Friday, 27 March

18:28

Folk Etymologies [Penny Arcade]

As something of a connected phenomenon - my instinct is to say "corollary," but I think that's not correct - as Penny Arcade was unearthed by the wily Zillenial, the many fruits of our enterprise became known. The true facts of the name PAX, for example - a name I came up with in five seconds at Costco because we got a call saying the show thing we were trying to do needed a name. I'm always delighted when someone finds the information I tucked in there. Never you mind that the next question is usually "what's a Penny Arcade" because that's not what this story is about!!!

18:14

Paul Tagliamonte: librtlsdr.so for fun and profit [Planet Debian]

Interested in future updates? Follow me on mastodon at @paul@soylent.green. Posts about hz.tools will be tagged #hztools.

It’s well known and universally agreed that radios are cool. Among the contested field of coolest radios, Software Defined Radios (SDRs) are definitely the most interesting to me. Out of all of my (entirely too many) SDRs I own, the rtlsdr is still my #1. It’s just good. It’s a great price, extremely capable, reliable, well-supported, and compact. Why bother with anything else? Sure, it can’t transmit, uses a (fairly weird) 8 bit unsigned integer IQ representation, limited sampling rate, limited frequency range – but even with all that, it’s still the radio I will pack first. Don’t get me wrong, I love my Ettus radios, PlutoSDRs, HackRFs, my AirspyHF+ - they’re great! I just always find myself falling back to an rtl-sdr, every time.

Perhaps the best reason to use an rtlsdr is the absolutely mind-boggling amount of cool stuff people have written for it. The rtlsdr API is super easy to use, widely supported if you’re building on top of existing radio processing frameworks – it’s still a shock to me when something omits rtlsdr support.

sparky

Over the last 7 years, I’ve been learning about radios – I got my ham radio license (de K3XEC), hacked on some cool stuff where I’ve learned how radios work by “doing”, and even was lucky enough to give my first rf-centric talk at districtcon. Embarrassingly, I still haven’t gotten around to learning how the fancy stuff like GNU Radio works. I’m sure I’m going to love it when I do.

As part of this, I’ve also cooked up some very unprofessional formats and protocols I use for convenience. Locally, all my on-disk captures are stored in rfcap or more recently arf (post on this coming soon), while direct SDR access at my house is almost entirely a mix of the widely used rtl-tcp protocol, and my “riq” protocol (post on this coming soon). Both rtl-tcp and riq operate over the network, so I don’t have to bother with plugging things into USB ports, and I can share my radios with my friends.

All of that work sits in my current generation of radio processing code, “sparky” (a reference to spark-gap transmitters), which is a heap of Rust, supporting everything from no_std for embedded experiments, conditional support for interfacing with all the radios I own, and tokio-based async support in addition to blocking i/o for highly concurrent daemons. This quickly advanced beyond my old Go-based code (hz.tools/go-sdr), which I archived so I can focus on learning. I still think Go is a great language to write RF code in – but I can’t focus on that tech tree anymore.

Of course, this now poses a new problem – no one supports my format(s) or radio protocol(s), since, well, I’m the only one using them. I’ve committed a fair amount of my hardware to this setup, and yanking it from the rack to try something out does pose a bit of a pickle. This isn’t a huge deal for learning, but it does make it tedious to try out something from the internets.

librtlsdr.so

Thankfully, Rust has robust support for wrap[ping itself] in a grotesque simulacra of C’s skin and mak[ing its] flesh undulate, which is an attractive nuisance if i’ve ever seen one. Naturally, my ability to restrain myself from engaging in ill-advised rf adventures is basically zero, so it’s time to do the thing any similarly situated person would do – reimplement the API and ABI of librtlsdr.so, backed with sparky instead.

Since enumeration of devices is going to be annoying (specifically, they’re over the network), I decided early-on to rely on an explicit list of devices via a configuration file. I’d rather only load that once so programs don’t get confused, so I opted to use a CTOR to run a stub when the ELF is linked at runtime.

// lightly edited for clarity

#[used]
#[expect(unused)]
#[unsafe(link_section = ".init_array")]
pub static INITIALIZE: extern "C" fn() = sparky_rtlsdr_ctor;

#[unsafe(no_mangle)]
pub extern "C" fn sparky_rtlsdr_ctor() {
 let config: Config = {
 if let Ok(config_bytes) = std::fs::read("/etc/sparky-rtlsdr.toml") {
 toml::from_slice(&config_bytes).unwrap()
 } else {
 Config { device: vec![] }
 }
 };
 CONFIG.set(config);
}

Next, it’s time to start with the basics. Opening and closing a handle using rtlsdr_open and rtlsdr_close. Given we don’t control the runtime, and the rtl-sdr device handle is opaque (for good reason!), I opted to smuggle a rust Box<Device> non-FFI safe heap-allocated struct through the device handle pointer, and let C take ownership of the Box. No one should be looking in there anyway.

// lightly edited for clarity

#[unsafe(no_mangle)]
pub unsafe extern "C" fn rtlsdr_open(dev: *mut *mut Handle, index: u32) -> int {
 let config = &CONFIG.device[index as usize];
 let sdr = match config.load() {
 Ok(v) => v,
 Err(err) => {
 return -1;
 }
 };
 let handle = Box::new(Handle { config, sdr });
 unsafe { *dev = Box::into_raw(handle) };
 0
}

#[unsafe(no_mangle)]
pub unsafe extern "C" fn rtlsdr_close(dev: *mut Handle) -> int {
 let dev = unsafe { Box::from_raw(dev) };
 drop(dev);
 0
}

With that in place, we can chip away at the API surface, translating calls as best as we can. I won’t bother listing it all, since it’s not very interesting – but here’s an example implementation of rtlsdr_set_sample_rate and rtlsdr_get_sample_rate. These calls are translating from an rtl-sdr frequency (which is a u32 containing the value as Hz) into a sparky Frequency type, and invoking get_sample_rate or set_sample_rate on the device’s rust handle. Since each device implements the sparky Sdr trait, the actual underlying device doesn’t matter much here.

#[unsafe(no_mangle)]
pub unsafe extern "C" fn rtlsdr_set_sample_rate(dev: *mut Handle, rate: u32) -> int {
 let dev = unsafe { &mut *dev };
 let rate = Frequency::from_hz(rate as i64);
 if let Err(err) = dev.sdr.set_sample_rate(dev.channel, rate) {
 return -1;
 }
 0
}

#[unsafe(no_mangle)]
pub unsafe extern "C" fn rtlsdr_get_sample_rate(dev: *mut Handle) -> u32 {
 let dev = unsafe { &mut *dev };
 let freq = match dev.sdr.get_sample_rate(dev.channel) {
 Ok(freq) => freq,
 Err(err) => {
 return 0;
 }
 };
 freq.as_hz() as u32
}

After repeating this process for the rest of the stubs I could (and otherwise setting error conditions if the functionality is not supported), I was ready to try it out. Within sparky, I patched my “MockSDR” (basically a Sdr traited Mock type) to implement the same testmode IQ protocol that the RTL-SDR has, and decided to see if rtl_test from apt without any changes could be fooled.

$ rtl_test
No supported devices found.

Great, cool. No devices plugged in. Looks great. Let’s try it with my librtlsdr.so LD_PRELOAD-ed into the binary first:

$ LD_PRELOAD=target/release/librtlsdr.so rtl_test
Found 1 device(s):
 0: hz.tools, mock sdr, SN: totally legit no tricks

Using device 0: sparky mock sdr
Supported gain values (0):
Sampling at 2048000 S/s.

Info: This tool will continuously read from the device, and report if
samples get lost. If you observe no further output, everything is fine.

Reading samples in async mode...
^CSignal caught, exiting!

User cancel, exiting...
Samples per million lost (minimum): 0
$

Outstanding. Even more outstandingly, if I change my testmode implementation to skip samples, rtl_test correctly reports the errors – I think it’s showing promise! On to try the real endgame here – let’s have our new librtlsdr.so connect to an rtl-tcp endpoint and see if rtl_fm works:

LD_PRELOAD=target/release/librtlsdr.so \
 rtl_fm -d 1 -s 120k -E deemp -M fm -f 90.9M | \
 ffplay -f s16le -ar 120k -i -
Found 2 device(s):
 0: hz.tools, mock sdr, SN: totally legit no tricks
 1: hz.tools, rtl-tcp, SN: node2.rf.lan:1202

Using device 1: sparky rtltcp node2
Tuner gain set to automatic.
Tuned to 91170000 Hz.
Oversampling input by: 9x.
Oversampling output by: 1x.
Buffer size: 7.59ms
Sampling at 1080000 S/s.
Output at 120000 Hz.

And there it was! Not the best audio quality (mostly due to my inability to correctly read the rtl_fm manpage to tune the filter and downsample/oversampling rates to audio), but it’s definitely passable. I figured I’d try something that was a bit more interesting next – gqrx, since it’s super handy, I use it a ton, and will definitely amuse me to no end. To my surprise and delight, LD_PRELOAD=target/release/librtlsdr.so gqrx wound up running, and I saw my devices pop right up in the setting menu:

Huge. Huge. Amazing. It did crash as soon as I tried to actually use the radio, but after fixing a few dangling bugs in the API surface (and some assumptions I think some underlying gnuradio driver may be making that I need to double check in the code), I was able to get a super solid stream of broadcast fm radio, with gqrx being none the wiser. It thought it was “just” talking to the device it knows as rtl=1.

Nice. I can’t wait to try this with the rest of the rtl-sdr based tools I like having around using my riq protocol next. I don’t think that’ll be worth a post, but hopefully I’ll get around to publishing details on that stack next.

epilogue

Well. That’s it. End of story. A bit anti-climatic, sure. While this new shim will provide me endless minutes of mild amusement, I could see using this to expose my sparky testing utilities via librtlsdr.so – my “mock sdr” driver allows for replaying captures off disk, which could be interesting to make sure that signals are still properly decoded after changes, or instrument performance changes (via SNR, BER, packets observed, etc) on reference samples I have on my NAS. Maybe that’ll come in handy one day!

Truth be told, I’m not sure I actually want to encourage anyone to do this for real (although I think I’ll definitely be using it on my LAN to see what happens). I also don’t have a repo to share – I don’t particularly feel with dealing with the secondary effects of publishing sparky (and sparky-rtlsdr) yet, since i’m still getting my feet under me on the radio aspect of all this.

I’ll be sure to post updates if anything changes with this here (tagged sparky) and at @paul@soylent.green. I can’t wait to post more about some of the odd sidequests (like this one!) i’ve completed over the last few years – I’ve been waiting to feel confident that my work has matured and was withstood the new problems i’ve thrown at it, and it largely has.

It’s my hope that these projects (and this project in particular) has provided a glimpse into the world of software defined radio for my systems friends, and a bit about systems for my radio friends. It’s not all magic, and I hope someone out there feels inclined to have some fun with radios themselves!

17:42

Humble Bundle + CARE: Fueling women’s economic power [Humble Bundle Blog]

Last March, in celebration of International Women’s Day and Women’s History Month, thousands of everyday gamers, readers and creators came together to do something extraordinary. Through a partnership with CARE, more than $340,000 was raised to support women around the world. Funds raised contributed to CARE’s Women’s Economic Growth Fund, helping CARE expand access to economic opportunity for at least 8,500 women; women who are starting …

The post Humble Bundle + CARE: Fueling women’s economic power appeared first on Humble Bundle Blog.

17:28

The Best Bang for Your Buck Events in Seattle This Weekend: Mar 27–29, 2026 [The Stranger]

No Kings Protest, Crosslake Connection Opening, and More Cheap & Easy Events Under $20
by EverOut Staff

Whatcha up to this weekend? We've got some ideas for ya, from the No Kings Protest threepeat to A Town Hall on Security and Surveillance and from Sound Transit's Crosslake Connection Opening Day to the final weekend of the U District Cherry Blossom Festival. Looking for more options? Check out our top picks of the week.

FRIDAY PARTIES & NIGHTLIFE

Touching Grass
Are you chronically online? Or maybe fluent in cringe and constantly reciting deep cut vocal stims? Then Touching Grass might be exactly what you need. This club night is all about transmuting brainrot into full-body catharsis, soundtracked by a chaotic blend of happy hardcore, hyperflip, breakcore, trap, and other genres so niche it’ll feel like your algorithm gained sentience. Whether you show up nonverbal or only ready to communicate in half-remembered memes and lyrics, take this as your chance to shamelessly bring your weird, silly, digital self IRL. LANGSTON THOMAS
(Kremwerk, Downtown, $15-$25)

Slog AM:  Central District Loses its Only Walgreens, 2 Line’s Crosslake Connection Opens Tomorrow, TSA Workers Might Finally Get Paid [The Stranger]

The Stranger's morning news roundup. by Charles Mudede

What is this? It’s a key element of a development initiated in 2015 by Vancouver BC’s Westbank: the installation of a 747 jet once operated by United Airlines and sent to a California graveyard in 2017. The whole project, however, was delayed due to financial woes attributed to the COVID-19 pandemic and rising construction costs resulting from supply chain disruptions. In September, 2025, Westbank lost control of the project to OPTrust, a developer based in Toronto. The reconstruction of a Boeing 747 between the ground floors of two 47-story towers on 1200 Stewart Street began earlier this year. It is now close to completion. But it arrives as a relic twice over. For one, it’s a relic of the major role Seattle played in the history of aerospace; and, two, it’s a relic of the economic and construction boom Seattle experienced, thanks to Amazon, during the previous decade. Amazon is no longer the hiring powerhouse it once was (it recently lost its top spot as Seattle’s biggest employer to the University of Washington) and continues to bleed jobs. So, this installation has, at this point, no future in it. And as the present recession worsens, it will look more and more absurd.

Just when you thought Seattle’s pharmageddon might be abating, it strikes again. Its latest victim is on 23rd and Jackson. This part of town, which used to be the Central District’s commercial hub, lost a Starbucks in 2022—the building remains empty to this day, despite years-long unrealized rumors of Black Coffee Northwest’s plan to occupy the space. In January, the only grocery store in the neighborhood, Amazon Fresh, abruptly closed and immediately transformed an area that once had an excellent supermarket, Promenade Red Apple Market, into a food desert. Now the Seattle Times reports that Walgreens, the Central District’s only pharmacy, plans to close its doors on May 19. A reason for the closure was not provided by the company, which was bought by a private equity firm (Sycamore Partners) in 2025. But a year before this acquisition, Walgreens announced that it would begin closing 1,200 (roughly 14 percent) of its stores because they were “underperforming.” The Seattle area has already lost all of its Bartell Drugs stores because its parent company, Rite Aid, which acquired the family-owned chain in 2020, was bankrupt and closing its stores. When it rains it pours.

One hopes that April will not be a cruel month, that it will repeat the mood of much of March, which has enjoyed a bit of snow and kept things cool and wet. March, however, has been utterly mean to a huge part of the United States, which is still experiencing a record-breaking heat wave. The Pacific Northwest, and much of the East Coast, managed to remain in a mixture of winter and spring while several states entered a drought months before summer began to sizzle. Today, Seattle can expect a low of 37 and some clouds. 

Remarkable Weather Channel article about the unprecedented heat wave and not a single word about #climatechange.

Embarrassing, and journalistic malpractice in this day and age.

weather.com/forecast/reg...

[image or embed]

— Peter Gleick (@petergleick.bsky.social) March 25, 2026 at 3:07 PM

The 2 Line, which connects Seattle and Bellevue, finally opens tomorrow after “years of construction setbacks.” Indeed, many of us came to the conclusion that it would never happen; that the Crosslake Connection, which involves two key stations (one at Judkins Park; the other on Mercer Island), was nothing more than a costly engineering dream. But Sound Transit proved us skeptics wrong. This part of the line will start singing “I am for real” tomorrow morning.

It seems the stock market has finally come to its senses and no longer believes a word exiting the president’s mouth. The war Trump started with Iran has no end in sight; there are no meaningful secret deals happening through back channels. Ain’t nothing going on but a bunch of social media posts that say one thing today and something else tomorrow. (These worthless announcements are accompanied by “suspicious trading.”) If you are not in the know—aka not in Trump’s inner circle of billionaires—then you’ll likely get burned in this corrupt market. The Dow is presently down 500 points after falling nearly 500 points yesterday.

The Senate unanimously passed a measure that would pay Transportation Security Administration workers but not ICE’s thugs, who, by the way, are still getting paid due to Trump’s One Big Beautiful Bill. And so their presence at a number of line- and employee-stressed airports (standing here, standing there; looking up, looking down) is seen as a slap in the face of those who haven’t received a paycheck in weeks. The Senate’s TSA measure has to go through the House before reaching the president’s desk.

TSA workers have been going a month with no paycheck and they’re pissed that ICE agents are getting paid to chill and play airport cop.

“TSA officers are sickened that we have unqualified DHS employees walking the airports, with pay, while we all suffer doing our qualified work unpaid.”

[image or embed]

— Christopher Webb (@cwebbonline.com) March 25, 2026 at 7:59 PM

Let’s end AM with Open Mic Eagle’s irony dripping track “woke up knowing everything (opening theme)”:

17:07

GNU Taler 1.5 released [Planet GNU]

We are happy to announce the release of GNU Taler v1.5.

GNU Taler 1.4 released [Planet GNU]

We are happy to announce the release of GNU Taler v1.4.

[$] The many failures leading to the LiteLLM compromise [LWN.net]

LiteLLM is a gateway library providing access to a number of large language models (LLMs); it is popular and widely used. On March 24, the word went out that the version of LiteLLM found in the Python Package Index (PyPI) repository had been compromised with information-stealing malware and downloaded thousands of times, sparking concern across the net. This may look like just another supply-chain attack — and it is — but the way it came about reveals just how many weak links there are in the software supply chains that we all depend on.

The telnyx packages on PyPI have been compromised [LWN.net]

The SafeDep blog reports that compromised versions of the telnyx package have been found in the PyPI repository:

Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 million downloads per month (~30,000/day), making this a high-impact supply chain compromise. The payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either drops a persistent executable on Windows or harvests credentials on Linux/macOS.

New coal seam exploitation, AUS [Richard Stallman's Political Notes]

*Australia approves new coal seam gas expansion.* Is that really "Like lighting a cigarette while trying to quit"?

In my view, that comparison is not quite valid. Rather, extending the gas mines is like taping extender segments onto the mouth end of the cigarette, so that it never burns out.

Renaming AI to SALAMI [Richard Stallman's Political Notes]

*Let's forget the term AI. Let's call them Systematic Approaches to Learning Algorithms and Machine Inferences (SALAMI).*

Putinesque Iran to target water, elec. [Richard Stallman's Political Notes]

*Iran says it will "irreversibly destroy" Middle East infrastructure if US attacks energy sites.*

It is a war crime for either side to destroy civilian energy infrastructure, and this would be a disastrous one. But the bigger evil would be that of whichever country starts doing this. The wrecker says he plans to do so.

Israel still hitting West Bank territory [Richard Stallman's Political Notes]

*Israeli settlers have carried out a series of attacks across the occupied West Bank, setting homes and vehicles on fire and wounding several Palestinians in what witnesses described as coordinated raids on communities.*

The fanatical and violent "settlers" have been carrying out terrorist attacks on Palestinians for more than a decade, with police and border patrol watching passively, escalating step by step as they shift the government's stance.

16:56

Today's RSS cleanup [Scripting News]

Did some work on my RSS feed this morning.

  1. There was only one source:account element in my RSS feed and it was to a Twitter account I lost control of a few weeks ago, the account I had there since 2006, that at one time was in the top 10 accounts on Twitter. I changed the account to bullmancuso -- one of my many testing sites on Twit, and added my Mastodon and Bluesky accounts. I will check the bullmancuso account every so often, but the masto and bluesky ones are several times daily. And the funny thing is that I have far more Bluesky and Mastodon accounts than Twitter accounts. Put that in your press release. ;-)
  2. I updated the JSON version of the RSS feed, but noticed the Masto and Bluesky accounts (above) hadn't come through, and then on further investigation I realized that I hadn't been keeping it up to date for quite some time! The rule is every time something is added to the XML version I have to also add support for it in the JSON version. This is where Claude came in handy, it gave me a list of all the updates that were needed and I did them. We make a pretty good team imho. The two versions should be in sync now.
  3. A note on my JSONification of RSS. When I first did it in 2010, it was on a lark. I was tired of hearing how people didn't like XML so could I please switch. So I did and published it, and I think no one used it. The idea of a JSON version of RSS is in the air again, so I brought it up to date. I want to serve it with a different https-friendly address, but probably won't get to that today.
  4. The reason I wanted to work on this today because I have to add RSS-generating code to wpIdentity, so I needed to get warmed up on that part of the world.
  5. The new version of the daverss package is 0.6.15.

