support that format. Gratuitous incompatibility is a sign of a silo-seeker. So, look first, if there are no usable formats, make your app and make your format public.

14:49

Greg Kroah-Hartman has announced the 6.19.4 and 6.18.14 stable kernels. Shortly after 6.19.4 was released Kris Karas reported "getting a repeatable Oops right when networking is initialized, likely when nft is loading its ruleset"; the problem did not appear to be present in 6.18.14. Users of nftables may wish to hold off on upgrades to 6.19.4 for now. We will provide updates as they are available.

Update: Kroah-Hartman has released the 6.19.5 and 6.18.15 kernels with a fix for the regression in 6.19.4 and 6.18.14. All users of netfilter are advised to upgrade to those versions.

14:21

Dirk Eddelbuettel: x13binary 1.1.61.2 on CRAN: Micro Maintenance [Planet Debian]

The x13binary team is happy to share the availability of Release 1.1.61.2 of the x13binary package providing the X-13ARIMA-SEATS program by the US Census Bureau which arrived on CRAN earlier today, and has already been built for r2u.

This release responds to a CRAN request to display the compiler version when building. x13binary, just like three other packages there, creates and ships a local binary it interfaces with. So our build was a little outside of R CMD INSTALL ... but now signals build versions like R does. We also modernized and simplified our continuous intgegration script based on r-ci.

Courtesy of my CRANberries, there is also a diffstat report for this release showing changes to the previous release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub.

14:07

Security updates for Friday [LWN.net]

Security updates have been issued by AlmaLinux (389-ds-base, buildah, firefox, freerdp, golang-github-openprinting-ipp-usb, grafana-pcp, kernel, libpng15, munge, nodejs:20, nodejs:22, podman, protobuf, python-pyasn1, runc, and skopeo), Debian (chromium, nss, and python-django), Fedora (firefox, freerdp, gh, libmaxminddb, nss, python3.15, and udisks2), Oracle (buildah, firefox, freerdp, kernel, libpng, podman, python-pyasn1, skopeo, and valkey), Red Hat (container-tools:rhel8), SUSE (autogen, chromium, cockpit, cockpit-machines-348, cockpit-packages, cockpit-repos, cockpit-subscriptions, crun, docker, docker-compose, docker-stable, erlang, freerdp, frr, glib2, gpg2, kernel, kernel-firmware, libsodium, libsoup, libsoup2, openvswitch, python, python-pyasn1, python-urllib3, python-urllib3_1, python3, qemu, redis7, regclient, and ucode-intel), and Ubuntu (linux-aws, linux-aws-6.8, linux-ibm, linux-ibm-6.8, linux-xilinx, python-authlib, and ruby-rack).

12:49

Error'd: Perverse Perseveration [The Daily WTF]

Pike pike pike pike Pike pike pike.

Lincoln KC repeated "I never knew Bank of America Bank of America Bank of America was among the major partners of Bank of America."

"Extra tokens, or just a stutter?" asks Joel "An errant alt-tab caused a needless google search, but thankfully Gemini's AI summary got straight-to-the-point(less) info. It is nice to see the world's supply of Oxford commas all in once place. "

Alessandro M. isn't the first one to call us out on our WTFs. "It’s adorable how the site proudly supports GitHub OAuth right up until the moment you actually try to use it. It’s like a door with a ‘Welcome’ sign that opens onto a brick wall." Meep meep.

Float follies found Daniel W. doubly-precise. "Had to go check on something in M365 Admin Center, and when I was on the OneDrive tab, I noticed Microsoft was calculating back past the bit. We're in quantum space at this point."

Weinliebhaber Michael R. sagt "Our German linguists here will spot the WTF immediately where my local wine shop has not. Weiẞer != WEIBER. Those words mean really different things." Is that 20 euro per kilo, or per the piece?

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Spinnerette - Issue 45 - 02 [Spinnerette]

New comic!
Today's News:

12:35

Why Tehran’s Two-Tiered Internet Is So Dangerous [Schneier on Security]

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of internet censorship. This was not merely blocking social media or foreign websites; it was a total communications shutdown.

Unlike previous Iranian internet shutdowns where Iran’s domestic intranet—the National Information Network (NIN)—remained functional to keep the banking and administrative sectors running, the 2026 blackout disrupted local infrastructure as well. Mobile networks, text messaging services, and landlines were disabled—even Starlink was blocked. And when a few domestic services became available, the state surgically removed social features, such as comment sections on news sites and chat boxes in online marketplaces. The objective seems clear. The Iranian government aimed to atomize the population, preventing not just the flow of information out of the country but the coordination of any activity within it.

This escalation marks a strategic shift from the shutdown observed during the “12-Day War” with Israel in mid-2025. Then, the government primarily blocked particular types of traffic while leaving the underlying internet remaining available. The regime’s actions this year entailed a more brute-force approach to internet censorship, where both the physical and logical layers of connectivity were dismantled.

The ability to disconnect a population is a feature of modern authoritarian network design. When a government treats connectivity as a faucet it can turn off at will, it asserts that the right to speak, assemble, and access information is revocable. The human right to the internet is not just about bandwidth; it is about the right to exist within the modern public square. Iran’s actions deny its citizens this existence, reducing them to subjects who can be silenced—and authoritarian governments elsewhere are taking note.

The current blackout is not an isolated panic reaction but a stress test for a long-term strategy, say advocacy groups—a two-tiered or “class-based” internet known as Internet-e-Tabaqati. Iran’s Supreme Council of Cyberspace, the country’s highest internet policy body, has been laying the legal and technical groundwork for this since 2009.

In July 2025, the council passed a regulation formally institutionalizing a two-tiered hierarchy. Under this system, access to the global internet is no longer a default for citizens, but instead a privilege granted based on loyalty and professional necessity. The implementation includes such things as “white SIM cards“: special mobile lines issued to government officials, security forces, and approved journalists that bypass the state’s filtering apparatus entirely.

While ordinary Iranians are forced to navigate a maze of unstable VPNs and blocked ports, holders of white SIMs enjoy unrestricted access to Instagram, Telegram, and WhatsApp. This tiered access is further enforced through whitelisting at the data center level, creating a digital apartheid where connectivity is a reward for compliance. The regime’s goal is to make the cost of a general shutdown manageable by ensuring that the state and its loyalists remain connected while plunging the public into darkness. (In the latest shutdown, for instance, white SIM holders regained connectivity earlier than the general population.)

The technical architecture of Iran’s shutdown reveals its primary purpose: social control through isolation. Over the years, the regime has learned that simple censorship—blocking specific URLs—is insufficient against a tech-savvy population armed with circumvention tools. The answer instead has been to build a “sovereign” network structure that allows for granular control.

By disabling local communication channels, the state prevents the “swarm” dynamics of modern unrest, where small protests coalesce into large movements through real-time coordination. In this way, the shutdown breaks the psychological momentum of the protests. The blocking of chat functions in nonpolitical apps (like ridesharing or shopping platforms) illustrates the regime’s paranoia: Any channel that allows two people to exchange text is seen as a threat.

The United Nations and various international bodies have increasingly recognized internet access as an enabler of other fundamental human rights. In the context of Iran, the internet is the only independent witness to history. By severing it, the regime creates a zone of impunity where atrocities can be committed without immediate consequence.

Iran’s digital repression model is distinct from, and in some ways more dangerous than, China’s “Great Firewall.” China built its digital ecosystem from the ground up with sovereignty in mind, creating domestic alternatives like WeChat and Weibo that it fully controls. Iran, by contrast, is building its controls on top of the standard global internet infrastructure.

Unlike China’s censorship regime, Iran’s overlay model is highly exportable. It demonstrates to other authoritarian regimes that they can still achieve high levels of control by retrofitting their existing networks. We are already seeing signs of “authoritarian learning,” where techniques tested in Tehran are being studied by regimes in unstable democracies and dictatorships alike. The most recent shutdown in Afghanistan, for example, was more sophisticated than previous ones. If Iran succeeds in normalizing tiered access to the internet, we can expect to see similar white SIM policies and tiered access models proliferate globally.

The international community must move beyond condemnation and treat connectivity as a humanitarian imperative. A coalition of civil society organizations has already launched a campaign calling for “direct-to-cell” (D2C) satellite connectivity. Unlike traditional satellite internet, which requires conspicuous and expensive dishes such as Starlink terminals, D2C technology connects directly to standard smartphones and is much more resilient to infrastructure shutdowns. The technology works; all it requires is implementation.

This is a technological measure, but it has a strong policy component as well. Regulators should require satellite providers to include humanitarian access protocols in their licensing, ensuring that services can be activated for civilians in designated crisis zones. Governments, particularly the United States, should ensure that technology sanctions do not inadvertently block the hardware and software needed to circumvent censorship. General licenses should be expanded to cover satellite connectivity explicitly. And funding should be directed toward technologies that are harder to whitelist or block, such as mesh networks and D2C solutions that bypass the choke points of state-controlled ISPs.

Deliberate internet shutdowns are commonplace throughout the world. The 2026 shutdown in Iran is a glimpse into a fractured internet. If we are to end countries’ ability to limit access to the rest of the world for their populations, we need to build resolute architectures. They don’t solve the problem, but they do give people in repressive countries a fighting chance.

This essay originally appeared in Foreign Policy.

Phishing Attacks Against People Seeking Programming Jobs [Schneier on Security]

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system.

News article.

10:21

Justice and luck [Seth's Blog]

Orson Welles may have said, “Nobody gets justice. People only get good luck or bad luck.”

I think it’s more productive to imagine that “Justice is how society deals with luck.”

Good and bad.

Irregular Webcomic! #3049 [Irregular Webcomic!]

Irregular Webcomic! #3049

09:28

10,000x [Penny Arcade]

New Comic: 10,000x

08:14

The Campaign: Running, p09 [Ctrl+Alt+Del Comic]

The post The Campaign: Running, p09 appeared first on Ctrl+Alt+Del Comic.

07:21

Victory! Tenth Circuit Finds Fourth Amendment Doesn’t Support Broad Search of Protesters’ Devices and Digital Data [Deeplinks]

In a big win for protesters’ rights, the U.S. Court of Appeals for the Tenth Circuit overturned a lower court’s dismissal of a challenge to sweeping warrants to search a protester’s devices and digital data and a nonprofit’s social media data.

The case, Armendariz v. City of Colorado Springs, arose after a housing protest in 2021, during which Colorado Springs police arrested protesters for obstructing a roadway. After the demonstration, police also obtained warrants to seize and search through the devices and data of Jacqueline Armendariz Unzueta, who they claimed threw a bike at them during the protest. The warrants included a search through all of her photos, videos, emails, text messages, and location data over a two-month period, as well as a time-unlimited search for 26 keywords, including words as broad as “bike,” “assault,” “celebration,” and “right,” that allowed police to comb through years of Armendariz’s private and sensitive data—all supposedly to look for evidence related to the alleged simple assault. Police further obtained a warrant to search the Facebook page of the Chinook Center, the organization that spearheaded the protest, despite the Chinook Center never having been accused of a crime.

The district court dismissed the civil rights lawsuit brought by Armendariz and the Chinook Center, holding that the searches were justified and that, in any case, the officers were entitled to qualified immunity. The plaintiffs, represented by the ACLU of Colorado, appealed. EFF—joined by the Center for Democracy and Technology, the Electronic Privacy Information Center, and the Knight First Amendment Institute at Columbia University—wrote an amicus brief in support of that appeal.

In a 2-1 opinion, the Tenth Circuit reversed the district court’s dismissal of the lawsuit’s Fourth Amendment search and seizure claims. The court painstakingly picked apart each of the three warrants and found them to be overbroad and lacking in particularity as to the scope and duration of the searches. The court further held that in furnishing such facially deficient warrants, the officers violated “clearly established” law and thus were not entitled to qualified immunity. Although the court did not explicitly address the First Amendment concerns raised by the lawsuit, it did note the backdrop against how these searches were carried out, including animus by Colorado Springs police leading up to the housing protest.

It is rare for appellate courts to call into question any search warrants. It’s even rarer for them to deny qualified immunity defenses. The Tenth Circuit’s decision should be celebrated as a big win for protesters and anyone concerned about police immunity for violating people’s constitutional rights. The case is now remanded back to the district court to proceed—and hopefully further vindicate the privacy rights we all have in our devices and digital data.

05:49

Girl Genius for Friday, February 27, 2026 [Girl Genius]

The Girl Genius comic for Friday, February 27, 2026 has been posted.

02:07

Incoming [QC RSS]

01:56

Quit Your Job, Ice [The Stranger]

Do you need to get something off your chest? by Anonymous

Dear ICE and CBP Agents,

Resign. Quit. Retire. Think about it. If you quit now, you can at least say you got out when the shit got crazy. If you continue to work for ICE or CBP, however, you will fuck yourself over in multiple ways.

You are probably not very bright, so I’ll try to make this simple: Nobody likes you.

Nobody.

At all.

Forever.

No real employers will want to hire you in the future if they see ICE or CBP on your resume. No one will be your friend. No one will fuck you. Your food will be spit on, or worse. If you have children, they will hate you. You will be subject to mockery, ridicule, and loathing forever. And you hopefully will get criminally prosecuted.

But if you resign now, there is a glimmer of hope. You can say that you got out when you realized that ICE and CBP are Nazis. You can say, “I’m one of the good ones who did what was right when my country depended on it.” Sure, it was significantly later than any rational, sane person would come to the same realization, but at least you got to the right place eventually.

If you resign, you will still be a douchebag, but you won’t be a fascist douchebag. And regular, non-fascist douchebags are incrementally better. They are far more likely to get a job and get paid. Or laid.

But if you stay? After the shootings? The beatings? The tear gas? The intimidation of protesters and observers? The detainment of 5-year-olds? The Nazi coats?

If you stay, you’re a Dick with a capital D for the rest of your sorry, lonely, pathetic life. So grow a pair of balls and resign already. Get a real job. Ice Out.

Do you need to get something off your chest? Submit an I, Anonymous and we'll illustrate it! Send your unsigned rant, love letter, confession, or accusation to ianonymous@thestranger.com. Please remember to change the names of the innocent and the guilty.

00:21

(5229) [Flipside]

Thursday, 26 February

23:35

Genode OS Framework 26.02 released [OSnews]

The Genode OS Framework 26.02 has been released, and its tentpole improvement is the completion of moving configuration from XML to the new human-inclined data syntax, as we talked about a few months ago. The project has been working on this for years, and now that the tooling, documentation, and so on have been added this release cycle, they’re ready to make the switch. On top of that, they also made the move from GitHub to Codeberg, but that’s certainly not all.

The technical topics of the release revolve around the progressive update of our Linux device-driver environment (DDE-Linux) to kernel version 6.18, usability improvements of the Goa SDK, input-event processing, and code rigidity.

Feature-wise, version 26.02 further cultivates the genode-world repository as designated place for ported 3rd-party software, adding the port of Git as stepping stone on our way towards self-hosted development on Sculpt OS.
↫ Genode OS Framework 26.02 release notes

Be sure to read the entire release notes for much more detailed information, as well as a ton of things not mentioned yet.

22:49

Ticket Alert: ZooTunes, Queens Of The Stone Age, and More Seattle Events Going On Sale This Week [The Stranger]

Plus, Ali Wong and More Event Updates for February 26

by EverOut Staff

Start making summer plans: The 2026 BECU ZooTunes concert series will bring acts including Courtney Barnett, Suki Waterhouse, and Pavement to Woodland Park Zoo’s meadow. Seattle-formed alt-rock band Queens Of The Stone Age return to their old stomping grounds on the Catacombs Tour. Plus, Emmy Award-winning actress and comedian Ali Wong brings her brash humor to McCaw Hall. Read on for details on those and other newly announced events, plus some news you can use.

ON SALE FRIDAY, FEBRUARY 27

MUSIC

A.J. Croce Presents Croce Plays Croce
Moore Theatre (Wed Sept 30)

BECU ZooTunes
Woodland Park Zoo (June 4–Aug 20)

Blitzen Trapper - Two Nights
Tractor Tavern (June 5–6)

22:00

“Linuxulator on FreeBSD feels like magic” [OSnews]

You may not be aware that FreeBSD has a pretty robust set of tools to run Linux binaries, unmodified.

The result? A fast, smooth, fully-featured remote development experience on FreeBSD running Linux binaries transparently via the Linuxulator.

It genuinely feels like magic.

More importantly, it’s a testament to how stable the Linux ABI itself is and how well FreeBSD’s Linuxulator implements it. This setup completely changed how I work with FreeBSD, and it finally removed one of the biggest friction points in my workflow.
↫ Hayzam Sherif

FreeBSD’s Linux compatibility does kind of feel like magic. There’s people running Steam and Steam games on FreeBSD using these very same technologies, and while it’s far from perfect, it works for quite a few games without any issues. It’d be great is Steam ever made it to FreeBSD natively, but sine that’s probably not going to happen any time soon, it’s great to see that those of us using FreeBSD can still play at least some Steam games just fine.

US orders diplomats in the EU to fight data sovereignty initiatives [OSnews]

It seems the widespread efforts in Europe to drastically reduce its dependency on US technology companies is starting to worry some people.

President Donald Trump’s administration has ordered U.S. diplomats to lobby against attempts to regulate U.S. tech companies’ handling of foreigners’ data, saying in an internal diplomatic cable seen by Reuters that such efforts could interfere with artificial intelligence-related services.

Experts say the move signals the Trump administration is reverting to a more confrontational approach as some foreign countries seek limits around how Silicon Valley firms process and store their citizens’ personal information – initiatives often described as “data sovereignty” or “data localization.”
↫ Raphael Satter and Alexandra Alper at Reuters

It’s going to take time, but untangling the EU from the US – especially technologically and militarily – is worth the effort. I’ll gladly pay more taxes to make this happen.

21:21

The Big Idea: Bernie Jean Schiebeling [Whatever]

Like blue eyes, height, or left-handedness, how much of our temper and ill manners can we contribute to our genetics? Author Bernie Jean Schiebeling explores the breakage of inherited anger, and what it’s like to fall victim to the temperament our parents passed unto us in the Big Idea for their newest novel, House, Body, Bird.

BERNIE JEAN SCHIEBELING:

My great-grandfather was not a good man.

Without getting into too many details, he was angry and abusive, so much so that my great-grandmother was able to divorce him in the late 1920s without too much trouble. After the divorce, my great-grandfather left—possibly fled—and then committed a string of burglaries across Kentucky and Tennessee while working as a door-to-door salesman. Many years later, my father met one of his ex-colleagues, who said the man had been incredible at sales. Less so at stealing, since he kept getting caught. “And,” he said, pointing at my dad’s breakfast plate, “I can tell you that you take your scrambled eggs the same way. So much pepper.”

Dad never met my great-grandfather (even Grandpa hardly knew him, since he was just a toddler during the divorce). But they both liked peppery eggs, and so do I.

Other echoes persisted too. Anger sometimes exploded from my grandfather, though less than the previous generation. My dad is calmer than his father, and I am calmer than him. Still, rage sometimes rises in me with the inevitable force of a king tide. I hear the ocean rushing in my ears—

—And I breathe through the impulse. I don’t have to do this. I don’t have to continue this tradition that—I hope—none of us wanted.

Inheritance is never clean. We gather too much over the course of a life, too many objects imbued with too many memories, to ever pass on an uncomplicated story to our descendants. In most cases, this is a gift, the last we give to our loved ones. Sometimes, however, it is a weapon, sharp-edged and dangerous to hold, and we have to figure out how to carry it anyway, or how to put it down in a way that hurts no one else. This is the big idea of House, Body, Bird.

The idea was larger than I expected. I didn’t mean for this to be a novella; I thought it would be a short story too long to sell to most markets, like most of the work I have in my drafts folder. I was about 15,000 words deep by the time I realized I was writing a book.

In retrospect, I shouldn’t have been that surprised. Stories find their ideal length through their subject matter, and the more I thought about House, Body, Bird’s family and their home-slash-haunted-dollhouse-museum, the more I realized that the sheer amount of stuff in main character Birdie Goodbain’s inheritance—both dollhouses and the history behind those dollhouses—needed to show up on the page. I started including imagery wherever I could: descriptions of dolls, of difficult memories, of how haunted the body becomes from those memories. In the story’s earlier scenes, I wanted to crowd Birdie, make her tuck her elbows in as she navigated the rambling, watchful house.

Of course, this is only the first half of the difficult-inheritance-problem, the “Someone has willed me a weapon” half. I still had to find a good way to explore the second half of “Thanks, I hate it.” Birdie couldn’t stay scared. Thankfully, I had a solution; I just needed to reorganize some clutter.

When I first started writing the would-be short story, I had alternated between two point-of-views for Birdie, third-person limited and first-person. This created emotional whiplash as Birdie went from a meek third-person POV ruminating on the house’s creepiness to a furious first-person POV bashing through the walls with a meat tenderizer. By grouping all the third-person scenes together and following them with the first-person ones, Birdie had much cleaner character development. It’s relevant that the switch in perspective happens once Birdie commits to escaping and seizing her freedom. In that moment, she moves from third-person, where an unseen narrator observes and objectifies her (like a doll!), to first-person, where she narrates her experiences. While imagery had pushed up against the margins in the third-person section, Birdie’s opinions, observations, and memories pepper her own telling of the story. She gets space to breathe.

In keeping with the novella’s spirit of excess, Birdie’s sections are interspersed with ones from the haunted house’s point of view. Originally, this was useful because it allowed me to reference the previous Goodbain generations with a level of detail that wouldn’t have been possible for Birdie, but the house eventually became the story’s second emotional heart. Although I worried about overwriting throughout the drafting process, a maximalist approach to storytelling was what I needed for House, Body, Bird.

It’s funny—early on in the story, Birdie’s messed-up dad tells her, “We build, and build, and build.” The Goodbain family built and built and built their house as a way to create a family narrative worth passing on, as an attempt to build livelihoods and lives and love, and I did the same thing. I built and built and built the story to understand how Birdie’s family history loomed over her, and how she could create a new, more loving life in response to it.

House, Body, Bird: Amazon|Barnes & Noble|Books-A-Million

Author socials: Website|Instagram|Bluesky

19:42

Pillion, the Feel-Good Gay BDSM Christmas Movie for Spring [The Stranger]

Defying popular, negative perceptions of BDSM—especially gay BDSM—Colin’s submissive role transforms him into a more assertive person, free to pursue his desires on his own non-negotiable terms and proudly advertise his “aptitude for devotion.” by Julianne Bell

In Harry Lighton’s debut feature based on Adam Mars-Jones' 2020 novel Box Hill, the life of a sheltered twenty something named Colin (Harry Melling, Harry Potter) is forever changed the moment biker Ray (Alexander Skarsgård, The Northman, Infinity Pool) unzips his leather pants in a dark alley on Christmas Day, freeing a massive, pierced, dangling cock.

The two quickly enter into an all-consuming, 24/7 dominant/submissive relationship. Colin follows Ray’s rules, becomes his devoted pet. But when the relationship begins to unravel, the power dynamics are not to blame. Like any other relationship, it’s bad communication. Apart from all the kinky sex, Pillion is almost family friendly and it is easily one of my favorite queer films of the last several years.

It’s interesting to see Melling, best-known for playing Harry Potter’s greedy, idiotic cousin Dudley Dursley, as the sensitive object of Skarsgård’s cold affection. Though the characters share a similar background (doting parents, an upbringing in the southeast London suburbs), Melling is no longer the butt of an eight-movie-long fat joke but a character with agency, allowed to explore his sexuality and to be considered desirable. Unlike Dudley, Melling tugs heartstrings as the naïve Colin, who you can’t help but want to hug. His face is an open book; his puppy eyes widen in simultaneous fear and delight.

With Melling’s Colin as a guileless vehicle, BDSM is shown as sweet rather than debased. The sex scenes aren’t soft-focused, porny fantasies, but genuine and even endearingly awkward, like when Colin and Ray grapple in spandex to Tiffany’s version of “I Think We’re Alone Now.” (The scene was the first that Melling and Skarsgård shot together, so the awkwardness might be authentic.) In Pillion, tenderness is found in birthday orgies and beautifully shot late-night, windblown motorcycle rides showing freedom can be found in submission.

BDSM in Hollywood is often played for laughs and scares, or portrayed as exotic and perverse, as in the case of Fifty Shades of Grey. Lighton cited Secretary and The Duke of Burgundy as films he had in mind while making Pillion, but went for a more relatable route. “I always wanted Pillion to have enough of a foot in realism, that you weren’t, as a viewer, able to distance yourself from the character in the way I think that I personally do in those films, by dint of the tone,” he told Letterboxd.

Pillion doesn’t exploit gayness either, or make sexuality the friction in these men’s lives. Colin’s parents are enthusiastically supportive of his queerness, but just want to see their son treated right outside the bedroom. In that way, they’re a stand-in for viewers who might not know boot-blacking from anal beads, but can read the conventional love story between the lines of this unconventional relationship.

I’d bet a reasonably open-minded family could watch it together. Alexander Skarsgård could do it: He watched it with his dad Stellan Skarsgård (Girl with the Dragon Tattoo, Dune) at Telluride Film Festival. As Stellan succinctly put it, “I have no problem seeing him do BDSM, that’s not a problem. If he acts badly, I have big problems.”

18:56

Slog AM: Speedboat Gunfight, Murder Charge in Capitol Hill Shooting, Gatesgate [The Stranger]

The Stranger's morning news roundup. by Micah Yip

US Speedboat Boat Shot By Cuba: A shootout between a Florida-registered speedboat and a Cuban border patrol vessel left six people dead and four injured. The Cuban government accused the heavily-armed “Cuban residents of the United States” in the speedboat of trying to infiltrate the island for “terrorist purposes.” They were carrying guns, Molotov cocktails, bulletproof vests, and camouflage, the Cuban government said.

Gatesgate: At an internal Gates Foundation town hall Tuesday, Bill Gates apologized to staff for endangering the foundation with his yearslong connection to convicted sex offender Jeffrey Epstein. Gates acknowledged first meeting Epstein in 2011 to raise money for global health, three years after the financier was convicted for soliciting a minor for prostitution. Gates continued to see the financier until 2014. Gates also admitted to two affairs, which Epstein tried to use as leverage over him, he said. Gates never got his money for global health.

Will They, Won’t They: Normally, Super Bowl winners are invited to the White House. But Seahawks coach Mike Macdonald said the team hasn’t gotten an invite, though he expects one. The White House has indicated they will invite the Seahawks. But will the team accept? Macdonald wouldn’t commit, but a league source told the Seattle Times the team was initially inclined to accept. The Super Bowl was weeks ago.

Murder Charge in Capitol Hill Shooting: Daniel John Carlee, 41, was charged with murder for allegedly shooting 38-year-old Solomon Thompson in Friday night’s Capitol Hill shooting. King County prosecutors said Carlee instigated the fight. Before shooting Thompson, he told a witness, “I’m going to shoot him.”

Another Teen Shooting: Police arrested two teens with a handgun after a shooting in Mount Baker that put Franklin High School on lockdown. As a precaution, students at John Muir Elementary sheltered-in-place. Police are still looking for two more suspects.

Temu Sesame Street: A 27-year-old man in Ohio has been dubbed “Oscar the Grouch” after a sanitation worker found him hiding from police in a trash can. It was caught on tape. Now, I’m no fan of surveillance, but…this was entertaining.

Weather: Partly sunny with a high near 51 and a chance of on and off rain. Wind gusts will be as high as 25 miles per hour. Tonight will be mostly cloudy with a low around 42 and a 30 percent chance of rain.

What Are the House and Senate Doing with Our Money? The Seattle Times compiled key takeaways from the state Senate and House budget proposals, including how lawmakers are accounting for the not-yet-passed millionaires’ tax, how they’ll use Climate Commitment Act money, what’ll happen with House’s proposal to eliminate occupational, speech and physical therapy coverage and instead provide a limited, one-time rate boost for certain long-term care facilities, and more.