14:35

Link [Scripting News]

Doing a little tuneup work on my blog's RSS feeds.

14:07

Stable kernel update to fix regression on LoongArch platform [LWN.net]

Greg Kroah-Hartman has announced the release of the 6.12.79 stable kernel. This release only reverts a patch that caused a regression on the LoongArch platform; users who could not build 6.12.78 on LoongArch need to upgrade.

13:21

Security updates for Friday [LWN.net]

Security updates have been issued by AlmaLinux (389-ds:1.4, gnutls, mysql:8.0, mysql:8.4, nginx, nginx:1.24, opencryptoki, python3, vim, and virt:rhel and virt-devel:rhel), Debian (firefox-esr, ruby-rack, and thunderbird), Fedora (fontforge, headscale, kryoptic, libopenmpt, pyOpenSSL, python-cryptography, rubygem-json, rust-asn1, rust-asn1_derive, rust-cryptoki, rust-cryptoki-sys, rust-wycheproof, vim, and vtk), Oracle (freerdp, golang, mysql:8.0, and ncurses), Red Hat (osbuild-composer), Slackware (libpng and tigervnc), SUSE (chromium, frr, kea, kernel, nghttp2, pgvector, python-deepdiff, python-pyasn1, python-tornado6, python-urllib3, python3, python310, ruby2.5, salt, sqlite3, systemd, tomcat, vim, and xen), and Ubuntu (libcryptx-perl).

13:14

Error'd: Timely Reminder [The Daily WTF]

There is no particular theme this week, except that I have noticed many of these contributors are providing "customized" email addresses. This is a practice which I too have followed, to detect who is selling my email address to spammers. I would use a consistent login id for many web sites, and a decent password generated by a mental algorithm, with a unique email address for each site. It worked great until some website wanted to know specifically what "my" email address is, and I couldn't remotely remember which of 300 variant email addresses I had signed up for their services with.

First up, Martin is traveling by air. "I have heard it's so beautiful this time of year, so I look forward to visit @arrCity_SLPH." Martin helpfully explains "First sentence is in Danish: Your SAS-booking has been confirmed."

0

 

Dr. Bob Bobbers, PhD would rather drive. "Somehow I'm projected to arrive 20 minutes ago. I had started in one timezone and was finishing in the next timezone to the east, and when I had connectivity, the ETA was right, but somehow seems to have stopped computing correctly when I went offline."

1

 

Caleb B. thinks Amazon's AI-generated coding practices don't compute. "I've been working with my kid a lot with her math homework explaining that the alligator eats the bigger number. I think someone at Amazon needs to learn it too."

2

 

Andrew knows that there's a difference between > and ⋝. "Tried to upload my insurance card back and front. Apparently I cannot please the webserver."

3

 

And finally, Daniel D. has a timely reminder that we should all bear in mind so that nobody else has to: "Set your country, set your time zone and they should match. Google thinks otherwise, offering only one option (Czechia) for the selected country (Slovakia). The timezone is correct as the whole Central Europe uses the same time (CET). But the basic rule of usability is: Don't make me think!"

4

 

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

12:00

Arturo Borrero González: New job at Chainguard [Planet Debian]

Chainguard logo

A few months ago, in June 2025, I joined Chainguard, a company focused on software supply chain security. This post is a reflection on how I got here, what I’ve been doing, and why this role feels like a natural fit for my interests in Linux and open source technology.

The company and its mission

Chainguard’s mission is to make the software supply chain secure by default. The company is built around the idea that the software we all depend on — from operating system packages to container base images — carries hidden risk in the form of vulnerabilities, unverified provenance, and untrusted build processes.

The company is perhaps best known for Chainguard Images: a catalog of minimal, hardened container base images that are continuously rebuilt and kept free of known CVEs. Each image is accompanied by a signed SBOM (Software Bill of Materials) and a verifiable provenance attestation, making it possible to cryptographically verify what went into a given image and how it was built.

Chainguard has an extensive catalog of software, and maintaining it up-to-date and CVE-free is a significant engineering challenge.

What I do

I joined the Chainguard Sustaining Engineering team as a Senior Software Engineer. We are responsible for maintaining packages and images in the software catalog up-to-date and CVE-free. The core of the business, basically.

We focus on the horizontal dimension of the catalog (pretty much all packages and images).

With +30,000 packages and +2,000 images, this is indeed an interesting task.

My role as Debian Developer, and my experiencie in the Debian LTS project was extremely valuable when joning this new team.

Looking ahead

Software supply chain is truly a deep topic, gaining more and more relevance every day, especially as new technologies emerge and get adopted everywhere.

Since early in my career, I saw a recurrent problem of how companies, enterprises, or even governments, relate to and consume open source software, in a reliable, secure way. I believe Chainguard is doing the right things in the ecosystem, and I’m happy to be participating in the effort.

09:35

08:28

What’s in the status bottle? [Seth's Blog]

It’s often mislabeled. Sometimes the contents can make us ill, especially if we drink too much.

Status is easy to sell. But despite how often people buy the promise, it rarely delivers.

08:07

Samuel Henrique: I use curl with ECH btw (in Debian) [Planet Debian]

tl;dr

This is an experimental feature that, for the first time, brings full ECH support to curl on Debian using OpenSSL.

Starting with curl 8.19.0-3+exp2 (Debian Experimental), you can now use ECH, with HTTPS-RR and DoH for maximum privacy.

curl 8.19.0-3+exp2 is quite fresh at the time of writing, bear in mind that your repository might not have synced the package yet, all mirrors should have it by March 27th 15:00 UTC.

# defo.ie is a test server that confirms whether ECH was successfully used
curl -v --ech hard https://defo.ie/ech-check.php
# For Encrypted Client Hello (ECH) + DNS over HTTPS (DoH)
curl -v --ech hard --doh-url https://1.1.1.1/dns-query https://defo.ie/ech-check.php

"--ech hard" tells curl to refuse the connection entirely if ECH cannot be negotiated.

Or, if you would like to try it out in a container:

podman run debian:experimental /bin/bash -c 'apt install --update -y curl && curl -v --ech hard --doh-url https://1.1.1.1/dns-query https://defo.ie/ech-check.php'

(in case you haven't noticed, apt now has the --update option for the upgrade and install commands)

For Privacy

CloudFlare calls it "the last puzzle piece to privacy" in their must-read announcement: https://blog.cloudflare.com/announcing-encrypted-client-hello/.

Encrypted Client Hello (rfc9849) encrypts the "which website are you connecting to?" part of the TLS handshake that was previously visible in plaintext.

HTTPS-RR (rfc9460) is a DNS record type that publishes connection parameters for a service, including the public key clients need to perform ECH.

DNS Over HTTPS (rfc8484) encrypts DNS queries by tunneling them over HTTPS, hiding what domains you're looking up from network observers.

When all three operate together over a CDN with shared IP space, the target domain name is hidden from passive observers; the HTTPS-RR record is queried over DoH in order to retrieve the ECH key (rfc9848) for the TLS handshake.

Seems like quite an important feature, and in fact the major browsers have it enabled for some time now, the trick is that they do not use OpenSSL (Chrome uses BoringSSL and Firefox uses NSS).

For everyone else, the only option is to patch OpenSSL or wait until 4.0.0 is released, and so part of the reason Debian is the first distro to enable it (curl + OpenSSL + ECH) is that the OpenSSL maintainer (Sebastian Andrzej Siewior) packaged the alpha release just 3 days after it was published.

Do not forget that ECH support is experimental and currently relies on the alpha release of OpenSSL.

wcurl Gets It Too

Considering wcurl is just a wrapper on curl, it gets the feature for free:

wcurl --curl-options="--ech hard --doh-url https://1.1.1.1/dns-query" $URL

If you're using wcurl, you don't want to have to set parameters, this is just to show that the feature is there and if you have a .curlrc file, it can enable the feature seamlessly.

Other Debian Releases

Given the ECH feature requires OpenSSL >= 4, it will not make it to Debian 13, having a small chance of going to Debian 13 Backports (emphasis on small).

It should get to Debian Unstable and Debian Testing within the next couple of months as the OpenSSL GA release happens and gets packaged, but you should be able to install the package from Experimental in your Unstable and Testing systems without issues. It will also be in Debian 14 once it becomes the new Stable.

Shoulders of Giants

Stephen Farrell's presentation from OpenSSL Conference 2025 has a lot of background on the work involved:

Encrypted Client Hello – Lessons learned from trying to do something that was probably too complicated

They have been working on implementing ECH in open-source projects for years, something as big as this doesn't happen without lots of people dedicating both their paid and free times over it.

I ended up being the person who enabled it on Debian, which was pretty much the least amount of work between everyone involved, but hey it's fun flipping the switch and telling you about it.

Background

Since 2025, the curl developers started organizing an yearly meeting with all maintainers of curl in Operating Systems. The 2026 edition happened in March 26th: https://github.com/curl/curl/wiki/curl-distro-discussion-2026.

Attendance was really good, and as you can imagine one of the topics of discussion was ECH, in which it was pointed out that having OpenSSL 4 was the main requirement but besides it nothing unusual was needed.

In Debian Experimental, we have been enabling HTTPS-RR since March 2025, and OpenSSL 4.0.0 alpha was packaged just recently (2026-03-13) by Sebastian Andrzej Siewior, it's time for the next step.

The curl distro meeting was just the motivation I needed to go ahead and enable it in Debian Experimental, so as part of our Debian Brasil Weekly Meetings I've prepared and uploaded the changes, while Carlos Henrique Lima Melara worked on addressing a recent test regression for Debian Unstable. Unfortunately sergiodj couldn't join and I'm sure he's jealous of the hacking session now.

Appendix

While writing this, I've noticed one of the authors of the CloudFlare blogpost is the previous curl maintainer on Debian; Alessandro Ghedini let me take over the maintenance back in 2021 and today curl is maintained by a team of 4 people, it's nice to see Alessandro's involvement.

07:49

Folk Etymologies [Penny Arcade]

New Comic: Folk Etymologies

Dunk And Egg [Penny Arcade]

New Comic: Dunk And Egg

05:42

US courts generally rejecting equating criticism of Israel with antisemitism [Richard Stallman's Political Notes]

US courts are generally rejecting attempts to equate criticism of Israel or support for Palestinians' rights with antisemitism.

Ignorance, misunderstanding and obfuscation ended US-Iran nuclear talks [Richard Stallman's Political Notes]

*How ignorance, misunderstanding and obfuscation ended [US-] Iran nuclear talks.*

They had made substantial progress before they were abruptly ended when the US and Israel started to attack instead.

*Oman claims Israel pushed US into Iran war when deal [with Iran] was possible.*

WATCA bill [Richard Stallman's Political Notes]

The WATCA bill, which is one way of taxing the rich more, will provide only a small benefit for non-rich Americans. That's because its main method of helping them is by reducing their income tax, and poor people's income tax is already low.

In and of itself, WATCA is better than nothing, but we should focus on supporting other bills that would tax the rich more than that in order to help the non-rich more than that.

The imperialist says Israel attacked Iran gas wells without telling him [Richard Stallman's Political Notes]

The imperialist says Israel attacked Iran's gas wells without telling him, and he has ordered Israel not to attack them again.

Whether or not he is telling the truth about what happened, it is at least somewhat of a relief that he seems to realize how much any further such attacks would backfire.

Heavy-handed actions accelerating US's decline [Richard Stallman's Political Notes]

Owen Jones: *[the Bully] thinks brute force will arrest the US's decline. His heavy-handed actions in Iran are only accelerating it.*

Gulf of Hormuz closure sending enormus profits to rich people [Richard Stallman's Political Notes]

The closure of the Gulf of Hormuz is sending enormous windfall profits to a few rich people. There should be a windfall profits tax in place all the time for the sake of future fossil fuel price spikes, so that governments won't need to act fast.

Parents deported to Honduras had no chance to arrange childcare for their children [Richard Stallman's Political Notes]

* In interviews with dozens of parents deported to Honduras, as well as physicians and psychologists, government officials and staff at reception centers for deportees, researchers found that many parents were deported quickly after they were [jailed], without a chance to arrange for the care of their children.*

We understand the cause of this: deportation thugs are acting out hatred towards immigrants in general, and are eager for the chance to be cruel.

Christian Zionists want to help Israel conquer Middle East [Richard Stallman's Political Notes]

Christian Zionists want to help Israel conquer much of the Middle East, believing that then sacrifices will trigger biblical prophecies which will result in forcing Jews to convert to Christianity or else be damned.

It is not easy to get along with fanatics like that. It is unlikely that the prophecies would actually come true, but there is no telling what might they do if the situation arises and the prophecies do not come true.

New York City cops pressed charges against snowball fight participants [Richard Stallman's Political Notes]

New York City cops have pressed charges against some of the participants in a snowball fight which they entered, apparantly as an excuse to find fault with Mayor Mamdani.

Bondi treated Congress with contempt [Richard Stallman's Political Notes]

Bondi treated Congress with contempt by refusing to take an oath for her testimony.

At least she showed a minuscule level of respect for the oath to tell the truth — by refusing to take the oath and then lie anyway. That is a start, at least. Perhaps in the future she can be convinced to show truthfulness a little more respect, and then a little more, and so on.

Connection focused platforms less harmfull than algorithm-driven apps [Richard Stallman's Political Notes]

* World Happiness Report finds platforms focused on connection less harmful than algorithm-driven apps.* For example, Instagram was more damaging to mental health than WhatsApp.

Both of the client programs are nonfree software, thus damaging to users' freedom.

Canadian and daughter are in deportation prison [Richard Stallman's Political Notes]

The deportation thugs are once again working unpredictable cruelty. A Canadian who married an American, and her daughter, are in a deportation prison, being pressured to "self-deport". The thugs have given no explanation for jailing them despite their valid visas.

US banks a step closer to weaker regulation [Richard Stallman's Political Notes]

The wrecker has granted the biggest US banks a step towards weaker regulation. Banks can cause a disastrous crash if they are not careful in how much and how readily they lend. That's what caused the 2008 financial crisis.

In Europe, the result was disaster for countries that needed deficit spending to get out of the recession but were banned by the Euro zone rules from doing that: Spain, Italy and especially Greece. But the crisis was profitable for the biggest banks, since governments were compelled to bail them out rather than allow them to actually fail.

Naturally, the biggest banks wanted to be allowed to do this again. And naturally the wrecker gave it to them.

Russia shutting off mobile phone networks [Richard Stallman's Political Notes]

In the name of "security", Russia is shutting off mobile phone networks, but in an unpredictable way which causes trouble for many activities, some of which Putin has no evident motive to shut down.

Ironically, it means people have to live the way I choose to live. It is a little inconvenient and much less vulnerable to surveillance.

Survivor from boat US military attacked [Richard Stallman's Political Notes]

Finally, there is a survivor from one of the boats that the US military attacked and sunk.

Maybe the survivor will testify about what the people on the boat were doing.

Smokeless fuels produce ultrafine particles [Richard Stallman's Political Notes]

Burning "smokeless" fuels at home produces produce less particulate pollution of the usual size, but instead produces lots of ultrafine particles.

The usual particulate pollution damages people's health. Does the small particulate pollution do likewise?

05:00

Girl Genius for Friday, March 27, 2026 [Girl Genius]

The Girl Genius comic for Friday, March 27, 2026 has been posted.

04:42

01:07

00:21

Hope You're Hungry [The Stranger]

Do you need to get something off your chest? Submit an I, Anonymous and we'll illustrate it! by Anonymous

To the guy who chose to shout insults at me for parallel parking on a two-way street today:

I used my indicator way ahead of time and waited for a safe break in traffic to park. Parked the moment I got a break in one straight shot in spite of your honking that started the second after I stopped my car. Apparently, waiting six seconds and missing a green light was enough for you to roll down your window and scream at a woman you have never met and call her a "bitch."

We all experience frustration in Seattle traffic, but most have the decency to keep it to themselves rather than putting down a stranger over such a minor inconvenience. If this interaction was enough to put you over the edge, you must rarely get a break from your own self-righteous anger.

Special mention to everyone around who kept to themselves and didn't intervene.

I hope you choke on a bag of dicks.

Do you need to get something off your chest? Submit an I, Anonymous and we'll illustrate it! Send your unsigned rant, love letter, confession, or accusation to ianonymous@thestranger.com. Please remember to change the names of the innocent and the guilty.

Ticket Alert: Jungle, Mon Laferte, and More Seattle Events Going On Sale This Week [The Stranger]

Plus, LeAnn Rimes and More Event Updates for March 26
by EverOut Staff

Which shows will you be seated for? British funk trio Jungle has announced a new album and upcoming tour with a stop in Seattle this fall. Genre-spanning Chilean-Mexican star Mon Laferte brings her Femme Fatale Tour to the 5th Avenue Theatre. Plus, vocal powerhouse LeAnn Rimes celebrates 30 years of her debut major-label album Blue. Read on for details on those and other newly announced events, plus some news you can use.

ON SALE FRIDAY, MARCH 27

MUSIC

Acid Bath
Paramount Theatre (Sat Aug 8)

Altın Gün with Alex Maas
Showbox SoDo (Tues Sept 8)

The Aquabats!
The Showbox (Sat June 13)

Sound Transit Considers Delaying Ballard Light Rail [The Stranger]

On Tuesday, Strauss shot an email out to residents, encouraging them to show up to the town hall with concerns about light rail. Only four people did. The 19 other speakers wanted to talk about homeless people  living in RVs, road hazards, and yes, public safety. After the meeting, Strauss said he expected that. It is Ballard after all. by Micah Yip

As someone who usually light rails around the city, driving from Capitol Hill to Ballard was like enduring Dante’s nine levels of hell. Red-line traffic up I-5, east to west surface street chaos, Apple Maps ETA climbing. By the time I reached the Ballard Community Center for Councilmember Dan Strauss’ town hall last night, another 12 minutes had been added to my 35-minute commute.

The situation was too on-the-nose. It was Strauss’ first town hall since Sound Transit announced it’s considering delaying the long-promised and voter-approved Ballard Light Rail Extension. At a board retreat last week, Sound Transit presented members three options to address its $34.5 billion shortfall over the next 20 years, none of which included a Ballard stop. “Ballard Dan” Strauss, who represents the neighborhood, issued a news release expressing his disappointment.

“The Ballard Link Extension is projected to serve the most riders of any project in Sound Transit history,” he wrote. “Sound Transit needs to sharpen their pencils, do the analysis, and bring us a plan that gets to Ballard.” 

On Tuesday, Strauss shot an email out to constituents, informing them of the Sound Transit developments and reminding them to RSVP for the town hall and send in their questions. Only four people talked about the light rail. The 19 other speakers wanted to talk about homeless people  living in RVs, road hazards, and yes, public safety. After the meeting, Strauss said he expected that. It is Ballard after all.

One person asked if everything had been done to minimize the cost of the Ballard link, considering Sound Transit tacked on the cost of the planned second light rail tunnel through downtown Seattle, which would expand the line’s capacity and allow more trains to run.

That’s one of Strauss’ gripes. In 2021, when Sound Transit updated cost estimates and reworked the Sound Transit 3 plan, it separated the West Seattle–Ballard project into two different ones.  The second tunnel—a major, expensive piece of infrastructure—stayed tied to the Ballard segment, which is why Ballard’s extension seems so costly on paper.

“We have to look at cost sharing for that downtown tunnel because the region benefits from it,” Strauss said. 

Miss Kimball, an eight-year Ballardite in her 80s, can’t drive. Getting anywhere—to the hospital in First Hill after a recent stroke, or to the theater—meant waiting for transfers in the rain and snow. We need better service “to take part in all of the arts and culture that we have in the city,” she told Strauss. He agreed.

King County Metro should have provided that service, he said, after the Seattle Transit Measure was passed by voters in 2020 to fund more metro hours. 

“We have less service today than we did in the pandemic,” Strauss said. “Metro is overlooking Ballard. They’re not spending our money.”

Kirk Robbins, who served alongside Strauss on the Ballard District Council, asked Strauss how they could get Sound Transit to come up with an option that includes a Ballard link.

Strauss said he told the board that they’ve zoned Ballard specifically for light rail and that they need to revisit the drawing board. “I’m not gonna give up on it,” he told Robbins.

Green Lake resident Thomas Powers, a volunteer with Seattle Subway, asked if Strauss considered new revenue sources, like a special tax district. 

“We’re looking at all of it,” Strauss said. “But for a special district where we can tax ourselves more, we don’t have enough people to fund everything.”

While the Ballard light rail fans didn’t turn out in force to Strauss’ town hall, they appeared to pack the room at Thursday’s Sound Transit board meeting. Seattle Subway has organized a letter writing campaign and a call to action. “Solutions to ST3 problems absolutely exist, Sound Transit just needs to hear that we, the public, demand they use them,” reads the rallying cry on their site. Those upcoming board meetings should be interesting.

Correction: A previous version of this story incorrectly stated there wasn't a direct bus service from Ballard to downtown.

Thursday, 26 March

23:35

Petter Reinholdtsen: The 2026 LinuxCNC Norwegian Developer Gathering [Planet Debian]

The LinuxCNC project continues to thrive. I believe this great software system for numerical control of machines such as milling machines, lathes, plasma cutters, routers, cutting machines, robots, and hexapods would benefit even more from in-person developer gatherings. Therefore, we plan to organise another gathering this summer as well.

We invite you to a small LinuxCNC and free software fabrication workshop/gathering in Norway this summer, over the weekend starting June 26th, 2026. As last year, we maintain a slightly broader scope and welcome people outside the LinuxCNC community. As before, we suggest to organise it as an unconference, where participants create the program upon arrival.

The location is a metal workshop 15 minutes' drive from Gardermoen airport (OSL), with plenty of space and a hotel just 5 minutes away by car. We plan to fire up the barbecue in the evenings. Please let us know if you would like to join. We track the list of participants on a simple pad. Please add yourself there if you are interested in joining.

Our friends over at the TS Robotics team at the University of Oslo have offered to handle any money involved with this gathering, that is, holding sponsor funds and paying the bills. We hope to secure enough sponsors to cover food, lodging, and travel. So far, Debian has offered to sponsor part of the expenses, which should cover food and a bit more. Please get in touch if you would like to help sponsor the gathering.

As usual, if you use Bitcoin and wish to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Windows 95 defenses against installers that overwrite a file with an older version [OSnews]

I’ll never grow tired of reading about the crazy tricks the Windows 95 development team employed to make the user experience as seamless as they could given the constraints they were dealing with. During the 16bit Windows days, application installers could replace system components with newer versions if such was necessary. Installers were supposed to do a version check, but many of them didn’t follow this guidance. When moving to Windows 95, this meant installers ended up replacing Windows 95 system components with Windows 3.x versions, which wasn’t exactly a goods thing.

So, they came up with a solution.

Windows 95 worked around this by keeping a backup copy of commonly-overwritten files in a hidden C:\Windows\SYSBCKUP directory. Whenever an installer finished, Windows went and checked whether any of these commonly-overwritten files had indeed been overwritten. If so, and the replacement has a higher version number than the one in the SYSBCKUP directory, then the replacement was copied into the SYSBCKUP directory for safekeeping. Conversely, if the replacement has a lower version number than the one in the SYSBCKUP directory, then the copy from SYSBCKUP was copied on top of the rogue replacement.

↫ Raymond Chen

All of this happened entirely silently, and neither the installers nor the user had any idea this was happening. The Windows 95 team tried other solutions, like just making it impossible to replace system components with older versions entirely, but that caused many installers to break. Some installers apparently even went rogue and would create a batch file that would replace the system components upon a reboot, before Windows 95 could perform its silent fixes. Wild.

I used Windows 95 extensively, and had no idea this was a thing.

22:49

US regulator bans imports of new foreign-made routers, citing security concerns [OSnews]

The U.S. Federal Communications Commission said on Monday it was banning the import of all ​new foreign-made consumer routers, the latest crackdown on Chinese-made electronic gear over ‌security concerns.

China is estimated to control at least 60% of the U.S. market for home routers, boxes that connect computers, phones, and smart devices to the internet.

↫ David Shepardson at Reuters

I’m sure the American public will be thrilled to find out yet another necessity has drastically increased in price.

Apple discontinues the Mac Pro with no plans for future hardware [OSnews]

It’s the end of an era: Apple has confirmed to 9to5Mac that the Mac Pro is being discontinued. It has been removed from Apple’s website as of Thursday afternoon. The “buy” page on Apple’s website for the Mac Pro now redirects to the Mac’s homepage, where all references have been removed.

Apple has also confirmed to 9to5Mac that it has no plans to offer future Mac Pro hardware.

↫ Chance Miller at 9To5Mac

If a Mac Pro falls in the back of the Apple Store and there’s no one around to hear it, does it make a sound?

The Stranger Has a New News Writer! [The Stranger]

Fresh meat. by Stranger Staff

Our new writer Hunter Pauli is a hometown boy. Most recently a reporter for The Inlander, he was born and raised in Seattle. After graduating from the Center School, he served two years in AmeriCorps before attending J-school at University of Montana.

He’s done all kinds of jobs in various newsrooms, but he’s mostly been a roving investigative reporter, covering everything from tar sands pipelines, local Nazi collaborators, to the corrupt Russian oligarch in your backyard. We’re pleased to have him, and asked a few stupid questions to celebrate his arrival.

You’re from Seattle, but you’ve spent your youth travelling The West. Are you coming home to rest?

I wish. There’s no jobs left in the interior that pay a living wage now that housing is almost as expensive in places like Montana as it is in Seattle without the high wages to compensate. I’m all your problem now (again).

Has Seattle gone to the dogs since you’ve been gone? Yes or yes?

Seattle was struggling with spiraling inequality and unaffordable housing when I left during the Recession, but luckily the city fathers fixed all that while I was away. 

Once, you were turned away from a restaurant in Montana because you were so dirty after the rodeo. Do you still get this dirty?

Journalism is a far dirtier industry than rodeo. The stains never really come out, the maître d’s can still smell it on me.

Tell us a rodeo secret.

If a steer snaps its leg they turn up the volume on the arena’s audio board so you don’t hear the gunshot. 

You’ve shot a lot of people, on video. Who stands out?

Dolores Huerta was the most inspiring, Gavin Newsom the least. Shaq stands tallest of all.

Share your worst opinion.

Seattle’s business class should force taxpayers to subsidize the reopening of the old Brooks Brothers on 5th Avenue so people here stop dressing so unprofessionally in the workplace. 

Do you kill spiders, ask others to kill spiders for you, or are you one of those sick people who trap house spiders under cups so you can release them to die of exposure?

I kill without hesitation.

A Google search revealed that, in 2014, you tried marrying your straight male friend to prove a point about discriminatory laws. Were you influenced by I Now Pronounce You Chuck & Larry, or by an internal sense of social justice?

My ethics are a 50/50 split between what I learned from Happy Madison Productions and what I learned in Seattle Public Schools.

Are you still, as USA Today put it, one of the most in-your-face student journalists reporting and writing today?

Technically I graduated long ago but I’m still quite direct in my reporting and writing.

Your great-great-great-grandfather helped found BYU. I know you’re not Mormon, but do you enjoy their loaded sodas?

No, I am a grown-ass man.

Where do you think the Garden of Eden is?

The Garden of Eden is in Discovery Park, I’ve seen it.

Do you know the location of the golden plates?

That part is apocryphal.

Do you have other interests?

I have no hobbies.

Which Seattle public official should be the most scared that you’re in town?

When I was in AmeriCorps NCCC it was Seattle City Councilmember Dan Strauss’ responsibility as a team leader on watch to catch me drinking underage in the barracks in Sacramento. He failed. I won’t. 

Should the Sonics return?

As a card carrying member of the International Cinematographers Guild IATSE Local 600 I think the NBA’s return to Seattle would create a groundswell of good-paying union jobs, and now that Howard Schultz is gone it would be too poetic not to.

Fuck, Marry, Kill: Harborview, Virginia Mason, and Swedish?

Fuck Virginia Mason, Marry Swedish (they delivered me), kill Virginia Mason.

22:42

Deportation-protests as terror, US [Richard Stallman's Political Notes]

*Why We Have to Fight Back Against [deportation] Protesters' Terror Convictions.*

Democracy metrics in steep backslide, US [Richard Stallman's Political Notes]

According to the V-Dem Institute, democracy is in rapid decline globally, and the US is leading the decline.

World-wide, only 18 countries are observed to be democratizing. The article does not give a comparable count of countries that are autocratizing, but they are 40% of the world's population.

Heatwave covering CA, NV [Richard Stallman's Political Notes]

Temperatures in California, Nevada and Arizona are 22-25 °F above normal. Temperatures are about to reach as much as 108°F. The heat will put some people's health in danger, and it's only the very beginning of spring.

If part of July is 22-25 °F above normal, that will kill thousands, or perhaps tens of thousands. This is global heating.

21:14

Link [Scripting News]

rss.network sounds nice. What would it be?

Gen X Is Back to the Future [The Stranger]

Will the world as we know it even reach this year’s midterm elections? This question, which might sound a bit alarmist, now has to be taken seriously because the stage for World War III has been set in the Middle East. by Charles Mudede

It is nothing but terrible that the track, “World Destruction,” that best captured the key anxiety of the 80s, nuclear war, was produced and performed by two men who are now identified as creeps, John Lyndon (aka the Sex Pistols’ Johnny Rotten, now a loud member of UK’s MAGA) and Afrika Bambaataa (the hiphop pioneer was “accused of child sexual abuse multiple times”). But the 1984 track got it right. The drums exploding like extinction-level detonations; the hard rock guitar stabs; the stressed and strained synthesized chorus. The whole maddening idea that the Soviet Union and the United States had, combined, enough nuclear warheads to destroy the world not once but hundreds of times. This was “World Destruction,” a track that resurfaced in my thoughts because of Operation Epic War, the US’s current and unprovoked war with Iran. It too could go nuclear at any moment. 

Now is a good time to talk about my generation, Gen X. We were the first age group to experience the decline of live music and the ascendency of music generated by machines (samplers, synthesizers, beat boxes). We also experienced the first domestic-grade personal computers, whose word processors replaced the electric typewriter; and the first to use cordless phones. We were also introduced not only to the internet but also its influence on the cinema and literature of science fiction (cyberpunk).

Many of these monumental transformations in consumer products are described by music and culture critic Roy Christopher in his new book Post-Self. So considerable and novel were the new receivers, distributors, and processors of data that cyberpunk, a movement at the heart of Post-Self, imagined a future where we could download our self-awareness into the electronic ether of cyberspace and live for as long as no one in the real world pulled the plug. 

My generation was also the last to live, as young adults, within a social reality described as the Cold War. We saw the bomb shelters, and were taught in school to “duck and cover” if a nuclear weapon, launched by the Soviets or its allies, hit our city. 

Indeed, In Post-Self, Roy Christopher recalls watching an episode of the The Twilight Zone called “Time Enough at Last,” which was about a bespectacled and bibliophilic bank teller who survives the detonation of an H-bomb because he happened to be in the bank’s vault. He then roams the ruins of a world that has no other people, but lots of books to read.The bank teller, however, accidently breaks his glasses and is left practically blind. “The trepidation of that tragic moment,” writes Christopher, “recombinant with worries of the apocalypse, was a seed planted in my head. And more than any other Cold War-era image of imminent destruction splashed on the television during my childhood…”

All American Gen Xers have similar stories. For me, it was the “Daisy” ad. Produced in 1964 as a campaign commercial for Lyndon B. Johnson’s presidential run, it shows a girl pulling the petals from a daisy as she imperfectly counts. Right after pulling the final petal, we hear a loud robotic voice begin a countdown to the launching of nuclear weapons. The girl looks up, her face is frozen, and we zoom into her right eye’s iris, which reflects the mushroom cloud of a nuclear explosion. This is the last thing she will ever see. The end of the world brought to you by Johnson’s opponent, a trigger-happy Cold War warrior Barry Goldwater.

 

The fall of the Berlin Wall in 1989 brought the Cold War to an unexpected end, and with it the expectation that we were only a button away from a nuclear apocalypse. We placed that fear into the background and turned our attention to another anthropogenic crisis that, though achieving mainstream status in the 1960s with books such as Silent Spring, obtained an eschatological register in the 1980s, global warming: the rise of greenhouse gases, the depletion of the ozone layer, and so on. 

That movement, however, never produced anything that matched the cultural impact of the “Daisy” ad, or The Day After, a TV show watched by over 100 million people when first aired by ABC on November 20, 1983. Later, President Ronald Reagan would write in his diary that he was seriously spooked by the show’s realism. In fact, he credited his decision to sign a treaty with the Soviets that banned short- and medium-range missiles to the TV show. 

Nothing of this kind has happened with the crisis of climate change. We are still burning fossil fuels with an abandon that’s nothing short of astonishing. No matter how bad or extreme our weather gets, we still demand, above all, cheap gas. And it’s likely that Donald Trump’s party might, during the midterm elections, lose both the House of Representatives and the Senate because of “pain at the pump.”

CNBC reports that the “Democratic Congressional Campaign Committee shared with CNBC first its new ad campaigned  targeting closely-watched districts across the country and lashing out at the GOP for high gas prices.” So, the Dems are promising to liberate even more carbon into the atmosphere. No reforms. No concern about the environment. Just the usual cheap, but socially costly, consumption of fossil fuels.

But will the world as we know it even reach this year’s midterm elections? This question, which might sound a bit alarmist, now has to be taken seriously because the stage for World War III has been set in the Middle East. At any moment, one might open their phone and read that nuclear missiles have obliterated Tehran and killed millions. This catastrophe, which could have been avoided if Trump had not tossed Obama’s nuclear deal with Iran to the dogs, and is exacerbated by the war in the Ukraine, would soon be followed by others because the key (but unofficial) belligerents in this crisis are the world’s top nuclear superpowers: Russia and China vs the USA and (a reluctant) Europe. It would take only a few weeks to kill billions of humans and leave the rest, the survivors, facing extinction by way of cancers caused by radiation exposure or a long and cold nuclear winter. 

Let’s look at the movie Oppenheimer for a minute. A little short of three years ago, we watched this summer blockbuster about the inauguration of the Cold War and the amassing of extinction-level weapons from what appeared to be the safe distance of the third decade of the 21st century. Oppenheimer wasn’t about our present situation, but about something that happened many years ago (July 16, 1945); happened long before the collapse of the Soviet Union, which also happened long ago. All we had to deal with between then and today—a span of 35 years—were pesky missiles fired over Japan by an anachronism called North Korea. Imagine showing Oppenheimer this summer. How things have changed in such a short space of time. Thanks to the US’s current war with Iran, a war instigated by Trump for reasons that remain very much in the dark, the corpse of that first blast in New Mexico has been reanimated. And Gen X has found itself back in the future.

This time around, however, things might actually be worse because the military is turning more and more of its decision making powers over to AI, which, as Jacobin reports in “Thermonuclear Slop and the Return of the Bomb,” recommends “nuclear strikes in 95 percent” of simulated cases. What can we do about this very dangerous situation? Jacobin recommends reviving the anti-nuclear movement. It had some success in the past; it might have some success—or at least more success than the environmental movement—today. (By the way, some environmentalists have promoted nuclear power as an exit from our current dependency on fossil fuels.) 

But what a true Gen Xer will also recommend is that one come to terms with their maker—in the secular sense. Why? For one, getting an anti-nuclear movement started takes time (which Operation Epic Fury obliterated on day one); and, two, an existential threat of this scale, a global scale, demands a very personal existential resolve that, in itself, is instructive and even spiritual. What the Cold War taught many of us was the fragility of the only world we will ever know and call home.

20:28

Beeper + RSS, please [Scripting News]

When I heard about Matt's product Beeper I thought wow what if that were on the RSS network.

I think RSS should be here. Makes sense doesn't it?

Why not an open independent format from nowhere that no one objects to you using and will not do anything ever to turn you off. It seems it would be fairly easy to add two-way support. :-)

18:07

Slog AM: Potties for Pioneer Square, Olympics Bans Trans Women, Election Fraud Activist Guilty of Election Fraud [The Stranger]

The Stranger's morning news roundup. by Nathalie Graham

King County Assessor Charged in Stalking Case: Last summer, King County Assessor John Arthur Wilson—who was running for King County Executive at the time—was arrested for violating a no-contact order from his ex-fiancée. Wilson had allegedly stalked and harassed his ex, and she had a temporary restraining order against him. Because of conflicts of interest with the assessor's office, the King County Prosecuting Attorney's Office couldn't handle the charges, so they handed the case to the Snohomish County Prosecutor. But the Seattle City Attorney ended up filing the charges. It’s unclear why. Wilson was charged in Seattle Municipal Court. He’s still the King County Assessor, though he says he will not run for re-election. 

In Sonics News: There's actually nothing to be excited about yet, you basketball babies. In a unanimous vote, the NBA Board of Governors gave Commissioner Adam Silver the green light to hold formal talks with Seattle and Las Vegas about maybe expanding the league to one or both of the cities for the 2028-2029 season. Don't hold your breath. A final answer might not come until the end of this calendar year. In the meantime, go to a Storm game?

Landslide Blues: Northbound I-5 near Bellingham is still closed after 12 million pounds of earth fell onto it seven days ago. State transportation crews are doing what they can to secure the slide-prone slope above the roadway, but as KING5 reports, it all takes time. They must clear loose trees and rocks on the hillside and then bolt the slope back into place. The whole thing is snarling traffic and disrupting shipping between the US and Canada. 

Pioneer Square Piss Boxes: After years of failed attempts to give the public a place to piss in peace that is not an alleyway or a Starbucks, Seattle is once again trying to add new bathrooms to its stock. The Seattle Department of Transportation is contracting with private company Throne Labs to install "11 freestanding restrooms across the region, each at cost of around $100,000 a year," reports PubliCola. That's pretty cheap considering Seattle's last potty proposal cost $5 million for four toilets. The Thrones will, of course, only be accessible via "an app, a QR code, text message, or an entry card." You can bet your ass Throne will be keeping tabs on customers. User reviews and sensors in each unit can help identify any restroom rascals. The first two Thrones will come to Pioneer Square. 

The Weather: There will be sun today. It's spring, though, so anything can happen. 

Instagram Addicts Non-Anonymous: Raise your hand if you have been personally victimized by doomscrolling. A 20-year-old woman sued Meta and Google for her childhood addictions to Instagram and YouTube which saddled her with anxiety, depression, and body dysmorphia. Inventions like "infinite scroll" kept the plaintiff hooked on the apps. A Los Angeles jury ordered the tech companies must pay $6 million in damages—$3 million in compensatory damages, and another $3 million in punitive damages. Meta will have to cough up 70 percent of the funds, Google will pay the other 30 percent. This was the first case of its kind to go to trial, but thousands of plaintiffs across the country have filed similar suits, like Tuesday’s New Mexico trial regarding child exploitation and user safety. Meta says it will appeal the LA court’s ruling. 

Timely: Meta laid off several hundred people on Wednesday. The cuts hit multiple divisions across the company, CNBC reports, like "Facebook, global operations, recruiting, sales and its virtual reality division Reality Labs." Meta's big plan is to funnel resources into AI. 

Sad Days for American Science: Top NASA climate scientist Kate Marvel resigned from her position on Wednesday. She blamed the Trump administration's attack on science. Marvel said that none of her internally funded projects actually got funded once Trump took office. You can read her resignation letter here. The New York Times reports that Marvel is one of around 95,000 federal science employees who are no longer in their roles post-Trump 2.0 due to "layoffs, retirements, or resignations." This is catastrophic for American science. 

Despite living in climate denial central, the effects of climate change are real and very much here. California's dismal snowpack is nearing record lows and spring heatwaves are melting whatever's left. "Nearly every snow-measuring station in the Sierra has lost more than a foot of snow in the 10 days since the heat wave kicked into full gear," SFGate reports. "A melt of this rate is a big deal any time, but in March it’s unheard of,” hydrologist Mike Hittle told the paper. 

 

It’s been a brutal month for California’s snowpack, which is now at just 25% of normal.

The snowpack is now 8% of normal in the northern Sierra, 28% of normal in the central Sierra and 44% of normal in the southern Sierra.

NASA satellite images from Feb. 22, March 6 and March 24.