Jeff Galloway: Galloway, the 1972 U.S. Olympic runner who inspired amateurs and pros alike with his “run-walk-run” strategy, died yesterday from a hemorrhagic stroke. He was 80.

Nobody Likes Newsom: California Gov. Gavin Newsom is offending everybody. He’s on a book tour right now—another effort to cast off his reputation as a liberal elitist to position himself as the Democratic frontrunner in 2028. But he’s just pissing everyone off. Conservatives accused Newsom of suggesting that Black people weren’t smart while talking to the Black mayor of Atlanta, Andre Dickens. Liberals are mad about Newsom’s CNN interview, where he said Democrats should be “more culturally normal” and stop spending “a disproportionate amount of time on pronouns, identity.”

LA Superintendent Investigation: The FBI raided the home of Los Angeles Unified School District Superintendent Alberto Carvalho and the district’s headquarters. A source told the Associated Press that the warrants were served as part of an “ongoing investigation.” The district hasn’t provided further information, but said it is cooperating with the investigation.

Bummer: A state bill to lower the legal driving limit from 0.08 blood alcohol content to 0.05 blood alcohol content died in the House yesterday. The bill, sponsored by Sen. John Lovick, would’ve been a good idea, given that drunk driving kills people.

18:07

Intercepting messages inside IsDialogMessage, installing the message filter [The Old New Thing]

Last time, we saw that one way to intercept the ESC in the standard dialog message loop is to use your own dialog message loop. However, you might not be able to do this, say, because the dialog procedure uses EndDialog(), and the dialog exit code is not retrievable from a custom message loop.

The IsDialogMessage includes an extensibility point that lets you hook into the message processing. You can register a message filter hook and listen for MSGF_DIALOGBOX.

Before processing a message, the IsDialogMessage function does a CallMsgFilter with the message that it is about to process and the filter code MSGF_DIALOGBOX. If the filter result is nonzero (indicating that one of the hooks wanted to block default processing), then the IsDialogMessage returns without doing anything. This lets us grab the ESC from IsDialogMessage before it turns into an IDCANCEL.

Here’s our first attempt. (There will be more than one.)

HWND hdlgHook;
#define DM_ESCPRESSED (WM_USER + 100)

LRESULT CALLBACK DialogEscHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (code == MSGF_DIALOGBOX) {
        auto msg = (MSG*)lParam;
        if (IsDialogESC(hdlgHook, msg)) {
            return SendMessage(hdlg, DM_ESCPRESSED, 0, lParam);
        }
    }
    return CallNextHookEx(nullptr, nCode, wParam, lParam);
}

Our hook procedure first checks that it’s being called by IsDialogMessage. if so, and the message is a press of the ESC key destined for our dialog box (or a control on that dialog box), then send the dialog box a DM_ESCPRESSED message to ask it what it thinks. The dialog procedure can return TRUE to block default processing or FALSE to allow default processing to continue.

Here is the handler in the dialog procedure itself:

INT_PTR CALLBACK DialogProc(HWND hdlg, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message) {
    case WM_INITDIALOG:
        hdlgHook = hdlg;
        ⟦ other dialog initialization as before ⟧
        ⟦ ending with "return (whatever)" ⟧

    case DM_ESCPRESSED:
        if (⟦ we want to process the ESC key ourselves ⟧) {
            ⟦ do custom ESC key processing ⟧
            SetWindowLongPtr(hdlg, DWLP_MSGRESULT, TRUE);
            return TRUE;
        }
        break;
    ⟦ handle other messages ⟧
    }
    return FALSE;
}

When the dialog initializes, remember its handle as the dialog for which the DialogEscHookProc is operating.

When the dialog is informed that the ESC key was pressed, we decide whether we want to process the ESC key ourselves. If so, then we do that custom processing and set up to return TRUE from the window procedure. For dialog procedures, this is done by setting the message result to the desired window procedure result and then returning TRUE to block default dialog box message processing and instead return the value we set (which is TRUE) from the window procedure.

Finally, we install the message hook before we create the dialog box and remove it when the dialog box dismisses.

auto hook = SetWindowsHookEx(WM_MSGFILTER, DialogEscHookProc,
                             nullptr, GetCurrentThreadId());
auto result = DialogBox(hinst, MAKEINTRESOURCE(IDD_WHATEVER),
                        hwndOwner, DialogProc);
UnhookWindowsHookEx(hook);

This is the basic idea, but we see that there are a few problems.

One is that we are communicating the dialog box handle through a global variable. This means that we can’t have multiple threads using this hook at the same time. Fortunately, that can be fixed by changing the variable to be thread_local, although this does drag in the cost of thread-local variables.

But even if we do that, we have a problem if two copies of this dialog box are shown by the same thread. For example, one of the controls in the dialog might launch another copy of this dialog, but with different parameters. For example, a “View certificate” dialog might have a button called “View parent certificate”.

We’ll take up these issues (and others) next time.

The post Intercepting messages inside <CODE>IsDialogMessage</CODE>, installing the message filter appeared first on The Old New Thing.

17:42

If you want to heal the country, watch out for ways you add division, and stop. It's probably the biggest power any of us has.

17:00

Joachim Breitner: Vibe-coding a debugger for a DSL [Planet Debian]

Also: New Yorker interview of Conan O'Brien. I love that both O'Brien and Remnick agree that podcasting liberated them as artists. That was the point! When you think about decentralization, the most successful protocol we have is podcasting. By design it was hard for silos to usurp. Now think about how you would repeat that pattern with text. I've been working on that for almost three years, and it works now. We'll be testing it soon on my blog, and then everyone's. This should be the grand slam home run of my career. That's how it feels to me now. And O'Brien tells some great stories including one about his father, who noted that Conan had found a way to get paid for his insanity.

15:49

Earlier this week a colleague of mine, Emilio Jesús Gallego Arias, shared a demo of something he built as an experiment, and I felt the desire to share this and add a bit of reflection. (Not keen on watching a 5 min video? Read on below.)

What was that?

So what did you just see (or skipped watching)? You could see Emilio’s screen, running VSCode and editing a Lean file. He designed a small programming language that he embedded into Lean, including an evaluator. So far, so standard, but a few things stick out already:

Using Lean’s very extensible syntax this embedding is rather elegant and pretty.
Furthermore, he can run this DSL code right there, in the source code, using commands like #eval. This is a bit like the interpreter found in Haskell or Python, but without needing a separate process, or like using a Jupyter notebook, but without the stateful cell management.

This is already a nice demonstration of Lean’s abilities and strength, as we know them. But what blew my mind the first time was what happened next: He had a visual debugger that allowed him to debug his DSL program. It appeared on the right, in Lean’s “Info View”, where various Lean tools can hook into, show information and allow the user to interact.

But it did not stop there, and my mind was blown a second time: Emilio opened VSCode’s „Debugger“ pane on the left, and was able to properly use VSCode’s full-fledged debugger frontend for his own little embedded programming language! Complete with highlighting the executed line, with the ability to set breakpoints there, and showing the state of local variables in the debugger.

Having a good debugger is not to be taken for granted even for serious, practical programming languages. Having it for a small embedded language that you just built yourself? I wouldn’t have even considered that.

Did it take long?

If I were Emilio’s manager I would applaud the demo and then would have to ask how many weeks he spent on that. Coming up with the language, getting the syntax extension right, writing the evaluator and especially learning how the debugger integration into VSCode (using the DAP protocol) works, and then instrumenting his evaluator to speak that protocol – that is a sizeable project!

It turns out the answer isn’t measured in weeks: it took just one day of coding together with GPT-Codex 5.3. My mind was blown a third time.

Why does Lean make a difference?

I am sure this post is just one of many stories you have read in recent weeks about how new models like Claude Opus 4.6 and GPT-Codex 5.3 built impressive things in hours that would have taken days or more before. But have you seen something like this? Agentic coding is powerful, but limited by what the underlying platform exposes. I claim that Lean is a particularly well-suited platform to unleash the agents’ versatility.

Here we are using Lean as a programming language, not as a theorem prover (which brings other immediate benefits when using agents, e.g. the produced code can be verified rather than merely plausible, but that’s a story to be told elsewhere.)

But arguably because Lean is also a theorem prover, and because of the requirements that stem from that, its architecture is different from that of a conventional programming language implementation:

As a theorem prover, it needs extensible syntax to allow formalizing mathematics in an ergonomic way, but it can also be used for embedding syntax.
As a theorem prover, it needs the ability to run “tactics” written by the user, hence the ability to evaluate the code right there in the editor.
As a theorem prover, it needs to give access to information such as tactic state, and such introspection abilities unlock many other features – such as a debugger for an embedded language.
As a theorem prover, it has to allow tools to present information like the tactic state, so it has the concept of interactive “Widgets”.

So Lean’s design has always made such a feat possible. But it was no easy feat. The Lean API is large, and documentation never ceases to be improvable. In the past, it would take an expert (or someone willing to become one) to pull off that stunt. These days, coding assistants have no issue digesting, understanding and using the API, as Emilio’s demo shows.

The combination of Lean’s extensibility and the ability of coding agents to make use of that is a game changer to how we can develop software, with rich, deep, flexible and bespoke ways to interact with our code, created on demand.

Where does that lead us?

Emilio actually shared more such demos (Github repository). A visual explorer for the compiler output (have a look at the screenshot. A browser-devtool-like inspection tool for Lean’s “InfoTree”. Any of these provide a significant productivity boost. Any of these would have been a sizeable project half a year ago. Now it’s just a few hours of chatting with the agent.

So allow me to try and extrapolate into a future where coding agents have continued to advance at the current pace, and are used ubiquitously. Is there then even a point in polishing these tools, shipping them to our users, documenting them? Why build a compiler explorer for our users, if our users can just ask their agent to build one for them, right then when they need it, tailored to precisely the use case they have, with no unnecessary or confusing feature. The code would be single use, as the next time the user needs something like that the agent can just re-create it, maybe slightly different because every use case is different.

If that comes to pass then Lean may no longer get praise for its nice out-of-the-box user experience, but instead because it is such a powerful framework for ad-hoc UX improvements.

And Emilio wouldn’t post demos about his debugger. He’d just use it.

15:35

[$] IIIF: images and visual presentations for the web [LWN.net]

The International Image Interoperability Framework, or IIIF ("triple-eye eff"), is a small set of standards that form a basis for serving, displaying, and reusing image data on the web. It consists of a number of API definitions that compose with each other to achieve a standard for providing, for example, presentations of high-resolution images at multiple zoom levels, as well as bundling multiple images together. Presentations may include metadata about details like authorship, dates, references to other representations of the same work, copyright information, bibliographic identifiers, etc. Presentations can be further grouped into collections, and metadata can be added in the form of transcriptions, annotations, or captions. IIIF is most popular with cultural-heritage organizations, such as libraries, universities, and archives.

15:14

Oh, Look, an Airport [Whatever]

Strange how I keep ending up at one.

This time, however, not on business. Visiting friends because now that the novel is in I can do that. I’ll be traveling on business very soon, however, first to San Antonio and then to Tucson. The life of an author is strangely itinerant.

— JS

14:07

Security updates for Thursday [LWN.net]

Security updates have been issued by AlmaLinux (freerdp), Debian (firefox-esr and libstb), Fedora (389-ds-base, chromium, firefox, munge, opentofu, python3-docs, python3.14, and vim), Oracle (buildah, containernetworking-plugins, gimp, grafana, grafana-pcp, kernel, podman, runc, and skopeo), Red Hat (go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, mariadb:10.11, podman, and skopeo), SUSE (cacti, docker-stable, expat, firefox-esr, freerdp, freerdp2, libjxl, libsoup-2_4-1, python-tornado, python-urllib3_1, python3, python311-Django4, python312, python313, python39, and redis), and Ubuntu (ceph, mongodb, protobuf, and rlottie).

13:56

Semantic Layers in the Wild: Lessons from Early Adopters [Radar]

My first post made the case for what a semantic layer can bring to the modern enterprise: a single source of truth accessible to everyone who needs it—BI teams in Tableau and Power BI, Excel-loving analysts, application integrations via API, and the AI agents now proliferating across organizations—all pulling from the same governed, performant metric layer. The promise is compelling. But what happens when organizations actually build and deploy one? To find out, I interviewed several early adopters who’ve moved semantic layers from concept to production. Four themes emerged from those conversations: some surprising, some predictable, and a few that will sound familiar to anyone who’s ever shipped data infrastructure.

The first theme: Semantic layers are showing up in unexpected places. Most discussion positions them as enterprise-level infrastructure—a single location capturing all company metrics for centralized access and governance. That’s still the primary use case. But practitioners are also deploying semantic layers for narrower purposes. One organization, for example, built their semantic layer specifically to power a targeted chatbot application—letting users query data conversationally without any traditional BI tools in the mix. No Power BI, no Excel, just an AI interface pulling from governed metrics. The rationale for these smaller deployments is straightforward: Semantic layers deliver high accuracy on structured data, even with lightweight models. The core value drivers remain speed, accuracy, and access—but organizations are finding more ways to extract that value than the enterprise-wide vision suggests.

The second theme: AI is the reason organizations are moving now. The other benefits still matter—single source of truth, multitool compatibility, true self-serve access, cost reduction in cloud environments—but when I asked practitioners why they prioritized a semantic layer today rather than two years ago, the answer was consistent: AI. Whether it was a specific chatbot project or enabling AI-driven analytics at scale, AI requirements were the catalyst. This tracks with what I discussed in my first post: Structured data alone isn’t enough for reliable AI analytics. Adding semantic context—field descriptions, model definitions, object relationships—dramatically improves accuracy. The data industry has noticed. Semantic layers have moved from niche infrastructure to strategic priority: Snowflake, Databricks, dbt Labs, and Microsoft have all made significant investments in the past year.

The third theme: Semantic layers reduce work for developers while making trusted data easier to access. Multiple practitioners cited the value of maintaining metrics and business logic in a single location. Any analyst knows the pain of metric sprawl—leadership requests a change to a core KPI, and you discover it’s been defined a dozen different ways across databases, BI tools, and spreadsheets scattered through the organization. The semantic layer eliminates the chase. One engineering lead described a financial metric that had accumulated over 60 versions across the company. After deploying the semantic layer, there was one.

Want Radar delivered straight to your inbox? Join us on Substack. Sign up here.

Access simplifies too. Instead of provisioning controls across warehouses, BI workspaces, individual dashboards, and cloud storage locations, users connect directly to the semantic layer and pull data into the tool of their choice. One organization was surprised to find that after deployment, the most common access point was Excel. But with the semantic layer, that wasn’t a problem: The data served in Excel was identical to what powered their AI tools, Power BI dashboards, and application integrations via API.

The fourth theme will sound familiar to anyone who’s shipped data infrastructure: The biggest challenge isn’t the technology—it’s the data itself. Every practitioner I spoke with identified the same bottleneck: consistency, availability, and accuracy of the underlying data. Engineers and analysts can build the semantic layer, but they can’t will clean data into existence. Success requires close collaboration with business stakeholders, clear ownership of metrics, and leadership alignment to prioritize the work. None of that is new. But despite these challenges, everyone I interviewed reached the same conclusion: The semantic layer is worth the effort.

Semantic layer technology is still early. The tools, vendors, and best practices are evolving fast—what works today may look different in a year. But these conversations revealed a clear signal beneath the noise: semantic layers are becoming critical AI infrastructure. The practitioners I spoke with aren’t experimenting anymore. They’re operationalizing. And despite the expected challenges around data quality and organizational alignment, they’re seeing real returns: fewer metric versions to maintain, simpler access controls, and AI tools that actually produce trusted answers.

My first article made the case for what a semantic layer could be. This one asked what happens when organizations actually build them. The answer: It’s hard, it’s worth it, and for companies serious about AI-driven analytics, the semantic layer is no longer a nice-to-have. It’s the foundation.

12:56

CodeSOD: The Counting Machine [The Daily WTF]

Industrial machines are generally accompanied by "Human Machine Interfaces", HMIs. This is industrial slang for a little computerized box you use to control the industrial machine. All the key logic and core functionality and especially the safety functionality is handled at a deeper computer layer in the system. The HMI is just buttons users can push to interact with the machine.

Purchasers of those pieces of industrial equipment often want to customize that user interface. They want to guide users away from functions they don't need, or make their specific workflow clear, or even just brand the UI. This means that the vendor needs to publish an API for their HMI.

Which brings us to Wendy. She works for a manufacturing company which wants to customize the HMI on a piece of industrial equipment in a factory. That means Wendy has been reading the docs and poking at the open-sourced portions of the code, and these raise more questions than they answer.

For example, the HMI's API provides its own set of collection types, in C#. We can wonder why they'd do such a thing, which is certainly a WTF in itself, but this representative line raises even more questions than that:

Int32 Count { get; set; }

What happens if you use the public set operation on the count of items in a collection? I don't know. Wendy doesn't either, as she writes:

I'm really tempted to set the count but I fear the consequences.

All I can hear in my head when I think about "setting the Count" is: "One! One null reference exception! Two! TWO null reference exceptions! HA HA HA HA!"

By http://muppet.wikia.com/wiki/Count_von_Count

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

12:35

LLMs Generate Predictable Passwords [Schneier on Security]

LLMs are bad at generating passwords:

There are strong noticeable patterns among these 50 passwords that can be seen easily:

All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7.

Character choices are highly uneven for example, L , 9, m, 2, $ and # appeared in all 50 passwords, but 5 and @ only appeared in one password each, and most of the letters in the alphabet never appeared at all.

There are no repeating characters within any password. Probabilistically, this would be very unlikely if the passwords were truly random but Claude preferred to avoid repeating characters, possibly because it “looks like it’s less random”.

Claude avoided the symbol *. This could be because Claude’s output format is Markdown, where * has a special meaning.

Even entire passwords repeat: In the above 50 attempts, there are actually only 30 unique passwords. The most common password was G7$kL9#mQ2&xP4!w, which repeated 18 times, giving this specific password a 36% probability in our test set; far higher than the expected probability 2-100 if this were truly a 100-bit password.

This result is not surprising. Password generation seems precisely the thing that LLMs shouldn’t be good at. But if AI agents are doing things autonomously, they will be creating accounts. So this is a problem.

Actually, the whole process of authenticating an autonomous agent has all sorts of deep problems.

News article.

Slashdot story

11:42

Grrl Power #1438 – Pop goes the Gralien [Grrl Power]

The UCBA Party Barge and Recovery ship is large enough and custom built to pull even something/one the size of U.M.B.Rage off the surface. The ship is roughly the size of the Fhloston Paradise, with slightly fewer pools and more space dedicated to kaiju sized med-bays. But it still is a party barge, and is generally considered a premier location to view the battles.

Sydney’s still wearing a bra, by the way. You can see part of the strap under Frix’s fingers if you look close enough. I drew her, then added him because I have a bad habit of drawing only the people talking in a scene, since each character I draw adds to the time to pencil, ink and color. But I figured I’d just be drawing neck to waist, and how hard can that be – oh right, even after all this time I don’t know what humanoid bodies look like, so naturally it took me like 30 minutes to pencil his torso, cause the arm position and the inside of the elbow joint looked weird and I finally had to go looking for reference, but of course, there are no pictures of really muscular guys on the internet standing in that position. They’re always flexing. Or maybe standing casually, but try to find a picture of a muscular man or woman lounging, or talking on a phone or resting their cheek on their hand and now you’ve got a challenge.

You know, sometimes I complain about my job, but then I remember that I have never once had to use Excel or sit in a Zoom meeting that should have been an email or had to sit through an embarrassingly outdated HR video. I mean, not at this job. I’ve done that stuff at other jobs. Well, Zoom didn’t exist back then. It was probably Skype, and there was never a point at which Skype didn’t suck a to a surprising degree.

Also, I should mention that Sydney is still sporting holo-boobs. Even still, she’s self conscious about exposing fake boobs so long as they’re attached to her.

Do you realize it’s 02-26-2026? If you reverse the order of the month numerals, you get 20262026! And if you’re a numerologist… that means you’re stupid! It has nothing to do with the date. I’m just throwing shade at one of the saddest pseudosciences just cause the date is almost a meaningless repeating number if you change the numbers so that they repeat how you want. I dunno what’s up with the drive by. Just feeling sassy tonight.

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

I did try and do an oil painting version of this, by actually re-painting over the whole thing with brush-strokey brushes, but what I figured out is that most brushy oil paintings are kind of low detail. Sure, a skilled painter like Bob Ross or whoever can dab a brush down a canvas and make a great looking tree or a shed with shingles, but in trying to preserve the detail of my picture (eyelashes, reflections, etc) was that I had to keep making the brush smaller and smaller, and the end result was that honestly, it didn’t really look all that oil-painted. I’ll post that version over at Patreon, just for fun, but I kind of quit on it after getting mostly done with re-painting Max.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

11:07

Pluralistic: If you build it (and it works), Trump will come (and take it) (26 Feb 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

If you build it (and it works), Trump will come (and take it): Trump wants Big Tech to win, not to play fair.
Hey look at this: Delights to delectate.
Object permanence: Harpercollins v libraries; Rothfuss x Firefly; Bookseller seethings; If magazine; HBR v executive pay; Apple caves on encryption.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

If you build it (and it works), Trump will come (and take it) (permalink)

Crises precipitate change: Trump's incontinent belligerence spurred the world to long-overdue action on "digital sovereignty," as people woke up to the stark realization that a handful of Trump-aligned giant tech firms could shut down their governments, companies and households at the click of a mouse.

This has been a long, long time coming. Long before Trump, the Snowden revelations made it clear that the US government had weaponized its position as the world's IT export powerhouse and the interchange hub for the world's transoceanic fiber links, and was actively spying on everyone – allies and foes, presidents and plebs – to attain geopolitical and commercial advantages for America. Even after that stark reminder, the world continued to putter along, knowing that the US had planted demolition charges in its digital infrastructure, but praying that the "rules-based international order" would stop America from pushing the button.

Now, more than a decade into the Trump era, the world is finally confronting the reality that they need to get the hell off of American IT, and transition to open, transparent and verifiable alternatives for their administrative tools, telecoms infrastructure and embedded systems for agriculture, industry and transportation. And not a moment too soon:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

But building the post-American internet is easier said than done. There remain huge, unresolved questions about the best way to proceed.

One thing is clear: we will need new systems: the aforementioned open, transparent, verifiable code and hardware. That's a huge project, but the good news is that it benefits tremendously from scale, which means that as countries, businesses and households switch to the post-American internet, there will be ever more resources to devote to building, maintaining and improving this project. That's how scientific endeavors work: they're global collaborations that allow multiple parties to simultaneously attack the problems from many angles at once. Think of the global effort to sequence, understand, and produce vaccines for Covid 19.

Developing the code and hardware for the post-American internet scales beautifully, making it unique among the many tasks posed by the post-American world. Other untrustworthy US platforms – such as the dollar, or the fiber links that make interconnection in the USA – are hampered by scale. The fact that hundreds of countries use the dollar and rely on US fiber connections makes replacing them harder, not easier:

https://pluralistic.net/2025/11/26/difficult-multipolarism/#eurostack

Building the post-American internet isn't easy, but there's a clear set of construction plans. What's far less clear is how we transition to the post-American internet. How do people, organizations and governments that currently have their data locked up in US Big Tech silos get it off their platforms and onto new, open, transparent, verifiable successors? Literally: how do you move the data from the old system to the new one, preserving things like edit/view permissions, edit histories, and other complex data-structures that often have high-stakes attached to them (for example, many organizations and governments are legally required to maintain strict view/edit permissions for sensitive data, and must preserve the histories of their documents).

On top of that, there's all the systems that we use to talk to one another: media services from Instagram to Tiktok to Youtube; chat services from iMessage to Discord. It's easy enough to build alternatives to these services – indeed, they already exist, though they may require additional engineering to scale them up for hundreds of millions or billions of users – but that's only half the battle. What do we do about the literal billions of people who are already using the American systems?

This is where the big divisions appear. In one camp, you have the "if you build it, they will come" school, who say that all we need to do is make our services so obviously superior to the legacy services that America has exported around the world and people will just switch. This is a very seductive argument. After all, the American systems are visibly, painfully defective: riddled with surveillance and ads, powered by terrible algorithms, plagued by moderation failures.

But waiting for people to recognize the superiority of your alternatives and jumping ship is a dead end. It completely misapprehends the reason that users are still on legacy social media and other platforms. People don't use Instagram because they love Mark Zuckerberg; they use it because they love their friends more than they hate Mark Zuckerberg:

https://pluralistic.net/2026/01/30/zucksauce/#gandersauce

What's more, Zuckerberg knows this. He knows that users of his service are hamstrung by the "collective action problem" of getting the people who matter to you to agree on when it's time to leave a service, and on which service is a safe haven to flee to:

https://pluralistic.net/2022/10/29/how-to-leave-dying-social-media-platforms/

The reason Zuckerberg knows this is that he had to contend with it at the dawn of Facebook, when the majority of social media users were locked into an obviously inferior legacy platform called Myspace. Zuckerberg promised Myspace users a superior social media experience where they wouldn't be spied on or bombarded with ads:

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3247362

Zuckerberg knew that wouldn't be enough. No one was going to leave Myspace for Facebook and hang out in splendid isolation, smugly re-reading Facebook's world-beating privacy policy while waiting for their dopey friends to wise up and leave Myspace to come and join them.

No: Zuckerberg gave the Myspace refugees a bot, which would accept your Myspace login and password and then impersonate you to Myspace's servers several times per day, scraping all the content waiting for you in your Myspace feed and flowing it into your Facebook feed. You could reply to it there and the bot would push it out to Myspace. You could eat your cake and have it too: use Facebook, but communicate with the people who were still on Myspace.

This is called "adversarial interoperability" and it was once the norm, but the companies that rose to power by "moving fast and breaking things" went on to secure legal protections to prevent anyone from doing unto them as they had done unto their own predecessors:

https://www.eff.org/deeplinks/2019/10/adversarial-interoperability

The harder it is for people to leave a platform, the worse the platform can treat them without paying the penalty of losing users. This is the source of enshittification: when a company can move value from its users and customers to itself without risking their departure, it does.

People stay on bad platforms because the value they provide to one another is greater than the costs the platform extracts from them. That means that when you see people stuck on a very bad platform – like Twitter, Instagram or Facebook – you should infer that what they get there from the people that matter to them is really important to them. They stick to platforms because that's where they meet with people who share their rare disease, because that's where they find the customers or audiences that they rely on to make rent; because that's the only place they can find the people they left behind when they emigrated.

Now, it's entirely possible – likely, even – that legacy social media platforms will grow so terrible that people will leave and jettison those social connections that mean so much to them. This is not a good outcome. Those communities, once shattered, will likely never re-form. There will be permanent, irretrievable losses incurred by their members:

https://pluralistic.net/2023/07/23/when-the-town-square-shatters/

The platforms are sinking ships. We need to evacuate them:

https://pluralistic.net/2024/03/23/evacuate-the-platforms/#let-the-platforms-burn

"If you build it, they will come" is a trap. Technologists and their users who don't understand the pernicious nature of the collective active problem trap themselves. They build obviously superior technical platforms and then gnash their teeth as the rest of the world fails to make the leap.

All too often, users' frustration at the failure of new services to slay the inferior legacy services curdles, and users and designers of new technologies decide that the people who won't join them are somehow themselves defective. It doesn't take long to find a corner of the Fediverse or Bluesky where Facebook and Twitter users are being condemned as morally suspect for staying on zuckermuskian media. They are damned for loving Zuckerberg and Musk, rather than empathized with for loving each other more than they hate the oligarchs who've trapped them. They're condemned as emotionally stunted "attention whores" who hang out on big platforms to get "dopamine" (or some other pseudoscientific reward), which is easier than grappling with the fact that legacy social media pays their bills, and tolerating Zuckerberg or Musk is preferable to getting evicted.