[image or embed]

— Anthony Edwards (@edwardsanthonyb.bsky.social) March 25, 2026 at 3:20 PM

Meanwhile, War: Israel says it killed the head of Iran's navy in an airstrike. After Tehran rejected Trump's 15-point ceasefire plan the president is now publicly threatening Tehran in Truth Social posts to "get serious soon" on these negotiations. He also claims Iran is "begging for a deal." Strange tactic, but hey, he’s the artist of the deal.

Olympics Says It’s Banning Trans Women Athletes: The International Olympic Committee announced a ban on transgender women from participating in women’s sporting events at the 2028 Summer Olympics in Los Angeles. Trans women athletes haven’t been competing in the Olympics. So, what’s this really about? The committee has also banned cis or intersex women with male testosterone levels or male chromosomes. Any athlete who wants to compete in a female sport will have to prove their biological gender with a cheek swab or saliva test. No one wins when women and womanhood are scrutinized like this. 

We're all trying to find the guy who did this: Harry Wait, a Wisconsin man who believes the 2020 election was stolen and leads a group that decries election fraud, was convicted of election fraud. Wait was found guilty of two misdemeanor election fraud charges and one felony identity theft charge for requesting the absentee ballots of Republican state Assembly Speaker Robin Vos and Democratic Racine Mayor Cory Mason without their consent. Of the charges, Wait said, "You got to expect to pay some costs sometimes when you are trying to work for the public good." He also said he "would do it again." 

It Was Opening Day: It's officially baseball season. Now... was this symbolism?

it's so cool that they exploded the US flag at the MLB season opener. baseball getting woker.

[image or embed]

— tuck woodstock (@tuck.bsky.social) March 25, 2026 at 5:27 PM

Today Is The Mariners' Opening Day: See you all at T-Mobile Park. Here's this to get you into the mood. 

17:21

Link [Scripting News]

Sometimes buy a name just because I just like it. ;-)

16:35

Link [Scripting News]

When I heard about Matt's product Beeper I thought wow what if that were on the RSS network. For a chat program that's trying to support all protocols, take a shortcut, immediately connect to all kinds of insanely great things that will blow peoples' minds. RSS is going places, lots of new products coming out these days. I think maybe finally we're giving up on what you give up using the silos.

Link [Scripting News]

This piece explains the tragedy of how we've set up communication using our networks, all based on exclusive products, rather than standards which mean you can use whatever software you want for more and more of your communication.

Link [Scripting News]

Send this video to your favorite Democrat and let them know that we would pay money to have this video run as an ad running everywhere, exactly as-is, no editing, not made glamorous. This is the truth that absolutely is not getting out about the law the Repubs want. We need to communicate with each other using the amazing tools we have at our disposal now in the third decade of the freaking 21st century.

Why doesn’t WM_ENTER­IDLE work if the dialog box is a Message­Box? [The Old New Thing]

Last time, we looked at how the owner of a dialog can take control just before the dialog box message loop goes idle. I said that I pulled a trick.

The trick is that I used the common file open dialog instead of a simple Message­Box. Indeed, if you replace the call to Get­Open­File­Name with a call to Message­Box, then no WM_ENTER­IDLE message arrives, and you get no beeping. What’s going on?

A dialog can suppress the WM_ENTER­IDLE message by adding the DS_NO­IDLE­MSG dialog style to its template. And that’s what the template used by the Message­Box function does.

So the WM_ENTER­IDLE trick does require a small amount of cooperation from the dialog box, namely that it doesn’t disable WM_ENTER­IDLE messages.

But say you can guarantee the cooperation of the dialog box because you are the dialog box. Right now, the WM_ENTER­IDLE message allows a dialog owner to be notified when the dialog message loop is about to go idle. But what if the dialog box itself wants to know, so it can customize its own message loop?

We’ll look at that next time.

The post Why doesn’t <CODE>WM_<WBR>ENTER­IDLE</CODE> work if the dialog box is a <CODE>Message­Box</CODE>? appeared first on The Old New Thing.

15:35

The forge is our new home (Fedora Community Blog) [LWN.net]

Tomáš Hrčka has announced that the Forgejo-based Fedora Forge is now a fully operational collaborative-development platform; it is ready for use by the larger Fedora community, which means the homegrown Pagure platform's days are numbered:

While pagure.io has been a vital part of our community for many years, the time has come to retire our homegrown forge and transition to this powerful new tool.

The final cutover is planned for Flock to Fedora 2026. We strongly encourage teams to migrate their projects well before the conference to ensure a smooth transition. The pagure.io migration is only the first step in a broader infrastructure modernization effort. By the 2027 Fedora 46 release, we plan to retire all remaining Pagure instances across the project, including the package source repositories on src.fedoraproject.org. Getting familiar with Fedora Forge now will help ensure your team is ready as the rest of the Fedora ecosystem transitions.

There is a migration guide for Fedora community members that own projects hosted on Pagure and need to move to the new forge.

Well, It Finally Happened [Whatever]

I always wondered which of my books would be the first to be banned, and now I know:

Via this post from @thebloggess.bsky.social, I learn that my book Lock In has been banned from schools in New Braunfels, TX. There is irony here in that Lock In won the Alex Award from the ALA, given for "adult books suitable for teens." thebloggess.com/2026/03/25/t…

John Scalzi (@scalzi.com) 2026-03-26T08:09:00.591Z

I'm on a cruise so I'll have more to say about it at a later time, but the short version of this is, of course, fuck censorship, and also, my books will outlast these motherfuckers, we'll see them (politically) dead and in the ground and my books will be there to piss on their (metaphorical) graves.

John Scalzi (@scalzi.com) 2026-03-26T08:09:00.592Z

As noted above, I’ll likely have more to say about this when I get back the JoCo Cruise, but for now, two points, which I may expand upon in a later post:

1. On a personal level, I don’t expect this ban to move the needle much, positively or negatively, for sales of Lock In, which has been out for a dozen years now;

2. Please refrain from exclaiming “Having your book banned just means you’ll sell more!” or something similar in the comments. One, it’s absolutely not true for the vast majority of books that get banned; the usual result is a net loss for authors and publishers. Two, this is sort of comment that, however well-intentioned to be supportive, minimizes the seriousness of book banning as an intentional policy. The busybodies banning books in New Braunfels targeted more than 1,500 books, not just mine. None of that is a thing to be happy about; there is no actual upside to book bans.

— JS

15:07

Link [Scripting News]

My linkblog was down. Thanks to Scott Hanson it's back up!

14:49

[$] Vibe-coded ext4 for OpenBSD [LWN.net]

A number of projects have been struggling with the question of which submissions created by large language models (LLMs), if any, should be accepted into their code base. This discussion has been further muddied by efforts to use LLM-driven reimplemention as a way to remove copyleft restrictions from a body of existing code, as recently happened with the Python chardet module. In this context, an attempt to introduce an LLM-generated implementation of the Linux ext4 filesystem into OpenBSD was always going to create some fireworks, but that project has its own, clearly defined reasons for looking askance at such submissions.

13:35

Link [Scripting News]

If you're using FeedLand and running a WordPress blog, you can install a blogroll just like the one I have at scripting.com or blogroll.social.

13:28

1341: Also Fully Biodegradable [Order of the Stick]

http://www.giantitp.com/comics/oots1341.html

13:21

Security updates for Thursday [LWN.net]

Security updates have been issued by Debian (awstats, firefox-esr, and nss), Fedora (chromium, dotnet10.0, dotnet8.0, dotnet9.0, freerdp, and wireshark), Mageia (graphicsmagick and xen), Oracle (mysql:8.4 and nginx), Red Hat (podman), Slackware (bind and tigervnc), SUSE (azure-storage-azcopy, firefox-esr, giflib, glances-common, govulncheck-vulndb, grafana, kernel, libpng16, libsoup, mumble, net-snmp, perl-Crypt-URandom, pgvector-devel, pnpm, postgresql17, Prometheus, protobuf, python-cbor2, python-Jinja2, python-simpleeval, python311-dynaconf, python311-pydicom, python313-PyMuPDF, salt, snpguest, systemd, and vim), and Ubuntu (bind9, linux-azure, linux-azure, linux-azure-6.17, linux-azure-6.8, and mbedtls).

12:49

The Missing Layer in Agentic AI [Radar]

The day two problem

Imagine you deploy an autonomous AI agent to production. Day one is a success: The demos are fantastic; the reasoning is sharp. But before handing over real authority, uncomfortable questions emerge.

What happens when the agent misinterprets a locale-specific decimal separator, turning a position of 15.500 ETH (15 and a half) into an order for 15,500 ETH (15 thousand) on leverage? What if a dropped connection leaves it looping on stale state, draining your LLM request quota in minutes?

What if it makes a perfect decision, but the market moves just before execution? What if it hallucinates a parameter like force_execution=True—do you sanitize it or crash downstream? And can it reliably ignore a prompt injection buried in a web page?

Finally, if an API call times out without acknowledgment, do you retry and risk duplicating a $50K transaction, or drop it?

When these scenarios occur, megabytes of prompt logs won’t explain the failure. And adding “please be careful” to the system prompt acts as a superstition, not an engineering control.

Why a smarter model is not the answer

I encountered these failure modes firsthand while building an autonomous system for live financial markets. It became clear that these were not model failures but execution boundary failures. While RL-based fine-tuning can improve reasoning quality, it cannot solve infrastructure realities like network timeouts, race conditions, or dropped connections.

The real issues are architectural gaps: contract violations, data integrity issues, context staleness, decision-execution gaps, and network unreliability.

These are infrastructure problems, not intelligence problems.

While LLMs excel at orchestration, they lack the “kernel boundary” needed to enforce state integrity, idempotency, and transactional safety where decisions meet the real world.

An architectural pattern: The Decision Intelligence Runtime

Consider modern operating system design. OS architectures separate “user space” (unprivileged computation) from “kernel space” (privileged state modification). Processes in user space can perform complex operations and request actions but cannot directly modify system state. The kernel validates every request deterministically before allowing side effects.

AI agents need the same structure. The agent interprets context and proposes intent, but the actual execution requires a privileged deterministic boundary. This layer, the Decision Intelligence Runtime (DIR), separates probabilistic reasoning from real-world execution.

The runtime sits between agent reasoning and external APIs, maintaining a context store, a centralized, immutable record ensuring the runtime holds the “single source of truth,” while agents operate only on temporary snapshots. It receives proposed intents, validates them against hard engineering rules, and handles execution. Ideally, an agent should never directly manage API credentials or “own” the connection to the external world, even for read-only access. Instead, the runtime should act as a proxy, providing the agent with an immutable context snapshot while keeping the actual keys in the privileged kernel space.

Figure 1: High-level design (HLD) of the Decision Intelligence RuntimeFigure 1: High-level design (HLD) of the Decision Intelligence Runtime, illustrating the separation of user space reasoning from kernel space execution

Bringing engineering rigor to probabilistic AI requires implementing five familiar architectural pillars.

Although several examples in this article use a trading simulation for concreteness, the same structure applies to healthcare workflows, logistics orchestration, and industrial control systems.

DIR versus existing approaches

The landscape of agent guardrails has expanded rapidly. Frameworks like LangChain and LangGraph operate in user space, focusing on reasoning orchestration, while tools like Anthropic’s Constitutional AI and Pydantic schemas validate outputs at inference time. DIR, by contrast, operates at the execution boundary, the kernel space, enforcing contracts, business logic, and audit trails after reasoning is complete.

Both are complementary. DIR is intended as a safety layer for mission-critical systems.

1. Policy as a claim, not a fact

In a secure system, external input is never trusted by default. The output of an AI agent is exactly that: external input. The proposed architecture treats the agent not as a trusted administrator, but as an untrusted user submitting a form. Its output is structured as a policy proposal—a claim that it wants to perform an action, not an order that it will perform it. This is the start of a Zero Trust approach to agentic actions.

Here is an example of a policy proposal from a trading agent:

proposal = PolicyProposal(
    dfid="550e8400-e29b-41d4-a716-446655440000", # Trace ID (see Sec 5)
    agent_id="crypto_position_manager_01",
    policy_kind="TAKE_PROFIT",
    params={
        "instrument": "ETH-USD",
        "quantity": 0.5,
        "execution_type": "MARKET"
    },
    reasoning="Profit target of +3.2% hit (Threshold: 3.0%). Market momentum slowing.",
    confidence_score=0.92
)

2. Responsibility contract as code

Prompts are not permissions. Just as traditional apps rely on role-based access control, agents require a strict responsibility contract residing in the deterministic runtime. This layer acts as a firewall, validating every proposal against hard engineering rules: schema, parameters, and risk limits. Crucially, this check is deterministic code, not another LLM asking, “Is this dangerous?” Whether the agent hallucinates a capability or obeys a malicious prompt injection, the runtime simply enforces the contract and rejects the invalid request.

Real-world example: A trading agent misreads a comma-separated value and attempts to execute place_order(symbol='ETH-USD', quantity=15500). This would be a catastrophic position sizing error. The contract rejects it immediately:

ERROR: Policy rejected. Proposed order value exceeds hard limit.
Request: ~40000000 USD (15500 ETH)
Limit: 50000 USD (max_order_size_usd)

The agent’s output is discarded; the human is notified. No API call, no cascading market impact.

Here is the contract that prevented this:

# agent_contract.yaml
agent_id: "crypto_position_manager_01"
role: "EXECUTOR"
mission: "Manage news-triggered ETH positions. Protect capital while seeking alpha."
version: "1.2.0"                  # Immutable versioning for audit trails
owner: "jane.doe@example.com"     # Human accountability
effective_from: "2026-02-01"

# Deterministic Boundaries (The 'Kernel Space' rules)
permissions:
  allowed_instruments: ["ETH-USD", "BTC-USD"]
  allowed_policy_types: ["TAKE_PROFIT", "CLOSE_POSITION", "REDUCE_SIZE", "HOLD"]
  max_order_size_usd: 50000.00

# Safety & Economic Triggers (Intervention Logic)
safety_rules:
  min_confidence_threshold: 0.85      # Don't act on low-certainty reasoning
  max_drawdown_limit_pct: 4.0         # Hard stop-loss enforced by Runtime
  wake_up_threshold_pnl_pct: 2.5      # Cost optimization: ignore noise
  escalate_on_uncertainty: 0.70       # If confidence < 70%, ask human

3. JIT (just-in-time) state verification

This mechanism addresses the classic race condition where the world changes between the moment you check it and the moment you act on it. When an agent begins reasoning, the runtime binds its process to a specific context snapshot. Because LLM inference takes time, the world will likely change before the decision is ready. Right before executing the API call, the runtime performs a JIT verification, comparing the live environment against the original snapshot. If the environment has shifted beyond a predefined drift envelope, the runtime aborts the execution.

Figure 2: JIT verification catches stale decisions before they reach external systems.Figure 2: JIT verification catches stale decisions before they reach external systems.

The drift envelope is configurable per context field, allowing fine-grained control over what constitutes an acceptable change:

# jit_verification.yaml
jit_verification:
  enabled: true
  
  # Maximum allowed drift per field before aborting execution
  drift_envelope:
    price_pct: 2.0           # Abort if price moved > 2%
    volume_pct: 15.0         # Abort if volume changed > 15%
    position_state: strict   # Any change = abort
  
  # Snapshot expiration
  max_context_age_seconds: 30
  
  # On drift detection
  on_drift_exceeded:
    action: "ABORT"
    notify: ["ops-channel"]
    retry_with_fresh_context: true

4. Idempotency and transactional rollback

This mechanism is designed to mitigate execution chaos and infinite retry loops. Before making any external API call, the runtime hashes the deterministic decision parameters into a unique idempotency key. If a network connection drops or an agent gets confused and attempts to execute the exact same action multiple times, the runtime catches the duplicate key at the boundary.

The key is computed as:

IdempotencyKey = SHA256(DFID + StepID + CanonicalParams)

Where DFID is the Decision Flow ID, StepID identifies the specific action within a multistep workflow, and CanonicalParams is a sorted representation of the action parameters.

Critically, the context hash (snapshot of the world state) is deliberately excluded from this key. If an agent decides to buy 10 ETH and the network fails, it might retry 10 seconds later. By then, the market price (context) has changed. If we included the context in the hash, the retry would generate a new key (SHA256(Action + NewContext)), bypassing the idempotency check and causing a duplicate order. By locking the key to the Flow ID and Intent params only, we ensure that a retry of the same logical decision is recognized as a duplicate, even if the world around it has shifted slightly.

Furthermore, when an agent makes a multistep decision, the runtime tracks each step. If one step fails, it knows how to perform a compensation transaction to roll back what was already done, instead of hoping the agent will figure it out on the fly.

A DIR does not magically provide strong consistency; it makes the consistency model explicit: where you require atomicity, where you rely on compensating transactions, and where eventual consistency is acceptable.

5. DFID: From observability to reconstruction

Distributed tracing is not a new idea. The practical gap in many agentic systems is that traces rarely capture the artifacts that matter at the execution boundary: the exact context snapshot, the contract/schema version, the validation outcome, the idempotency key, and the external receipt.

The Decision Flow ID (DFID) is intended as a reconstruction primitive—one correlation key that binds the minimum evidence needed to answer critical operational questions:

  • Why did the system execute this action? (policy proposal + validation receipt + contract/schema version)
  • Was the decision stale at execution time? (context snapshot + JIT drift report)
  • Did the system retry safely or duplicate the side effect? (idempotency key + attempt log + external acknowledgment)
  • Which authority allowed it? (agent identity + registry/contract snapshot)

In practice, this turns a postmortem from “the agent traded” into “this exact intent was accepted under these deterministic gates against this exact snapshot, and produced this external receipt.” The goal is not to claim perfect correctness; it is to make side effects explainable at the level of inputs and gates, even when the reasoning remains probabilistic.

At the hierarchical level, DFIDs form parent-child relationships. A strategic intent spawns multiple child flows. When multistep workflows fail, you reconstruct not just the failing step but the parent mandate that authorized it.

Figure 3: Hierarchical Decision Flow IDs enable full process reconstruction across multi-agent interactions.Figure 3: Hierarchical Decision Flow IDs enable full process reconstruction across multi-agent interactions.

In practice, this level of traceability is not about storing prompts—it is about storing structured decision telemetry.

In one trading simulation, each position generated a decision flow that could be queried like any other system artifact. This allowed inspection of the triggering news signal, the agent’s justification, intermediate decisions (such as stop adjustments), the final close action, and the resulting PnL, all tied to a single simulation ID. Instead of replaying conversational history, this approach reconstructed what happened at the level of state transitions and executable intents.

SELECT position_id
     , instrument
     , entry_price
     , initial_exposure
     , news_full_headline
     , news_score
     , news_justification
     , decisions_timeline
     , close_price
     , close_reason
     , pnl_percent
     , pnl_usd
  FROM position_audit_agg_v
 WHERE simulation_id = 'sim_2026-02-24T11-20-18-516762+00-00_0dc07774';
Figure 4: Example of structured decision telemetryFigure 4: Example of structured decision telemetry. Each row links context, reasoning, intermediate actions, and financial outcome for a single simulation run.

This approach is fundamentally different from prompt logging. The agent’s reasoning becomes one field among many—not the system of record. The system of record is the validated decision and its deterministic execution boundary.

From model-centric to execution-centric AI

The industry is shifting from model-centric AI, measuring success by reasoning quality alone, to execution-centric AI, where reliability and operational safety are first-class concerns.

This shift comes with trade-offs. Implementing deterministic control requires higher latency, reduced throughput, and stricter schema discipline. For simple summarization tasks, this overhead is unjustified. But for systems that move capital or control infrastructure, where a single failure outweighs any efficiency gain, these are acceptable costs. A duplicate $50K order is far more expensive than a 200 ms validation check.

This architecture is not a single software package. Much like how Model-View-Controller (MVC) is a pervasive pattern without being a single importable library, DIR is a set of engineering principles: separation of concerns, zero trust, and state determinism, applied to probabilistic agents. Treating agents as untrusted processes is not about limiting their intelligence; it is about providing the safety scaffolding required to use that intelligence in production.

As agents gain direct access to capital and infrastructure, a runtime layer will become as standard in the AI stack as a transaction manager is in banking. The question is not whether such a layer is necessary but how we choose to design it.

This article provides a high-level introduction to the Decision Intelligence Runtime and its approach to production resiliency and operational challenges. The full architectural specification, repository of context patterns, and reference implementations are available as an open source project at GitHub.

12:35

CodeSOD: Preformatted [The Daily WTF]

Amity sends us a "weird" replacement, and I regret to inform you, it's not as weird as it should be.

$body = str_replace(['<pre><code>', '</code></pre>'], ['<pre>', '</pre>'], $body);

This PHP code scans through a string containing HTML and replaces all the <pre><code>.../<code></pre> tags with just <pre></pre>. And yes, that's a weird thing to do; these mean different things, after all. pre tells us the text is preformatted and things like extra whitespace and line breaks should be respected. code tells us the text represents some sort of code. Usually, that involves respecting the formatting, but it also generally involves rendering in a monospace font.

And this touches upon one of my complaints about this very site. A complaint I don't complain about much, because I could easily fix it, and also it doesn't bother me that much, but also, I don't want to be maintaining our little homegrown CMS more than I have to, so I haven't done it.

Quite some time ago, we did a redesign here. It was fairly necessary, as the site old 100% didn't work on mobile devices. At the time, one habit was en vogue amongst web developers: clear all the formatting rules from the default browser stylesheet and replace them with your own. I can sympathize with that, I suppose. It's certainly one way to deal with cross browser rendering quirks: burn everything to the ground and build up from scratch. You'll still have cross browser quirks, but they'll all be your fault, and your fault alone. And another "quirk" that showed up in that rebuilding, and a quirk I've seen on a depressing number of other sites: make pre content be in monospace.

For some reason I don't fully understand, there was a brief period in CSS styling where people willfully collapsed the distinction between pre and code, and just turned them into the same thing. I'm admittedly a bit of a semantic snob (HTML is a DATA format not a PRESENTATION format, it's still SGML to me).

In any case, this doesn't impact you, our dear readers, who instead get a sometimes confounding Markdown comment box with bad editing support. But I post articles here in pure HTML, and while I rarely need a pre tag, every once in awhile, the default site stylesheet throws me off.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

12:07

The PAX East Show Store Is Open! [Penny Arcade]

This year's theme park has so many twists and turns, so many nice little Touches, that it would be tricky to call each of them out.  I merely saw how Gavin had done the S in "PAX East" on a jacket and had to sit down immediately.  First I'll show off everything you can get on our Official PAX Shop, from the comfort of your own phone:

11:49

GE SmartHQ™ Management [Planet GNU]

https://www.smart ... com/lp/management

This offering sure looks like GNU remotecontrol. Perhaps it is our code.

11:07

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters [Schneier on Security]

In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequences on their deployment of AI, while undermining the efforts of consumers, advocates, and industry associations concerned about AI’s harms who have spent years pushing for state regulation.

Trump’s actions have clarified the ideological alignments around AI within America’s electoral factions. They set down lines on a new playing field for the midterm elections, prompting members of his party, the opposition, and all of us to consider where we stand in the debate over how and where to let AI transform our lives.

In a May 2025 survey of likely voters nationwide, more than 70% favored state and federal regulators having a hand in AI policy. A December 2025 poll by Navigator Research found similar results, with a massive net +48% favorability for more AI regulation. Yet despite the overwhelming preference of both voters and his party’s elected leaders—Congress was essentially unanimous in defeating a previous state AI regulation moratorium—Trump has delivered on a key priority of the industry. The order explicitly challenges the will of voters across blue and red states, from California to South Dakota, scrambling political positions around the technology and setting up a new ideological battleground in the upcoming race for Congress.

There are a number of ways that candidates and parties may try to capitalize on this emerging wedge issue before the midterms.

In 2025, much of the popular debate around AI was cast in terms of humans versus machines. Advances in AI and the companies it is associated with, it is said, come at the expense of humans. A new model release with greater capabilities for writing, teaching, or coding means more people in those disciplines losing their jobs.

This is a humanist debate. Making us talk to an AI customer-support agent is an affront to our dignity. Using AI to help generate media sacrifices authenticity. AI chatbots that persuade and manipulate assault our liberty. There is philosophical merit to these arguments, and yet they seem to have limited political salience.

Populism versus institutionalism is a better way to frame this debate in the context of US politics. The MAGA movement is widely understood to be a realignment of American party politics to ally the Republican party with populism, and the Democratic party with defenders of traditional institutions of American government and their democratic norms.

This frame is shattered by Trump’s AI order, which unabashedly serves economic elites at the expense of populist consumer protections. It is part of an ongoing courting process between MAGA and big tech, where the Trump political project sacrifices the interests of consumers and its populist credentials as it cozies up to tech moguls.

We are starting to see populist resistance to this government/big tech alignment emerge on the local scale. People in Maryland, Arizona, North Carolina, Michigan and many other states are vigorously opposing AI datacenters in their communities, based on environmental and energy-affordability impacts. These centers of opposition are politically diverse; both progressives and Trump-supporting voters are turning out in force, influencing their local elected officials to resist datacenter development.

This opposition to the physical infrastructure of corporate AI is so far staying local, but it may yet translate into a national and politically aligned movement that could divide the MAGA coalition.

Any policy discussions about AI should include the individual harms associated with job loss, as employers seek to replace laborers with machines. It should also include the systemic economic risks associated with concentrated and supercharged AI investment, the democratic risks associated with the increased power in monopolistic and politically influential tech companies, and the degradation of civic functions like journalism and education by AI. In order for our free market to function in the public interest, the companies amassing wealth and profiting from AI must be forced to take ownership of, and internalize, these costs.

The political salience of AI will grow to meet the staggering scale of financial investment and societal impact it is already commanding. There is an opportunity for enterprising candidates, of either political party, to take the mantle of opposing AI-linked harms in the midterm elections.

Political solutions start with organizing, and broadening the base of political engagement around these issues beyond the locally salient topic of datacenters. Movement leaders and elected officials in states that have taken action on AI regulation should mobilize around the blatant industry capture, wealth extraction, and corporate favoritism reflected in the Trump executive order. AI is no longer just a policy issue for governments to discuss: it is a political issue that voters must decide on and demand accountability on.

10:35

Grrl Power #1446 – Tropical storm Leander [Grrl Power]

Working out is hard when you can lift the entire gym.

The bottom-left panel is supposed to be a hypothetical Everglades post-maximum Maxima event. I assumed Willy Crocman would make that obvious-ish, but the background could also be interpreted as Monument Valley after being pounded to sand. There’s not a whole lot of crocodiles in Utah, though, generally speaking.

Maxima’s outfit has to basically be printed onto her skin, and while makeup and grease paint don’t stick to her, it’s not like nothing at all does. A wacky wall walker would probably stick to her well enough. Probably one of those rubber stickers that are used on windows. Those might use the same technology, come to think of it. Cora and Galen found some material that basically won’t come off her skin if she’s exerting even the smallest amount of “personal force field” to envelop the stuff, and embedded thousands of micro holo projectors in it. The projection overlaps, so she’ll still have coverage if she loses small patches during the fight, and if large enough bare patches cause her disguise to start to fail, the stuff will slither around and attempt to close the gaps, but that’s dangerous during a fight because it can’t migrate anywhere while her force field is holding it in place. The plan at that point is for her to shift “Armor” into “Speed,” and keep out of danger for the 10-15 seconds it would take her smart cat suit to rearrange itself.

It is conceivable then, that if enough of the outfit was damaged all at once, she could find herself on Space-TV in front of a trillion viewers wearing nothing but pasties. But that’s a risk any superhero or heroine takes when they get into high-powered fights in front of a bank, and they are tougher than their own clothes.

Ah! I thought I had more time till March. I’m bad at looking at dates apparently.

Here is Gaxgy’s painting Maxima promised him. Weird how he draws almost exactly like me.

I did try and do an oil painting version of this, by actually re-painting over the whole thing with brush-strokey brushes, but what I figured out is that most brushy oil paintings are kind of low detail. Sure, a skilled painter like Bob Ross or whoever can dab a brush down a canvas and make a great looking tree or a shed with shingles, but in trying to preserve the detail of my picture (eyelashes, reflections, etc) was that I had to keep making the brush smaller and smaller, and the end result was that honestly, it didn’t really look all that oil-painted. I’ll post that version over at Patreon, just for fun, but I kind of quit on it after getting mostly done with re-painting Max.

Patreon has a no-dragon-bikini version of of the picture as well, naturally.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like.

09:35

09:21

The end of the content shortage [Seth's Blog]

You can be fashionable without reading Vogue. You can be informed without watching the nightly news. You can be smart about science without going to MIT. It’s possible to be a great chef without buying a cookbook. In fact, you can probably thrive without reading this blog. There are millions of songs on Spotify that have only been listened to a few times each.

Not only are more humans publishing more often on more topics, but we’ve built LLMs that are always ready to create even more content, on demand, for an audience of one.

For generations, content has created the demand for more content. A few movies increased our desire to watch more movies. AM radio created the demand for FM, which sold more records, and then Napster magnified our desire for even more music.

Until we hit the wall of enough.

The ennui of infinite content is reversing our spiraling desire for more of it.

05:00

Urgent: Speaking engagements, Europe [Richard Stallman's Political Notes]

I expect to have a trip to Europe in May - June. The start and end dates remain to be decided.

If you would like to invite me to speak during that trip, please write to me now so we can start discussing it. Write to `-invitation' following my three-letter username.

Kennedy Center closing down for two years [Richard Stallman's Political Notes]

The board of the Kennedy Center in Washington DC, newly altered by the saboteur in chief, voted to close down for two years of "renovations".

I can imagine what the building will look like after that remodeling: every 20 feet along any wall there will be a molding depicting his face. It will be necessary to spend more money to undo that.

"Emergency Order" to restart leaky oil pipeline [Richard Stallman's Political Notes]

California law shut down a leaky, polluting pipeline under the Pacific Ocean from Santa Barbara, after it spilled a lot of oil on a beach. so the oil spiller in chief gave the pipeline's owner, as a favor, an "emergency order" to restart it immediately.

California and the federal government continue legal action over whether the pipeline will be allowed to operate. What is clear is that having one more oil pipeline operating is not overall a benefit for the world.

Google dis-service offering online medical advice deactivated [Richard Stallman's Political Notes]

Google has deactivated an online dis-service that until recently offered medical advice based on applying Pretend Intelligence to what users with no medical training said.

This may have been the wise course, since Pretend Intelligence does not actually understand the text it inputs or outputs.

Criticism of streaming platforms in mainstream press [Richard Stallman's Political Notes]

In the mainstream press, even criticism of streaming platforms takes for granted that they are entitled to the power to control what you can do with a recording, and thus reinforces that assumption. Here's an example.

Once you recognize that that power is based on Digital Restrictions Management, which means using nonfree software to control what users can and can't do, you can resist that implicit argument in favor of subjugating you.

Eight protesters in Texas convicted [Richard Stallman's Political Notes]

Eight protesters in Texas, allegedly supporting of the alleged organization "Antifa", were convicted of "material support for terrorism". In their trial, prosecutors cited the fact that some of them wore black clothing, used Signal, and/or carried guns.

Right-wingers also carry guns at protest, and use Signal, but somehow do not get prosecuted for that.

US Department of Health ignored administration of Title X [Richard Stallman's Political Notes]

The US Department of Health quietly ignored the administration of Title X, which provides birth control and sex-specific medical treatment for females, and the system may soon collapse.

I have a suspicion that this mysterious failure was engineered by right-wing extremist Christians who seek to force females to have babies.

Wrecker's new nominee to head of Department of Hatred and Sadism [Richard Stallman's Political Notes]

The wrecker's new nominee to head the Department of Hatred and Sadism has a pattern of speaking so as to give the false impression that he has military experience.

This deception marks him as untrustworthy, but if he were honest about his lack of military experience, that might not be crucial. The DHS does not manage soldiers, after all.

I expect that anyone nominated by the wrecker would regard it as per mission to be cruel and sadistic, and thus should not be confirmed, but that is a separate issue.

Burning Tesla "cybertrucks" locked passengers inside [Richard Stallman's Political Notes]

Tesla "cybertrucks" have locked passengers inside and burned so hot they've disintegrated drivers' bones.

States should designate vehicles which can lock passengers in as unsafe and illegal to drive on a road.

Populations of insect-eating birds in EU [Richard Stallman's Political Notes]

Just 8 years after the EU banned neonicotinoid pesticides, the populations of insect-eating birds are starting to recover.

Because these pesticides are persistent, full recovery will take a long time. I hope other human-caused effects, such as global heating, will not swamp it.

British "Reform" party trying to bribe voters [Richard Stallman's Political Notes]

The British right-wing extremist "Reform" Party is trying to bribe voters by entering them in a lottery, where winning may depend on which party you voted for, and stating which one you will vote for next time.

Zelenskyy offers Europe help in countering drone attacks [Richard Stallman's Political Notes]

Zelenskyy offers Europe Ukraine's help in countering drone attacks, whether from Russia, from Iran, or from criminal gangs.

New link [Richard Stallman's Political Notes]

Urgent: Energy market [Richard Stallman's Political Notes]

US citizens: call on Congress to investigate energy market manipulation.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

04:07

03:14

A Quick Check-In From Mexico [Whatever]

Oh, hello. The JoCo Cruise is in full swing now and last night we had the “land concert” in Loreto, Mexico, and while there (and in between snapping pictures of the performers), I got this photo of Krissy. She was having a good time.

And so am I! Fabulous cruise with fabulous people and it’s humming along nicely. I’ll post about it more when I’m back on land, I’m sure. In the meantime, I hope you’re all well.

— JS

02:14

[1295] The Masks Are Still Watching [Twokinds]

Comic for March 25, 2026

01:28

Job Talk [QC RSS]

Don't worry she's fine

01:21

[$] LWN.net Weekly Edition for March 26, 2026 [LWN.net]

Inside this week's LWN.net Weekly Edition:

  • Front: Security collaboration; Manjaro governance; kernel development tools; PHP licensing; kernel direct map patches; sleepable BPF.
  • Briefs: LiteLLM compromise; Tor in Taiwan; b4 v0.15.0; 24-hour sideloading; Agama 19; Firefox 149.0; GNOME 50; Krita 5.3.0 and 6.0.0; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.

Wednesday, 25 March

23:28

so, i am having a little bit of a stand by me moment [WIL WHEATON dot NET]

There’s a lot happening in my world right now, joy and sorrow, and I don’t have the spoons to write about it. But I’m having a Stand By Me moment that I wanted to share before it passes.

Yesterday, my narration of The Body by Stephen King (the novella that was adapted into Stand By Me) was released. I have wanted to do this for years, and I can’t believe I never wrote about it here. I’ll address that in the future, because it’s a cool story. Simon and Schuster, the publisher, has been super supportive and enthusiastic about this release. They gave me a whole chapter to share, and it’s at the end of this week’s1 It’s Storytime With Wil Wheaton, available now wherever you get your podcasts.

Today, I am the subject of a truly wonderful column in the New York Times that includes interactive clips from my narration, scenes from Stand By Me, and the text of the novella. It’s a beautiful piece that genuinely surprised and delighted me. And it comes just a few days after we were the subject of this incredible essay, also in the New York Times, about our Stand By Me Live tour2.

Tonight, Jerry and Corey and I are together on Entertainment Tonight3 to talk about the movie’s theatrical re-release, which starts on Friday.

I’m glad you’re here. If you’d like to get my posts delivered to your inbox, here’s the thingy:

  1. I had to take last week off, so we are replaying one of my favorite performances, End of Play. ↩
  2. This weekend, we are in Anaheim Friday, Seattle on Saturday (see you at No Kings, Seattle), and Portland on Sunday. Tickets are still available for all three shows. ↩
  3. In Los Angeles, that’s 7:30pm on CBS, check your local listing to be sure. ↩

22:42

Page 1 [Flipside]

Page 1 is done.

Page 10 [Flipside]

Page 10 is done.

Page 9 [Flipside]

Page 9 is done.

Page 8 [Flipside]

Page 8 is done.

Page 7 [Flipside]

Page 7 is done.

Page 6 [Flipside]

Page 6 is done.

Page 5 [Flipside]

Page 5 is done.

Page 4 [Flipside]

Page 4 is done.

Page 3 [Flipside]

Page 3 is done.

Page 2 [Flipside]

Page 2 is done.

Drag Race Episode 12: Making Drag Sisters Outta Queer Cowboys [The Stranger]

It’s time for another classic Drag Race challenge: makeovers! This week, our remaining queens were tasked with turning six queer cowboys into their drag sisters. by Mike Kohfeld

It’s time for another classic Drag Race challenge: makeovers! This week, our remaining queens were tasked with turning six queer cowboys into their drag sisters.

But first, a Mini-Challenge. Dressed like he just stepped off of his Wyoming fracking ranch, RuPaul instructed the queens to “giddy-up and titty-up” for a Hot to Trot Horse Race. Seeing the queens in their quick-drag cowgirl looks made me cackle. “We are all looking like the nastiest county fair you have ever seen,” Darlene said, “and I feel right at home.”

The queens raced their way across the werkroom on inflatable horses. This was all shot in slow motion (of course) so we got to see every bounce, jiggle, and wipeout in delectable detail. In the end, Discord found herself with her second Mini-Challenge win: “In Discord math, two Minis make a Maxi.” I guess that works?

A Posse of Queer Cowboys

“Discord math” may be delusional, but she earned the privilege of pairing the queens with six strapping queer cowboys to kick off the Main Challenge.

Discord chose horse speed-rider Colton of Oklahoma for their uncanny resemblance (and matching ear gauges). She chose to do a Clueless theme for their runway, dressing as a punk mean girl while Colton, renamed Harmony Addams (get it?), was transformed into a preppy mean girl.

In the werkroom, RuPaul cautioned Discord to focus more on family resemblance rather than a cute concept, but Discord plowed ahead with her plan. It was a fun runway, but the judges didn’t buy it. Law Roach had nothing nice to say (Discord blasted his “nasty” judging style in an interview with EW) and Michelle insisted there was no family resemblance. Discord landed in the bottom two.

Juicy was paired with Greg, a Navajo gay rodeo All-Around champion. He became Loosey Love Dion—an exquisite incarnation of Celia Cruz—fulfilling Juicy’s vision of glamorous Afro-Latina twins. The judges praised the cohesion between the two looks. “Juicy turned me into this beautiful woman,” Loosey shared during the critiques, tearing up. “It’s so empowering.”

Discord partnered Jane Don’t with Terry, a retired rodeo judge from Oklahoma. Jane figured Discord gave her the eldest cowboy to trip her up. But she was undaunted, transforming Terry into her sister Maybe Don’t, dripping with vintage glamour in complementary gowns and feather boas.

The judges were split on Jane and Maybe. Guest judge actress/comedienne Danielle Pinnock exclaimed, “what episode of Parent Trap is this? Y’all are giving twins!” But Michelle insisted there was no family resemblance at all, landing Jane in her first-ever bottom placement. (The inconsistency of the judging during this episode was definitely the story editing taking a front seat as the producers build up the top four. In the words of Alyssa Edwards: rigga morris!)

          View this post on Instagram                      

A post shared by Jane Don’t (@heyjanedont)

Regardless of the judging, Terry/Maybe Don’t had the time of his life: “Looking this glamorous, I never dreamed I would look as good, or better than you, RuPaul.” At the end of the episode, there was a memoriam for Terry. Jane shared a touching statement on her Instagram. Pour one out for Terry.

Drag Family Therapy

Michael of Denver, the VP of the International Gay Rodeo Association, became Morgan Meeks under partner Myki’s tutelage. Myki ended up with an unexpected advantage, as Michael had snatched the title of Miss International Gay Rodeo in 2000. He shared that he had quit drag because of hangups around his masculinity, but the experience with Drag Race helped him reconnect with his feminine side.

The Meeks sisters fit the brief in matching gowns. While the looks were relatively simple compared to the other queens’, they looked related to one another… and related to Michelle, too: Roach called them “Nichelle and Rochelle Visage.” Myki scored the win for the episode.

Myki wasn’t the only one to get a queeny cowboy. Darlene’s partner Chris, a roper from Oklahoma, was unafraid of his feminine side. During RuPaul’s walkthrough, Chris shared that he cleaned house in stilettos (something tells me Darlene does this too. Banana!). It was a match made in gay heaven. Darlene leaned into the camp of it all, turning Chris into her trashy sister Bonnie Mitchell on a wild night out in Vegas.