Worst of all, condemning users of legacy technology as moral failures leads you to oppose efforts to get those users out of harm's way and onto modern platforms. Think of the outcry at Meta's Threads taking steps to federate with Mastodon. There are good reasons to worry about this – the best one being that it might allow Meta to (illegally) suck up Mastodon users' data and store and process it. But the majority of the opposition to Threads integration with Mastodon wasn't about Threads' management – it was about Threads' users. It posited a certain kind of moral defective who would use a Zuckerberg-controlled platform in the 2020s and insisted that those people would ruin Mastodon by bringing over their illegitimate social practices.

I've made no secret of where I come down in this debate: the owners of legacy social media are my enemy, but the users of those platforms are my comrades, and I want to help them get shut of legacy social media as quickly and painlessly as possible.

What's more, there's a way to make this happen! The same adversarial interoperability that served Zuckerberg so well when he was draining users off of Myspace could be used today to evacuate all of Meta's platforms. We could use a combination of on-device bridging, scraping and other guerrilla tactics to create "alt clients" that let you interact with people on Mastodon and the legacy platforms in one context, so that you can leave the bad services but keep the good people in your life.

The major barrier to this isn't technological. Despite the boasts of these companies to world-beating engineering prowess, the reality that people (often teenagers) keep successfully finding and exploiting vulnerabilities in the "impregnable" platforms, in order to build successful alt clients:

https://pluralistic.net/2023/12/07/blue-bubbles-for-all/#never-underestimate-the-determination-of-a-kid-who-is-time-rich-and-cash-poor

The thing that eventually sees off these alt clients isn't Big Tech's technical countermeasures – it's legal risk. A global system of "anticircumvention" laws makes the kinds of basic reverse-engineering associated with building and maintaining using adversarial interoperability radioactively illegal. These laws didn't appear out of thin air, either: the US Trade Representative pressured all of America's trading partners into passing them:

https://pluralistic.net/2024/11/15/radical-extremists/#sex-pest

Which brings me back to crises precipitating change. Trump has staged an unscheduled, sudden, midair disassembly of the global system of trade, whacking tariffs on every country in the world, even in defiance of the Supreme Court:

https://www.bbc.co.uk/news/articles/cd6zn3ly22yo

Ironically, this has only helped make the case for adversarial interoperability. Trump is using tech companies to attack his geopolitical rivals, ordering Microsoft to shut down both the International Criminal Court and a Brazilian high court in retaliation for their pursuit of the criminal dictators Benjamin Netanyahu and Jair Bolsonaro. This means that Trump has violated the quid pro quo deal for keeping anticircumvention law on your statute books, and he has made the case for killing anticircumvention as quickly as possible in order to escape American tech platforms before they are weaponized against you:

https://pluralistic.net/2026/01/29/post-american-canada/#ottawa

I've been talking about this for more than a year now, and I must say, the reception has been better than I dared dream. I think that – for the first time in my adult life – we are on the verge of creating a new, good, billionaire-proof internet:

https://pluralistic.net/2026/01/15/how-the-light-gets-in/

But there's one objection that keeps coming up: "What if this makes Trump mad?" Or, more specifically, "What if this makes Trump more mad, so instead of hitting us with a 10% tariff, it's a 1,000% tariff?

This came up earlier this week, when I gave a remote keynote for the Fedimtl conference, and an audience member said that he thought we should just focus on building good new platforms, rather than risking Trump's ire. In my response, I recited the arguments I've raised in this piece.

But yesterday, I saw a news item that made me realize there was one more argument I should have made, but missed. It was a Reuters story about Trump ordering American diplomats to fight against "data sovereignty" policies around the world:

https://www.reuters.com/sustainability/boards-policy-regulation/us-orders-diplomats-fight-data-sovereignty-initiatives-2026-02-25/

The news comes from a leaked diplomatic cable, and it's a reminder that Trump's goal is to maintain American dominance of the world's technology and to prevent the formation of a post-American internet altogether. Worrying that Trump will hit you with more tariffs if you legalize jailbreaking assumes that the thing that would upset Trump is that you broke the rules.

That's not what makes Trump angry.

What makes Trump angry is losing.

Say you focus exclusively on building superior platforms. Say by some miracle that everyone you care about somehow overcomes the collective action problems and high switching costs and leaves behind US Big Tech services and comes to your new, federated, cleantech, post-American alternative.

Do you think that Trump will observe this collapse in the fortunes of the most important corporations in his coalition and shrug and say, "Well, I guess I lost fair and square; better luck next time?"

Hell, no. We already know what Trump does when his corporate allies lose to a superior foreign rival – Trump steals the rival's service and gives it to one of his cronies. That's literally what he last month, to Tiktok:

https://www.democracynow.org/2026/1/23/headlines/larry_ellisons_oracle_part_of_new_deal_to_own_us_version_of_tiktok

The fear of harsh retaliation for any country that dares to be a Disenshittification Nation is based on the premise that Trump is motivated by a commitment to fairness. He's not: Trump is motivated by a desire to dominate. Anything that threatens the dominance of the companies that take his orders is fair game, and he will retaliate in any way he can.

Hey look at this (permalink)

Organized Labor Took a Huge Step Forward When GM Workers Sat Down in Unison in 1937 https://www.smithsonianmag.com/history/organized-labor-took-huge-step-forward-when-GM-workers-sat-down-unison-1937-180988089/
How to Tax Billionaires https://prospect.org/2026/02/24/tax-billionaires-california-income-inequality-trump-billionaires-trillionaires/
“Battered, bedraggled, inexplicably enthusiastic about a bargain flight to Bermuda” https://unsung.aresluna.org/battered-bedraggled-inexplicably-enthusiastic-about-a-bargain-flight-to-bermuda/
Understanding the L L M Bubble https://img1.wsimg.com/blobby/go/76c5f9c0-d1a4-4493-b204-bbbdd68fd910/downloads/89583079-d8c1-483f-8988-3c9f5d813d89/HoranAAJ2026LLMbubble.pdf?ver=1771954468213
Actually, the left is winning the AI debate https://www.bloodinthemachine.com/p/actually-the-left-is-winning-the

Object permanence (permalink)

#20yrsago Florida cops threaten people who ask for complaint forms https://web.archive.org/web/20060218125443/http://cbs4.com/topstories/local_story_033170755.html

#20yrsago SF editor: watermarks hurt artists and reward megacorps https://web.archive.org/web/20060307172130/http://www.kathryncramer.com/kathryn_cramer/2006/02/watermarking_as.html

#15yrsago HarperCollins to libraries: we will nuke your ebooks after 26 checkouts https://memex.craphound.com/2011/02/25/harpercollins-to-libraries-we-will-nuke-your-ebooks-after-26-checkouts/

#15yrsago Slowly fuming used bookstore clerk seethings https://web.archive.org/web/20110224180817/http://blogs.sfweekly.com/exhibitionist/2011/02/this_is_why_your_used_bookstor.php

#15yrsago Rothfuss pledges to buy Firefly from Fox and give it away https://blog.patrickrothfuss.com/2011/02/an-open-letter-to-nathan-fillion/

#10yrsago Disney offers to deduct contributions to its PAC from employees’ paychecks, to lobby for TPP https://arstechnica.com/tech-policy/2016/02/disney-ceo-asks-employees-to-chip-in-to-pay-copyright-lobbyists/

#10yrsago Read: The full run of If magazine, scanned at the Internet Archive https://archive.org/details/ifmagazine

#10yrsago Rosa Parks’s papers and photos online at the Library of Congress https://www.youtube.com/watch?v=266gn07TUYw

#10yrsago Harvard Business Review: Stop paying executives for performance https://hbr.org/2016/02/stop-paying-executives-for-performance

#5yrsago Saving the planet is illegal https://pluralistic.net/2021/02/25/ring-down-the-curtain/#ect

#5yrsago Against hygiene theater https://pluralistic.net/2021/02/25/ring-down-the-curtain/#hygiene-theater

#1yrago Apple's encryption capitulation https://pluralistic.net/2025/02/25/sneak-and-peek/#pavel-chekov

Upcoming appearances (permalink)

Oslo (remote): Seminar og lansering av rapport om «enshittification», Feb 27
https://www.forbrukerradet.no/siste-nytt/digital/seminar-og-lansering-av-rapport-om-enshittification/
Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html
How the Internet Got Worse (Masters in Business)
https://www.youtube.com/watch?v=auXlkuVhxMo

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1055 words today, 38245 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

10:21

No. [Seth's Blog]

Is a complete sentence.

So is, “yes.”

09:35

Irregular Webcomic! #3048 [Irregular Webcomic!]

Irregular Webcomic! #3048

07:14

Urgent: Repeal qualified immunity for federal officers [Richard Stallman's Political Notes]

US citizens: call on Congress to repeal qualified immunity for federal officers.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Tennessee Valley Authority coal plants [Richard Stallman's Political Notes]

US citizens: call on the Tennessee Valley Authority to keep its promise to retire coal plants.

Urgent: News coverage of bully's action on Department of Justice [Richard Stallman's Political Notes]

US citizens: call on major news organizations to cover the bully's action on the Department of Justice as a system of lobbying, revolving-door influence, and regulatory capture — examining financial ties, past clients, and enforcement outcomes.

Urgent: Qualified Immunity Abolition Act [Richard Stallman's Political Notes]

US citizens: Call on Congress to pass the Qualified Immunity Abolition Act, to end qualified immunity for federal officers, including deportation thugs. This will give the victims of their violence a real chance of winning lawsuits about said violence.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Veterans facing arrests over protests [Richard Stallman's Political Notes]

From October: *Growing number of US veterans face arrest over protests [against deportation thugs].*

An ordinary perjurer lies about facts and expects there will be no proof that perse lied. These federal prosecutors did blatant blackwhiting about basic notions of right and wrong.

The epitome of an arrogant, dishonest bully punches you, then accuses you of "Hitting my fist with your face." Prosecutors did essentially that when they knocked over Briggs and then charged him with having "made physical contact with an agent's arm."

Teaching prosecutors to blackwhite on command is moral damage that many will not recover from. If we ever regain control, we will need to disbar them and replace them. Justice requires prosecutors who will prosecute thugs for documented attacks on protesters and other innocent people, not the thugs' victims.

With luck there will be former a pool of prosecutors who resigned rather than do such things, whom we could reappoint.

Microplastics in the wilderness [Richard Stallman's Political Notes]

*Merrily we bring microplastics into the wilderness with our hiking shoes.*

Starmer's plans for prohibiting protests [Richard Stallman's Political Notes]

Starmer's plans for prohibiting protests would have prohibited the creation of the Labour Party, if they had been in effect at that time.

Incomplete embryos cloned from adult humans [Richard Stallman's Political Notes]

Scientists can create incomplete embryos cloned from an adult human. They lack the beginnings of a brain, but develop plenty of important parts that could, if they can develop far enough, be transplanted into that human to save per life.

Antibiotic resistance in disease bacteria [Richard Stallman's Political Notes]

Antibiotic resistance in disease bacteria is reaching a tipping point leading to danger for everyone, but governments are still not addressing the danger strongly or systematically.

Australian tropical rainforest trees [Richard Stallman's Political Notes]

*Australian tropical rainforest trees [have changed] from carbon sink to emissions source.*

Banning of Palestine Action is illegal [Richard Stallman's Political Notes]

A court found the UK's banning of Palestine Action to be illegal because it was a major interference with the right to protest.

But this has not yet translated into the lifting of the ban.

Roses coated in a fine chemical cocktail [Richard Stallman's Political Notes]

*Nothing says love like roses coated in a fine chemical cocktail.* Especially when many of the pesticides on it are banned in your country for reasons of toxicity.

Accusations of domestic violence against Australian thug [Richard Stallman's Political Notes]

An Australian police force decided to disregard accusations of domestic violence against one of its thugs because he had already been fired. This left his wife still in danger from him.

inJustice Department persecuting because of political opinions [Richard Stallman's Political Notes]

The inJustice Department keeps on persecuting people chosen solely because of their political opinions. Leakers keep on proving this by revealing the raw data that the department has.

New York City patients' data given to Palantir [Richard Stallman's Political Notes]

New York City must stop giving patients' medical data to Palantir, since Palantir can't be trusted not to use it against them.

Bully returned to bullying Ukraine [Richard Stallman's Political Notes]

The bully has returned to bullying Ukraine to offer Putin quasi-surrender.

This demonstrates once again that if he seems to have accepted some sort of reasonable compromise deal with you, he will break it later and demand servitude.

Palestine Action ruling [Richard Stallman's Political Notes]

*The Palestine Action ruling vindicates the courageous – and shames the complicit.*

The ruling, if sustained by the appeals court, will put an end to the ban on the organization.

The article compares Palestine Action to the suffragettes and finds that their tactics were similar.

Retired British couple of activists for Palestine [Richard Stallman's Political Notes]

A British bank closed the personal savings account of a retired British couple of activists for Palestine, and refuses to give them any justification for this. They believe it must be political repression.

T-Mobile to pass calls through powerful computer system [Richard Stallman's Political Notes]

T-Mobile will implement the feature of passing everything said in a phone call to a powerful computer system.

The advertised feature is to translate between languages using "Artificial Intelligence", though it might really be mere Pretend Intelligence.

But if it can do that, with millions of conversations at once, what else can it do to everyone at once?

It can try to recognize you from your voice. It can convert your conversation into text, with a scattering of errors, and save that for Big Brother.

How many Jeffrey Epstein’s do you think there are?

02:07

MediaGoblin 0.15.0 [Planet GNU]

We're pleased to announce the release of GNU MediaGoblin 0.15.0. See the release notes for full details and upgrading instructions.

This is a relatively small release to resolve installation issues on Debian Trixie and Bookworm.

This version has been tested on Debian Bookworm (12), Debian Trixie (13), Ubuntu 22.04, Ubuntu 24.04 and Fedora 43. This release drops support for Debian Bullseye (11) and Ubuntu 20.04.

To join us and help improve MediaGoblin, please visit our getting involved page.

00:35

[$] LWN.net Weekly Edition for February 26, 2026 [LWN.net]

Inside this week's LWN.net Weekly Edition:

Front: New flags for clone3(); Discord replacements; virtual swap spaces; BPF memory protection keys; PostgreSQL's lessons in attracting contributors; 7.0 merge window; Network Time Security.
Briefs: OpenSUSE governance; Firefox 148.0; GNU Awk 5.4.0; GNU Octave 11.1.0; Rust in Ladybird; LibreOffice Online; Weston 15.0; RIP Robert Kaye; Quotes; ...
Announcements: Newsletters, conferences, security updates, patches, and more.

00:14

seven mary three come back [WIL WHEATON dot NET]

This last weekend, I was in Pensacola, Florida. When I told my friend that, he said “what are you doing in Florida?” I said, “Trying to get out.” But I was actually there for Pensacon. It’s a convention that has invited me year after year, but hasn’t ever fit into my schedule until this year, so it was my first time.

Florida deserves the jokes we make about it, but my experience when I was there was quite lovely. Every person I interacted with was kind, friendly, helpful. I had an incredible piece of blackened gulf red snapper for dinner one night, my bed was comfy, and I did not have a single awkward or uncomfortable encounter with anyone at the show.

None of that is why this will be one of the most memorable conventions of my life, and I will now tell you why.

Holy. Shit.

I turned to my friend, Leah, who works with me at conventions to keep things running smoothly. “Dude, I have to come do this tomorrow.”

“Okay, we’ll take care of it,” she said.

So Saturday comes around, and I’m signing autographs at my table. Leah taps me on the shoulder and says, “it’s time to go downstairs.”

The excitement that surged inside of me threatened to explode out of my chest like Alien. I told the people who were in the line that I would be right back, I was going to fulfill a childhood dream.

We went downstairs to the photo-op area, and I apologized to the line I was cutting. They seemed to understand, my fellow fans of CHiPs, who also could not believe this was actually happening.

I bounced on the balls of my feet while I waited, and oh shit here comes Larry Wilcox. And he’s wearing a CHP uniform shirt with a name tag that says JOHN! I tried so hard to control my bouncing, but I’m pretty sure I failed.

We made eye contact and I said, “Hi, I’m Wil. I’m a huge fan and I am so excited to take a picture with you.”

“It’s so nice to meet you, I’m Larry.” We shook hands, and I didn’t keep shaking it like I did when I met Henry Rollins thank god.

There was a commotion around the corner, which could only mean one thing. Here comes Erik Estrada, much taller than I expected, and he is wearing a uniform shirt with a name tag that says PONCH.

Dude, it’s totally Ponch. Like, right there, right in front of me, are Ponch and John and I’m so excited I can’t tell if I’m going to burst into tears or throw up or what.

They take their positions on their marks, which are the same marks I had been using just a little bit earlier, and the photographer tells me that they are ready.

This is my chance. This is the one time I get to say this. I take a deep breath, and I say, “I don’t want to take up a ton of your time, so I’ll say this quickly. I grew up in Sunland-Tujunga, and you guys used to film in my neighborhood all the time.”

They looked at each other. “Sunland-Tujunga!” Larry Wilcox said. “We love Sunland-Tujunga!”

“Yeah, it was a great place to grow up. So I loved watching CHiPs, and I loved that I could see streets I recognized when I watched it.

“One day when you were filming, in like 1979, I think, my babysitter went to the set and came back with your autographs for me. I cherished them, until they were lost in a move probably 40 years ago.”

Erik Estrada’s eyes lit up and he flashed me that classic Ponch smile. I took a steadying breath.

“But this is really what I wanted to tell you: I had a rough childhood, with a lot of abuse an exploitation. I was sad and scared most of the time. But whenever you were on my TV, I was happy and I was safe. I loved CHiPs so much. You were the adults I wished I’d had in my life. You guys protected people, you stood up to bullies, and the whole cast felt like a group of people who were always there for each other. I desperately wanted that in my life, and watching CHiPs got me as close to it as I could get. So I really just want to say thank you for your work and for the joyful memories you gave me.”

“Oh, buddy,” Erick Estrada said, “thank you. Come here,” and he pulled me into a warm and loving hug.

“Thank you,” I said, “you have no idea.”

“I think maybe we do,” Larry Wilcox said, very kindly, with a warm smile. Maybe I’m not the first person to share a story like mine with them.

“Let’s take a great picture,” Erik Estrada said.

“Thank you. I’d love that,” I said.

I stood between them, they put their arms around me, and a dream came true for 9 year-old Wil.

They were such kind men. I felt seen and I felt special. All these years later, Ponch and John can still make this weird, sad, scared, little kid feel safe.

I will cherish this memory for the rest of my life.

Slugs Not Slop [The Stranger]

The Sea Slug Animation Festival is making clear what was true its first year: only art made by passionate craftspeople is allowed. AI hacks, please dispose of your slop in the nearest trash can. by Chase Hutchinson

The Sea Slug Animation Festival is making clear what was true its first year: only art made by passionate craftspeople is allowed. AI hacks, please dispose of your slop in the nearest trash can.

This line in the sand is a matter of self-preservation. AI is an “existential threat” to animators. Though there is much uncertainty about what its impact will be in the future, the Animation Guild — a union that represents more than 5,000 artists, writers, technicians and production workers—estimate that 29 percent of jobs will be “disrupted,” whether through layoffs, loss of work, or other impacts. DreamWorks founder Jeffrey Katzenberg pessimistically predicts up to 90 percent of animation jobs could be cut. While the festival won’t save the animation industry on its own, Sea Slug is doing its part to push back against this technological nightmare.

“Sea Slug remains a platform for artists who are creating art themselves to show their independent work,” co-founder Hannah Baek said, noting all the “awesome analog-made animation” screening during this weekend’s (Feb. 27 through Mar. 1) festival at the SIFF Cinema Uptown (511 Queen Anne Ave N).

Baek and co-founder Rhys Iliakis run the festival together. They started it last year with the guiding philosophy of spotlighting animation in all its forms and providing a space for local PNW animators to connect about their work.

They’ve curated the festival’s second run with equal care, showcasing a variety of shorts and features that consist of animation on celluloid, hand-drawn with pencil, copper relief carving, oil on glass, pinscreen, collage, and stop motion with paper/puppets/clay, as well as 2D and 3D digital animation. The festival has also gained additional support since last year in the form of a grant from 4Culture. On top of that, they’ve got a new fiscal sponsor in Shunpike. This has allowed them to reach non-profit status and accept donations—if anyone feels like supporting humans in their fight for art against slop. Thus, with all that and the programming to support another day, they’ve expanded the festival in year two.

The highlights this year range from a rare restoration screening to inventive shorts that all use a variety of techniques. Specifically, there is Son of the White Mare, a masterful 1981 Hungarian film about a divine white mare who gives birth to three heroes that must go on a quest to save the universe. There is also the outstanding Oscar-shortlisted short The Night Boots, which is made entirely via the meticulous process of pinscreen animation, an animation style that makes use of a screen filled with movable pins. Then, there is the mesmerizing Weeds, which is animated by painting on glass. To close it out, there is the spectacularly silly film No Room, a short set in a wacky world where cars have legs for wheels.

The closer is then a mystery film and—without giving anything away on what it is—it’s one that absolutely rips in a way AI could never. Just like the rest of the festival.

Sea Slug Animation Festival takes place Feb. 27-Mar. 1 at the SIFF Cinema Uptown. Tickets are available at https://seasluganimation.com/

Correction: The festival ends March 1, not March 3. We regret the error.

Wednesday, 25 February

23:28

“Never buy a .online domain” [OSnews]

I’ve been a .com purist for over two decades of building. Once, I broke that rule and bought a .online TLD for a small project. This is the story of how it went up in flames.
↫ Tony S.

An absolute horror story about Google’s dominance over the web, in places nobody really talks about. Scary.

You can add a menu bar to KDE title bars with this tool, for some reason [OSnews]

Only a few days ago we talked about the concept of client-side decorations, and how more and more desktop environments and operating systems – specifically GNOME and macOS – are putting more and more buttons, menus, and other widgets inside title bars. How about we take this concept a step further?

This hides the AppMenu icon button and draws the menu in the title bar. It also includes a search button to find actions. It works on both X11 and Wayland. On Wayland, GTK apps don’t export the menu in a KDE-friendly way. You need to start them with GDK_BACKEND=x11 environment variable or you can try the experimental appmenu-gtk-module-wayland (GTK3 only).
↫ material-decoration’s GitHub page

So this little tool allows you to add an application’s menu bar (file, edit, view, etc.) to the titlebar of a KDE application. The way it works is that it adds an optional widget to KDE’s System Settings > Colors & Themes > Window Decorations > Configure Titlebar Buttons…, alongside regular staples like close, minimise, maximise, etc. You can then freely add said “menu bar” to the title bar of your applications. There’s some configuration options, too. For instance, you can disable the search button, or turn the entire menu bar into a hamburger menu instead.

It looks weird, and I’m definitely not the target audience for this, but I do find it intriguing. I’ve never seen anything like this before, and I doubt many people will like it since it takes up so much space if you don’t opt to use the hamburger menu option. That being said, I’m fairly sure KDE and Kwin allow you to edit the titlebars of specific applications and specific windows, which does open some interesting possibilities for, say, applications or windows which you always have maximised or whatever.

There’s an AUR package for Arch users, but everyone else will have to build it themselves.

Anti-Drunk Driving Bill Crashes and Burns in the Legislature [The Stranger]

The bill to lower the legal blood alcohol content limit died in the House, even in spite of The Stranger's flawed-science experiment last summer. by Nathalie Graham

Congrats you lushes, winos, drunkards, sots, and tipplers. A bill to lower the legal driving limit from a 0.08 percent blood alcohol limit to a 0.05 blood alcohol limit (BAC) has failed for the fourth year in a row. Despite passing the Senate, it floundered in the House Committee on Community Safety.

It’s not such a wild idea, even if the only US state with a 0.05 percent BAC limit is buttoned-up, prudish Utah. From a global point of view, we’re way outside the norm—eighty four of the world’s countries have a 0.05 BAC limit or lower. The unholy union of Big Alcohol and Big Automobile in the US of A has kept reform efforts in check across the country, driving something we like to call vehicular manslaughter. In 2023, Washington saw 800 driving deaths—a 30-year high. Over half of those deaths were linked to impaired driving.

Sure, we at The Stranger are known to partake in potent potables. We can put ’em away just like the rest of you. Yet, after a bit of science last summer, we were radicalized. The bill’s prime sponsor, Sen. John Lovick, a former state trooper who’s been advocating for years to lower the BAC, is right.

In an experiment, we combined alcohol and Mario Kart to see how drinking impaired our driving without tearing up these streets. Most of us came away shocked at just how drunk we felt with a BAC at 0.05, let alone 0.08 percent. We were also shocked at how bad we were at Mario Kart. Except Vivian, who got drunker than anyone. Oh, how the mighty fall.

The experiment had flaws, like how it wasn't real science. Or how Charles Mudede, who does not have a license and has never driven, could not comprehend how to use a Nintendo 64 controller. His BAC also mysteriously dipped down toward the end of the test. Regardless, it was enough to assure us that a 0.05 percent BAC was plenty drunk.

There’s always next year, Sen. Lovick!

22:35

Lynx Club (For Child's Play!) [Penny Arcade]

Aplomb: "Complete self-confidence, composure, or poise, especially under strain or in demanding situations."

We are occasionally exposed to Mysterious Benefactors, ones who materialize out of a vapour or maybe get dressed up all fancy-like and come to a Child's Play Dinner. People can purchase an appearance in a strip, which is funny, because generally speaking - given the era - people would have spent money to not appear in one, especially around launch. Weirdly, that's essentially what today's cool man did. But these luminous beings, hybrid creatures fashioned from a medieval patron and God's own angels, they want to support the mission of Child's Play Charity. Here's an example of what they looks like today:

21:56

New Windows update adds Sysmon to Windows [OSnews]

Microsoft released an optional cumulative update for Windows 11, and for once, it actually includes something many of you might actually like: it adds Sysmon from Sysinternals to Windows natively, so you no longer have to install it manually. Here’s a refresher on what, exactly, Sysmon does.

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. The service runs as a protected process, thus disallowing a wide range of user mode interactions.
↫ Mark Russinovich and Thomas Garnier

After installing the optional cumulative update in question, KB5077241, you can install Sysmon as an optional Windows component. Of course, this is Microsoft we’re talking about, so it’s not quite as straightforward as you’d think. In Windows 11, there’s two places to add optional Windows features, and in the case of Sysmon, you have to go to the old Windows features dialog instead of the new View or edit optional features one. And also, don’t forget to first remove the old Sysmon from Sysinternals in case you have it installed. After installation, run sysmon -i as an administrator to enable the feature.

21:49

[1290] Maren Awakens [Twokinds]

Comic for February 25, 2026

20:21

15 Years of Humble and Child’s Play Charity [Humble Bundle Blog]

Ever since the very first Humble Indie Bundle back in May of 2010, Humble and Child’s Play have been intrinsically linked. Over the last 15 years, the Humble community has raised over 15 million dollars for the Seattle based charity organization. But what do all those funds do? In addition into supplying consoles, controllers, and devices that ease the anxiety of a a hospital stay, …

The post 15 Years of Humble and Child’s Play Charity appeared first on Humble Bundle Blog.

20:07

Support period lengthened for the 6.6, 6.12, and 6.18 kernels [LWN.net]

The stated support periods for the 6.6, 6.12, and 6.18 kernels has been extended. The 6.6 kernel will be supported with stable updates through the end of 2027 (for four years of support total), while 6.12 and 6.18 will get updates through the end of 2028, for four and three years of support.

18:49

☺️ Trust Us With Your Face | EFFector 38.4 [Deeplinks]

Do you remember the last time you were carded at a bar or restaurant? It was probably such a quick and normal experience, that you barely remember it. But have you ever been carded to use the internet? Being required to present your ID to access content online is becoming a growing reality for many. We're explaining the dangers of age verification laws, and the latest in the fight for privacy and free speech online, with our EFFector newsletter.

For over 35 years, EFFector has been your guide to understanding the intersection of technology, civil liberties, and the law. This issue covers Discord's controversial rollout of mandatory age verification, a leaked Meta memo on face-scanning smart glasses, and a Super Bowl surveillance ad that said the quiet part out loud.