Nini was paired with Jason, a Colorado steer wrestler. Jason’s story of being afraid of his own femininity after the murder his friend and fellow soldier Barry Winchell inspired Nini to help him reconnect with his queerness through drag. For their runway, Nini chose a conceptual route, dressing herself as a monarch butterfly and Jason (as Patsy Coco) as a caterpillar. “I thought the costumes were cute, but there was no family resemblance at all,” Law Roach said to the agreement of the rest of the judges.

Nini ended up in the bottom two alongside Discord—the first time for them both. They battled it out to Ariana Grande’s ballad, “we can’t be friends.” Nini had a tighter lipsync and better matched the energy of the song, keeping her in the competition.

We hated to see Discord go, but we loved to watch her Discord-walk away. After promising to see us again on All Stars (yes please), she departed Season 18 with a hearty “eat the rich, fuck the patriarchy.” This is now a Discord Addams stan account.

Of the five queens left, who will make it to the Top Four? It’ll all come down to next week’s performance challenge: Karens Gone Wild. See you then!

21:56

The reports of age verification in Linux are greatly exaggerated, for now [OSnews]

Several US states, the country of Brazil, and I’m sure other places in the world have enacted or are planning to enact laws that would place the burden of age verification of users on the shoulders of operating system makers. The legal landscape is quite fragmented at this point, and there’s no way to tell which way these laws will go, with tons of uncertainties around to whom these laws would apply, if it targets accounts for application store access or the operating system as a whole, what constitutes an operating system in the first place, and many more. Still, these laws are already forcing major players like Apple to implement sharing self-reported age brackets with application developers (at least in iOS), so there’s definitely something happening here.

In recent weeks, the open source world has also been confronted with the first consequences of these laws, as both systemd and xdg-desktop-portal have responded to operating system-level age verification laws in, among other places, California and Colorado, by adding birthDate to userdb (on systemd’s side) and developing an age verification portal (on xdg-desktop-portal’s side) for use by Flatpaks. The age verification portal would then use the value set in usrdb’s birthDate as its data source. The value in birthDate would only be modifiable by an administrator, but can be read by users, applications, and so on.

Crucially, this field is entirely optional, and distributions, desktop environments, and users are under zero obligation to use it or to enter a truthful value. In fact, contrary to countless news items and comments about these additions, nothing about this even remotely constitutes as “age verification”, as nothing – not the government, not the distribution or desktop environments, not the user – has to or even can verify anything. If these changes make it to your distribution, you don’t have to suddenly show your government ID, scan your face, or link your computer to some government-run verification service, or even enter anything anywhere in the first place.

Furthermore, while the xdg-desktop-portal’s proposals are still fluid and subject to change, consensus seems to be to only share age brackets with applications, instead of full birth dates or specific ages – assuming anything has even been entered in the birthDate field in the first place. Even if your Linux distribution and/or desktop environment implements everything needed to support these changes and expose them to you in a nice user interface, everything about it is optional and under your full control. The field is of the same type as the existing fields emailAddress, realName, and location, which are similarly entirely optional and can be left empty if desired.

Taken in isolation, then, as it currently stands, there’s really not much meat to these changes at all. The primary reason to implement these changes is to minimally comply with the new laws in California, Colorado, Brazil, and other places, and it’s understandable why the people involved would want to do so. If they do not, they could face lawsuits, fines, or worse, and I don’t know about you, but I wouldn’t want to be on the receiving end of the western world’s most incompetent justice system. Aside from that, these changes make it possible to build robust parental controls, which isn’t mentioned in the original commits to systemd, but is clearly the main focal point of xdg-desktop-portal’s proposal.

This all seems well and good, but given today’s political climate in the United States, as well as the course of history, that “as it currently stands” is doing a lot of heavy lifting. Rightfully so, a lot of people are worried about where this could lead. Sure, today these are just inconsequential, optional changes in response to what seems to be misguided legislation, but what happens once these laws are tightened, become more demanding, and start requiring a lot more than just a self-reported age bracket?

In Texas, for instance, H.B. 1131 requires any commercial entity, including websites, that contains more than one-third “sexual material harmful to minors” to implement age verification tools using things like government-issued IDs or bank transaction data to verify visitors’ ages before allowing them in. The UK has a similar law on the books, too. It’s not difficult to imagine how some other law will eventually shift this much stricter, actual age verification from websites and applications into operating systems instead. What will systemd’s and xdg-desktop-portal’s developers do, then? Will they comply as readily then as they do now?

This is a genuine worry, especially if you already belong to a group targeted by the current US administration, or were face-scanned by ICE at a protest. Large groups of especially religious extremists consider anything that’s LGBTQ+ to be “sexual material harmful to minors”, even if it’s just something normal like a gay character in a TV show. It’s not hard to imagine how age verification laws, especially if they force age verification at the operating system level, can become weaponised to target the LGBTQ+ community, other minorities, and people protesting the Trump regime.

You may think this won’t affect you, since you’re using an open source operating system like desktop Linux or one of the BSDs, and surely they are principled enough to ignore such dangerous laws and simply not comply at all, right? Sadly, here’s where the idealism and principles of the open source world are going to meet the harsh boot of reality; while open source software has a picturesque image of talented youngsters hacking away in their bedrooms, the reality is that most of the popular open source operating systems are actually hugely complex operations that require a ton of funding, and that funding is often managed by foundations. And guess where most popular Linux distributions’ and BSD variants’ foundations are located?

Developers from all over the world may contribute to Debian, but all of its financials and trademarks are managed by Software in the Public Interest, domiciled in New York State. Fedora is part of Red Hat, owned by IBM, and we all know IBM. Arch Linux’ donations are also managed by Software in the Public Interest. The Gentoo Foundation is domiciled in New Mexico. The FreeBSD Foundation is domiciled in Boulder, Colorado. The NetBSD Foundation is domiciled in Delaware. Ubuntu is a Canonical product, a company headquartered in London, UK, a country with strict age verification laws for websites and applications. Hell, even Haiku, Inc. is domiciled in New York State. I could go on, but you get the gist: all of these projects manage their donations, financials, trademarks, and related issues in the United States (or the UK for Ubuntu).

It’s relatively easy for these projects to take a principled stance against the relatively limited age verification laws that exist today, but what about if and when these laws are expanded to infiltrate the very operating systems we use? It’s easy to resist the boot when it’s pressing down on some porn website or a sex worker’s OnlyFans page, but once that same boot is pressing down on your own throat? That’s a whole different story. Will Debian, FreeBSD, or Fedora still stand their ground when the organisations managing their donations, finances, and trademarks become the target of lawsuits or the US justice system, because they refuse to implement age verification?

I sincerely doubt it.

And this is why I am of two minds about this issue. On the one hand, I fully understand that the various developers involved with these efforts want to make sure they follow the law and avoid getting fined – or worse – especially since compliance requires so little at this time. On top of that, these changes make it possible to implement a fairly robust set of parental controls in a centralised way, keeping the data involved where it makes sense, so it also brings a number of benefits for users. There really isn’t anything to worry about when looking at these changes in isolation.

On the other hand, though, I also understand the fears and worries from people who see these changes as the first capitulation to age verification, nicely making the bed for much stricter age verification laws I’m sure certain parts of the political compass are already dreaming about. With so many Linux distributions, BSD variants, and even alternative operating systems having their legal domiciles in the United States, it’s not unreasonable to assume they’re going to fold under any possible legal pressure that comes with such laws.

I’m not rushing to replace my Fedora KDE installations with something else at this point, but I’m definitely going to explore my options on at least one of my machines and go from there, so I at least won’t be caught with my pants down in the future. The world isn’t ending, age verification hasn’t come to Linux, but we’d all do well to remain skeptical and prepare for when it does make its way into our open source operating systems.

18:00

17:49

[$] Collaboration for battling security incidents [LWN.net]

The keynote for Sun Security Con 2026 (SunSecCon) was given by Farzan Karimi on how incident handling can go awry because of a lack of collaboration between the "good guys"—which stands in contrast to how attackers collaboratively operate. He provided some "war stories" where security incident handling had benefited from collaboration and others where it was hampered by its lack. SunSecCon was held in conjunction with SCALE 23x in Pasadena in early March.

17:14

Slog AM: Cesar Chavez Park to Be Renamed, the Muckleshoot Casino Sauce Machine, and Wishing Death on Your Enemies in a Christ-Like Manner [The Stranger]

The Stranger's morning news roundup. by Vivian McCall

Seattle, King County to rename Cesar Chavez Park in South Park: Since the former Mexican American labor hero allegedly sexually abused girls and women, including his fellow labor leader Dolores Huerta, this is a good idea. The sign with Chavez’s name has already come down, The Seattle Times reports.

Leaders are grappling with the Chavez allegations in the Yakima valley, where he visited many times, reports the Yakima Herald. In 1986, he spoke at Yakima Valley College and Central Washington University before a two day march focused on the plight of asparagus cutters.

ICE in the News: The King County Council voted Tuesday to ban immigration operations on certain county properties unless federal agents have a judicial warrant or court order, KUOW reports. The measure passed 7-1. Councilmember Reagan Dunn voted against. His brother in moderation Councilmember Pete Von Reichbauer was excused from the vote. The council also struck the word “alien” from its legal code. County Executive Girmay Zahilay issued an executive order directing the council to take up the legislation.

What’s more Christ-like than wishing death on your enemies? Defense Secretary Pete Hegseth’s pastor and closest spiritual advisor Brooks Potteiger said on the podcast “Reformation Red Pill” that he wants Texas Senate candidate James Talarico to die. He referred to Talarico as a “wolf,” “demon,” and a “snake.” Actually, he’s a white Christian man! No matter. “First and foremost, we pray that a man like this would be cut to the heart.”

I’d hate to be slop rn. OpenAI is shutting down it’s AI video app Sora just a few months after launch and a now-kaput $1 billion investment deal with Disney. Back in October, Sora was hailed as this next-gen product of “the threat to our shared reality” variety. But Sora hemorrhaged money. Back of the napkin math suggested the company was blowing $15 million a day on these videos, Forbes wrote in November. Even the head of Sora, Bill Peebles, said the economics were completely unsustainable. Does this mean Mickey Mouse is staying far, far away from the slop? No, they’re still going to engage with AI “to find new ways to meet fans where they are.”

Liable: After a seven-week trial, a New Mexico jury determined that Meta, which owns Facebook and Instagram and the soon-to-be-shuttered Metaverse, had harmed the mental health of children and concealed what it knew about child sexual exploitation on its social media platforms. Jurors are deliberating in a similar case in California. For its thousands of violations, Meta could pay out $375 million—less than a fifth of what prosecutors were seeking. The company is valued at $1.5 trillion, so it’s not likely to make a dent. The shareholders don’t care. Stock was up 5 percent following the verdict. As for what will change, a judge will decide.

Epic, Fail: Fortnite developer Epic Games laid off 1,000 employees on Wednesday, a significant chunk of its staff. In an open letter, CEO Tim Sweeney wrote that Fortnite engagement took a dive in 2025, and the company is now “spending significantly more than we’re making.” Sweeney did not share exact engagement numbers. But at its 2023 peak Fortnite averaged 3.1 million players a day. Last September, that number had fallen to approximately 835,000. This is nothing to floss about.

😐👍: The Pentagon will order 2,000-3,000 82nd Airborne soldiers to the Middle East to support the war in Iran. Simultaneously, the US has sent Iran a 15-point plan to end the same war. It hasn’t been made public. This morning, Iran rejected the proposal and laid out its own conditions.

Go To War, Elder Millennials: The army bumped up the max enlistment age to 42 this month, bringing the admission policy in line with most other US Military services like the Air Force, Space Force, and Coast Guard. Sure, you were never able to afford the house you always dreamed of, but Trump, in his infinite wisdom, has forged a new path for you.

Weather: Rain before 2 p.m., then a chance of thunderstorms. This will help you acclimate to the loud noises.

What Could Be Worse Than Skeletons in the Closet? While cleaning out a closet in preparation to move the Mississippi Department of Public Safety to new headquarters, workers discovered a small blue suitcase. Inside was a cache of Klu Klux Klan materials, including Klan charters, Klan robes, recruitment materials, meeting notes, and a ledger of members who paid—and didn’t pay—their dues. The department has donated the materials to the Mississippi Department of Archives and History.

“It’s more than a sauce station”: Muckleshoot Casino has a Heinz REMIX machine, a “game-changing flavor experience” that allows people to make fucked-up sauces. Tongue explorers can add up to two “flavor enhancers”— jalapeño, chipotle, buffalo, garlic, honey, or bacon—at three levels of intensity to bases of ketchup, mustard, mayonnaise, barbecue, ranch, smoked barbeque, and honey mustard. Sounds unclean.

16:28

Here We Go Again [Penny Arcade]

Ronia is, in fact, on stage jumping around going fucking crazy in Mamma Mia, which is essentially like a jazzercize class with a lyric book. Like, on some Tae Bo shit. I would last part of one song before my lungs tried to crawl out of my mouth. Gabriel was under some misconceptions regarding the production that I was happy to correct by striking him repeatedly with one of those little ice fishing bats. Did you know that those little clubs are called "priests"? Gabriel didn't know either. I made sure he understood as it was coming down.

15:35

Setting up a Tor Relay at National Taiwan Normal University (Tor Blog) [LWN.net]

The Tor Blog has an interesting article about the non-technical side of setting up a Tor Relay. It documents how a computer science student at National Taiwan Normal University worked with the university system to set up a relay and provides a template for future attempts:

In Taiwan, anonymous networks do not lack technical documentation or ideological support. The real scarcity is experience from actually working through the real institutional system once. Especially in an environment where academic networks are highly centralized and outbound connectivity is tightly controlled, distributed anonymous infrastructure like Tor Relays is inherently difficult to sustain.

This implementation at National Taiwan Normal University was not meant to provide a final answer for anonymous networks. It was a concrete attempt made within real-world institutions. It may not immediately improve the performance or security of anonymous networks, and it was not intended to become a directly reproducible standard process. What it did achieve was leaving behind a clearly visible path of practice—one that can be understood, referenced, and built upon.

14:49

LibreQoS v2.0 released [LWN.net]

Version 2.0 of the LibreQoS traffic-management and network operations platform has been released.

This release makes LibreQoS easier to operate, easier to understand, and much more useful for day-to-day network work. Now users can see more of what is happening across the network, troubleshoot subscriber issues with better tools, and work from a much stronger local WebUI.

This release includes many capabilities that reflect ideas and direction long championed by our late colleague, Dave Täht.

Dave's work helped shape the understanding of bufferbloat and the importance of latency under load across the networking community. His influence continues to guide both LibreQoS and the broader effort to improve Internet quality.

The project has also announced the release of the LibreQoS Bufferbloat Test v2, also dedicated to Täht. It runs in a user's browser to look at "latency under load, jitter, loss, and what those things mean for the kinds of traffic people actually care about: browsing, streaming, video calls, audio calls, backups, and gaming".

[$] More efficient removal of pages from the direct map [LWN.net]

The kernel's direct map provides code running in kernel mode with direct access to all physical memory installed in the system — on 64-bit systems, at least. It obviously makes life easier for kernel developers, but the direct map also brings some problems of its own, most of which are security-related. Interest in removing at least some pages from the direct map has been simmering for years; a couple of patch sets under discussion show some use cases for memory that has been removed from the direct map, and how such memory might be efficiently managed.

14:07

How can I change a dialog box’s message loop to do a Msg­Wait­For­Multiple­Objects instead of Get­Message? [The Old New Thing]

A customer wanted to know how to change a dialog box’s message loop so that it used Msg­Wait­For­Multiple­Objects instead of Get­Message. (I’m guessing that they had a handle that they wanted to wait on while the dialog was up.) The standard dialog box message loop checks only for messages, not kernel handles.

One way to do it is to replace the modal dialog box with a modeless one and run your own message loop. However, there’s a key piece missing from the do-it-yourself, which is that there is no way to know whether the dialog procedure has called End­Dialog, and if so, what result code it passed.

So maybe you’re displaying somebody else’s dialog box and therefore cannot alter the dialog procedure to set a different flag when it wants to end the dialog. What can you do to customize the dialog loop from the outside?

Dialog boxes send their owner the WM_ENTER­IDLE message when they have run out of work to do and are about to block waiting for a message. if the handler of the WM_ENTER­IDLE message returns, and there is no posted message in the queue, then the dialog box goes to sleep and waits for a message to come in.

As the name of the message suggests, one way to use the WM_ENTER­IDLE message is to handle the message by doing do background idle-time activity, and then return when there is a message for the dialog box to process. For example, maybe you want to do spell checking when the user is idle.

Another way to use the WM_ENTER­IDLE message is to take over how the dialog message loop waits for a message. You can do your own thing, and return when there is a posted message that needs processing.

So let’s try it. Just for demonstration purposes, we’ll create a waitable timer that beeps every two seconds while a common file open dialog is up.

Start with our scratch program and make these changes. Remember that error checking has been elided for expository purposes.

#include <commdlg.h>

HANDLE hTimer;

void OnChar(HWND hwnd, TCHAR ch, int cRepeat)
{
    if (ch != ' ') return;

    hTimer = CreateWaitableTimerW(nullptr, FALSE, nullptr);

    LARGE_INTEGER twoSeconds;
    twoSeconds.QuadPart = -2 * wil::filetime_duration::one_second;
    SetWaitableTimer(h, &twoSeconds, 2000, nullptr, nullptr, FALSE);

    TCHAR buffer[MAX_PATH]{};
    OPENFILENAME ofn{};
    ofn.lStructSize = sizeof(ofn);
    ofn.hwndOwner = hwnd;
    ofn.lpstrFilter = TEXT("All Files\0*.*\0");
    ofn.nFilterIndex = 1;
    ofn.lpstrFile = buffer;
    ofn.nMaxFile = ARRAYSIZE(buffer);
    GetOpenFileName(&ofn);

    CloseHandle(hTimer);
    hTimer = nullptr;
}

Our WM_CHAR handler ignores all characters other than the space bar. But if you press the space bar, it creates a waitable timer that triggers every two seconds, and then it displays a dialog: In this case, it’s the common file open dialog. When the dialog is finished, we close the timer since we don’t need it any more. This is just setting up the environment for our WM_ENTER­IDLE handler to do its magic.

The interesting work happens in the next function.

void OnEnterIdle(HWND hwnd, UINT source, HWND hwndSource)
{
    if (!hTimer) return;

    MSG msg;
    while (true) {
        DWORD result = MsgWaitForMultipleObjects(1, &hTimer,
                                FALSE, INFINITE, QS_ALLINPUT);
        switch (result) {
        case WAIT_OBJECT_0:
            MessageBeep(~0);
            break;

        case WAIT_OBJECT_0 + 1:
            if (PeekMessage(&msg, nullptr, 0, 0, PM_NOREMOVE)) {
                return;
            }
            break;

        default:
            FAIL_FAST_HR(E_UNEXPECTED);
        }
    }
}

When we get a WM_ENTER­IDLE message and there is no timer handle, then just return without doing anything, allowing the dialog box message loop to go idle.

But if we have a timer handle, then we use the Msg­Wait­For­Multiple­Obcjets function to wait for either the timer handle to be signaled or for a message to arrive. If it was the timer handle, we beep. If it was a message, we call Peek­Message to process any inbound Send­Message calls and see if there’s a posted message waiting. if so, then we leave it in the message queue (PM_NO­REMOVE) for the dialog loop to pick up and return. If we get any other code, then something went horrible wrong, and we fail fast.

Now we can hook these up to our window procedure.

    HANDLE_MSG(hwnd, WM_CHAR, OnChar);
    HANDLE_MSG(hwnd, WM_ENTERIDLE, OnEnterIdle);

When the common dialog box goes idle, the internal dialog message pump sends a WM_ENTER­IDLE message to the owner (which is us), and we do our handle stuff until a posted message is ready.

When you run this program, press the space bar, and you get a happy common dialog box, accompanied by some annoying beeping.

I pulled a trick here. Maybe you noticed it. We’ll look at it next time.

The post How can I change a dialog box’s message loop to do a <CODE>Msg­Wait­For­Multiple­Objects</CODE> instead of <CODE>Get­Message</CODE>? appeared first on The Old New Thing.

Five new stable kernels [LWN.net]

Greg Kroah-Hartman has announced the release of the 6.19.10, 6.18.20, 6.12.78, 6.6.130, and 6.1.167 stable kernels. Each contains important fixes throughout the tree. Users are advised to upgrade.

Security updates for Wednesday [LWN.net]

Security updates have been issued by Debian (chromium), Fedora (chromium, containernetworking-plugins, musescore, and python-multipart), Mageia (perl-XML-Parser, roundcubemail, trilead-ssh2, vim, and webkit2), Oracle (389-ds:1.4, gimp:2.8, glibc, gnutls, kernel, libarchive, nginx:1.24, opencryptoki, python3, uek-kernel, vim, yggdrasil, and yggdrasil-worker-package-manager), Red Hat (delve, osbuild-composer, and skopeo), Slackware (mozilla), SUSE (dpkg, go1.26-openssl, gstreamer-plugins-ugly, kernel, libssh, ovmf, python-pyasn1, python-tornado6, python311, salt, sqlite3, and systemd), and Ubuntu (linux-aws-fips, linux-azure, linux-azure-fips, linux-fips, linux-gcp-fips, linux-iot, linux-kvm, pjproject, and redis).

13:28

Link [Scripting News]

WordPress can now connect via MCP for both reading and writing. This sounds like a possible alternative for the wpcom api that we're building on in WordLand. Sometimes it feels like everything is being reinvented. If the world would just stand still for a moment we might be able to do some building. I wonder how the advent of AI is affecting how WordPress is being developed. I know it's changing everything here.

Link [Scripting News]

Meanwhile I have to tend to the past. I had a server go down the other day, and haven't been able to get it running again. It's a very old one, the first I used PagePark for hosting the apps. So I'd rather not have to dig into whatever it is that's keeping it from running. This morning I moved the test app for XML-RPC, betty.userland.com, to another server, so this page now works again.

Tatterdemalion [Original Fiction Archives - Reactor]

Original Fiction Dark Fantasy

Tatterdemalion

In a traditional folktale from Alak, a dreamy good-for-nothing young woman seeking excitement discovers a life of adventures may not be what she expected. Be careful what you wish for!

Illustrated by Raven Jiang

Edited by

By

Published on March 25, 2026

0 Share
An illustration of a billowing white cloth hovering above the ocean as a wave crashes against a sea stack below and lightning flashes across the night sky.

In a traditional folktale from Alak, a dreamy good-for-nothing young woman seeking excitement discovers a life of adventures may not be what she expected. Be careful what you wish for!

Novelette | 7,515 words

Introductory Note: The Deed mentioned in this story belongs to a class of magical artifacts that we find occasionally in Alak folklore and mythology. The original and most powerful of them was the Deed of Talorow, which, according to legend, was accidentally dropped by a sort of monster or demon hastily fleeing from the wrath of the gods. It was subsequently discovered by a little girl, who felt a very Alak-like disgust at the wildness and chaos of the world in her day, and who realized that the magic of the Deed would fix in their forms and roles everything that came within sight of it. The girl imagined how much more orderly and regular the world would be if only the Deed could be displayed in a sufficiently prominent place, where it could be seen by everyone, and therefore affect everything. It then occurred to her that, of course, the sky was incomparably the best place to show the Deed, for then no one could really avoid the sight of it. She wracked her brains for a way to introduce the Deed into the sky, and finally decided to thrust her head into a pond and drown herself while holding the Deed firmly in her hand. She believed that, once she died, her spirit would be free of her heavy body, and could carry the Deed aloft into the sky. And so it happened, and her spirit welded, with its own substance, the Deed to one of the stars, displaying it to all the world. As a result, what had flowed became fixed, what had improvised became standardized, and a greater orderliness and predictability flourished everywhere. So great a benefit was this to the Alak Empire that the Divine Family officially adopted the little girl, and the star was given her name, Chlawgar, which it still has today.

Alaks maintain that the world has always existed and always will; and, naturally, this goes for the Empire as well. While this idea stands at odds with the official history, which records many different accounts of the foundation of the Empire, the premise is nevertheless everywhere among them sustained. The Empire, it is at least implied, has always existed in its ideal aspects. Its tangible aspects must be realized in time by human beings. There is a belief among the Alaks in what is known as the “impossible time” that somehow preceded proper time, and the sly influence endures as a present remnant of the impossible time, accounting for the various setbacks the Empire has encountered throughout its history.  Is it surprising to read that the Deed of Talorow, that mighty ordering power, is the work of the entropic sly influence? This is not clear at all, but one might speculate that the sly influence was once considered to be more lethargic, passive, and inert than it later came to be. In any case, the Deed of Ilianeghis in this story is likewise a work of the sly influence, imbued with all of its out-of-place, chaotic, and inventive power. This explains its cursed, dangerous character.

The term “Zaman Wislin” refers both to a divinatory philosophy and to its adherents, or “mathetes.” Since it is recognized by the Predikanten, the Alaks tolerate its existence. While they are not a cult, Zaman Wislin do claim to be in a tutelary relationship with a godlike dragon called Gilshrakes who is at the center of the universe. They are commonly supposed to collect Deeds of the sort mentioned here, and might perhaps also be able to draft new Deeds themselves, which explains their role in this story.

Our narrative’s main character, Temedy, belongs to a category of personalities familiar to most Alak readers and listeners. She is the ne’er-do-well, the malcontent who joins in the work of the Empire without enthusiasm and is not at one with it in her heart, and entertains these feelings of disaffection because she is too weak and foolish to resist them. Temedy is the inadequate instrument, someone who is not sufficiently real. This type of character is always attractive and talented, the better to emphasize what a waste they make of their lives, and what a loss that is for the Empire. The story is a cautionary tale intended to help readers and listeners correctly identify this type when they encounter it, and thence to take appropriate action respecting them, but there are stories about such characters finding their full reality, for example, in confronting a challenge.

These characters are often named “Temedy” for ease of both recognition and application, since this name is not one that any real person would be given. Its etymology is obscure; it is most probably derived from the Gaboktja Ujhik word “temeschlem,” meaning tatterdemalion or guttersnipe. The title of this story reflects this preferred derivation, but there are those, including Quil Qusogh himself, who maintain that the meaning stems instead from the Lemkhitz word “demd,” meaning sickly, pasty, disorderly, or meagre.

Finally, a “soul burner” is an Alak hobgoblin, who devours the evil spirits once believed to infest the world, in order to absorb their strength and cause greater mischief.

Once upon a time there lived in the village of Sogtrul a shiftless, threadbare young woman named Temedy who was good for nothing. She worked as a copyist for the calendary, slept in a loft above the offices, and eked out a living that barely kept body and soul together. No one who looked for her, and there were not many who did, could ever find her, because she was always wandering off into the countryside. She would stray for hours among the hills, often walking all the way to the feet of the mountains. To be sure, if she weren’t expected at her desk, she would have climbed them, perhaps never to return. Her parents were dead; her only living relation was a married sister who rightly repudiated her, who had prospered her education and now lived in the great city of Sunflik, where she conducted highly important business. Temedy did not seek out her sister, but languished in hapless devotion to the idle and melancholic daydreams with which her mind busied itself during her solitary rambles. No one in Sogtrul had the least respect for her, so why should we listen to her story?

You’ll see!

For there was a day when, stumbling along at random as usual, she blundered across something strange. It was a place at the feet of the mountains, where rolling grasslands crack open in crevasses and where slender brooks fan out at intervals like lacework. There was one spot in particular where people used to cut whetstones for sharpening barber’s razors, and the heavier blocks were used to press cadavers for preservation. This was done, as you may know, by placing the corpse on a slab with a slight concavity to it, then surrounding it with blocks of ice. Another matching slab was then laid on top, and, as the ice supporting it melted, it would sink gradually down and flatten the body without crushing it to a pulp. The cadaver would keep indefinitely afterwards, like a pressed flower. Places like that attract Zaman Wislin; they come looking for ghosts, elementals of work, haunted winds, portentous lights, and, above all, archaic inscriptions, hidden texts, forbidden scrolls, to winnow the dragon-secrets of Gilshrakes from them. At one time they had a camp there, which they left for reasons as mysterious as their reasons for establishing it in the first place, and their abandoned tents, now little more than long white rags knotted firmly to their frames, were still there. No one could say why, but they had named their camp “he Cloister of Glowing Cores,” and the name endured after they were gone. Temedy had read the name many times in the records and letters of officials that she had been called upon to copy, and indeed she was so addicted to reading things not pertinent to her duties that she had sought out and studied other historical documents in crumbling district ledgers, to no better end than to appease her curiosity.

Now, as if in a dream, she saw this fabled spot with her own eyes. The rags of the ruined tents billowed in the incessant wind like water weeds in a strong current, so she could hear them flap and rustle like a great fire without heat or smoke. It was a lure too strong for her feeble willpower to resist, and she descended down to Glowing Cores, wondering if she might find some traces of the mathetes there, or other trash of former days heedlessly thrown aside and tramped down by people with better things to do.

She was just passing a small stand of trees when a hacking cough erupted somewhere nearby, and Temedy realized that she wasn’t alone. In a spasm of cowardice, her first impulse was to hide herself, and she did not resist it. Temedy scrambled back toward one of the trees and put it between herself and the direction the cough came from, then watched carefully, crouched down, not daring to breathe. A moment later she saw a figure in black walk stiffly out from behind one of the ruined tents. It was an older man, clean-shaven, in black clothes. He carried his head erect and his shoulders square, his rigid back was unnaturally straight, so that he moved a little like a puppet on a stick, turning his whole body to look this way and that. It was obvious that he was searching for something he expected to find on the ground.

Temedy didn’t want to have anything to do with this stranger, but, she would certainly be seen if she fled, and that was not something she wanted either. What she wanted was for the stranger to go away, so she could go on exploring. Instead, he came directly toward Temedy’s tree, swivelling this way and that as he continued to examine the ground, without pause. Temedy thought frantically—could she manage to creep around the tree as the man passed, or should she make a run for it? Too late! The man was already there, and saw her.

“Well, well,” the man said.

Temedy could only say “Well!” in reply.

The man had a harelip and strange, round eyes, like two circles, so Temedy could see the whites going all the way around the pupils. His black clothes were made of some rich, heavy stuff like bombazine that was all stained with salt from the man’s dried perspiration. Indeed, there was so much salt in his clothes that little puffs of it came out when he moved.

“Have you come from—far away?” the man asked. His teeth flickered as he spoke, white as chalk.

“Not . . . not very far . . .” Temedy spluttered. She didn’t like telling this man anything about herself. He dressed and acted a bit like an official, so she asked him, “Are you . . . from the calendary?”

“I’m Obelizer,” the man said, and smiled broadly without parting his lips. His voice was hoarse and low, but it was the kind of voice, Temedy knew, that could boom out deafeningly loud if necessary. “From the Shrine of Zeroes.”

That, Temedy knew, was the name of a fane where the mathetes of Zaman Wislin lived, on the mountains’ far side. You can know someone is Zaman Wislin if they have a name like that, because they leave behind their wholesome names when they become Zaman Wislin, and receive new names that reflect what they do. Every mathete will also have something wrong with them, but it won’t always be as easy to spot as that harelip, so examine every stranger you meet carefully and be suspicious of little irregularities.

“I’m uh, Temedy,” Temedy said. Of course, giving her name away was the last thing she wanted to do, but, when a name is given, a name must be returned, and Temedy was too frightened to invent one.

“Have you happened to see,” the man asked, “a wooden document case, about this large?”

His long hands drew a sort of rectangular shape in the air, to show Temedy what he meant. The flowing motion of his hands was at odds with the stony immobility of his body, so that it seemed as though they belonged to someone else, standing behind him.

Temedy shook her head.

The man lowered his hands to his sides and sniffed. He gazed at Temedy with an enigmatic expression on his face.

“It’s—a fine day,” he said at last. Only then did he look up at the sky, tipping his whole body back at the waist to do so, then returning to his former posture. You may have noticed he has a curious way of speaking too, but that was in keeping with what he did. An obelizer is someone who cuts things out of pieces of writing, and marks the cut with a little drawing of a knife to show where it happened.

“I was just going for a walk,” Temedy said.

Obelizer smiled that same close-lipped smile at her. Temedy found it hard not to stare at the man’s upper lip, joined in two halves so that it seemed as if it were expressing two different emotions at the same time.

“You seem to do quite a bit of solitary walking. That’s because you live with people who don’t understand you,” Obelizer said.

This was more than Temedy could stand.

“I ought to be going,” she said, turning away.

“I will reward you if you help me search,” Obelizer said.

Temedy stopped.

“Reward me? What with?” she asked.

Obelizer chuckled, and his shoulders jostled up and down.

“Well—with money—if you don’t mind!” he said.

When Temedy turned to face him again, Obelizer was looking toward the horizon beyond him.

“What comes from the mountains must—go to the sea,” he said. “I must bring that case to—Tulltillarna, and that is long travel from here on foot.”

Temedy had never heard of Tulltillarna, whatever that was. Perhaps you have?

“So, the sooner I find it and begin my—journey, the sooner I’ve done what I set out to do,” Obelizer went on, facing her again with a businesslike air. “Will you help me look?”

Of course, she was still frightened, still full of the desire for escape, but there was something else, perhaps in that name, Tulltillarna, and in the dreaminess in Obelizer’s eyes as his look flew away into the distance, a kind of call, evilly soft, that very gently caught her.

“I’ll help,” she said, without knowing why.

With a little shower of salt, Obelizer’s hand lifted from his side. He pointed down toward a few of the larger ruined tents that stood apart from the rest.

“Search over there,” he said, with some authority, and Temedy began moving at once, stopping only when she came near her destination. Then, not quite sure where to begin, she glanced back and saw Obelizer hadn’t moved, but stood smiling at her. He nodded at Temedy, as if to say, Go on, start looking! He must have been waiting, Temedy thought, to make sure she did what she was told, but that didn’t account for that broad split smile there on his face, did it?

Temedy began to poke around in the rags and wreckage of the tents. While she worked, she couldn’t shake the feeling that Obelizer was watching her. It made her whole back prickle, and the hair on her scalp bristle. Obelizer had gone off out of sight, toward the other group of ruined tents, but Temedy was too afraid to defy him and leave.

The sooner I get this over with the better, she thought, and she hurriedly rummaged in broken tent poles and the tumbled stones that had formed the lower foundations. She found a little heap of spent candle ends, like a pile of wan coins. There were trampled quill nibs everywhere, and the fragments of smashed ink pots still stained black. The awkward metal-and-leather contrivance she pulled out of a twist of canvas proved to be a false leg, terminating in a wooden facsimile calf and foot all painted a fanciful canary yellow color with chipped purple toenails. The foot and leg were split and badly cracked, and the metal bands in the harness had been twisted all out of shape before the rust began to bite, and she wondered at the accident that had led to its being discarded. Then, as her mind began to wander into stupid daydreams about dainty, one-legged people, her eye fell on a straight length of polished wood, dully gleaming beneath another heap of canvas and wooden rods. Sure enough, when she pulled it out, it proved to be a document case. Without thinking—and do I need to tell you what happens when you act without thinking?—she undid the hasp and peeked inside.

The case contained a single sheet of parchment, white and flat with trim edges, and adorned with characters that caught the light like silver. There were red and blue ornaments drawn into the lines of writing, which crept all over the page like snail tracks. That red was as deep as artery blood, and the blue was like the color of the sky as dusk begins over the mountains, or like the ocean is sometimes. The size of the writing varied as the lines warped across the paper, but the largest letters spanned the top of the sheet, and her eyes, all too quickly, read them. They spelled out “DEED OF ILIANEGHIS.” A fragrance like incense wafted up from the page and billowed over her face as she impulsively snapped the case shut again. Abrupt fears had beset her, and—do I need to tell you?—her heart flooded with a wild desire to possess this parchment. Hadn’t she found it, after all? But she felt, and perhaps even she knew what madness this was, that the parchment was already hers.

A quick look around told her that Obelizer was still out of sight, so she pushed the case down into her scrip. She always brought some bread rusks and a tiny pot of butter to munch on if she got hungry, and she rammed the case down under them. Then she pretended to continue the search, her mind going in a thousand different directions at once, until Obelizer appeared again by the stand of trees where they had spoken before, and beckoned.

“I found nothing,” she lied, when they were close enough to speak. She realized that her deceit would be more plausible if she could meet the man’s gaze, and when she raised her eyes, she saw that Obelizer was once again smiling his closed-lipped smile.

“Ah well,” he said. “It must have been found—already.”

He swivelled to give his surroundings one last look.

“I am sure that it is not lying around here anymore,” he added as he gave Temedy his full attention again. “Thank you for all your help.”

Temedy nodded, waved, and began to leave.

“Just a moment!” Obelizer said.

Temedy’s heart sank.

Obelizer’s hand lifted and turned palm up. Gold coins shone there.

“Your payment.”

“But … I found nothing!” Temedy said.

“But you—searched,” Obelizer said. “Work is work.”

Temedy reluctantly took the coins from the outstretched hand, which was as cold and dry as rock. As Obelizer made no further remark, but only stood there, Temedy told him goodbye and returned home. It was difficult to fight the impulse to run, and, after all, why shouldn’t she hurry? The day was drawing to a close, and she had money now. The feverish sensation of being watched chilled her as she went, although furtive glances over her shoulder failed to disclose any sight of the strange, stiff man, Obelizer. Those Zaman Wislin types always have a reason for speaking with you, you know. Well, of course he’d had a reason! He’d needed help looking for that document case! But what if there were some other reason? Something to smile about? Was Temedy carrying a curse back to the homely lanes of Sogtrul? The coins she carried, tucked into her shirt, banged heavily against her chest, and later she found they’d left a bruise there, right over her heart. Was that her liar’s mark?

But nothing mattered apart from her ferocious desire to peruse the piece of parchment that she carried, like a sort of miracle, down under her dinner in the battered, hand-me-down scrip she’d received from the village interlocutor in exchange for scorekeeping duty at the winter card games. Thoughts, visions, and feelings all boiled up and erupted so vividly she could barely see the dusty track that wound back to the village.

Temedy went directly to the loft where she slept. She decided to hide the case beneath her straw mattress and, when she knelt down, pulling the case from her scrip with many desperate looks, the gold coins Obelizer had paid her tumbled out onto the blanket. They shone there with a light of their own, three of them, big as belt buckles, and there were big crumbs of salt clinging to the letters and the sacred emblem of the termite. These she pushed into her scrip, which she tossed aside. She didn’t dare spend money—what did she accept it for? If she turned up with gold coins somewhere, what talk would there be about her? All she wanted to do anyway was pore over the Deed, but Dzudzu the gardener kept his tools and things up there and was liable to appear at any time, so that night she lay on top of the mattress on top of the case, unable to sleep.  From time to time, she fancied that the fragrance of the parchment was teasing her again, and followed her into intense dreams that left her dazed in the morning, without leaving behind even the slightest memory of what they had been.

Except perhaps for one image: three lips closed in one broad grin.

Her responsibilities the following day were unusually light. She perceived this as a stroke of luck, but how often do we mistake our bad fortune for good! Temedy thought herself lucky to have the opportunity to study the Deed in secret, with the bright sunlight to read by, in one of the many hidden places she knew outside Sogtrul. Today she picked a little wooded hollow with a pond at its bottom, where she could sit on the big rocks there and no one would see her unless they came right up to the edge of the slope. The day was brisk and the sky was filled with rushing clouds; the daylight ebbed and brightened and a little wind frisked through the grass and stirred the tops of the trees in the hollow. But, down by the water, the air was always still, the pond eerily still, still, still, still, and quiet, quiet, quiet. In such a place, as silent as a library, Temedy knew she could read carefully, without distraction—but then, when didn’t she? And so she did, while the light came and went, and the sun traversed the sky unheeded above her. You see what comes of reading things you shouldn’t?

Now I am sure you will all want to know what the Deed said, but if I recited it to you word for word, then I would be guilty of casting a spell! So, to be safe, I will only describe the document’s contents very generally. It referred to a place by the sea called Tulltillarna. She recognized that odd name; Obelizer had mentioned it. There was no doubt about it now. This was the very parchment he had been looking for. And, like any Deed, this one conferred a kind of ownership, and certain rights, to the holder.

To the holder! Why, wasn’t she the holder? But then, was mere physical possession of the document sufficient to grant her the right to the rights it granted? Did she have the right to be granted rights? If she were to come forward and exhibit this Deed—and who to, by the way—would it be snatched indignantly from her? Or—stunning thought—would the stony indifference of the official face melt into a kind of ritual deference?