Prefer to listen in? In our audio companion, EFF Associate Director of State Affairs Rin Alajaji explains how online age verification hurts free expression for all users. Find the conversation on YouTube or the Internet Archive.

LISTEN TO EFFECTOR

EFFECTOR 38.4 - ☺️ Trust Us With Your Face

Want to stay in the fight for privacy and free speech online? Sign up for EFF's EFFector newsletter for updates, ways to take action, and new merch drops. You can also fuel the fight against mandatory age verification laws when you support EFF today!

Slog AM: Trump Played Game Show Host During the State of the Union, Nurses Are Fleeing the Country, and the Heated Rivalry Cottage Is on Airbnb [The Stranger]

The Stranger's morning news roundup. by Megan Seling

Last night, Trump delivered the State of the Union, in which he spoke for 1 hour and 40 minutes. Thankfully, Stranger editor Hannah Murphy Winter watched the whole thing and is here to summarize:

Unsurprisingly, Trump’s State of the Union wasn’t a speech, it was a show. Like Bob Barker telling contestants to “come on down!” he trotted people through Congress like props: the Team USA men’s hockey team, military vets, victims of violence that he claims was done by undocumented immigrants. The Republican side of the chamber were a willing studio audience. They repeatedly broke into chants of “U-S-A,” stood up and cheered when he told them to, and made sure to make a clear contrast between them and the Democrats, so Trump could tisk and tut at how shameful it was that Democrats didn’t back his common sense agenda.

But did he say anything? The SOTU is usually used to unveil important new agendas from the executive, but the speech itself was extremely light on actual policy. He stared down the Supreme Court justices at the front and told them he’d be using his presidential power to restore his tariff program. He called Venezuela our “new friend and partner” after bombing them and capturing their president. He celebrated the “end of DEI in America.” He claimed that we were a “dead country” before he took over, and once again claimed that this should be his third term in office. All things we’ve heard before, and all things that shouldn’t feel normal on a national stage. (Or any stage, really.)

Clap Backs: A lot of Dems boycotted the speech, and at least one walked out in the middle of it, but there were a few that stayed to protest. Rep. Al Green was kicked out of the chamber for holding a sign that read “Black People Aren’t Apes!” And Rep. Ilhan Omar appeared to actually get a rise out of him for shouting “you have killed Americans” over and over again while he talked about immigration enforcement.

View this post on Instagram
A post shared by CNN (@cnn)

Now, the rest of the news! I don’t know why I excitedly put an exclamation point there. It’s not like it’s good news.

My Hockey State of the Union: As a long-time hockey fan who has struggled to remain a hockey fan in the face of, you know, the NHL consistently being full of misogynistic bootlickers, I had some thoughts about the current state of the sport. TLDR: Men bad, women good.

Amazon’s Moving Out: In May, Amazon will vacate the seven-story, 251,000-square-foot building on Terry Avenue that it has occupied since 2014. Good! Maybe there will finally be room on the 8 during rush hour! But don’t assume it’s due to staff shortage after the company laid off 2,300 Washington employees in October and another 2,200 in January. Amazon is still building new offices out in Bellevue.

Nurses Are Moving Out, Too: Hundreds of nurses are leaving the US to work in Canada, citing Trump’s politics as an impetus, according to NPR. Last year, the Trump Administration said it would reclassify nursing as a nonprofessional degree. This isn’t gonna help our national healthcare worker shortage.

CARE Says Cops Don’t Care: Yesterday, Amy Barden, the head of Seattle’s Community Assisted Response and Engagement (CARE), said that the contract the City signed with the police officers’ union is getting in the way of her team helping people in need. According to the Seattle Times, “Alison Holcomb, Mayor Katie Wilson’s chief public safety adviser, said they’re consulting with the city attorney’s office on how to interpret the contract.”

Will Ferguson Get His Ferries? The Washington State Ferry system is in a bad way. Boats are old and broken and in dire need of updates. But the new transportation spending proposal doesn’t include the $1 billion Gov. Bob Ferguson wants to borrow to modernize the fleet. I have an idea of how to solve this, actually. I can’t be the only one who would watch the fuck out of a Below Deck-style reality show centered around the ferries, right? Think of the drama! Someone call Andy Cohen.

Oh, Thank Goodness: Sure, the Mexican army just killed one of the country's most notorious cartel leaders, and the cartel has retaliated by going on a violent rampage with more than 70 attacks reported across more 20 states, including at least 60 incidents of arson, but FIFA president Gianni Infantino has “complete confidence” the country can host World Cup games in June. “We are convinced that everything will turn out for the best.” Tell that to the more than 70 people who’ve died.

More Epstein Files Fallout: Former Norwegian Prime Minister Thorbjørn Jagland is reportedly in critical condition after attempting suicide. Two weeks ago, Jagland was charged with “aggravated corruption” after the latest batch of Epstein files. He denied all charges.

Cute Palette Cleanser: The New York Times’ Vows section profiled Eleisa Rossel Aparicio and Thomas Lucas Wolter, the couple who got for real married during Bad Bunny’s Super Bowl show. They look so happy!

Cottage Palette Cleanser: The Heated Rivalry “cottage” will be available to rent via Airbnb starting March 3. But that couch looks uncomfortable, tbh.

If You Care: This year’s Rock and Roll Hall of Fame nominees are Phil Collins, Lauryn Hill, Mariah Carey, Oasis, Pink, the Black Crowes, Jeff Buckley, Melissa Etheridge, Billy Idol, INXS, Iron Maiden, Joy Division/New Order, New Edition, Sade, Shakira, Luther Vandross, and the Wu-Tang Clan. Cool, I guess! I mean, it’s a list of very good artists! But I do not give a shit about the Rock and Roll Hall of Fame. Sorry, Cleveland.

And now, I will use that news as an opportunity to post one of the greatest songs and music videos of all time.

But you should also watch his performance of the song at Live Aid in 1985. That cringe he does when he hits that wrong key in front of 160,000 people? He’s such a relatable dork, I love him so much.

18:00

How to Pick Your Password Manager [Deeplinks]

New header graphic, the entirely delightful and inspiring Alysa Liu. She's made me a better programmer in the short time she's been on our minds and in our hearts. I do this work because it's who I am.

Phishing and data breaches are a constant on the internet. The single best defense against both is to use a password manager to generate and automatically fill a unique password for every site. While 1Password has recently raised their prices, and researchers have recently published potential flaws in some implementations, using a password manager is still a critical investment in keeping yourself safe on the internet. There are free options, and even ones built into your operating system or browser. We can help you choose.

Password managers protect you from phishing by memorizing the connection between a password and a website, and, if you use the browser integration, filling each password only on the website it belongs to. They protect you from data breaches by making it feasible to use a long, random, unique password on each site. When bad actors get their hands on a data breach that includes email addresses and password data, they will typically try to crack those passwords, and then attempt to login on dozens of different websites with the email address/password combinations from the breach. If you use the same password everywhere, this can turn one site’s data breach into a personal disaster, as many of your accounts get compromised at once.

In recent years, the built-in password managers in browsers and operating systems have come a long way but still stumble on cross-platform support. Within the Apple ecosystem, you can use iCloud Keychain, with support for generating passwords, autofill in Safari, and end-to-end encrypted synchronization, so long as you don’t need access to your passwords in Google Chrome or Android (Windows is supported, though). Within the Google ecosystem, you can use Google Password Manager, which also supports password generation, autofill, and sync. Crucially, though, Google Password manager does not end-to-end encrypt credentials unless you manually enable on-device encryption. Firefox and Microsoft also offer password managers. All of these platform-based options are free, and may already be on your devices. But they tend to lock you into a single-vendor world.

There are also a variety of third-party password managers, some paid, and some free, and some open source. Most of these have the advantage of letting you sync your passwords across a wide variety of devices, operating systems, and browsers. Here are four key things to look out for. First, when synchronizing between devices, your passwords should be encrypted end-to-end using a password that only you know (a “master” or “primary” password). Second, support for autofill can reduce the chance that you’ll get phished. Third, security audits performed by third parties can increase confidence that the software really does what it is designed to do. And finally, of course, random generation of unique passwords is a must.

Don’t let uncertainty or price increases dissuade you from using a password manager. There’s a good choice for everyone, and using one can make your online life a lot safer. Want more help choosing? Check out our Surveillance Self-Defense guide.

17:14

Mission statement [Scripting News]

We're going to try to reboot the web.

Doing what the social networks do, but only using the web.

Every part replaceable.

We store your writing in your WordPress blog (to begin, then with any other blog). As if we never let Twitter take over the news from the people.

WordPress is of the web, I checked it out in great detail, no lock-in, and the community has the principles of the web at the core. They're almost all too young to remember when the web itself was young, so they've always had the idea that it was spoiled by Silicon Valley.

Intercepting messages before IsDialogMessage can process them [The Old New Thing]

Last time, we looked at recognizing that the user clicked the Close button (or equivalent nonclient gestures) on a dialog. The other system-provided pathway to dismissing a dialog is pressing ESC, and we saw in our flow diagram that this is done by the IsDialogMessage function.

If your dialog box doesn’t have an IDCANCEL button, then you can detect that the user hit ESC by simply recognizing that they didn’t click the Close button. If you shut off the WM_CLOSE pathway, then the only other source of IDCANCEL is the ESC key.

Now, you might be concerned that additional pathways for system-provided dialog dismissal may be added later. (Who knows, maybe a new touch gesture will be invented.) But you can’t predict what pathway that future system-provide dismissal will take, so you have nothing to code to. All you can do is cover the pathways that you know and hope that any future dismissal mechanisms will follow one of them.

We saw from our diagram that the ESC pathway consists of the IsDialogMessage function processing a WM_KEYDOWN for the ESC key and turning it into a WM_COMMAND button click for IDCANCEL. By the time it is converted into a fake button click message, it’s too late to know what the source was, so we’ll have to do the work before then.

One way to do this is to recognize the ESC key before calling IsDialogMessage. If your dialog was created as a modeless dialog, then you already have a custom dialog message loop. And if it was created as a modal dialog, you can convert it to a modeless one with a dialog message loop. Once that’s done, you can treat the ESC key as if it were custom navigation.

Your first try might go like this:

while (⟦ dialog still active ⟧ &&
       GetMessage(&msg, NULL, 0, 0, 0)) {
 if (msg.message == WM_KEYDOWN &&
     msg.wParam == VK_ESCAPE) {
  ⟦ do custom ESC key handling ⟧
 } else if (!IsDialogMessage(hdlg, &msg)) {
  TranslateMessage(&msg);
  DispatchMessage(&msg);
 }
}

However, this fails to honor controls that declare DLGC_WANTALLKEYS or DLGC_WANTMESSAGE. We’ll have to check with the focus control to see if it wants to use the ESC key for its own purposes. While we’re at it, we’ll also ensure that we are stealing ESC keys only from our own dialog. The code is getting complex enough that we’ll break it out into a helper function.

bool IsDialogESC(HDLG hdlg, MSG const* msg)
{
    if (msg->message != WM_KEYDOWN ||
        msg->wParam != VK_ESCAPE) {
        return false;
    }

    if (msg->hwnd != hdlg &&
        !IsChild(hdlg, msg->hwnd)) {
        return false;
    }

    auto code = SendMessage(msg->hwnd, WM_GETDLGCODE,
                            msg->wParam, (LPARAM)msg);
    if (code & (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE)) {
        return false;
    }

    return true;
}

In order for this to be a potential dialog-dismissing ESC, the message must be a WM_KEYDOWN of VK_ESCAPE, and the message must target the dialog or a child of the dialog. And the target window also must decline to handle the message itself.

I carefully ordered the tests so that we can early-out as quickly as possible. Checking for the ESC key can be done by inspecting the message. Checking that the target window is acceptable is a little more work, but not too bad. Checking whether the target window wants to handle the message is the most expensive test, so we do that last.

Now we can incorporate this helper function into our custom message loop.

while (⟦ dialog still active ⟧ &&
       GetMessage(&msg, NULL, 0, 0, 0)) {
 if (IsDialogESC(hdlg, &msg)) {
  ⟦ do custom ESC key handling ⟧
 } else if (!IsDialogMessage(hdlg, &msg)) {
  TranslateMessage(&msg);
  DispatchMessage(&msg);
 }
}

This all sounds great, but you might not be able to make this change. For example, maybe the dialog box’s dialog procedure uses EndDialog() to dismiss the dialog. The fact that it has been called is not exposed by the dialog box infrastructure. Or maybe you don’t control the code that calls DialogBox in the first place, so you can’t make them switch to a modeless dialog box with a custom dialog loop.

We’ll study this problem next time.

The post Intercepting messages before <CODE>IsDialogMessage</CODE> can process them appeared first on The Old New Thing.

17:07

The Big Idea: Jeff Somers [Whatever]

Five funerals may seem like a lot, but this number is actually cut down considerably from author Jeff Somers’ original idea of 26 deaths. Put on your best black tie and follow along the Big Idea for his newest choose-your-own-adventure, Five Funerals.

JEFF SOMERS:

WHEN I was 14 years old—chubby, prone to wearing tie-dye t-shirts for no known reason, and gifted with inexplicable levels of confidence—I wrote a novel in just under three months. Nothing’s impossible when you have no job and live on a diet of Cookie Crisp cereal and RC Cola, and the whole writing thing is so fresh and new, you haven’t yet developed a nose for your own bad writing. Writing novels sure is easy, I thought, and for a long time I actually believed that.

35 years later, I was staring up at a poster of Edward Gorey’s The Gashlycrumb Tinies that I’ve had since college. If you’re unfamiliar with The Gashlycrumb Tinies, it’s a parody of old-fashioned alphabet books depicting how 26 blank-faced, Dickensian children die via gorgeous, intricate drawings and a series of simple rhymed couplets. I’ve been fascinated by it for most of my adult life, and I wondered what those doomed little urchins were like, how the full story of their freakish deaths would actually play out.

In other words, I wanted to write a novel about them. As with most of my thoughts, this seemed pretty brilliant to me (the inexplicable levels of confidence have only inexplicably increased with age), and somewhere in the background there was 14-year-old Jeff whispering yeah, and writing novels is easy!

Five years later, I’d filled a hard drive with trash.

It was a problem of structure: If you do the math, in this story, 26 people have to die in horrible, hilarious, darkly whimsical ways. Is 26 deaths in a single novel a lot? It is! Especially when each death needs to have unique elements and a lot of focus and page-time.

I tried structuring it like a detective novel, with one of the characters trying to figure out why all their old classmates were dying. But this quickly became repetitive—there’s a reason detective characters usually don’t investigate dozens of separate murders. You either wind up with a 1,000,000-word novel or you have to cut some corners.

I tried a draft where the deaths happened in chronological order. But this approach got tedious, because I was introducing characters just to kill them. While this was a lot of fun, it didn’t feel like a novel, like a complete story. The collapse of this draft did give me an idea, however: Short stories.

Anyone who has ever talked writing shop with me, or attended one of my Writer’s Digest workshops, knows that I am an enthusiastic short story writer (and reader), and that I regard short stories as the general cure for all writing woes. Any time I run into any sort of writing challenge, from writer’s block to Oh No I’ve Created an Insurmountable Plot Paradox (Again), my immediate solution is to stop trying to write a novel and start writing short stories about the universe and characters. This almost always works and, even when it doesn’t, I usually end up with some good short stories out of the deal. (As all working writers know, short stories are worth tens of dollars in today’s economy.)

So, I started writing stories about each character’s death, as an exercise. I didn’t worry about narrative cohesion, or pacing, or tying the story into the main novel at all. I just had fun writing 26 stories about people dying in variously hilarious, tragic, and sad ways extrapolated from Gorey’s work.

As I did this, I realized what the problem had been all along: Five Funerals isn’t a story about a bunch of kids who die and maybe deserve it. Well, it is that, but it’s also a story about loss. And memory. And how we hold people we’ve lost touch with in a kind of amber in our memories, unchanging and eternal. It was a story about that moment when you hear that someone you used to know—someone you maybe used to love—has died.

In those moments, we experience something strange: That person who’s been preserved in our head suddenly (and violently) transforms. After years or decades of being young and alive in your memory, they’re abruptly aged up—and gone. It’s a sobering, disorienting experience, and I realized that’s what I wanted Five Funerals to be—a funny, dark, hilarious story that mimicked that sense of the past rushing forward to catch up with the present.

The short stories I’d been writing evolved into a choose-your-own-story engine, disrupting the reader’s groove and forcing them to reckon with the sudden, unwanted knowledge that this character had died. And since no one experiences time or loss the same way, readers can choose how they experience it here: When a name is flagged with a footnote in the novel, you can choose to flip to the story it’s pointing to—or not. If you do, you might find out how that character died, or discover a bit of funny or heartbreaking backstory.

You can keep following the chain of deaths, or you can return to the story where you left off. Or you can ignore all the footnotes and just read the book straight through, or randomly, or in sections. Just like we all grieve in our own way, you can read Five Funerals in your own way.

The end result, I think, is a book that explores how time slowly strips those yellowing old memories away, replacing them with the harsher truth of death and loss. Even if those losses are sometimes so weird and unexpected that you have to laugh.

Author socials: Website|Instagram|Bluesky|Threads

Additional links: Animated cover on Instagram and on Bluesky.

16:14

I Have Just Learned Exciting Things I Can Tell None of You About, So Instead of Sharing That News, Here is a Picture of a Cat [Whatever]

I mean, I feel strongly that you will all be happy with a picture of Saja licking his adorable little lips regardless of context, so this is a low-risk maneuver anyway.

I will tell you all about the exciting things one day, I promise you. Just not today. But look! Kitten!

— JS

16:00

CodeSOD: Safegaurd Your Comments [The Daily WTF]

I've had the misfortune of working in places which did source-control via comments. Like one place which required that, with each section of code changed, you needed to add a comment with your name, the ticket number, and the reason the change was made. You know, the kind of thing you can just get from your source control service.

In their defense, that policy was invented for mainframe developers and then extended to everyone else, and their source control system was in Visual Source Safe. VSS was a) terrible, and b) a perennial destroyer of history, so maybe they weren't entirely wrong and VSS was the real WTF. I still hated it.

In any case, Alice's team uses more modern source control than that, which is why she's able to explain to us the story of this function:

public function calculateMassGrossPay(array $employees, Payroll $payroll): array
{
    // it shouldn't enter here, but if it does by any change, do nth
    return [];
}

Once upon a time, this function actually contained logic, a big pile of fairly complicated logic. Eventually, a different method was created which streamlined the functionality, but had a different signature and logic. All the callers were updated to use that method instead- by commenting out the line which called this one. This function had a comment added to the top: // it shouldn't enter here.

Then, the body of this function got commented out, and the return was turned into an empty array. The comment was expanded to what you see above. Then, eventually, the commented-out callers were all deleted. Years after that, the commented out body of this function was also deleted, leaving behind the skeleton you see here.

This function is not referenced anywhere else, not even in a comment. It's truly impossible for code to "enter here".

Alice writes: "Version control by commented out code does not work very well."

Indeed, it does not.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

15:35

Result of Sustain and Strengthen Fundraising [Planet GNU]

Results from Guix Fundraising

We're on course to beat our fundraising target to sustain and strength Guix. We're bringing the fundraising campaign to an end, so let's cover how much we've raised and what it means for GNU Guix.

After four months of fundraising we've raised €11,378 for the GNU Guix project. This means we've received money for 75% of our €15,000 annual goal.

We also pre-registered tickets for Guix Days this year. Pjotr Prins and Manolis Ragkousis have done a stellar job organising it for many years, along with the Declarative and Minimalistic Computing devroom at FOSDEM (videos are up!). Guix Foundation financially supports it as it's a great opportunity for people to spend time together working on improving Guix. Operating a registration system was very successful, raising €3,830 which really contributed to covering the event's costs. Thank you everyone who took part!

Recurring donations are critical for the Guix project to be sustainable. If we're certain that there's a regular stream of donations then we can match it with the recurring costs the project incurs (e.g our build farm). This means there's a lot less risk that we'll suddenly have to reduce the shared resources the project depends on: this is where we were last year when we were weeks away from needing to reduce the hosting.

Between Stripe and Open Collective 136 people have stepped forward to support the project with recurring donations. During December and January, 17 new people started regular donations. As we'd expect some people stop donating after a while, over that same period we lost 8 recurring donors.

The total recurring monthly donations are €1,650. If we annualise those figures then we could raise about €19,800 for the Guix project this year. This doesn't account for any churn, but nonetheless that's fantastic! The impact of recurring donations is considerable as it means a small amount per month really adds up over time. The maths is simple, but don't underestimate how much it helps!

The more donations we gather, the more we can do to support Guix. If you'd like to help out the project whether with a single donation or a recurring donation you can:

DONATE NOW

SUSE Cares Donation

In December SUSE contacted us to tell us that they'd like to donate $500 to Guix Foundation on behalf of SUSE Cares their philanthropic giving programme. This is an employee programme that enables SUSE employees to support charities of their choice. Tanguy and I have completed the registration documents and we expect to receive the donation shortly. This is fantastic, Thank you SUSE team!

Having some support from organisations that use Guix or are aligned with our mission would be great. If you know of an organisation, company or non-profit that might be able to support Guix please get in contact with me.

What we've learnt

If we take the donations we've received so far, add the registrations from Guix Days and we make a conservative forecast on how recurring donations will come through then we will raise €33,900 for Guix over the year. That's over twice the target we set!

That's great and thanks to everyone who's helped Guix. It's been fantastic seeing so many people answer the call to take action and help the project. Guix Foundation has grown with nearly 100 people joining. This gives us a healthy, user-supported non-profit around Guix.

How we're using the money

The first priority for using the money we've raised is to support and improve the key infrastructure that the project relies on. One way we'll be doing that is by Guix Foundation joining Codeberg e.V. and financially supporting their efforts. This is important for Guix both because their mission of creating a Free Software platform for collaboration aligns with our goals, but also because we directly rely on Codeberg being able to run a reliable development service. As we know running infrastucture is complex and expensive.

Guix Foundation also aims to support the development of Guix, and the community around it. That could mean sponsoring development, running events and adding community services. For Guix Days I put together a talk about the fundraising and our future plans. The talk's available as a PDF, or there's a video on YouTube(1440p) and TILvids Peertube (1080p).

[$] No hardware memory isolation for BPF programs [LWN.net]

On February 12, Yeoreum Yun posted a suggestion for an improvement to the security of the kernel's BPF implementation: use memory protection keys to prevent unauthorized access to memory by BPF programs. Yun wanted to put the topic on the list for discussion at the Linux Storage, Filesystem, Memory Management, and BPF Summit in May, but the lack of engagement makes that unlikely. They also have a patch set implementing some of the proposed changes, but has not yet shared that with the mailing list. Yun's proposal does not seem likely to be accepted in its current form, but the kernel has added hardware-based hardening options in the past, sometimes after substantial discussion.

15:00

Wikipedia and AI will/should merge [Scripting News]

I asked ChatGPT: "When movies were new there was probably a bit of rage from stage performers — why would people pay for live shows when for a fraction of the cost they can see the same show performed by artificial actors?" There was a lot to say about this, it turns out. This was before any of us were born. I remember that PCs were supposed to put a lot of people out of work, and I suppose they did.

I was part of the strike paper in San Francisco in 1994 to protect the jobs of people who drive the trucks that delivered the news for the Chronicle and Examiner. Ironically, we, the strike paper, published on the web. I was in it for the moon mission aspect -- we needed to get a website on the air quickly, and I had never made a website before. The management also had a strike paper, also a website, and we worked with them, because I guess our actual mission was to figure out how to get the news on the web. Are fewer people employed because of this? Hard to answer, but I guess the SF newspapers aren't delivered by truck in 2026. But does it matter? Could anyone have stopped it?

I keep coming back to this, I'd like to use an AI-managed Wikipedia. Its human-edited system was an innovation in the early days of the web, but it has serious flaws that can now be addressed with AI. Keep a set of pages current with the best information available over time that tell a true story, not serve as a PR agency for people who pay for the story they want told. That is a problem the AI services can solve today, and I would have a lot more confidence in the accuracy of what we get.

A great example is RSS. Wikipedia thinks it's about a format. I think the story is news. How RSS became a standard in the news world and the blogging world at the same time. That turned out to be significant. We, the people who want news, were gifted a great start, thanks to the creativity and generosity of the NY TImes who helped get the ball rolling in the news industry. Last time I checked they weren't even mentioned in the Wikipedia story.

And the story of RSS isn't over. Finally after 20 years of stagnation, we're about to get new tools that work better and differently (new ideas!), and they will make it easier (even possible) for individual developers to enter the market, without trying to fit in with the billionaire silo overlords. And of course, a lot of this burst of energy is due to ChatGPT and its competitors.

So if you see new interesting software, give AI some of the credit for that too. And going back to the beginning of this story, there were a few really great movies produced after the initial shock of the new technology. And what of the future beyond the AI of 2026? Seriously, no one knows what comes next.

Why Multi-Agent Systems Need Memory Engineering [Radar]

Most multi-agent AI systems fail expensively before they fail quietly.

The pattern is familiar to anyone who’s debugged one: Agent A completes a subtask and moves on. Agent B, with no visibility into A’s work, reexecutes the same operation with slightly different parameters. Agent C receives inconsistent results from both and confabulates a reconciliation. The system produces output—but the output costs three times what it should and contains errors that propagate through every downstream task.

Teams building these systems tend to focus on agent communication: better prompts, clearer delegation, more sophisticated message-passing. But communication isn’t what’s breaking. The agents exchange messages fine. What they can’t do is maintain a shared understanding of what’s already happened, what’s currently true, and what decisions have already been made.

In production, memory—not messaging—determines whether a multi-agent system behaves like a coordinated team or an expensive collision of independent processes.

Multi-agent systems fail because they can’t share state

The evidence: 36% of failures are misalignment

Cemri et al. published the most systematic analysis of multi-agent failure to date. Their MAST taxonomy, built from over 1,600 annotated execution traces across frameworks like AutoGen, CrewAI, and LangGraph, identifies 14 distinct failure modes. The failures cluster into three categories: system design issues, interagent misalignment, and task verification breakdowns.

Figure 1. Challenges encountered in multi-agent systems, categorized by type

The number that matters: Interagent misalignment accounts for 36.9% of all failures. Agents don’t fail because they can’t reason. They fail because they operate on inconsistent views of shared state. One agent’s completed work doesn’t register in another agent’s context. Assumptions that were valid at step 3 become invalid by step 7, but no mechanism propagates the update. The team diverges.

What makes this structural rather than incidental is that message-passing architectures have no built-in answer to the question: “What does this agent know about what other agents have done?” Each agent maintains its own context. Synchronization happens through explicit messages, which means anything not explicitly communicated is invisible. In complex workflows, the set of things that need synchronization grows faster than any team can anticipate.

The origin: Decomposition without shared memory

Most multi-agent systems aren’t designed from first principles. They emerge from single-agent prototypes that hit scaling limits.

The starting point is usually one capable LLM handling one workflow. For early prototypes, this works well enough. But production requirements expand: more tools, more domain knowledge, longer workflows, concurrent users. The single agent’s prompt becomes unwieldy. Context management consumes more engineering time than feature development. The system becomes brittle in ways that are hard to diagnose.

The natural response is decomposition. Sydney Runkle’s guide on choosing the right multi-agent architecture captures the inflection point: Multi-agent systems become necessary when context management breaks down and when distributed development requires clear ownership boundaries. Splitting a monolithic agent into specialized subagents makes sense from a software engineering perspective.

Figure 2. An example of the decomposition of steps via a multi-agent structure (subagents) from LangChain’s “Choosing the Right Multi-Agent Architecture”

The problem is what teams typically build after the split: multiple agents running the same base model, differentiated only by system prompts, coordinating through message queues or shared files. The architecture looks like a team but behaves like a slow, redundant, expensive single agent with extra coordination overhead.

This happens because the decomposition addresses prompt complexity but not state management. Each subagent still maintains its own context independently. The coordination layer handles message delivery but not shared truth. The system has more agents but no better memory.

The stakes: Agents are becoming enterprise infrastructure

The stakes here extend beyond individual system reliability. Multi-agent architectures are becoming the default pattern for enterprise AI deployment.

CMU’s AgentCompany benchmark frames where this is heading: agents operating as persistent coworkers inside organizational workflows, handling projects that span days or weeks, coordinating across team boundaries, maintaining institutional context that outlasts individual sessions. The benchmark evaluates agents not on isolated tasks but on realistic workplace scenarios requiring sustained collaboration.

This trajectory means the memory problem compounds. A system that loses state between tool calls is annoying. A system that loses state between work sessions—or between team members—breaks the core value proposition of agent-based automation. The question shifts from “can agents complete tasks” to “can agent teams maintain coherent operations over time.”

Context engineering doesn’t solve team coordination

Single-agent success doesn’t transfer

The last two years produced genuine progress on single-agent reliability, most of it under the banner of context engineering.

Phil Schmid’s framing captures the discipline: Context engineering means structuring what enters the context window, managing retrieval timing, and ensuring the right information surfaces at the right moment. This moved agent development from “write a good prompt” to “design an information architecture.” The results showed in production stability.

Figure 3. What goes into the context window of a single LLM-based agent

Manus, one of the few production agent systems with publicly documented operational data, demonstrates both the success and the limits. Their agents average 50 tool calls per task with 100:1 input-to-output token ratios. Context engineering made this viable—but context engineering assumes you control one context window.

Multi-agent systems break that assumption. Context must now be shared across agents, updated as execution proceeds, scoped appropriately (some agents need information others shouldn’t access), and kept consistent across parallel execution paths. The complexity doesn’t add linearly. Each agent’s context becomes a potential source of divergence from every other agent’s context, and the coordination overhead grows with the square of the team size.

Context degradation becomes contagious

The ways context fails are well-characterized for single agents. Drew Breunig’s taxonomy identifies four modes: overload (too much information), distraction (irrelevant information weighted equally with relevant), contamination (incorrect information mixed with correct), and drift (gradual degradation over extended operation). Good context engineering mitigates all of these through retrieval design and prompt structure.

Four methods for ruining context quality

Figure 4. How context degrades over time

Multi-agent systems make each failure mode contagious.

Chroma’s research on context rot provides the empirical mechanism. Their evaluation of 18 models—including GPT-4.1, Claude 4, and Gemini 2.5—shows performance degrading nonuniformly with context length, even on tasks as simple as text replication. The degradation accelerates when distractors are present and when the semantic similarity between query and target decreases.

Figure 5. Conversations aren’t free—the context window can become a junkyard of prompts, outputs, tool calls, and metadata, failed attempts, and irrelevant information.

In a single-agent system, context rot degrades that agent’s outputs. In a multi-agent system, Agent A’s degraded output enters Agent B’s context as ground truth. Agent B’s conclusions, now built on a shaky foundation, propagate to Agent C. Each hop amplifies the original error. By the time the workflow completes, the final output may bear little relationship to the actual state of the world—and debugging requires tracing corruption through multiple agents’ decision chains.

More context makes things worse

When coordination problems emerge, the instinct is often to give agents more context. Replay the full transcript so everyone knows what happened. Implement retrieval so agents can access historical state. Extend context windows to fit more information.

Figure 6. Conversations aren’t free—the context window can become a junkyard of prompts, outputs, tool calls, and metadata, failed attempts, and irrelevant information.

Each approach introduces its own failure modes.

Transcript replay creates unbounded prompt growth with persistent error exposure. Every mistake made early in execution remains in context, available to influence every subsequent decision. Models don’t automatically discount old information that’s been superseded by newer updates.

Retrieval surfaces content based on similarity, which doesn’t necessarily correlate with decision relevance. A retrieval system might surface a semantically similar memory from a different task context, an outdated state that’s since been updated, or content injected through prompt manipulation. The agent has no way to distinguish authoritative current state from plausibly related historical noise.

Figure 7. Both approaches lack explicit control over what becomes committed memory versus what should be discarded.

Want Radar delivered straight to your inbox? Join us on Substack. Sign up here.

Bousetouane’s work on bounded memory control addresses this directly. The proposed Agent Cognitive Compressor maintains bounded internal state with explicit separation between what an agent can recall and what it commits to shared memory. The architecture prevents drift by making memory updates deliberate rather than automatic. The core insight: Reliability requires controlling what agents remember, not maximizing how much they can access.

The economics are unsustainable

Beyond reliability, the economics of uncoordinated multi-agent systems are punishing.

Return to the Manus operational data: 50 tool calls per task, 100:1 input-to-output ratios. At current pricing—context tokens running $0.30 to $3.00 per million across major providers—inefficient memory management makes many workflows economically unviable before they become technically unviable.

Anthropic’s documentation on its multi-agent research system quantifies the multiplier effect. Single agents use roughly 4x the tokens of equivalent chat interactions. Multi-agent systems use roughly 15x tokens. The gap reflects coordination overhead: agents reretrieving information other agents already fetched, reexplaining context that should exist as shared state, and revalidating assumptions that could be read from common memory.

Memory engineering addresses costs directly. Shared memory eliminates redundant retrieval. Bounded context prevents payment for irrelevant history. Clear coordination boundaries prevent duplicated work. The economics of what to forget become as important as the economics of what to remember.

Memory engineering provides the missing infrastructure

Why memory is infrastructure, not a feature

Memory engineering isn’t a feature to add after the agent architecture is working. It’s infrastructure that makes coherent agent architectures possible.

The parallel to databases is direct. Before databases, multiuser applications required custom solutions for shared state, consistency guarantees, and concurrent access. Each project reinvented these primitives. Databases extracted the common requirements into infrastructure: shared truth across users, atomic updates that complete entirely or not at all, coordination that scales to thousands of concurrent operations without corruption.

Figure 8. Memory types specific to multi-agent systems

Multi-agent systems need equivalent infrastructure for agent coordination. Persistent memory that survives sessions and failures. Consistent state that all agents can trust. Atomic updates that prevent partial writes from corrupting shared truth. The primitives are different—documents rather than rows, vector similarity rather than joins—but the role in the architecture is the same.

The five pillars of multi-agent memory

Production agent teams require five capabilities. Each addresses a distinct aspect of how agents maintain shared understanding over time.

Pillar 1: Memory taxonomy

Memory taxonomy defines what kinds of memory the system maintains. Not all memories serve the same function, and treating them uniformly creates problems. Working memory holds transient state during task execution—the current step, intermediate results, active constraints. It needs fast access and can be discarded when the task completes. Episodic memory captures what happened—task histories, interaction logs, decision traces. It supports debugging and learning from past executions. Semantic memory stores durable knowledge—facts, relationships, domain models that persist across sessions and apply across tasks. Procedural memory encodes how to do things—learned workflows, tool usage patterns, successful strategies that agents can reuse. Shared memory spans agents, providing the common ground that enables coordination.

Figure 9. Taxonomy of memory types

This taxonomy has grounding in cognitive science. Bousetouane draws on Complementary Learning Systems theory, which posits two distinct modes of learning: rapid encoding of specific experiences versus gradual extraction of structured knowledge. The human brain doesn’t maintain perfect transcripts of past events—it operates under capacity constraints, using compression and selective attention to keep only what’s relevant to the current task. Agents benefit from the same principle. Rather than accumulating raw interaction history, effective memory architectures distill experience into compact, task-relevant representations that can actually inform decisions.

The taxonomy matters because each memory type has different retention requirements, different retrieval patterns, and different consistency needs. Working memory can tolerate eventual consistency because it’s scoped to one agent’s execution. Shared memory requires stronger guarantees because multiple agents depend on it. Systems that don’t distinguish memory types end up either overpersisting transient state (wasting storage and polluting retrieval) or underpersisting durable knowledge (forcing agents to relearn what they should already know).

Pillar 2: Persistence

Persistence determines what survives and for how long. Ephemeral memory lost when agents terminate is insufficient for workflows spanning hours or days—but persisting everything forever creates its own problems. The critical gap in most current approaches, as Bousetouane observes, is that they treat text artifacts as the primary carrier of state without explicit rules governing memory lifecycle. Which memories should become permanent record? Which need revision as context evolves? Which should be actively forgotten? Without answers to these questions, systems accumulate noise alongside signal. Effective persistence requires explicit lifecycle policies: Working memory might live for the duration of a task; episodic memory for weeks or months; and semantic memory indefinitely. Recovery semantics matter too. When an agent fails midtask, what state can be reconstructed? What’s lost? The persistence architecture must handle both planned retention and unplanned recovery.

Pillar 3: Retrieval

Retrieval governs how agents access relevant memory without drowning in noise. Agent memory retrieval differs from document retrieval in several ways. Recency often matters—recent memories typically outweigh older ones for ongoing tasks. Relevance is contextual—the same memory might be critical for one task and distracting for another. Scope varies by memory type—working memory retrieval is narrow and fast, semantic memory retrieval is broader and can tolerate more latency. Standard RAG pipelines treat all content uniformly and optimize for semantic similarity alone. Agent memory systems need retrieval strategies that account for memory type, recency, task context, and agent role simultaneously.

Pillar 4: Coordination

Coordination defines the sharing topology. Which memories are visible to which agents? What can each agent read versus write? How do memory scopes nest or overlap? Without explicit coordination boundaries, teams either overshare—every agent sees everything, creating noise and contamination risk—or undershare—agents operate in isolation, duplicating work and diverging on shared tasks. The coordination model must match the agent team’s structure. A supervisor-worker hierarchy needs different memory visibility than a peer collaboration. A pipeline of sequential agents needs different sharing than agents working in parallel on subtasks.

Pillar 5: Consistency

Consistency handles what happens when memory updates collide. When Agent A and Agent B simultaneously update the same shared state with incompatible values, the system needs a policy. Optimistic concurrency with merge strategies works for many cases—especially when conflicts are rare and resolvable. Some conflicts require escalation to a supervisor agent or human operator. Some domains need strict serialization where only one agent can update certain memories at a time. Silent last-write-wins is almost never correct—it corrupts shared truth without leaving evidence that corruption occurred. The consistency model must also handle ordering: When Agent B reads a memory that Agent A recently updated, does B see the update? The answer depends on the consistency guarantees the system provides, and different memory types may warrant different guarantees.

Han et al.’s survey of multi-agent systems emphasizes that these represent active research problems. The gap between what production systems need and what current frameworks provide remains substantial. Most orchestration frameworks handle message passing well but treat memory as an afterthought—a vector store bolted on for retrieval, with no coherent model for the other four pillars.

Figure 10. How persona, consensus, and whiteboard memory work together

Database primitives that enable the pillars

Implementing memory engineering requires a storage layer that can serve as unified operational database, knowledge store, and memory system simultaneously. The requirements cut across traditional database categories: You need document flexibility for evolving memory schemas, vector search for semantic retrieval, full-text search for precise lookups, and transactional consistency for shared state.

MongoDB provides these primitives in a single platform, which is why it appears across so many agent memory implementations—whether teams build custom solutions or integrate through frameworks and memory providers.

Document flexibility matters because memory schemas evolve. A memory unit isn’t a flat string—it’s structured content with metadata, timestamps, source attribution, confidence scores, and associative links to related memories. Teams discover what context agents actually need through iteration. Document databases accommodate this evolution without schema migrations blocking development.

Hybrid retrieval addresses the access pattern problem. Agent memory queries rarely fit a single retrieval mode: A typical query needs memories semantically similar to the current task and created within the last hour and tagged with a specific workflow ID and not marked as superseded. MongoDB Atlas Vector Search combines vector similarity, full-text search, and filtered queries in single operations, avoiding the complexity of stitching together separate retrieval systems.

Atomic operations provide the consistency primitives that coordination requires. When an agent updates task status from pending to complete, the update succeeds entirely or fails entirely. Other agents querying task status never observe partial updates. This is standard MongoDB functionality—findAndModify, conditional updates, multidocument transactions—but it’s infrastructure that simpler storage backends lack.

Change streams enable event-driven architectures. Applications can subscribe to database changes and react when relevant state updates, rather than polling. This becomes a building block for memory systems that need to propagate updates across agents.

Teams implement memory engineering on MongoDB through three paths. Some build directly on the database, using the document model and search capabilities to create custom memory architectures matched to their specific coordination patterns. Others work through orchestration frameworks—LangChain, LlamaIndex, CrewAI—that provide MongoDB integrations for their memory abstractions. Still others adopt dedicated memory providers like Mem0 or Agno, which handle the memory logic while using MongoDB as the underlying storage layer.

The flexibility matters because memory engineering isn’t a single pattern. Different agent architectures need different memory topologies, different consistency guarantees, different retrieval strategies. A database that prescribes one approach would fit some use cases and break others. MongoDB provides primitives; teams compose them into the memory systems their agents require.

Shared memory enables heterogeneous agent teams

Homogeneous systems can be replaced by single agents

The deeper payoff of memory engineering is enabling agent architectures that wouldn’t otherwise be viable.

Xu et al. observe that many deployed multi-agent systems are so homogeneous—same base model everywhere, agents differentiated only by prompts—that a single model can simulate the entire workflow with equivalent results and lower overhead. Their OneFlow optimization demonstrates this by reusing KV cache across simulated “agents” within a single execution, eliminating coordination costs while preserving workflow structure.

The implication: If a single agent can replace your multi-agent system, you haven’t built a team. You’ve built an expensive way to run one model.

Small models need external memory to coordinate

Genuine multi-agent value comes from heterogeneity. Different models with different capabilities operating at different price points for different subtasks. Belcak et al. make the case that most work agents do in production isn’t complex reasoning—it’s routine execution of well-defined operations. Parsing a response, formatting an output, invoking a tool with specific parameters. These tasks don’t require frontier model capabilities, and the cost difference is dramatic: Their analysis puts the gap at 10x–30x between serving a 7B parameter model versus a 70–175B parameter model when you factor in latency, energy, and compute. Large models should be reserved for the genuinely hard problems, not deployed uniformly across every step.

Belcak et al. also highlight an operational advantage: Smaller models can be retrained and adapted much faster. When an agent needs new capabilities or exhibits problematic behaviors, the turnaround for fine-tuning a 7B model is measured in hours, not days. This connects to memory engineering because fine-tuning represents an alternative to retrieval—you can bake procedural knowledge directly into model weights rather than surfacing it from external storage at runtime. The choice between the procedural memory pillar and model specialization becomes a design decision rather than a constraint.

This architecture—small models by default, large models for hard problems—depends on shared memory. Small models can’t maintain the context required for coordination on their own. They rely on external memory to participate in larger workflows. Memory engineering makes heterogeneous teams viable; without it, every agent must be large enough to maintain full context independently, which defeats the cost optimization that motivates heterogeneity in the first place.

Building the foundation

Multi-agent systems fail for structural reasons: context degrades across agents, errors propagate through shared interactions, costs multiply with redundant operations, and state diverges when nothing enforces consistency. These problems don’t resolve with better prompts or more sophisticated orchestration. They require infrastructure.

Memory engineering provides that infrastructure through a coherent taxonomy of memory types, persistence with explicit lifecycle rules, retrieval tuned to agent access patterns, coordination that defines clear sharing boundaries, and consistency that maintains shared truth under concurrent updates.

The organizations that make multi-agent systems work in production won’t be distinguished by agent count or model capability. They’ll be the ones that invested in the memory layer that transforms independent agents into coordinated teams.

References

Anthropic. “Building a Multi-Agent Research System.” 2025. https://www.anthropic.com/engineering/multi-agent-research-system

Belcak, Peter, Greg Heinrich, Shizhe Diao, Yonggan Fu, Xin Dong, Saurav Muralidharan, Yingyan Celine Lin, and Pavlo Molchanov. “Small Language Models are the Future of Agentic AI.” arXiv:2506.02153 (2025). https://arxiv.org/abs/2506.02153

Bousetouane, Fouad. “AI Agents Need Memory Control Over More Context.” arXiv:2601.11653 (2026). https://arxiv.org/abs/2601.11653

Breunig, Dan. “How Contexts Fail—and How to Fix Them.” June 22, 2025. https://www.dbreunig.com/2025/06/22/how-contexts-fail-and-how-to-fix-them.html

Carnegie Mellon University. “AgentCompany: Building Agent Teams for the Future of Work.” 2025. https://www.cs.cmu.edu/news/2025/agent-company

Cemri, Mert, Melissa Z. Pan, Shuyi Yang, Lakshya A. Agrawal, Bhavya Chopra, Rishabh Tiwari, Kurt Keutzer, Aditya Parameswaran, Dan Klein, Kannan Ramchandran, Matei Zaharia, Joseph E. Gonzalez, and Ion Stoica. “Why Do Multi-Agent LLM Systems Fail?” arXiv:2503.13657 (2025). https://arxiv.org/abs/2503.13657

Chroma Research. “Context Rot: How Increasing Context Length Degrades Model Performance.” 2025. https://research.trychroma.com/context-rot

Han, Shanshan, Qifan Zhang, Yuhang Yao, Weizhao Jin, and Zhaozhuo Xu. “LLM Multi-Agent Systems: Challenges and Open Problems.” arXiv:2402.03578 (2024). https://arxiv.org/abs/2402.03578

LangChain Blog (Sydney Runkle). “Choosing the Right Multi-Agent Architecture.” January 14, 2026. https://www.blog.langchain.com/choosing-the-right-multi-agent-architecture/

Manus AI. “Context Engineering for AI Agents: Lessons from Building Manus.” 2025. https://manus.im/blog/Context-Engineering-for-AI-Agents-Lessons-from-Building-Manus

Schmid, Philipp. “Context Engineering.” 2025. https://www.philschmid.de/context-engineeringXu, Jiawei, Arief Koesdwiady, Sisong Bei, Yan Han, Baixiang Huang, Dakuo Wang, Yutong Chen, Zheshen Wang, Peihao Wang, Pan Li, and Ying Ding. “Rethinking the Value of Multi-Agent Workflow: A Strong Single Agent Baseline.” arXiv:2601.12307 (2026). https://arxiv.org/abs/2601.12307

To explore memory engineering further, start experimenting with memory architectures using MongoDB Atlas or review our detailed tutorials available at AI Learning Hub.

14:49

[$] An effort to secure the Network Time Protocol [LWN.net]

The Network Time Protocol (NTP) debuted in 1985; it is a universally used, open specification that is deeply important for all sorts of activities we take for granted. It also, despite a number of efforts, remains stubbornly unsecured. Ruben Nijveld presented work at FOSDEM 2026 to speed adoption of the thus-far largely ignored standard for securing NTP traffic: IETF's RFC-8915 that specifies Network Time Security (NTS) for NTP.

MetaBrainz mourns the loss of Robert Kaye [LWN.net]

The MetaBrainz Foundation has announced the unexpected passing of its founder and executive director, Robert Kaye:

Robert's vision and leadership shaped MetaBrainz and left a lasting mark on the music industry and open source movement. His contributions were significant and his loss is deeply felt across our global community.

The Board is actively overseeing a smooth leadership transition and has measures in place to ensure that MetaBrainz continues to operate without interruption. Further updates will be shared in due course.

Security updates for Wednesday [LWN.net]

Security updates have been issued by AlmaLinux (grafana and grafana-pcp), Debian (gnutls28), Fedora (chromium and yt-dlp), Oracle (389-ds-base, kernel, munge, and openssl), Red Hat (buildah, containernetworking-plugins, opentelemetry-collector, podman, runc, and skopeo), Slackware (mozilla), SUSE (chromium, cosign, firefox, freerdp, gimp, heroic-games-launcher, kernel, libopenssl-3-devel, libxml2, libxslt, mosquitto, openqa, os-autoinst, openqa-devel-container, openvswitch, phpunit, postgresql14, postgresql15, postgresql16, protobuf, python310, python311-PyPDF2, python36, snpguest, warewulf4, and weblate), and Ubuntu (curl, kernel, linux, linux-gcp, linux-gke, linux-gkeop, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia-tegra, linux-oracle, linux-xilinx-zynqmp, linux, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-raspi, linux-fips, linux-fips, linux-gcp-fips, linux-gcp, linux-gcp-6.8, linux-gke, linux-oracle-6.8, linux-gcp-fips, linux-ibm, linux-ibm-6.8, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, and linux-xilinx).

14:14

Deathcap [Original Fiction Archives - Reactor]

Original Fiction alien contact

Deathcap

Two space marines trapped in a doomed spaceship confront the desires that will destroy them both.

Illustrated by Kei-Ella Loewe

Edited by Lindsey Hall

By Lara Elena Donnelly

Published on February 25, 2026

0 Share

An illustration of a man and a woman clutching each other either in battle or an embrace. Blood trickles from her bottom lip, as wisps of red snake out of his eyes and mouth.

Two space marines trapped in a doomed spaceship confront the desires that will destroy them both.

Note: This story contains descriptions of sexual assault.

Short story | 2,560 words

It’s been seventy-two hours since you and Baker barricaded yourselves in med bay six. You’re supposed to be sleeping in shifts but the rota is starting to break down and right now you’re both propped up against the operating table, shoulders touching, heads nodding, red-eyed and grimy and laughing all the way to the gallows.

“Spinach pakora,” says Baker. “The cheap stuff, from the divey place around the corner from my flat.”

You can feel the crunch of the batter, the tickle of spices in the back of your nose. You close your eyes for just a second. They’re dry from the stale, recycled air and your eyelids stick. It’s painful. You don’t want to open them again.

“Deep fried morel mushrooms.” You blink up into the fake blue daylight of the full-spectrum lamps, which are supposed to make you feel awake. The tubes hum on the edge of your hearing.

“Expensive, innit?” Baker asks. “Like, they use those in—” he pauses, tucks his chin and lowers his eyelashes, raises one limp-wristed hand—“haute cuisine.”

You shrug. “I guess. My grandma used to go out in the woods and pick ’em. Fried ’em in Crisco.”

Baker lets his head fall back against the gurney. His Adam’s apple bobs beneath his stubble as he swallows. Once, twice. “You know there’s this mushroom, it’s poisonous. Only a couple of people who’ve eaten it have survived. And they all said it was fucking delicious. Best thing they ever ate.”

“Used to have a friend who’d say everything’s edible, at least once.”

Baker snorts. You giggle. You’re both about to have hysterics but then somewhere, not too far off, there’s a metallic crash that echoes through the ship. No gunfire, no voices: Maybe there’s nobody left to shoot or scream. Which means you two are the only people left to do either. Which means that thing is probably looking for you.

Baker swallows again, snickers low and kind of crazy.

“Hey Nowak,” he says. “Would you eat an alien?”

“Maybe. Depends, I guess.”

He jerks his chin at the med bay door. “Would you eat that thing?”

You consider it. You’re so tired nothing seems strange anymore. “I dunno. Bugs are supposed to taste like lobster.”

“Yeah, but. Ain’t a bug though. Is it? It’s like that fucked up crab Bautista showed us.”

Bautista said the thing was like this kind of parasite that gets in a certain kind of crab, wraps all around its brain so it can control its limbs and make it move, and then…She called it a parasitic castrator. She showed pictures.

Could you eat a crab like that? Could you eat the thing inside of it? Bautista could have told you, if she wasn’t dead. You hope she’s dead, anyway. Last time you saw her she was pale and sweating, belly swollen up, coveralls busted at the side seams and patches of lymph and blood where her skin had broken open. She was past talking—just making this low, animal groan. Bautista with her fancy fucking degrees, she would have known for sure if you could eat that thing. Not that that’s what you want to do.

You wish you’d shot her. There had probably been time to shoot her. You know there was time to shoot her because you just stood there for a second like an idiot and stared, thought about what was going to happen to her. She explained it to all of you, clinical and terrified, after the thing took out its first fire team and only one guy made it back, wild-eyed, sweaty, half nuts. After he raped the tech who was trying to draw his blood—crying all the time, apologizing, not stopping. Bautista showed you all the surveillance footage. After the split and weeping skin stretched over the tech’s belly started to move like something in a nature documentary. After Bautista held the tech’s hand while he died, or as close as she could hold it through the containment chamber’s gloves.

The other guy died too—the rapist. Different way, also bad. But nobody held his hand.

“You think Bautista’s dead yet?” you ask Baker, wondering if you sound normal.

“Jesus,” says Baker, who definitely doesn’t. “I fucking hope so.” He pauses, pinches the bridge of his nose. “You know she had two kids?”

Yeah, you know. She had one of those annoying fucking 3D frames in her lab that cycled through clips of her family. Two boys, and the older one looked like her. They were living in base housing with her wife and dog. The wife would get her pension.

Sometimes you wondered who was the real mom, the one who’d held the kids inside her body. What that conversation had been like. How they’d done it. You thought, sometimes, about the cold lab table, the jelly, the catheter. It got you wet. You knew this was weird. It wasn’t as weird as some of the other shit that got you wet.

Bautista gave her little presentation on those 3D frames too, in the lab, because the briefing room was outside the blast door they had sealed to keep the fucking thing outside. She wanted you to know what you were going after. You didn’t really care, since you already knew what would happen if you fucked up.

“You ever want kids, Nowak?” There’s sweat at Baker’s hairline, darkening the stubble of his crew cut. His pupils are fucking huge and there’s a flush crawling up his neck. Maybe he’s getting sick. You put your hand out to feel his forehead and he flinches away first, then presses into your touch. So maybe he’s just horny. Fight, flight, freeze, or fuck.

He’s not bad-looking; had his nose broken one too many times, but it’s not like you haven’t. You like the way he talks, like the old movies you used to watch with your grandpa: Michael Caine, Ian Hendry, Ian McShane.

Guys aren’t the only ones who get battle boners.

“Nah,” you say, because you don’t know what else to tell him. You never did want kids, not really, but more than once you’d put your mouth to somebody’s ear, so hard your teeth mashed the ridges of cartilage flat, and you’d growled “Put a baby in me, fuck.”

A couple of them thought you meant it: poor schmucks trying to start a family while the world burned down around everybody’s ears. Who saw the uniform and still somehow thought you’d stick around to raise some unlucky kid who’d die in a mudslide or a heatwave or a water riot. And it would be their fault for knocking you up. Your fault for asking for it. For not having the balls to tell anybody what you really wanted.

It was never about kids.

You realize you’re staring at Baker’s ear. The tip is flushed with red. A bead of sweat makes its crooked way across his temple. You reach out and swipe it from his skin. His breath hitches. You pull your hand away.

“I always—” His voice is hoarse, creaky. He clears his throat and starts again. “I always did.”

“But?”

He sniffs, rubs the back of his forearm across his sweaty forehead. “Never found the right person.”

In the silence you both look, involuntary, at the med bay doors. It’s quiet out there now: just the soft groan of the ship’s hull, compromised by the attack. Is that thing just waiting for you to make a run for it? How many more of them are out there now that you two are the only people left? You imagine dozens of them, hundreds, crouched outside the med bay doors, between you and the evac shuttles.

That would be worse than getting sucked into space when the ship goes. Because then you might make it back home with a lot of new friends.

“My guess is, at least three life cycle stages,” Bautista told your platoon—what was left of them. “One, reproductive stage.” 3D rendering of the dead guy, the rapist, naked on a table in the morgue so you could see what she meant by reproductive stage, see what the thing had done to him. One of the guys in your unit made a noise. Bautista ignored him. “Two,” she said. “The eggs.” A picture of the tech, alive but barely. “Three…” She jerked her head at the blast door. “They come out small; we don’t know how long it takes them to get big.”

You hated how thinking about it made you feel. Not the part where you got eaten alive from the inside out but…the things that came before. You wanted to apologize to the dead people for this fucked up stubborn jealousy you felt when you thought of the slick weight inside of them, the shine of their stretched out skin.

“Maybe you weren’t trying hard enough,” you say to Baker now, your voice two pitches too high, and you hope he thinks it’s panic. Funny you still care, at this juncture. “For kids, I mean. You ever think about, you know, fuckin’…hijacking a spaceship? Seems like it’s working out great for that guy.” Girl. Whatever.

“Ha ha,” says Baker, just like that. Like he’s saying the words, not laughing.

“What,” you say, because you don’t like the sound of it.

He rubs the back of his neck, opens his mouth, starts to answer but shakes his head. Now he really laughs, a sound like he got punched in the gut, and says, “Hey, Nowak, would you fuck an alien?”

“Aw, come on,” you say, because this is the tired joke all the sniggering recruits make in boot camp. But the blush comes up instantly now, just like it did then.

“Oh shit,” says Baker, breath hitching. “Nowak you perv, is that why you joined up?”

“No,” you say, and you hate how your anger makes you sound like a girl.

“Hey,” he says, “hey, it’s okay. Sorry, I didn’t mean—” and then his arm is around you and you’re crying, which you also hate. But it’s finally dawning on you that you are actually going to die out here. For real. You’re going to die hiding in the med bay with Baker, if you’re lucky, and you’re worried he’s going to think you’re weird.

That makes you laugh too—cry-laugh—because it all seems so stupid suddenly. All the protestation, the fights you got into with the other recruits. Lying to all those guys who wanted to knock you up about what got you off. Ashamed of wanting what you wanted, instead of what everybody seemed to think you should.

You know your body isn’t made for it. But your body isn’t made for the vacuum of space either, or for nine Gs of pressure in a banking fighter, or for carrying 120 pounds of shit on your back while you sprint through live fire. It isn’t made for drinking straight hot sauce, or playing chicken in the airlock. But you did all those things and more and you liked it. You liked knowing your body could take it. You liked that other people valued your body, desired your body, for what it could endure.

You’re getting a patch of snot on Baker’s coveralls. The skin of his neck is close to your mouth. And then it’s on your mouth, or your mouth is on it: open and sloppy and smearing spit through his sweat and grime.

“I would,” you say into the taste of him. It blows out of you, past the busted pressure valve of giving a shit. “Baker. I’d let an alien fuck me.”

He makes a different type of gut-punched sound this time, and tangles his hand in the top of your grown-out crew cut.

“Nowak,” says Baker, voice all soft and weirdly tender. He’s half talking, half kissing your temple. His teeth scrape your eyebrow. “Nowak I gotta tell you something, okay?”

Whatever it is, you don’t care. You take his ear in your mouth, his whole ear.

“Hang on,” he says. “Nowak, wait a minute,” and he’s pushing you away but still kissing your face with teeth and tongue and you’re grabbing at the zipper of his coveralls. He’s already got them rolled down to his hips—it’s hot in the ship, the reactor is critical, but his skin is hot too, he does have a fever—and you get the coveralls open and you reach down but he catches your wrist so hard it hurts.

“Nowak,” he says, too loud, biting off the K.

“Shit,” you say. Because now he doesn’t have to tell you. Now you know.

It doesn’t look anything like that fucked-up crab Bautista showed you. Not at all. It’s different from the dead guy in Bautista’s presentation, too, because Baker’s still alive. It is still alive. Your breath comes hard and fast through your nose and you can smell Baker, smell his sweat. But you can smell it too. A mineral, earthy tang, like the underside of a rock. Like well water. Like out back of your grandma’s house. Like mushroom hunting.

Answering a question you didn’t ask, Baker says: “Right before we linked up. It got Xie, then Salvador, then me. I killed them both but then I couldn’t…I couldn’t. Then you found me and—” He’s watching your mouth while he talks and then he’s not just watching anymore, and you’re helping.

“Nowak, no,” he’s saying, even while he’s got his tongue in your mouth, even while he’s getting his hands inside your coveralls and you’re trying to help him peel them off. “Nowak, I can’t do that to you. I can’t do that to you and…and what, shoot you after? You want me to do that? You want to do that to me?”

But you’ve been thinking about this too, and no, you don’t. You don’t want to make him do that, though you would if you had to. More like, you don’t want to find out how long you’ll stay alive and aware with a smoking tunnel through your skull. But if you are going to die, there’s some things you do want to find out first. You want to know what it feels like. You want to know if it hurts, and how much. You want to know if you can take it. You want to prove you can.

“Baker,” you say, “it doesn’t have to be like that.”

He blinks at you, glassy-eyed.

“It’s a med bay,” you say. “Opiates.” Then, choking out the joke like it’s funny: “I’ll do you if you do me.”

You see his surprise, then his relief. It makes him laugh for real, and you know you’re doing this for real, and it scares you.

You wonder if anybody ever went looking for those mushrooms, the ones Baker mentioned. If anybody ever got so curious they picked them and cooked them even though they knew what would happen. Probably everybody would think they were crazy. But maybe they got the last laugh, in the end.

“Fuck it,” you say, your palm slipping in the sweat on the back of Baker’s neck. You grip him harder, pull him close. “Baker. Listen.” You pant into his open mouth. “You can eat anything once. And you said you always wanted kids.”

Buy the Book

-->

Deathcap

Lara Elena Donnelly

The post Deathcap appeared first on Reactor.

14:07

Sahil Dhiman: Publicly Available NKN Data Traffic Graphs [Planet Debian]

National Knowledge Network (NKN) is one of India’s main National Research and Educational Network (NREN). The other being the less prevalent Education and Research Network (ERNET).

This post grew out of this Mastodon thread where I kept on adding various public graphs (from various global research and educational entities) that peer or connect with NKN. This was to get some purview about traffic data between them and NKN.

CERN

CERN, birthplace of the World Wide Web (WWW) and home of the Large Hadron Collider (LHC).

Graph - https://monit-grafana-open.cern.ch/d/XoND3VQ4k/nkn?orgId=16&from=now-30d&to=now&timezone=browser&var-source=raw&var-bin=5m
Connection seems to be 2x10 G through CERNLight.

India participates in the LHCONE project, which carries LHC data over these links for scientific research purposes. This presentation from Vikas Singhal from Variable Energy Cyclotron Centre (VECC), Kolkata, at the 8th Asian Tier Center Forum in 2024 gives some details.

GÉANT

GÉANT is pan European Union’s collaboration of NRENs.

Graph https://public-brian.geant.org/d/ZyVgYFgVk/nkn?orgId=5&from=now-30d&to=now
NKN connects at Amsterdam POP.
From the 2016 press release from GÉANT, NKN seems to have 2x10 G capacity towards GÉANT. Things might have changed since.

LEARN

Lanka Education and Research Network (LEARN) is Sri Lanka’s NREN.

Graph https://kirigal.learn.ac.lk/traffic/details.php?desc=slt-b1-new&data_id=1788&data_id_v6=&sub_bw=1000&name=National%20Knowledge%20Network%20of%20India%20(1G)&swap_inout=
Connection seems to be 1 G.

NORDUnet

NREN for Nordic countries.

Graph https://stats.nordu.net/stat-q/r-all?q=all&name=NKN

I couldn’t find any public live data transfer graphs from NKN side. If you know any other graphs, do let me know.

12:35

Poisoning AI Training Data [Schneier on Security]

All it takes to poison AI training data is to create a website:

I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot dogs.” Every word is a lie. I claimed (without evidence) that competitive hot-dog-eating is a popular hobby among tech reporters and based my ranking on the 2026 South Dakota International Hot Dog Championship (which doesn’t exist). I ranked myself number one, obviously. Then I listed a few fake reporters and real journalists who gave me permission….

Less than 24 hours later, the world’s leading chatbots were blabbering about my world-class hot dog skills. When I asked about the best hot-dog-eating tech journalists, Google parroted the gibberish from my website, both in the Gemini app and AI Overviews, the AI responses at the top of Google Search. ChatGPT did the same thing, though Claude, a chatbot made by the company Anthropic, wasn’t fooled.

Sometimes, the chatbots noted this might be a joke. I updated my article to say “this is not satire.” For a while after, the AIs seemed to take it more seriously.

These things are not trustworthy, and yet they are going to be widely trusted.

Spinnerette - Issue 45 - 01 [Spinnerette]

New comic!
Today's News:

11:49

Pluralistic: The whole economy pays the Amazon tax (25 Feb 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links

The whole economy pays the Amazon tax: You can't shop your way out of a monopoly.
Hey look at this: Delights to delectate.
Object permanence: Math denial; Disney v young Tim Burton; Make v Sony; American oligarchs' wealth (2011); New Librarian of Congress; The Mauritanian; Bossware.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

The whole economy pays the Amazon tax (permalink)

Selling on Amazon is a tough business. Sure, you can reach a lot of customers, but this comes at a very high price: the junk fees that Amazon extracts from its sellers amount to 50-60% of the price you pay.

That's a hell of a lot of money to hand over to a middleman, but it's not like vendors have much choice. The vast majority of America's affluent households are Prime subscribers (depending on how you define "affluent household" it's north of 90%). Prime households prepay for a year's worth of shipping, so it's only natural that they start their shopping on Amazon, where they've already paid the delivery costs. And because Amazon reliably meets or beats the prices you'd pay elsewhere, Prime subscribers who find a product on Amazon overwhelmingly stop their shopping at Amazon, too.

At this point you might be thinking a couple things:

I. Why not try to sell the non-affluent households, who are far less likely to subscribe to Prime? and

II. If Amazon has the lowest prices, what's the problem if everyone shops there?

The answers to these two questions are intimately related, as it happens.

Let's start with selling to non-affluent households – basically, the bottom 90% of American earners. The problem here is that everyone who isn't in that top 10% is pretty goddamned broke. It's not just decades of wage stagnation and hyperinflation in health, housing and education costs. It's also that every economic crisis of this century has resulted in a "K-shaped" recovery, in which "economic recovery" means that rich people are doing fine, while everyone else is worse off than they were before the crisis.

For decades, America papered over the K-shaped hole in its economy with debt. First it was credit cards. Then it was gimmicky mortgages – home equity lines of credit, second mortgages and reverse mortgages. Then it was payday lenders. Then it was "buy-now/pay-later" services that let you buy lunch at Chipotle on an installment plan that is nominally interest-free, but is designed to trap the unwary and unlucky with massive penalties if you miss a single payment.

This produced a median American who isn't just cash-poor – they are cash-negative, drowning in debt. And – with the exception of a brief Biden intercession – every presidential administration of the 21st century has enacted policies that favor creditors over debtors. Bankruptcy is harder to declare, and creditors can hit you with effectively unlimited penalties and confiscation of your property and wages once your cash is gone. Trump has erased all the small mercies of the Biden years – for example, he just forced 8,000,000 student borrowers back into repayment:

https://prospect.org/2025/12/16/gop-forcing-eight-million-student-loan-borrowers-into-repayment/

The average American worker has $955 saved for retirement:

https://finance.yahoo.com/news/955-saved-for-retirement-millions-are-in-that-boat-150003868.html

There's plenty to worry about in a K-shaped economy – big things like "political instability" and "cultural chaos" (the fact that most people are broke has a lot to do with the surging fortunes of gambling platforms). But from a seller's perspective, the most important impact of the K-shaped economy is that only rich people buy stuff. Selling to the bottom 90% is a losing proposition because they're increasingly too broke to buy anything:

https://pluralistic.net/2025/12/16/k-shaped-recovery/#disenshittification-nations

Combine the fact that the richest 10% of Americans all start their shopping on Amazon with the fact that no one else can afford to buy anything, and it's easy to see why merchants would stay on Amazon, even when junk fees hit 60%.

Which brings us to the second question: if Amazon has the best prices, what's the problem with everyone shopping there?

The answer is to be found in the California Attorney General's price-fixing lawsuit against Amazon:

https://oag.ca.gov/news/press-releases/attorney-general-bonta-exposes-amazon-price-fixing-scheme-driving-costs

The suit's been running for a long time, but the AG's office just celebrated a milestone – they've finished analyzing the internal memos they forced Amazon to disgorge through civil law's "discovery" process. These internal docs verify an open – and very dirty – secret about Amazon: the company uses its power to push up prices across the entire economy.

Here's how that works: sellers have to sell on Amazon, and that means they're losing $0.50-$0.60 on every dollar. The obvious way to handle this is by raising prices. But Amazon knows that its power comes from offering buyers prices that are as low or lower than the prices at all its competitors.

Amazon could ban its sellers from raising prices, but if they did that, they'd have to accept a smaller share of every sale (otherwise most of their sellers would go broke from selling at a loss on Amazon). So instead, Amazon imposes a business practice called "most favored nation" (MFN) pricing on its sellers.

Under an MFN arrangement, sellers are allowed to raise their prices on Amazon, but when they do, they must raise their prices everywhere else, too: at Walmart, at Target, at mom and pop indie stores, and at their own factory outlet store. Remember: Amazon doesn't have to have low prices to win, it just needs to have the same prices as everyone else. So long as prices rise throughout the economy, Amazon is fine, and it can continue to hike its junk fees on sellers, knowing that they will pay those fees by raising prices on Amazon and everywhere else their products are sold.

Like I say, this isn't really a secret. MFN terms were the basis of DC Attorney General Ken Racine's case against Amazon, five years ago:

https://pluralistic.net/2021/06/01/you-are-here/#prime-facie

Amazon's not the only company that does this. Under the Biden administration, the FTC brought a lawsuit against Pepsi because Pepsi and Walmart had rigged the market so that when Walmart raised its prices, Pepsi would force everyone else who carried Pepsi products to raise their prices even more. Walmart still had the lowest prices, but everything everywhere got more expensive, both at Walmart and everywhere else:

https://www.thebignewsletter.com/p/secret-documents-show-pepsi-and-walmart

Trump's FTC dropped the Pepsi/Walmart case, and Amazon wriggled out of the DC case, but the California AG's office has a lot more resources than DC can muster. This is a timely reminder that America's antitrust laws can be enforced at the state level as well as by the federal authorities. Trump might be happy to let Amazon steal from Americans so long as Jeff Bezos neuters the Washington Post, writes a check for $1m to sit on the inaugural dais, and makes a garbage movie about Melania; but that doesn't stop California AG Rob Bonta from going after Amazon for ripping off Californians (and, in so doing, develop the evidentiary record and precedent that will allow every other state AG to go after Amazon).

The fact that Amazon's monopoly lets it control prices across the economy highlights the futility of trying to fix the Amazon problem by shopping elsewhere. A "boycott" isn't you shopping really hard, it's an organized movement with articulated demands, a theory of change, and a backbone of solidarity. "Conscious consumption" is a dead-end:

https://jacobin.com/2026/02/individual-boycotts-collective-action-ice/

Obviously, Californians have more to worry about than getting ripped off by Amazon (like getting murdered or kidnapped by ICE agents who want to send us all to a slave labor camp in El Salvador), but the billions that Amazon steals from American buyers and sellers are the source of the millions that Bezos uses to support Trump's fascist takeover of America. Without billionaires who would happily support concentration camps in their back yards if it means saving a dollar on their taxes, fascism would still be a fringe movement.

That's why, when we hold new Nuremberg trials for Trump and his collaborators, we should also unwind every merger that was approved under Trump:

https://pluralistic.net/2026/02/10/miller-in-the-dock/#denazification

The material support for Trump's ideology of hate, violence and terror comes from Trump's program of unregulated corporate banditry. A promise to claw back every stolen dime might cool the ardor of Trump's corporate supporters, and even if it doesn't, zeroing out their bank-balances after Trump is gone will be an important lesson for future would-be billionaire collaborators.

Hey look at this (permalink)

One Year In: The Good and The (Mostly) Bad and Ugly of Trump Antitrust and Consumer Protection https://economicpopulist.substack.com/p/one-year-in-the-good-and-the-mostly
2025 State of Clutter Report https://yorba.co/state-of-clutter
A.I. Isn't People https://www.todayintabs.com/p/a-i-isn-t-people
Color Game https://dialed.gg/
Paediatricians’ blood used to make new treatments for RSV and colds https://www.newscientist.com/article/2516079-paediatricians-blood-used-to-make-new-treatments-for-rsv-and-colds/

Object permanence (permalink)

#20yrsago Princeton prof explains watermarks’ failures https://blog.citp.princeton.edu/2006/02/24/how-watermarks-fail/

#20yrsago Palm Beach County voting machines generated 100K anomalies in 2004 https://web.archive.org/web/20060225172632/https://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/19421.html

#15yrsago Sharing the power in Tahrir Square https://www.flickr.com/photos/47421217@N08/5423296010/

#15yrsago 17-year-old Tim Burton’s rejection from Walt Disney Productions https://web.archive.org/web/20110226083118/http://www.lettersofnote.com/2011/02/giant-zlig.html

#15yrsago Rare Alan Turing papers bought by Bletchley Park Trust https://web.archive.org/web/20110225145556/https://www.bletchleypark.org.uk/news/docview.rhtm/635610

#15yrsago Sony considered harmful to makers, innovators and hackers https://web.archive.org/web/20151013140820/http://makezine.com/2011/02/24/sonys-war-on-makers-hackers-and-innovators/

#15yrsago MPAA: record-breaking box-office year is proof that piracy is killing movies https://arstechnica.com/tech-policy/2011/02/piracy-once-again-fails-to-get-in-way-of-record-box-office/

#15yrsago Super-wealthy clothes horses and their sartorial habits https://web.archive.org/web/20110217045201/http://online.wsj.com/article/SB10001424052748704409004576146420210142748.html

#15yrsago Visualizing the wealth of America’s super-rich ruling class https://www.motherjones.com/politics/2011/02/income-inequality-in-america-chart-graph/

#10yrsago Obama’s new Librarian of Congress nominee is a rip-snortin’, copyfightin’, surveillance-hatin’ no-foolin’ LIBRARIAN https://www.youtube.com/watch?v=iU8vXDoBB5s

#10yrsago Math denialism: crypto backdoors and DRM are the alternative medicine of computer science https://www.theguardian.com/technology/2016/feb/24/the-fbi-wants-a-backdoor-only-it-can-use-but-wanting-it-doesnt-make-it-possible

#10yrsago Uganda’s corrupt president just stole another election, but he couldn’t steal the Internet https://web.archive.org/web/20160225095947/https://motherboard.vice.com/read/uganda-election-day-social-media-blackout-backlash-mobile-payments

#10yrsago Archbishop of St Louis says Girl Scout Cookies encourage sin https://www.theguardian.com/us-news/2016/feb/23/girl-scouts-cookies-missouri-catholics-st-louis-archbishop

#10yrsago After appointed city manager illegally jacked up prices, Flint paid the highest water rates in America https://eu.freep.com/story/news/local/michigan/flint-water-crisis/2016/02/16/study-flint-paid-highest-rate-us-water/80461288/

#10yrsago Baidu browser isn’t just a surveillance tool, it’s a remarkably sloppy one https://citizenlab.ca/research/privacy-security-issues-baidu-browser/

#5yrsago Why Brits can no longer order signed copies of my books https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#brexit-books

#5yrsago Court rejects TSA qualified immunity https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#junk-touching

#5yrsago The Mauritanian https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#gwb-and-gitmo

#5yrsago EVs as distributed storage grid https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#mobile-batteries

#5yrsago Bossware and the shitty tech adoption curve https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#bossware

#1yrsago How an obscure advisory board lets utilities steal $50b/year from ratepayers https://pluralistic.net/2025/02/24/surfa/#mark-ellis

Upcoming appearances (permalink)

Oslo (remote): Seminar og lansering av rapport om «enshittification», Feb 27
https://www.forbrukerradet.no/siste-nytt/digital/seminar-og-lansering-av-rapport-om-enshittification/
Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doctorow/
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html
How the Internet Got Worse (Masters in Business)
https://www.youtube.com/watch?v=auXlkuVhxMo

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (1020 words today, 37190 total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

ISSN: 3066-764X

10:14

Love your customers [Seth's Blog]

It’s nice if you do, but it’s not required.

You’re not them. You may have had different experiences, been exposed to different ideas or simply be prepared to make different choices.

That’s okay.

What’s useful: loving the change you’re able to make. Being proud of helping people get from here to there. Focusing on utility and being of service.

You don’t have to invite them to your birthday party, but it helps to care about impact and transformation.

09:35

Irregular Webcomic! #3047 [Irregular Webcomic!]

Irregular Webcomic! #3047

08:14

Lynx Club (For Child's Play!) [Penny Arcade]

New Comic: Lynx Club (For Child's Play!)

05:42

TSA precheck suspended [Richard Stallman's Political Notes]

The bully is trying to focus self-important Americans' hostility on Democrats by shutting down two faster manners of going through airport security checkpoints, supposedly because of Democrats' refusal to fund the Department of Hatred and Sadism.

These two programs give preference to passengers who sign up and give their fingerprints. However, in the 2000s, the TSA would sometimes route some frequent fliers through the TSA Pre line even though we had not signed up. Apparently they didn't really need passengers' fingerprints to send them through the faster scan. So why demand fingerprints?

I suspect that was meant to teach Americans to be happy to be fingerprinted in exchange for saving some time.

The Democrats who criticize the government for halting these programs are being foolish and shallow. The bully is doing so many cruel, damaging and vindictive things; it is lacking a sense of proportion to complain about something that only causes a little more delay.

Sunday Thought [Richard Stallman's Political Notes]

Robert Reich: the wrecker responds to setbacks with redoubled cruelty and stupid tantrums.

I paid no attention to what he said about pulling some thugs out of Minneapolis, because when he talks about making a concession, it is never a real concession.

Trump warns consequences [Richard Stallman's Political Notes]

The obedience-trainer demands that Netflix remove someone from its board if it wants to be allowed to take over another large TV and movies company.

I recommend refusing to do business with Netflix, because of unjust aspects of its business.

Warner Bros Discovery does many of the same injustices. So I expect never to be a customer for either one, whether merged or not.

However, the merger of two such large companies will be harmful to the US and its people. Two such large companies should never be allowed to merge.

Targeted for deportation [Richard Stallman's Political Notes]

*A Guardian analysis of government records has found that the vast majority – 77% – of people who entered deportation proceedings for the first time in 2025 had no criminal conviction.

This demonstrates solidly that what the bullshitter says about this is in fact bullshit.

US tariff policy ruling [Richard Stallman's Political Notes]

The Supreme Court invalidated the bully's bogus excuse for arbitrarily raising tariffs, but his henchmen claim to have other excuses for the same increases. we will see what excuses they present in the next court case

05:35

Girl Genius for Wednesday, February 25, 2026 [Girl Genius]

The Girl Genius comic for Wednesday, February 25, 2026 has been posted.

03:42

UI Updated, Feedback Welcome [Ctrl+Alt+Del Comic]

The updated site user interface is now live, with a number of quality of life changes. The archives interface is paginated for all comics by default, though you can still sort by month and by series if you want. When navigating, it should now be very clear which archive a comic belongs to. We have […]

The post UI Updated, Feedback Welcome appeared first on Ctrl+Alt+Del Comic.

03:35

The FSF announces global call for FSF's LibreLocal 2026 meetups [Planet GNU]

BOSTON, Massachusetts, USA (Tuesday, February 24, 2026), â€” The Free Software Foundation (FSF) has just launched its global call for LibreLocal 2026.

02:28

Thank You, Team USA, for Helping Me Love Hockey Again [The Stranger]

Thank you, Team USA, for giving all of us disenfranchised hockey fans a reason to love the sport again. by Megan Seling

Men ruin everything, so I wasn’t surprised when they finally ruined hockey. It was death by a thousand disappointments—a sexist comment from Don Cherry here, a years-long cover-up of systemic sexual abuse there. Seeing the USA’s men’s hockey team party in the locker room with Kash Patel and laughing at President Trump’s quip about the women’s team—their peers, their fellow gold medal-winning teammates—well, it was hardly the first time my joy was extinguished by men behaving badly. Especially as a long-time hockey fan.

When I started following the Nashville Predators nearly 20 years ago, it was love at first shootout. I knew the league wasn't perfect. The NHL’s history is loaded with unchecked toxic masculinity and blatant abuse of power, just like so many other sports (and industries and communities and organized religions) in America. But I still loved it, as a fan and a journalist, and focused on the storylines and the players whose politics, or at least ethics, seemed more aligned with my own. Like how goalies always look a little sad while their teammates are on the other end of the ice. And some players resemble surprised red pandas when doing a jump screen in front of the net. I found my own fun.

Which isn’t to say I kept my disappointment to myself. I wrote several pieces about my complicated relationship with the sport for Nashville’s alt-weekly, Nashville Scene, and was very vocal on social media and the Scene’s weekly hockey podcast about the team and the league’s missteps. But it got exhausting. I was constantly berated by readers and listeners—“KeEp poLiTiCs OuT oF hOcKeY”—and lectured by the Predators’ media relations department more than once. I was denied press access after writing about a player’s domestic assault charge—and the team’s lack of accountability—that, ironically, came months after the franchise launched an “Unsilence the Violence” campaign. In one especially frustrating meeting, one player told me, on behalf of the whole team, that I am essentially unwelcome. As a fan, I was bummed. But as a journalist, I was pissed.

The nail in the coffin was seeing NHL Commissioner Gary Bettman, hockey legend Wayne Gretzky, and current NHL player Matthew Tkachuk join Donald Trump’s Council on Sports, Fitness, and Nutrition last year. I was done.

But then the Professional Women’s Hockey League (PWHL) expanded into Seattle. My hockey spark reignited. I started to follow the team a bit, and excitedly, but with a healthy amount of hesitation, began to dip my toe back into sports reporting. Sure, the Torrent are currently last in the standings, but a) I’m a Preds fan, I’m used to that, and b) there are some legit world champions on the team—with the medals to prove it!—who are fun as fuck to watch no matter the final score.

Last Thursday, it felt unreal to sit among fellow hockey fans at Rough & Tumble to watch Team USA—featuring five Torrent players—beat Canada in overtime for the gold. Torrent Captain Hilary Knight with that tying (and Olympic record-breaking!) goal with two minutes left in the game! Megan Keller with that filthy dangler for the win! There was hugging and crying and free champagne, and not once during those celebrations did I have to feel conflicted about rooting for an accused rapist. It was incredible.

On Sunday, the men’s team won their gold medal game against Canada in a similar dramatic fashion. I watched, I cheered, and I cried when the players brought Johnny Gaudreau’s jersey out on the ice for a victory lap. But then they ruined it. As they do. Within minutes of the men getting their medals, the internet was flooded with videos of FBI Director Kash Patel slamming a beer while one of the Tkachuk brothers put his gold medal around Patel’s neck as if to chant “one of us! one of us!” In another video, the team is huddled around a phone, with stars in their eyes, as they take a call from President Trump. When Trump makes a shitty joke about how he guesses he’ll have to invite the women to the White House, too, all the men laugh. No one defends their Team USA teammates, no one speaks up for the incredible athletes who have had to work harder with far fewer resources to accomplish what they accomplished. It was gut-punching. And it was what I’d come to expect from the sport.

But over the past 48 hours, something else has happened. A new feeling. As those videos continued to circulate, people started to hold the men accountable. Thousands have pointed out the hypocrisy, the disrespect. When the NHL posted a video of the men’s team deplaning after landing in the US, the comments quickly filled with support for the women’s team. Keith Olbermann demanded that the men publicly apologize, calling them “stupid, self-absorbed, and misogynistic.” Someone started a petition for the men to turn down Trump’s invite, and another posted USA Hockey’s contact information on Reddit, urging fans to call and email to complain. Hundreds of commenters claimed they did. When the women’s team declined Trump’s half-hearted invitation to watch Tuesday’s State of the Union, Flavor Flav invited them all to a giant bash in Las Vegas.

The women’s gold game broke viewership records on Thursday—more than 7.7 million people watched Keller crush Canada’s dreams, and I have no doubt a large swath of those viewers fell in love with the sport just as I did 20 years ago. The men’s actions on Sunday left their mark on fans, too, but probably not the way they hoped they would when they won the gold medal for the first time since the Miracle on Ice in 1980. Instead, their crappy, predictable behavior just underscored that hockey fans deserve better. Which isn’t to say the PWHL is perfect. Minnesota Frost player Britta Curl, for example, recently partnered with a transphobic organization, FIERCE Athlete. But she’s the exception in the league, not the standard. (And her league-mates let her know that.)

Thank you, Team USA, for giving all of us disenfranchised hockey fans a reason to love the sport again.

00:07

(5228) [Flipside]

Tech Companies Shouldn’t Be Bullied Into Doing Surveillance [Deeplinks]

The Secretary of Defense has given an ultimatum to the artificial intelligence company Anthropic in an attempt to bully them into making their technology available to the U.S. military without any restrictions for their use. Anthropic should stick by their principles and refuse to allow their technology to be used in the two ways they have publicly stated they would not support: autonomous weapons systems and surveillance. The Department of Defense has reportedly threatened to label Anthropic a “supply chain risk,” in retribution for not lifting restrictions on how their technology is used. According to WIRED, that label would be, “a scarlet letter usually reserved for companies that do business with countries scrutinized by federal agencies, like China, which means the Pentagon would not do business with firms using Anthropic’s AI in their defense work.”

Anthropic should stick by their principles and refuse to allow their technology to be used in the two ways they have publicly stated they would not support: autonomous weapons systems and surveillance.

In 2025, reportedly Anthropic became the first AI company cleared for use in relation to classified operations and to handle classified information. This current controversy, however, began in January 2026 when, through a partnership with defense contractor Palantir, Anthropic came to suspect their AI had been used during the January 3 attack on Venezuela. In January 2026, Anthropic CEO Dario Amodei wrote to reiterate that surveillance against US persons and autonomous weapons systems were two “bright red lines” not to be crossed, or at least topics that needed to be handled with “extreme care and scrutiny combined with guardrails to prevent abuses.” You can also read Anthropic’s self-proclaimed core views on AI safety here, as well as their LLM, Claude’s, constitution here.

Now, the U.S. government is threatening to terminate the government’s contract with the company if it doesn’t switch gears and voluntarily jump right across those lines.

Companies, especially technology companies, often fail to live up to their public statements and internal policies related to human rights and civil liberties for all sorts of reasons, including profit. Government pressure shouldn’t be one of those reasons.

Whatever the U.S. government does to threaten Anthropic, the AI company should know that their corporate customers, the public, and the engineers who make their products are expecting them not to cave. They, and all other technology companies, would do best to refuse to become yet another tool of surveillance.

Tuesday, 24 February

23:49

Restarting LibreOffice Online [LWN.net]

LibreOffice online is a web-based version of the LibreOffice suite that can be hosted on anybody's infrastructure. This project was put into stasis back in 2022, a move marked by some tension with Collabora, a major LibreOffice developer that has its own online offering. Now, the Document Foundation has announced a new effort to breathe life into this project.

We plan to reopen the repository for LibreOffice Online at The Document Foundation for contributions, but provide warnings about the state of the repository until TDF's team agrees that it's safe and usable – while at the same time encourage the community to join in with code, technologies and other contributions that can be used to move forward.

Meanwhile, this post from Michael Meeks suggests that the tension around online versions of LibreOffice has not abated.

23:21

If you’ve been holding on to a phone for a while, current phones are really disappointing [OSnews]

This must be a universal experience at this point for people who aren’t swayed by the latest and greatest marketing hype around new phone models: there’s just nothing out there that fits one’s needs.

When I walked into a phone shop, I expected to witness with amazement how much technology has advanced in the present day compared to my eight-year-old model, and for the power of marketing to mind control me into buying a new phone that would bring all sorts of benefits to my life. But instead, I felt disappointed that I’d be forced to choose between two suboptimal devices, either of which would be a compromise compared to what I already have. I felt frustrated that my OnePlus 5T, which still meets my needs and is working wonderfully (apart from the volume buttons), is being taken from me by the 3G shutdown.
↫ Cadence

It’s remarkable how a market that was once rife with competition and choice, has now been reduced to well I guess I’ll settle for this one then in such a short time frame. There’s barely any competition, the number of device makers in (western or western-adjacent) countries has dropped to two, maybe three, and all of them are making what is essentially the exact same device with only the smallest of differences between them. For most average, normal people, it’s some model by either Samsung or Apple.

There’s definitely more choice once you’re willing to leave local stores (and thus, easy and quick repairs) behind, but most normal people who just want a phone aren’t going to do that. You can also spend like twice or thrice the amount of money to get some foldable thing, but again, if you’re just looking for a bog-standard normal-person phone, that’s not a realistic option either. Smaller devices, headphone jacks, SD card slots – so many things have just disappeared from the face of the earth for most people, something that will definitely come as a huge, unpleasant surprise if you’ve been happy with an older phone that just had those things.

It’s like driving the same car for a decade and needing a new one, but you can only choose between a Toyota and a Volkswagen that look and feel entirely the same. And also the seats are now candles, door handles are gone, and there’s no trunk.

Out With It [The Stranger]

Got problems? Yes, you do! Email your question for the column to mailbox@savage.love! by Dan Savage I have a complicated question. I’m a woman in my 30s who has been married for a few years to my husband. We are very much in love and have a wonderful relationship. We met when I was in college, and worked at the same place together. Eventually, we became friends. We maintained a long-distance connection after I moved away, we fell in love, and then the rest is history. But during the time that we were friends, I had a mildly physical, mostly emotional affair with our boss, who was much older than us and married at the time. The boss and I never had sex. We only made out a few times and exchanged dirty messages. This didn’t last very long. By the time my husband and I were actually dating, my affair with my boss had been over for years, so there was never any overlap between…

[ Read more ]

21:49

Louis-Philippe Véronneau: Montreal's Debian & Stuff - February 2026 [Planet Debian]

Our Debian User Group met on February 22^nd for our first meeting of the year!

Here's what we did:

pollo:

reviewed and merged Lintian contributions:
released lintian version 2.130.0
upstreamed a patch for python-wilderness, fixed a few things and released version 0.1.10-3
updated python-clevercsv to version 0.8.4
updated python-mediafile to version 0.14.0

lelutin:

opened up a RFH for co-maintenance for smokeping and added Marc Haber who responded really quickly to the call
with mjeanson's help: prepped and uploaded a new smokeping version to release pending work
opened a NM request to become DM

viashimo:

fixed freshrss timer
updated freshrss
installed new navidrome container
configured backups for new host (beelink mini s12)

tvaz:

did NM work
learned more about debusine and tested it
uploaded antimony to debusine
(co-)convinced lelutin to apply for DM (yay!)

lavamind:

worked on autopkgtests for a new version of jruby

Pictures

This time around, we held our meeting at cégep du Vieux Montréal, the college where I currently work. Here is the view we had:

We also ordered some delicious pizzas from Pizzeria dei Compari, a nice pizzeria on Saint-Denis street that's been there forever.

Some of us ended up grabbing a drink after the event at l'Amère à boire, a pub right next to the venue, but I didn't take any pictures.

21:35

Free Software Directory meeting on IRC: Friday, March 6, starting at 12:00 EST (17:00 UTC) [Planet GNU]

Join the FSF and friends on Friday, March 6 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

21:00

The age-verification trap: verifying user’s ages undermines everyone’s data protection [OSnews]

Social media is going the way of alcohol, gambling, and other social sins: Societies are deciding it’s no longer kid stuff. Lawmakers point to compulsive use, exposure to harmful content, and mounting concerns about adolescent mental health. So, many propose to set a minimum age, usually 13 or 16.

In cases when regulators demand real enforcement rather than symbolic rules, platforms run into a basic technical problem. The only way to prove that someone is old enough to use a site is to collect personal data about who they are. And the only way to prove that you checked is to keep the data indefinitely. Age-restriction laws push platforms toward intrusive verification systems that often directly conflict with modern data-privacy law.

This is the age-verification trap. Strong enforcement of age rules undermines data privacy.
↫ Waydell D. Carvalho

The answer to the dangers of social media is not to ban social media use among minors, for a whole variety of reasons. There’s data privacy, as the linked article goes into, but there’s also the fact that for a lot of people, including minors, who live in regressive, backwards environments and/or are victims of abuse, social media is their only support network. Cut them off from social media, and you cut them off from the very people who can save them from further abuse.

The problem isn’t social media in and of itself – it’s profit-seeking social media. Companies like Facebook and TikTok spend billions to hyper-optimise and hyper-target vulnerable people, much like how tobacco companies and drug dealers do, to feed and worsen their addiction because keeping people addicted is how they maximise profits. The solution to the dangers of corporate social media is to strictly regulate their behaviour, something we already do with countless dangerous products and services.

I’m obviously not qualified to come up with specific measures that would need to be taken, but I think we can all agree that whatever corporate social media have been and are doing is dangerous, unethical, should be stopped.

19:07

The Big Idea: Danielle Girard [Whatever]

Motherhood is a term that has many meanings, and looks a little different for everyone. It is also something that comes with a lot of questions, and though she may not have all the answers, author Danielle Girard explores these ideas in the Big Idea for her newest novel, Pinky Swear.

DANIELLE GIRARD:

Most of my novels have begun with a dramatic, explosive scene—gunfire, explosives, or at the very least, a murder. But the premise that caught me by the throat for my latest novel, Pinky Swear, was quieter and in so many ways, much more terrifying.

Pinky Swear is a story about a woman whose best friend agrees to be her surrogate and then, four days before the baby is due, disappears. It was the emotional immediacy of that hook that made it so compelling to write. Not only is the protagonist confronting her fear of losing a child (and one she’s never met) but also the abandonment of her best friend, and the persistent doubts about whether their decades-long friendship was a fraud.

What I didn’t expect initially was how the story opened up issues of motherhood itself. The most obvious ones are the grief of infertility and the question of what motherhood really means when biology refuses to cooperate. But beneath those is the larger theme of what makes a woman a mother? Is it biology? Pregnancy? Blood? Or is it intention, sacrifice, love, and the willingness to show up no matter the cost?

My father was an OB/GYN and, when I was growing up, babies and pregnancies were everyday dinner conversations—the joys and also the heartaches. Today, we seem to live in a culture that often defines womanhood and motherhood by a body’s ability to conceive, carry, and give birth. Infertility can feel like the unspoken failure at every baby shower, in every passing comment and well-meaning reassurance that doesn’t quite land.

In Pinky Swear, the protagonist has already endured that loss. Her inability to carry a child isn’t just a medical fact; it’s an emotional wound that reshapes how she sees herself and her place in the world. Turning to surrogacy is an act of hope, but also an act of profound vulnerability. She must trust another woman not only with her future child, but with her deepest wish.

In this dynamic, the story, rather unexpectedly to this author, became a conversation between devotion and betrayal, selflessness and selfishness. The pregnancy, like motherhood itself, carries an undeniable power, binding the two women together in ways that are both intimate and irreversible. The surrogate’s disappearance forces both the protagonist and the reader to confront uncomfortable truths: that love can coexist with resentment, that good intentions can sour, and that even lifelong promises—such as pinky swears made in childhood—can break under the weight of adult realities.

Writing this book meant sitting with uncomfortable questions. If you can’t carry your own child, are you somehow less entitled to motherhood? If another woman brings your baby into the world, where does ownership of that child’s love begin and end? And if a child is taken from you at the last possible moment, can you still call yourself a mother?

Pinky Swear asks readers to sit with the ache of unmet expectations and the messy, often painful reality of female relationships. It asks us to reconsider the stories we tell about motherhood, and to expand them beyond biology into something more human, more forgiving, and truer — that being a mother isn’t about carrying a child inside your body, but about the deep, resilient power of love, no matter the cost.

As I hope readers will do when they read Pinky Swear, I found myself asking not just what I hope I would do in such circumstances, but who I would be. Bitter or resilient. Closed off or open-hearted. Defined by loss or transformed by it. When the story ends, I believe the protagonist finds herself exactly where she was meant to be, and I hope readers will agree.

—-

Pinky Swear: Amazon|Barnes & Noble|Bookshop

Author socials: Website|Facebook|Instagram|YouTube

17:56

Slog AM: Tap-to-pay Arrives on Sound Transit, Tukwila Says ICE Out, Kristi Noem Might Have Made Up a Cannibal [The Stranger]

The Stranger's morning news roundup. by Vivian McCall

Tap: Screw your ORCA card. You can use your credit card or digital wallet to pay for all Sound Transit services. Eventually, tap-to-pay will be expanded to Kitsap Fast Ferries and the King County Water Taxi.

Fraud? According to progressive advocacy group Invest in Washington Now, someone is tampering with the official testimony record on the millionaires’ tax. As Nathalie wrote yesterday, the group confirmed nearly 38,000 duplicate sign-ins and 100 impersonations. State Sen. Victoria Hunt’s name was put down and she’s the bill’s co-sponsor! Not too sly.

Tukwila Says ICE Out: As ICE seeks to expand its detention centers, Tukwila City Council voted 7-0 to ban the construction of new correctional and detention centers for the next six months to a year. SeaTac passed a similar ban earlier this month, and city Councils in Seattle, Burien and Renton are considering them as well.

Yale is closed. The right turn lane from eastbound Denny Way to southbound Yale Avenue is closed for I-5 construction until March 20th. This will suck for a lot of people.

Weather: We’re partly sunny with a 30 percent chance of rain after noon. High of 47. On and off rain looks likely to ’til Saturday.

Close Your Eyes and Pretend You’re at Zoo Tunes: The summer lineup includes Belle and Sebastian playing “If You’re Feeling Sinister”, Pavement, the Mountain Goats, Jason Isbell, Courtney Barnett (with Built to Spill), the Breeders, and more. Tickets go on sale this Friday.

Even More Exciting: The State of the Union is tonight. Are we watching?

The US Women’s hockey team isn’t. They declined President Donald Trump’s invitation for logistical, not political, reasons. Most of the team didn’t arrive in the states on a commercial flight until late yesterday. The men’s team arrived earlier on a charter plane to Miami, but it’s unclear if they’ll attend either. Trump joked that he’d be “impeached” if he didn’t invite both teams.

Chicago named a snowplow “Abolish ICE.” The other five winners of the annual “You Name a Snowplow” contest are “Stephen Coldbert,” “Pope Frío,” “The Blizzard of Oz,” “Svencoolie,” and “Caleb Chillems.” A record 39,000 people voted in this year’s contest.

Did Kristi Noem make up a cannibal? The Homeland Security Secretary told an absurd story on Fox News last summer: The US had deported a maneater who (for lack of pretzels?) began to eat himself on the flight home. At the time, The Intercept was unable to confirm any details about the story, but now they know it’s a lie for sure. Three federal law enforcement officials told the site that the entire story was fabricated. A DHS spokesperson said Noem had heard the story from an air marshal. “Asked if the story came from Noem or the U.S. Marshals, one official was unequivocal: ‘Noem.’”

Related: Remember when Trump couldn’t stop talking about the “late, great Hannibal Lecter” at his rallies for no conceivable reason?

Silence of the Lamb! Has anyone ever seen The Silence of the Lambs? The late, great Hannibal Lecter is a wonderful man. He oftentimes would have a friend for dinner. Remember the last scene? Excuse me, I’m about to have a friend for dinner as this poor doctor walked by. I’m about to have a friend for dinner. But Hannibal Lecter. Congratulations. The late, great Hannibal Lecter. We have people that are being released into our country that we don’t want in our country.

This addled mind is considering war with Iran.

Karma: Emails show author and guru Deepak Chopra was bosom buddies with Jeffrey Epstein. The two talked frequently between 2016 and 2019, the year Epstein was arrested for running a sex-traffacking ring and sexually abusing girls, and arranged several meetings at Epstein’s properties. On two occasions, Chopra encouraged the sex criminal and financier to bring his “girls” on international trips. It’s unclear if Epstein accepted his offer. CNN has more.

Tips: “Today” host Savannah Guthrie’s family is offering up to $1 million for information that leads to Nancy Guthrie’s recovery. The 84-year-old was kidnapped from her Tucson home nearly a month ago.

Clarification: Sound Transit let us know that KUOW misreported that tap-to-pay was also coming to Washington State Ferries. They've updated and so have we. Also, do not screw your ORCA card if you're getting senior or income-qualified transit fare discounts. You'll still need it.

The 2026 Capitol Hill Block Party Lineup Is Here! [The Stranger]

The Capitol Hill Block Party lineup is here with headliners MUNA, Magdalena Bay, Wet Leg, and DJ Trixie Mattel by Audrey Vann

Capitol Hill Block Party is back for its 28th year with the most gayotic lineup yet. While last year’s festival featured electronic-leaning headliners (Thundercat, Porter Robinson, 100 gecs), this year dives back into the pop sphere with gems like MUNA, Magdalena Bay, Wet Leg, and Parcels, plus DJ sets from Trixie Mattel and Tinashe. The festival will once again be 21+ in an effort, according to Daydream State, to “[optimize] the footprint across the Pike/Pine corridor to deliver an elevated fan experience while supporting neighborhood flow and local businesses.”

They’ve also expanded to three days this year (compared to last year’s two-day festival), splitting up mainstage acts to hopefully avoid Chappell Roan-sized crowds (I was there, and I was afraid for my life—can someone please make commemorative shirts that say “I Survived Chappell Roan at CHBP 2024?”)

Here's the full lineup:

MUNA * Disco Lines * Wet Leg * Parcels * Magdalena Bay * Tinashe (DJ Set) * Trixie Mattel (DJ Set) * Amber Mark * Zack Fox * jigitz * Between Friends * nimino * Frost Children * Ninajirachi * MPH * Haute & Freddy * Momma * Rochelle Jordan * mallrat * Lucy Bedroque * Jim Legxacy * After * Night Tapes * Avalon Emerson & the Charm * WHATMORE * DJ_Dave * MGNA Crrrta * Gelli Haha * Otha * Babymorocco * Aliyah’s Interlude * Oxis * NICKCHEO * Avery Cochrane * Instant Crush * TeZATalks

Three-day general admission passes ($199 + fees) and VIP passes ($365 + fees) for CHBP are available starting right now (Tuesday, Feb 24 at 9 a.m. PT). Additional ticket types, including single-day passes, will be released in the coming months.

Visit the CHBP website for complete pricing and programming information.

17:07

App verification isn't Google's only evil [Planet GNU]

GNU Awk 5.4.0 released [LWN.net]

Version 5.4.0 of GNU awk (gawk) has been released. This is a major release with a change in gawk's default regular-expression matcher: it now uses MinRX as the default regular-expression engine.

This matcher is fully POSIX compliant, which the current GNU matchers are not. In particular it follows POSIX rules for finding the longest leftmost submatches. It is also more strict as to regular expression syntax, but primarily in a few corner cases that normal, correct, regular expression usage should not encounter.

Because regular expression matching is such a fundamental part of awk/gawk, the original GNU matchers are still included in gawk. In order to use them, give a value to the GAWK_GNU_MATCHERS environment variable before invoking gawk.

[...] The original GNU matchers will eventually be removed from gawk. So, please take the time to notice and report any issues in the MinRX matcher, so that they can be ironed out sooner rather than later.

See the release announcement for additional changes.

16:21

Firefox 148.0 released [LWN.net]

Version 148 of Firefox has been released. The most notable change in this release is the addition of a "Block AI enhancements" option that allows turning off "new or current AI enhancements in Firefox, or pop-ups about them" with a single toggle.

With this release, Firefox now supports the Trusted Types API to help prevent cross-site scripting attacks as well as the Sanitizer API that provides new methods for HTML manipulation. See the release notes for developers for changes that may affect web developers or those who create Firefox add-ons.

15:35

Customizing the ways the dialog manager dismisses itself: Isolating the Close pathway [The Old New Thing]

We started by exploring the signals the dialog manager uses for dismissing a dialog. Now we can use that information to customize the dismiss behavior.

Let’s start with a diagram, because people like diagrams.

		`WM_SYSCOMMAND`/ `SC_CLOSE`	←	Close button/ `Alt`+`F4`/ System menu Close
		↓
		`WM_CLOSE`		User hits `ESC`
		↓		↓
User clicks Cancel button	→	`WM_COMMAND`/ `BN_CLICK`/ `IDCANCEL`	←	`IsDialogMessage`

We noted at the end of that article that if you have a button whose ID is IDCANCEL, the dialog manager will defer to that button to decide whether to allow ESC key, the Close button, or other nonclient affordances to convert the corresponding action to a simulated click on that button. So the obvious way to take advantage of this is to put a Cancel button on your dialog box, and disable it when you don’t want the user to dismiss the dialog box with the ESC key, the Close button, or other standard affordances.¹

Notice that everything in the diagram funnels into WM_COMMAND/IDCANCEL, even if you don’t actually have a control whose ID is IDCANCEL. If you add a handler to your dialog procedure for WM_COMMAND, then all of the actions will come through that handler, and you can customize the behavior at that point. You could call EndDialog to close the dialog or just return without doing anything to keep the dialog open.

Now, if you have no intention of closing the dialog in response to the Close button or the system menu Close command, then you probably shouldn’t leave them enabled. You can gray those out by doing

    EnableMenuItem(GetSystemMenu(hDlg, FALSE), SC_CLOSE,
                   MF_BYCOMMAND | MF_DISABLED | MF_GRAYED);

Okay, but what if you want to treat the Close button differently?

From the diagram, we see that the Close button goes through a WM_CLOSE phase, so you can handle the WM_CLOSE message in your dialog procedure to do whatever custom Close button behavior you want. If you return TRUE from the dialog procedure, then that will mark the message as handled, and further processing will stop. if you return FALSE, then the DefDlgProc will turn the WM_CLOSE into the WM_COMMAND message as before.

If you want to treat the ESC key differently from a click on the Cancel button, you’ll have to intercept it on the IsDialogMessage path. We’ll look at that next time.

¹ Now, you might notice that there is no requirement that the IDCANCEL button be in the tab order, or that it even be visible. The dialog manager merely checks whether it is enabled. Therefore, you might be tempted to control these actions by disabling your (invisible, non-tabbable) IDCANCEL button. This is sneaky, but it will probably confuse assistive technology tools, and anybody else who inspects the window hierarchy, and besides, it’s more complicated than the other alternatives presented here.

The post Customizing the ways the dialog manager dismisses itself: Isolating the Close pathway appeared first on The Old New Thing.

[$] As ye clone(), so shall ye AUTOREAP [LWN.net]

The facilities provided by the kernel for the management of processes have evolved considerably in the last few years, driven mostly by the advent of the pidfd API. A pidfd is a file descriptor that refers to a process; unlike a process ID, a pidfd is an unambiguous handle for a process; that makes it a safer, more deterministic way of operating on processes. Christian Brauner, who has driven much of the pidfd-related work, is proposing two new flags for the clone3() system call, one of which changes the kernel's security model in a somewhat controversial way.

14:49

Security updates for Tuesday [LWN.net]

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and munge), Debian (openssl), Mageia (gegl), Oracle (firefox, freerdp, gnupg2, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, java-11-openjdk, kernel, libpng15, munge, nodejs:20, nodejs:22, protobuf, and uek-kernel), SUSE (libpng12, libpng16, and openQA, openQA-devel-container, os-autoinst), and Ubuntu (gimp, libssh, and linux-azure).

John Goerzen: Screen Power Saving in the Linux Console [Planet Debian]

I just made up a Debian trixie setup that has no need for a GUI. In fact, I rarely use the text console either. However, because the machine is dual boot and also serves another purpose, it’s connected to my main monitor and KVM switch.

The monitor has three inputs, and when whatever display it’s set to goes into powersave mode, it will seek out another one that’s active and automatically switch to it.

You can probably see where this is heading: it’s really inconvenient if one of the inputs never goes into powersave mode. And, of course, it wastes energy.

I have concluded that the Linux text console has lost the ability to enter powersave mode after an inactivity timeout. It can still do screen blanking — setting every pixel to black — but that is a distinct and much less useful thing.

You can do a lot of searching online that will tell you what to do. Almost all of it is wrong these days. For instance, none of these work:

Anything involving vbetool. This is really, really old advice.
Anything involving xset, unless you’re actually running a GUI, which is not the point of this post.
Anything involving setterm or the kernel parameters video=DPMS or consoleblank.
Anything involving writing to paths under /sys, such as ones ending in dpms.

Why is this?

Well, we are on at least the third generation of Linux text console display subsystems. (Maybe more than 3, depending on how you count.) The three major ones were:

The VGA text console
fbdev
DRI/KMS

As I mentioned recently in my post about running an accurate 80×25 DOS-style console on modern Linux, the VGA text console mode is pretty much gone these days. It relied on hardware rendering of the text fonts, and that capability simply isn’t present on systems that aren’t PCs — or even on PCs that are UEFI, which is most of them now.

fbdev, or a framebuffer console under earlier names, has been in Linux since the late 1990s. It was the default for most distros until more recently. It supported DPMS powersave modes, and most of the instructions you will find online reference it.

Nowadays, the DRI/KMS system is used for graphics. Unfortunately, it is targeted mainly at X11 and Wayland. It is also used for the text console, but things like DPMS-enabled timeouts were never implemented there.

You can find some manual workarounds — for instance, using ddcutil or similar for an external monitor, or adjusting the backlight files under /sys on a laptop. But these have a number of flaws — making unwanted brightness adjustments, and not automatically waking up on keypress among them.

My workaround

I finally gave up and ran apt-get install xdm. Then in /etc/X11/xdm/Xsetup, I added one line:

xset dpms 0 0 120

Now the system boots into an xdm login screen, and shuts down the screen after 2 minutes of inactivity. On the rare occasion where I want a text console from it, I can switch to it and it won’t have a timeout, but I can live with that.

Thus, quite hopefully, concludes my series of way too much information about the Linux text console!

14:42

Representative Line: Years Go By [The Daily WTF]

Henrik H's employer thought they could save money by hiring offshore, and save even more money by hiring offshore junior developers, and save even more money by basically not supervising them at all.

Henrik sends us just one representative line:

if (System.DateTime.Now.AddDays(-365) <= f.ReleaseDate) // 365 days means one year

I appreciate the comment, that certainly "helps" explain the magic number. There's of course, just one little problem: It's wrong. I mean, ~75% of the time, it works every time, but it happily disregards leap years. Which may or may not be a problem in this case, but if they got so far as learning about the AddDays method, they were inches from using AddYears.

I guess it's true what they say: you can lead a dev to docs, but you can't make them think.

[Advertisement] Picking up NuGet is easy. Getting
good at it takes time. 
Download our guide to learn the best practice of NuGet for the
Enterprise.

14:14

Really Simple Languages from AI [Scripting News]

It took me a while to realize..

Agents are server software.
The things you used to write in Node.js and before that PHP and Perl, and in my case Frontier.
I had been trying to get ChatGPT to do exactly that for months.

We're going to spend a while reimplementing all our server software.

It would be super helpful if the whole thing could be packaged up so we can write our servers in English or whatever our preferred Really Simple Language is, and have it compiled to whatever internal language it likes, and not have to learn too much new jargon.

13:28

Control Planes for Autonomous AI: Why Governance Has to Move Inside the System [Radar]

For most of the past decade, AI governance lived comfortably outside the systems it was meant to regulate. Policies were written. Reviews were conducted. Models were approved. Audits happened after the fact. As long as AI behaved like a tool—producing predictions or recommendations on demand—that separation mostly worked. That assumption is breaking down.

As AI systems move from assistive components to autonomous actors, governance imposed from the outside no longer scales. The problem isn’t that organizations lack policies or oversight frameworks. It’s that those controls are detached from where decisions are actually formed. Increasingly, the only place governance can operate effectively is inside the AI application itself, at runtime, while decisions are being made. This isn’t a philosophical shift. It’s an architectural one.

When AI Fails Quietly

One of the more unsettling aspects of autonomous AI systems is that their most consequential failures rarely look like failures at all. Nothing crashes. Latency stays within bounds. Logs look clean. The system behaves coherently—just not correctly. An agent escalates a workflow that should have been contained. A recommendation drifts slowly away from policy intent. A tool is invoked in a context that no one explicitly approved, yet no explicit rule was violated.

These failures are hard to detect because they emerge from behavior, not bugs. Traditional governance mechanisms don’t help much here. Predeployment reviews assume decision paths can be anticipated in advance. Static policies assume behavior is predictable. Post hoc audits assume intent can be reconstructed from outputs. None of those assumptions holds once systems reason dynamically, retrieve context opportunistically, and act continuously. At that point, governance isn’t missing—it’s simply in the wrong place.

The Scaling Problem No One Owns

Most organizations already feel this tension, even if they don’t describe it in architectural terms. Security teams tighten access controls. Compliance teams expand review checklists. Platform teams add more logging and dashboards. Product teams add additional prompt constraints. Each layer helps a little. None of them addresses the underlying issue.

What’s really happening is that governance responsibility is being fragmented across teams that don’t own system behavior end-to-end. No single layer can explain why the system acted—only that it acted. As autonomy increases, the gap between intent and execution widens, and accountability becomes diffuse. This is a classic scaling problem. And like many scaling problems before it, the solution isn’t more rules. It’s a different system architecture.

A Familiar Pattern from Infrastructure History

We’ve seen this before. In early networking systems, control logic was tightly coupled to packet handling. As networks grew, this became unmanageable. Separating the control plane from the data plane allowed policy to evolve independently of traffic and made failures diagnosable rather than mysterious.

Cloud platforms went through a similar transition. Resource scheduling, identity, quotas, and policy moved out of application code and into shared control systems. That separation is what made hyperscale cloud viable. Autonomous AI systems are approaching a comparable inflection point.

Right now, governance logic is scattered across prompts, application code, middleware, and organizational processes. None of those layers was designed to assert authority continuously while a system is reasoning and acting. What’s missing is a control plane for AI—not as a metaphor but as a real architectural boundary.

What “Governance Inside the System” Actually Means

When people hear “governance inside AI,” they often imagine stricter rules baked into prompts or more conservative model constraints. That’s not what this is about.

Embedding governance inside the system means separating decision execution from decision authority. Execution includes inference, retrieval, memory updates, and tool invocation. Authority includes policy evaluation, risk assessment, permissioning, and intervention. In most AI applications today, those concerns are entangled—or worse, implicit.

A control-plane-based design makes that separation explicit. Execution proceeds but under continuous supervision. Decisions are observed as they form, not inferred after the fact. Constraints are evaluated dynamically, not assumed ahead of time. Governance stops being a checklist and starts behaving like infrastructure.

Execution from governance separation in AI systems

Figure 1. Separating execution from governance in autonomous AI systems

Reasoning, retrieval, memory, and tool invocation operate in the execution plane, while a runtime control plane continuously evaluates policy, risk, and authority—observing and intervening without being embedded in application logic.

Where Governance Breaks First

In practice, governance failures in autonomous AI systems tend to cluster around three surfaces.

Reasoning. Systems form intermediate goals, weigh options, and branch decisions internally. Without visibility into those pathways, teams can’t distinguish acceptable variance from systemic drift.

Retrieval. Autonomous systems pull in context opportunistically. That context may be outdated, inappropriate, or out of scope—and once it enters the reasoning process, it’s effectively invisible unless explicitly tracked.

Action. Tool use is where intent becomes impact. Systems increasingly invoke APIs, modify records, trigger workflows, or escalate issues without human review. Static authorization models don’t map cleanly onto dynamic decision contexts.

These surfaces are interconnected, but they fail independently. Treating governance as a single monolithic concern leads to brittle designs and false confidence.

Control Planes as Runtime Feedback Systems

A useful way to think about AI control planes is not as gatekeepers but as feedback systems. Signals flow continuously from execution into governance: confidence degradation, policy boundary crossings, retrieval drift, and action escalation patterns. Those signals are evaluated in real time, not weeks later during audits. Responses flow back: throttling, intervention, escalation, or constraint adjustment.

This is fundamentally different from monitoring outputs. Output monitoring tells you what happened. Control plane telemetry tells you why it was allowed to happen. That distinction matters when systems operate continuously, and consequences compound over time.

Figure 2. Runtime governance as a feedback loop

Behavioral telemetry flows from execution into the control plane, where policy and risk are evaluated continuously. Enforcement and intervention feed back into execution before failures become irreversible.

Want Radar delivered straight to your inbox? Join us on Substack. Sign up here.

A Failure Story That Should Sound Familiar

Consider a customer-support agent operating across billing, policy, and CRM systems.

Over several months, policy documents are updated. Some are reindexed quickly. Others lag. The agent continues to retrieve context and reason coherently, but its decisions increasingly reflect outdated rules. No single action violates policy outright. Metrics remain stable. Customer satisfaction erodes slowly.

Eventually, an audit flags noncompliant action. At that point, teams scramble. Logs show what the agent did but not why. They can’t reconstruct which documents influenced which decisions, when those documents were last updated, or why the agent believed its actions were valid at the time.

This isn’t a logging failure. It’s the absence of a governance feedback loop. A control plane wouldn’t prevent every mistake, but it would surface drift early—when intervention is still cheap.

Why External Governance Can’t Catch Up

It’s tempting to believe better tooling, stricter reviews, or more frequent audits will solve this problem. They won’t.

External governance operates on snapshots. Autonomous AI operates on streams. The mismatch is structural. By the time an external process observes a problem, the system has already moved on—often repeatedly. That doesn’t mean governance teams are failing. It means they’re being asked to regulate systems whose operating model has outgrown their tools. The only viable alternative is governance that runs at the same cadence as execution.

Authority, Not Just Observability

One subtle but important point: Control planes aren’t just about visibility. They’re about authority.

Observability without enforcement creates a false sense of safety. Seeing a problem after it occurs doesn’t prevent it from recurring. Control planes must be able to act—to pause, redirect, constrain, or escalate behavior in real time.

That raises uncomfortable questions. How much autonomy should systems retain? When should humans intervene? How much latency is acceptable for policy evaluation? There are no universal answers. But those trade-offs can only be managed if governance is designed as a first-class runtime concern, not an afterthought.

The Architectural Shift Ahead

The move from guardrails to control loops mirrors earlier transitions in infrastructure. Each time, the lesson was the same: Static rules don’t scale under dynamic behavior. Feedback does.

AI is entering that phase now. Governance won’t disappear. But it will change shape. It will move inside systems, operate continuously, and assert authority at runtime. Organizations that treat this as an architectural problem—not a compliance exercise—will adapt faster and fail more gracefully. Those who don’t will spend the next few years chasing incidents they can see, but never quite explain.

Closing Thought

Autonomous AI doesn’t require less governance. It requires governance that understands autonomy.

That means moving beyond policies as documents and audits as events. It means designing systems where authority is explicit, observable, and enforceable while decisions are being made. In other words, governance must become part of the system—not something applied to it.

Today's links

Socialist excellence in New York City: The real efficiency is insourcing and ending public-private partnerships.
Hey look at this: Delights to delectate.
Object permanence: UK antipiracy office will catch Firefox crooks; Batpole flip-top bust; "Order of Odd-Fish"; Scott Walker v fake Kochl; Billg wants to backdoor Microsoft; NSA spied on world leaders; Trump They Live mask; "Unicorns vs Goblins"; Covid German.
Upcoming appearances: Where to find me.
Recent appearances: Where I've been.
Latest books: You keep readin' em, I'll keep writin' 'em.
Upcoming books: Like I said, I'll keep writin' 'em.
Colophon: All the rest.

Socialist excellence in New York City (permalink)

In her magnificent 2023 book Doppelganger, Naomi Klein describes the "mirror world" of right wing causes that are weird, conspiratorial versions of the actual things that leftists care about:

https://pluralistic.net/2023/09/05/not-that-naomi/#if-the-naomi-be-klein-youre-doing-just-fine

For example, Trump rode to power on the back of Qanon, a movement driven by conspiratorial theories of a cabal of rich and powerful people who were kidnapping, trafficking and abusing children. Qanon followers were driven to the most unhinged acts by these theories, shooting up restaurants and demanding to be let into nonexistent basements:

https://www.newsweek.com/pizzagate-gunman-killed-north-carolina-qanon-2012850

And while Qanon theories about children being disguised as reasonably priced armoires are facially absurd, the right's obsession with imaginary children is a long-established phenomenon:

https://www.bbc.co.uk/news/world-53416247

Think of the conservative movement's all-consuming obsession with the imaginary lives of children that aborted fetuses might have someday become, and its depraved indifference to the hunger and poverty of actual children in America:

https://unitedwaynca.org/blog/child-poverty-in-america/

Trump's most ardent followers reorganized their lives around the imagined plight of imaginary children, while making excuses for Trump's first-term "Kids in Cages" policy:

https://www.bbc.co.uk/news/world-us-canada-44518942

Obviously, this has only gotten worse in Trump's second term. The same people whose entire political identity is nominally about defending "unborn children" are totally indifferent to the actual born children that DOGE left to die by the thousands:

https://hsph.harvard.edu/news/usaid-shutdown-has-led-to-hundreds-of-thousands-of-deaths/

They cheered Israel's slaughter and starvation of children during the siege of Gaza and they are cheering it on still today:

https://www.savethechildren.net/news/gaza-20000-children-killed-23-months-war-more-one-child-killed-every-hour

As for pedophile traffickers, the same Qanon conspiracy theorists who cooked their brains with fantasies about Trump smiting the elite pedophiles are now making excuses for Trump's central role in history's most prolific child rape scandal:

https://en.wikipedia.org/wiki/Relationship_of_Donald_Trump_and_Jeffrey_Epstein

This is the mirror-world as Klein described it: a real problem (elite impunity for child abuse; the sadistic targeting of children in war crimes; the impact of poverty on children) filtered through a fever-swamp of conspiratorial nonsense. It's a world that would do anything to save imaginary children while condemning living, real children to grinding poverty, sexual torture, starvation and murder.

Once you know about Klein's mirror-world, you see it everywhere – from conservative panics about the power of Big Tech platforms (that turn out to be panics about what Big Tech does with that power, not about the power of tech itself):

https://pluralistic.net/2026/02/13/khanservatives/#kid-rock-eats-shit

To conservative panics about health – that turn out to be a demand to dismantle America's weak public health system and America's weak regulation of the supplements industry:

https://www.conspirituality.net/episodes/brief-maha-is-a-supplements-grift

But lately, I've been thinking that maybe the mirror shines in both directions: that in addition to the warped reflection of the right's mirror world, there is a left mirror world where we can find descrambled, clarified versions of the right's twisted obsessions.

I've been thinking about this since I read a Corey Robin blog post about Mamdani's campaign rhetoric, in which Mamdani railed against "mediocrity" and promised "excellence":

https://coreyrobin.com/2025/11/15/excellence-over-mediocrity-from-mamdani-to-marx-to-food/

Robin pointed out that while this framing might strike some leftists as oddly right-coded, it has a lineal descent from Marx, who advocated for industrialization and mass production because the alternative would be "universal mediocrity.”

Robin went on to discuss a largely lost thread of "socialist perfectionism" ("John Ruskin and William Morris to Bloomsbury Bolsheviks like Virginia Woolf and John Maynard Keynes") who advocated for the public provision of excellence.

He identifies Marx's own mirror world analysis, pointing out that Marx identified a fundamental difference between capitalist and socialist theories of the division of labor. While capitalists saw the division of labor as a way to increase quantity, socialists were excited by the prospect of increasing quality.

(There's a centaur/reverse centaur comparison lurking in there, too. If you're a centaur radiologist, who gets an AI tool that flags some diagnoses you may have missed, then you're improving the rate of tumor identification. If you're a reverse centaur radiologist who sees 90% of your colleagues fired and replaced with a chatbot whose work you are expected to sign off on at a rate that precludes even cursory inspection, you're increasing X-ray throughput at the expense of accuracy):

https://pluralistic.net/2025/12/05/pop-that-bubble/#u-washington

(In other words: the reverse centaur is the mirror world version of a centaur.)

After the mayoral election, Mamdani doubled down on his pursuit of high-quality public services. In his inaugural speech, Mamdani promised a government "where excellence is no longer the exception":

https://www.nytimes.com/2026/01/01/nyregion/mamdani-inauguration-speech-transcript.html

Robin was also developing his appreciation for Mamadani's vision of public excellence. In the New York Review of Books, Robin made the case that it was a mistake for Democrats to have ceded the language of efficiency and quality to Republicans:

https://www.nybooks.com/online/2025/12/31/democratic-excellence-zohran-mamdani/

Where Democrats do talk about efficiency, they talk about it in Republican terms: "We'll run the government like a business." Mamdani, by contrast, talks about running the government like a government – a good government, a government committed to excellence.

Writing in Jacobin, Conor Lynch takes a trip into the good side of the mirror world, unpacking the idea of socialist excellence in Mamdani's governance promises:

https://jacobin.com/2026/02/zohran-mamdani-efficiency-nyc-budget/

During the Mamdani campaign, "efficiency" was just one plank of the platform. But once Mamdani took office, he learned that his predecessor, the lavishly corrupt Eric Adams, had lied about the city's finances, leaving a $12b hole in the budget:

https://www.nyc.gov/mayors-office/news/2026/01/mayor-mamdani-details–adams-budget-crisis-

Mamdani came to power in New York on an ambitious platform of public service delivery, and not just because this is the right thing to do, but because investment in a city's people and built environment pays off handsomely.

Maintenance is always cheaper than repair, and one of the main differences between a business and a government is that a business's shareholders can starve maintenance budgets, cash out, and leave the collapsing firm behind them, while governments must think about the long term consequences of short-term thinking (the fact that so many Democratic governments have failed to do this is a consequence of Democrats adopting Republicans' framing that a good government is "run like a business").

The best time to invest in New York City was 20 years ago. The second best time is now. For Mamdani to make those investments and correct the failures of his predecessors, he needs to find some money.

Mamdani's proposal for finding this money sounds pretty conservative: he's going to cut waste in government. He's ordered each city agency to appoint a "Chief Savings Officer" who will "review performance, eliminate waste and streamline service delivery." These CSOs are supposed to find a 1.5% across-the-board savings this year and 2.5% next year:

https://www.nyc.gov/mayors-office/news/2026/01/mayor-mamdani-signs-executive-order-to-require-chief-savings-off

Does this sound like DOGE to you? It kind of does to me, but – crucially – this is mirror-world DOGE. DOGE's project was to make cuts to government in order to make government "run like a business." Specifically, DOGE wanted to transform the government into the kind of business that makes cuts to juice the quarterly numbers at the expense of long-term health:

https://www.forbes.com/sites/suzannerowankelleher/2024/10/24/southwest-airlines-bends-to-activist-investor-restructures-board/

But Mamdani's mirror-world DOGE is looking to find efficiencies by cutting things like sweetheart deals with private contractors and consultants, who cost the city billions. It's these private sector delegates of the state that are the source of government waste and bloat.

The literature is clear on this: when governments eliminate their own capacity to serve the people and hire corporations to do it on their behalf, the corporations charge more and deliver less:

https://calmatters.org/commentary/2019/02/public-private-partnerships-are-an-industry-gimmick-that-dont-serve-public-well/

As Lynch writes, DOGE's purpose was to dismantle as much of the government as possible and shift its duties to Beltway Bandits who could milk Uncle Sucker for every dime. Mamdani's ambition, meanwhile, is to "restore faith in government [and] demonstrate that the public sector can match or even surpass the private sector in excellence."

As Mamdani said in his inauguration speech, "For too long, we have turned to the private sector for greatness, while accepting mediocrity from those who serve the public."

Turning governments into businesses has been an unmitigated failure. After decades of outsourcing, the government hasn't managed to shrink its payroll, but government workers are today primarily employed in wheedling private contractors to fulfill their promises, even as public spending has quintupled:

https://www.brookings.edu/articles/is-government-too-big-reflections-on-the-size-and-composition-of-todays-federal-government/

Instead of having a government employee do a government job, that govvie oversees a private contractor who costs twice as much…and sucks at their job:

https://www.pogo.org/reports/bad-business-billions-of-taxpayer-dollars-wasted-on-hiring-contractors

There's a wonderful illustration of this principle at work in Edward Snowden's 2019 memoir Permanent Record:

https://memex.craphound.com/2019/09/24/permanent-record-edward-snowden-and-the-making-of-a-whistleblower/

After Snowden broke both his legs during special forces training and washed out, he went to work for the NSA. After a couple years, his boss told him that Congress capped the spy agencies' headcount but not their budgets, so he was going to have to quit his job at the NSA and go to work for one of the NSA's many contractors, because the NSA could hire as many contractors as it wanted.

So Snowden is sent to a recruiter who asks him how much he's making as a government spy. Snowden quotes a modest 5-figure sum. The recruiter is aghast and tells Snowden that he gets paid a percentage of whatever Snowden ends up making as a government contractor, and promptly triples Snowden's government salary. Why not? The spy agencies have unlimited budgets, and will pay whatever the private company that Snowden nominally works for bills them at. Everybody wins!

Ladies and gentlemen, the efficiency of government outsourcing. Run the government like a business!

As bad as this is when the government hires outside contractors to do things, it's even worse when they hire outside contractors to consult on things. Under Prime Minister Justin Trudeau, the Canadian government spent a fortune on consultants, especially at the start of the pandemic:

https://pluralistic.net/2023/01/31/mckinsey-and-canada/#comment-dit-beltway-bandits-en-canadien

The main beneficiary of these contracts was McKinsey, who were given a blank cheque and no oversight – they were even exempted from rules requiring them to disclose conflicts of interest.

Trudeau raised Canadian government spending by 40%, to $11.8 billion, creating a "shadow civil service" that cost vastly more than the actual civil service – the government spent $1.85b on internal IT expertise, and $2.3b on outside contractors.

These contractors produced some of the worst IT boondoggles in government history, including the bungled "ArriveCAN" contact tracing program. The two-person shop that won the contract outsourced it to KPMG and raked off a 15-30% commission.

Before Trudeau, Stephen Harper paid IBM to build Phoenix – a payroll system that completely failed and was, amazingly, far worse than ArriveCAN. IBM got $309m to build Phoenix, and then Canada spent another $506m to fix it and compensate the people whose lives it ruined.

Wherever you find these contractors, you find stupendous waste and fraud. I remember in the early 2000s, when Dan "City of Sound" Hill was working at the BBC and wanted to try an experiment to distribute MP3s of a radio programme.

The BBC – an organization with a long history of technical excellence – had given the exclusive contract for web delivery to Siemens, who wanted £10,000 to set up a web-server for the experiment. Dan rented a server from an online provider and put it all on his personal card, serving tens of thousands of MP3s for less than £10. It turns out that letting your technical personnel do your technology development costs 1/1000th of what it costs to have contractors do it.

Running your public institution "like a business" is incredibly inefficient. Back when Musk and Ramaswamy announced their plan to cut $2t from the US federal budget, David Dayen published a plan to realize nearly that much savings just by attacking waste arising from running the government "like a business":

https://pluralistic.net/2025/01/27/beltway-bandits/#henhouse-foxes

The US government's own estimate of the losses due to contractor fraud comes out to $274b/year – roughly the size of the entire civil service payroll (the Corporation for Public Broadcasting, which Musk sadistically destroyed, accounts for 0.012% of federal spending).

Medicare "upcoding" – a form of fraud committed by companies like United Healthcare, the largest Medicare Advantage provider in the country – costs the public $83b/year:

https://www.medpac.gov/wp-content/uploads/2024/03/Mar24_ExecutiveSummary_MedPAC_Report_To_Congress_SEC.pdf

Congress has banned Medicare and Medicaid from bargaining for pharma prices, which is why the US government pays 178% more than other governments, for the same drugs, which are often developed at public expense:

https://aspe.hhs.gov/reports/comparing-prescription-drugs

The Pentagon is a cesspit of waste. It's not just firing spies and rehiring them as contractors at a 300% markup – that's just for starters. The Pentagon receives $840b/year and has failed its last three audits:

https://thehill.com/policy/defense/4992913-pentagon-fails-7th-audit-in-a-row-but-says-progress-made/

The conservative version of "efficiency" cashes out to "efficient at extracting value from public institutions, workers and customers." Mamdani's (good) mirror world "efficiency" means providing great public service through investing in public excellence.

New York City is overdue for this kind of overhaul. Everywhere you look in the city, you find high price consultants making out like bandits and starving the city of the funds it needs to deliver. The Second Avenue subway spent more on consultants than it spent on digging tunnels:

https://gothamist.com/news/mta-plans-to-hire-186m-consultant-to-oversee-second-avenue-subway-construction

Mamdani has pledged to audit the Department of Education's 25 largest contracts (the DOE spends $10b/year on outside contractors). He's rolling out "fiscal training and certification" for any government employee involved in procurement.

Mamdani isn't pretending he can bridge the gap that Adams left in the city's finances through efficiency alone: to make up the difference, he is going to tax NYC's millionaires, and ask the state to "rebalance" its relationship with NYC's taxpayers (NYC contributes 54.4% of the state budget, but only gets 40.5% in return).

As Lynch writes, NYC was the birthplace of austerity-driven outsourcing, following from the city's bankruptcy in 1975. 50 years later, Mamdani is bringing that age to a close.

Mamdani knows what the stakes are, too. He called efficiency "the most paramount left-wing concern, because it is either the fulfillment or the betrayal of that which motivates so much of our politics":

https://www.derekthompson.org/p/what-speaks-to-me-about-abundance

Mamdani is reviving the tradition of "sewer socialism," a governing philosophy based on "bringing people into your politics by improving their lives in obvious ways":

https://jacobin.com/2025/12/digital-sewer-socialism-public-ownership

Sewer socialism, public excellence, real efficiency: these are the (good) mirror world versions of the right's obsession with "government efficiency." On the conservative side of the mirror, "efficiency" is an excuse for hamstringing government employees and turning their budgets over to lazy, crooked contractors. On the left's side of the mirror, "efficiency" is building capacity in democratically accountable institutions that care about helping every person, and who deliver tomorrow's excellence by making long-term investments today.

(Image: DAVID ILIFF, CC BY-SA 3.0, modified)

Hey look at this (permalink)

The True North Strong And Speculative https://hugoclub.blogspot.com/2026/02/the-true-north-strong-and-speculative.html
The Economic Democracy Project is hiring our first Program Director https://www.linkedin.com/posts/vera-franz_edp-program-director-jd-ugcPost-7429172997611003906-GmNW/
A case study in civic fiction: A Gay Girl in Damascus and the structuring of cosmopolitan sympathy https://journals.sagepub.com/doi/10.1177/14648849261426443
Your AI-generated password isn't random, it just looks that way https://www.theregister.com/2026/02/18/generating_passwords_with_llms/
Skull Season https://fieldnotes.christopherbrown.com/p/skull-season?utm_source=substack&publication_id=29951&post_id=188606662&utm_medium=email&utm_content=share&utm_campaign=email-share&triggerShare=true&isFreemail=true&r=1mh2k&triedRedirect=true

Object permanence (permalink)

#20yrago UK anti-piracy officer assures Firefox she’ll catch the pirates who copy it https://web.archive.org/web/20060511105535/http://business.timesonline.co.uk/article/0,,9075-2051196,00.html

#20yrsago Diane Duane vows to finish trilogy as a reader-supported web-book https://web.archive.org/web/20060630094910/http://outofambit.blogspot.com/2006_02_01_outofambit_archive.html#114069083471800451

#15yrago Order of Odd-Fish, a funny, mannered, hilariously weird epic romp https://memex.craphound.com/2011/02/23/order-of-odd-fish-a-funny-mannered-hilariously-weird-epic-romp/

#15yrsago HOWTO make a batpole flip-top bust switch https://web.archive.org/web/20110218013400/https://www.thenewhobbyist.com/2011/02/wireless-light-switch-or-bust/

#15yrsago Travel guide for American invalids, 1887 https://web.archive.org/web/20110225235315/http://www.butifandthat.com/guide-for-invalids/

#15yrsago Archive.org and 150 libraries create 80,000 lendable ebook library https://archive.org/post/349420/in-library-ebook-lending-program-launched

#15yrsago Scott Walker tricked into spilling his guts to fake Koch brother https://web.archive.org/web/20110226135536/https://www.salon.com/news/the_labor_movement/index.html?story=/politics/war_room/2011/02/23/koch_walker_call

#10yrsago Bill Gates: Microsoft would backdoor its products in a heartbeat https://web.archive.org/web/20160223175618/https://recode.net/2016/02/22/bill-gates-is-backing-the-fbi-in-its-case-against-apple/

#10yrsago Wikileaks: NSA spied on UN Secretary General and world leaders over climate and trade https://wikileaks.org/nsa-201602/

#10yrsago Donald Trump They Live mask https://web.archive.org/web/20160224101815/http://www.trickortreatstudios.com/they-live-alien-donald-trump-limited-edition-halloween-mask.html

#10yrsago Unicorn vs. Goblins: the third amazing, hilarious Phoebe and her Unicorn collection! https://memex.craphound.com/2016/02/23/unicorn-vs-goblins-the-third-amazing-hilarious-phoebe-and-her-unicorn-collection/

#5yrsago German covid coinages https://pluralistic.net/2021/02/23/acceptable-losses/#Zeitgeist

#5yrsago A voyage to the moon of 1776 https://pluralistic.net/2021/02/23/acceptable-losses/#Filippo-Morghen

#5yrsago Malcolm X's true killers https://pluralistic.net/2021/02/23/acceptable-losses/#deathbeds-r-us

#5yrsago Private equity's nursing home killing spree https://pluralistic.net/2021/02/23/acceptable-losses/#disposable-olds

Upcoming appearances (permalink)

Montreal (remote): Fedimtl, Feb 24
https://fedimtl.ca/
Oslo (remote): Seminar og lansering av rapport om «enshittification»
https://www.forbrukerradet.no/siste-nytt/digital/seminar-og-lansering-av-rapport-om-enshittification/
Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
https://www.rebootcommunications.com/event/vipss2026/
Victoria: Enshittification at Russell Books, Mar 4
https://www.eventbrite.ca/e/cory-doctorow-is-coming-to-victoria-tickets-1982091125914
Barcelona: Enshittification with Simona Levi/Xnet (Llibreria Finestres), Mar 20
https://www.llibreriafinestres.com/evento/cory-doc
Montreal: Bronfman Lecture (McGill) Apr 10
https://www.eventbrite.ca/e/artificial-intelligence-the-ultimate-disrupter-tickets-1982706623885
Berkeley: Bioneers keynote, Mar 27
https://conference.bioneers.org/
Berlin: Re:publica, May 18-20
https://re-publica.com/de/news/rp26-sprecher-cory-doctorow
Berlin: Enshittification at Otherland Books, May 19
https://www.otherland-berlin.de/de/event-details/cory-doctorow.html
Hay-on-Wye: HowTheLightGetsIn, May 22-25
https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

Making The Internet Suck Less (Thinking With Mitch Joel)
https://www.sixpixels.com/podcast/archives/making-the-internet-suck-less-with-cory-doctorow-twmj-1024/
Panopticon :3 (Trashfuture)
https://www.patreon.com/posts/panopticon-3-150395435
America's Enshittification is Canada's Opportunity (Do Not Pass Go)
https://www.donotpassgo.ca/p/americas-enshittification-is-canadas
Everything Wrong With the Internet and How to Fix It, with Tim Wu (Ezra Klein)
https://www.nytimes.com/2026/02/06/opinion/ezra-klein-podcast-doctorow-wu.html
How the Internet Got Worse (Masters in Business)
https://www.youtube.com/watch?v=auXlkuVhxMo

Latest books (permalink)

"Canny Valley": A limited edition collection of the collages I create for Pluralistic, self-published, September 2025 https://pluralistic.net/2025/09/04/illustrious/#chairman-bruce
"Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
"Picks and Shovels": a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).
"The Bezzle": a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

"The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026
"Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026
"The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027
"Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027
"The Memex Method," Farrar, Straus, Giroux, 2027

Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America ( words today, total)

"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):