When dusk welled up from the water and began to fill the hollow, Temedy was lying on her back, draped across the rock, staring up at the sky without seeing it. The Deed, restored to its protective case, she pressed to her chest with both arms. Temedy didn’t know if she were dreaming or awake. She rose numbly and began making her desultory way back to Sogtrul, barely recollecting herself enough to stow the document case back out of sight in her scrip again. This daze did not fade; she was as numb as a sleepwalker, so that even her employer began to worry about her.

Perhaps that idiot’s mind has finally gone altogether, he thought. Please, not now. It means a consultation with the Controller and an arrest. Oh, Divine Family, don’t add that to my troubles!

He needn’t have worried, however. It was becoming more and more clear to Temedy that she had to find Tulltillarna, to see just what it all meant, or some of what it all meant, or if any of it meant anything—she didn’t fail to realize that the parchment was old, that other arrangements might have been made in its absence that would prevent her from realizing its promises. But to ignore it, that she had not the strength to do. She had dreamt again and again of that closed three-lipped grin, and she knew what it meant. It meant something ominous, which did not fail to include an acknowledgement that, having plainly grasped that omen for what it was, she could never reject the Deed. She would go toward that smiling promise full of dread, not so much for what she thought might happen—whatever that would be, it would be bad, she knew that—but that it waited in particular for her, like nothing else in her life, and she had to see it for herself.

You have to feel a little sorry for her, don’t you? Surely, if there had been those around her who cared more for the stability and regularity of things, they would have risen above their disgust for Temedy’s worthlessness and seen the danger that she posed. A timely intervention now, just as she went about surreptitiously gathering what she needed for her journey to the sea, in search of a chimera called Tulltillarna, and under the spell of an evil document, would have fended off . . . Well, I’ll show you.

A woman travelling alone under the best of circumstances will go in fear, and Temedy, bearing as she did a treasure that had quickly become more important to her than her own life, and weak in her mind, went in mortal terror with every step. But go, she went! The impetuous zeal of her own fantasies swept her from the outskirts of Sogtrul unseen in the dim, predawn hours, and carried her down the arduous, rolling way into the land of the Nemosems, and toward the sea beyond. Her blazing eyes rolled in their sockets without ceasing, looking everywhere for the sight of another traveller, and when she spotted people toiling along the road, on foot or in a cart, in a group or alone, she left it at once and concealed herself until they passed, or struck out through the trees or clambering over the rocks, always making her way with pain toward the coast. For three days and nights she walked, not sleeping, barely pausing to make a wretched meal of the meager provisions she had managed to bring with her. The three gold coins Obelizer had given her were concealed in a little bundle she had tied to a cord around her neck, and the bundle hung down inside her shirt, slamming into her chest with every step, darkening the bruise over her heart. She hadn’t dared to spend them, but brought them with her because she wasn’t sure she would ever return to Sogtrul, and believed in their protective power as if they were a magic talisman. That gold would help her survive, she thought, if she needed help. But so afraid was she of being overtaken in the dark, and so wild were her thoughts with fantasies of what she might find, like waking dreams that made it hard to see the actual world around her, she couldn’t sleep, or even rest, but dragged herself three days and nights to the sea.

When she first caught sight of it, she stood stock-still for a long time. She had never seen the ocean before, you know. What a sight! Blue, blue, blue, document blue, and wide, wide, wide as the sky. It was like another sky, lying flat on the land, looking up at its paler reflection in the air. It was placid and windy, and the air was flying with salt. Great white birds were there, laughing at her as they sailed effortlessly around and around in circles of their own. She had found the sea. Now, to find Tulltillarna!

A cliff split the road into two turnings that ran parallel to the shore. Not knowing which way to go, and being assured that she was completely alone, Temedy pulled out one of the great golden coins Obelizer had given her.

“Heads left, tails right!”

The coin landed head up, the termite glinted and flared like a firework in the wind-whipped sunlight. She retrieved it, and then took the left turning and walked along the top of the cliff, a white track in green grass overlooking a tan beach with a blue sea and white froth, a pale blue sky and pale white clouds. The road fell and rose again, and, when she had come to the next high point, she saw before her another road coming from the direction of the mountains, almost exactly like the one she had just quit, but with one important difference—a signpost. Temedy hurried down to read it, and her heart bounded in her chest when she made out the faded letters that spelled tulltillarna on a pitted stone arm that pointed further down the coast. With luck—with luck, she thought!—she would see it soon, perhaps from the next rise, and she hadn’t had to ask a soul! That part of the coast seemed deserted, and the borders of the road were encroaching back on it.

Temedy saw no sign of Tulltillarna when she reached the next high point, nor the next, but then, as she came within view of the land beyond the third high point, she thought she might have caught a glimpse of a gaunt spire, a plume of smoke, or a banner flapping, somewhere beyond, but though the day was clear, her vision was hazy and uncertain from fatigue and want of food, so she couldn’t quite be sure. She pressed on. With a near desperate longing she now went toward the next prominence, which would tell her if that fleeting impression had been a vision or real.

What lay before her, when she reached that place, was a short green slope that levelled off to form a vast natural shelf, a flat space sheltered by rising ground. Where the green ended, the white sand began and slid down into the sea. The cliffs subsided here, so that it was possible to walk all the way down to the breakers. As Temedy advanced to get a better look, her foot struck against a great bronze marker, evidently welded to the exposed rock. There was a corroded square hole in the center, into which, she thought, a signpost might once have been fitted, and there was, too, etched into the bronze, a curious mark: a diamond with horned stems protruding from its four corners—the kaikalak, symbol of Zaman Wislin. This discovery prompted her to look again, and now she saw low angles in the earth of that flat space, and lines, and realized they were what remained of the foundations of buildings, walls, and streets. Then she knew she had found Tulltillarna, that her arduous journey all the way from the distant mountains to the sea had been for nothing, that there was no one left here to receive her or recognize the Deed of Ilianeghis. Temedy fell where she stood, wept and wailed aloud, lying across the heated bronze of the defaced waymark.

When she had recovered sufficiently to take stock of her situation, she was too indifferent now to her own fate to give it much thought. She continued down the path, which drove right through what must once have been the narrow, winding main way of Tulltillarna, and so on down the coast. She left the confines of the town that had once been there. As the sky darkened, and the wind of the sea began to bite, she noticed a tumbledown cottage not far from the road, and approached it. As she drew near, she saw no sign of life, no smoke, no light. The place was overgrown with flowering vines, and there were a few stunted, gnarled trees keeping it company; but there were crabapples on those trees, and, at sight of them, Temedy’s hunger got the better of her. She staggered to the nearest tree and began picking and eating the fruit, which was ripe enough, if tart.  As she restored herself with the crabapples, she studied the house with better attention. The door was closed, but not fastened. She called quietly, knocked quietly, tried peering through the shutters—nothing.

When night fell, Temedy was sitting inside the cottage by the hearth, warming herself with the fire she had managed to light. There was some tinder and a little wood left, grey and bone dry, a flint to strike sparks with, and the chimney still drew. The wind whistled around the stone walls all night long, and Temedy heaped up rags she found and made a sort of nest by the tiny fire. She lay there, shivering with cold and misery, but grateful for the shelter she had found.

Round about, from farm to farm, and through Sluich Temnook, a tiny hamlet that was the only village on this part of the coast, Temedy went, running other people’s errands, helping people with their chores. She made enough to keep herself alive, and then hastened back to the cottage she had come to think of as her own, because it was the repository of the Deed, whose magic lit up her face every solitary night, and whose disjointed words fell into her dreams as randomly as rain.

One morning came, as it must, when she remembered her dream in waking life, which you must be very careful about. In her dream, she had been lying on her rag bed by the hearth. The fire was completely dead, but there was a kind of eerie light outside in the darkness that she was too weak to ignore. There in the sky, the moon hung new, a great black ball that hovered in the starry blue. It seemed to watch her, she thought she heard it breathe, and don’t you know the sly influence is greatly encouraged whenever the moon evilly veils its face altogether, and hides itself? In the darkness and stillness, for there was no wind, and the waves below did not stir, but lay flat and entranced like the grass and the branches of the crabapples, there was a wrong sort of light that shone down on her, and she thought of Tulltillarna—what would it look like now?

Well, of course, it looked the same way it always had. There below her, as she stood again by the bronze marker, were the grass, the lines and angles. In her hand, she found the document case. She opened it. The Deed of Ilianeghis shone there like a lit windowpane in her hand. She began at once to read the words aloud, like an incantation. She read and read and read, going back to the top of the page whenever she reached the bottom, but without ever finding the end, and the more she read, the more there was to read. This is the sign that the voice you hear belongs to the sly influence—never listen to it. Temedy knew this, but perhaps, in her foolish excitement, she forgot. The words rose up before her. They quit the page and floated up before her eyes. She was reading the Deed of Ilianeghis without looking at it. She was reading it everywhere. Even when she shut her eyes, there were the words, most distinct of all! Temedy opened her eyes. The new moon hung before her in the sky and the silence like an uncreated world waiting to be born.

She began to speak. Speech makes things real. She saw a wall in her mind. She spoke it, and it was there! She saw a street. She spoke it, and it was there! She saw a whole town before her. She spoke it, and it was there! She saw people in the street. She spoke them, and they were there! Tulltillarna . . .

Temedy sat for a long time after awakening from this dream, panting with fever. Everywhere she saw the needle-like spires, the winding ways, the windows aglow with amber light that spilled into window boxes overflowing with clustered, aromatic flowers, and there were wind-whipped pennants and radiant figures who moved gracefully in the shadows or stood with stolid dignity on the ramparts. She heard a stately sound of bells and a murmur of curious words. When she could collect herself, she went to see Tulltillarna again, and it was once again the level zone of green grass, lines, and angles, the traces only of what had been. And so she brought out the Deed of Ilianeghis and began to read it aloud, this time by daylight. She read and read, starting over at the top of the page whenever she reached the bottom, and she tasted her own blood, and her arms and legs went cold and numb, and her head grew at first light, and then heavy, throbbing, and painful, but the words kept marching out of her mouth, even as her vision faded, and the pain in her head became so terrible that she felt as though huge hands were tearing it in half.

A shepherd passing that way with his flock later in the day saw what he at first took for a heap of rags, oddly gathered there up by the old bronze marker. He had to draw very near before he saw that there were feet and hands emerging from it, and fine old parchment lying nearby in a wooden document case. But the woman lying there was dead, and a broad red band of blood streaked the grassy slope from her body, extending so far that it ended by touching the foundations of the wall that once had encircled Tulltillarna. All the blood in her body must have soaked into that ground, there was so much. The shepherd, without thinking, thought to turn the body over, and see who it might be. It was only then that he realized her head was gone, nor was there any sign of it. And when the authorities came from Sluich Temnook, they said at once that her head had pulled itself from her body, that the corpse was haunted and must be burned and the ashes scattered. This was done on the day, and the streak of blood was salted. The Deed of Ilianeghis was likewise cast into the flames, but would not burn. So, it was sealed in a lead casket and flung into the ocean instead. The authorities wisely forbade everyone to approach or disturb Tulltillarna, surrounding it with warning markers. Correspondence with the regional advisory committee was initiated, to see if steps should be taken to bury, destroy, or exorcise the site of the old town.

You may be inclined to feel a little sorry for Temedy—but the story is not over!

No, because, for one thing, that red streak never faded, and the grass never covered it. In fact, that red tint began to seep into the stone foundation of the wall. Passersby, who, of course, did not disobey the warning markers, could not have known this, but official surveyors were given limited permission to enter the area, and their reports made the rounds, the way these stories always do. But then there were others who, hurrying past the boundaries on weirdly still days, or after sundown, overheard a solitary voice raised in song somewhere within the cordon. The song went:

I’m all rips and rags, I hang in shreds,

Salt on my tail, and cracks in my head,

I’ve got a hunger that can’t be fed,

Salt on my tail, and cracks in my head,

There’s not one day I don’t wake up dead,

Salt on my tail, and cracks in my head.

There were times when this song, or at least the echo of its melody, could be heard here and there in the lonelier places along that part of the coast. Solitary travellers, shepherds, and circuit riders reported sightings of a ragged woman rambling on the cliffs, singing to herself, and those who ventured nearer said that what had, from a distance, appeared to be long flowing locks of hair, were only rags that billowed and flapped in the incessant wind like water weeds in a strong current.

A traveller who accosted her found himself confronted by a face of crumpled rags, with a torn mouth and torn eyes, and she asked him what he wanted, and the voice came not from the bundle atop her neck, but from the bulging satchel she carried. He said she held out a long skinny hand and offered him three huge gold coins, with crumbs of salt clinging to them, if he would guide her into town, and he ran from her half mad with fright. Others had similar encounters, and one young girl who met her on the shore was so terrified that she fell into a brain fever that nearly killed her, and permanently robbed her of her sight. She raved that she had seen the ragged woman walk up out of a shadow on the ground like someone coming up the stairs from a cellar.  As she fled from the apparition, the girl threw a look back over her shoulder and saw her, and behind her, a mountain stood where the ocean should be.

The regional officials posted to the canton received word from the land of the Nemosems that a sort of evil spirit was afflicting Sluich Temnook, that it crept into people’s houses at night and devoured all their food, that it crept into people’s barns and devoured every last grain of barley, every last onion, whole wheels of cheese. Worst of all, this spirit seemed to have a special preference for the taste of gold, for she had been seen guzzling coins from the town coffers, and no hiding place seemed proof against her, because she could smell the gold wherever it was, and now, they said, her rag mouth shone, all smeared inside with gold.

“When you try to catch her,” they said, “she just turns into a faded grey rag and flutters away in the wind, back to Tulltillarna where no one can follow her, because it isn’t there.”

And so Sluich Temnook declined, and the people moved away, and no word came from the regional council because the messages had never reached them, and the land around became abandoned and desolate, because no one could keep anything they made there, and no one could catch the raggedy ghost who sang:

I’m all rips and rags, I hang in shreds,

Salt on my tail, and cracks in my head,

I’ve got a hunger that can’t be fed,

Salt on my tail, and cracks in my head,

I’ll eat all your gold, and all your bread,

Salt on my tail, and cracks in my head,

Here’s where I live, and here’s where I’m dead,

Salt on my tail, and cracks in my head . . .

So if you hear the tatterdemalion singing, you don’t stay to satisfy your curiosity but leave as you came, without so much as a glance over your shoulder as you go. Throw down your bread or your gold and leave it to her, if you don’t want a fever, if you want to keep your sight. And if you don’t want to become a tatterdemalion yourself, remember how she got that way!

“Tatterdemalion” copyright © 2026 by Michael Cisco
Art copyright © 2026 by Raven Jiang

Buy the Book

An illustration of a billowing white cloth hovering above the ocean as a wave crashes against a sea stack below and lightning flashes across the night sky.
--> An illustration of a billowing white cloth hovering above the ocean as a wave crashes against a sea stack below and lightning flashes across the night sky.

Tatterdemalion

Michael Cisco

The post Tatterdemalion appeared first on Reactor.

11:56

Spotting and Avoiding ROT in Your Agentic AI [Radar]

The following article originally appeared on Q McCallum’s blog and is being republished here with the author’s permission.

Generative AI agents and rogue traders pose similar insider threats to their employers.

Specifically, we can expect companies to deploy agentic AI with broad reach and insufficient oversight. That creates the conditions for a particular flavor of long-running problem, which in turn creates a novel risk exposure for both the companies in question and for anyone doing business with them. The bot and the rogue trader are able to inflict sizable, sometimes existential, damage to the firms that employ them.

The key difference is the scope: Rogue traders operate in investment banks, while agentic AI will be deployed to a wider array of companies and industry verticals. Agentic AI may therefore create a greater number of problems than rogue traders and put a greater amount of capital at risk.

I’m naming this risk exposure ROT—Rogue Operator Threat—and this document is a brief explainer on what it is and how to address it.

(I almost called it RAT, with the A for “agentic,” but then realized that it would apply to any kind of automated system. So I broadened the scope to “operator.”)

To set the stage, let’s take a trip to the trading floor:

Understanding the rogue trader

Rogue trader scandals follow the same storyline:

  • A trader accrues losses due to bad trades.
  • They hide those losses while placing new trades in an attempt to recover.
  • The new trades also lose money, digging a deeper hole.
  • Repeat.

This cycle continues until they’re caught, at which point the bank is sitting on a large loss (sometimes into the billions of dollars) and the trader faces legal repercussions.

The story of Barings Bank offers a concrete example. Trader Nick Leeson had been logging fraudulent trades, over a stretch of three years, in an attempt to cover his mounting losses. This only came to light when the Kobe earthquake shifted markets against his most recent positions and the losses were no longer possible to hide. Leeson’s £800M ($1.3B) hole drove Barings to bankruptcy just three days later.

This is when you’ll ask: How could a professional trading operation let so many bad trades slip through undetected? How could a trader falsify records? Aren’t trading floors high-tech operations, full of electronic audit trails?

And the answer is: It’s complicated.

Trading operations do keep records, yes. But no system is perfect. Each time a rogue trading scandal comes to light, it turns out that there were loopholes in risk controls. A sufficiently motivated trader—especially one desperate to hide their mistakes—found and exploited these loopholes, continuing their losing streak in plain sight until they could bring in real money to backfill the fake records.

That “until” never happened, though. Which is why their employers then faced financial, reputational, and sometimes legal troubles.

The AI agent’s ROT threat

Similar to a trader, an AI agent operates on behalf of its parent business and is given room to operate independently so it can accomplish its tasks.

The risk is that, in the rush to deploy agentic AI, these companies will likely grant the bots more leeway than is necessary. We’ve already seen cases in which bots have been able to delete emails and wipe a production database. And there are no doubt other stories that haven’t made it into the news.

Those issues were at least caught in real time. Companies facing ROT are exposed to additional longer-running problems in which the bot is able to accrue losses or inflict greater damage over an extended period. In those cases the problems will only be uncovered by accident and/or when it’s too late.

Consider, for example, an agent that creates false data records to reflect (nonexistent) sales orders. It’s possible for this to run until some external event, such as investor due diligence or a budget review, forces someone to double-check those records against reality.

Avoiding ROT: Mitigating the threat

How can you narrow your downside risk exposure to ROT? Preventative measures are key. Strong risk controls, narrow scope of authority, and monitoring can catch rogue operator problems long before they’ve metastasized into an existential threat.

In light of rogue trader scandals, trading shops have been known to tighten risk controls and also separate duties to create a system of checks and balances. (This inhibits traders from logging their own fake trades.) Companies also require traders to take time off, as fraudulent activity may surface when the perpetrator isn’t around every day to keep the system running.

Adapting these ideas to agentic AI, a company could monitor and limit the scope of the bot’s activity (say, requiring human approval to place more than 10 orders an hour). It could also periodically purge the agent’s memory so it doesn’t accumulate too many evolved behaviors, or swap in completely new bots to pick up where the previous one had left off. And per my usual refrain of “never let the bots run unattended,” this company could employ people to cross-check everything the bot does. Trust, but verify.

This will not prevent the AI agent from making mistakes. But guardrails and sufficiently frequent checks should limit the scope of the bot’s damage. As with the rogue trader, the ROT problem isn’t about a single error; it’s about letting the errors grow out of control, undetected.

11:49

Jonathan Dowland: Digital gardening [Planet Debian]

I was reading a post on alexwlchan's blog1 that referenced the concept of digital gardens, a concept/analogy for organising information which dates back to the 90s. This old concept is getting new traction today by contrasting the approach with "endless stream" as used and abused by social media, but also how blogs are typically presented.

This site, my homepage, has a blog, and that's the bit that most people who interact with the site will experience. Partly, because it's the bit that gets syndicated out: via feeds; on Planet Debian and downstream from it; once upon a time on Twitter; nowadays on the Fediverse.

However there's more to my homepage than that. The rest of it may be of little interest to anyone beside me, but it's useful to me, at least. So I may switch focus a little bit from mainly writing blog posts, and tend to the rest of the garden a bit more.

Some recent seeding and pruning: Recently my guest status at Newcastle University came up for renewal, so I wrote down my goals in the Historic Computing Committee for the next year or so, and put them here: nuhcc. I've also been pondering what I'm up to in Debian at the moment, so took some time to add my current projects to that page.

  1. I'm reminded that I should really publish a "blog roll" of cool blogs I'm following at the moment, of which alexwlchan's is one.

11:21

CodeSOD: Development Tools [The Daily WTF]

A few holiday seasons ago, Paul S was doing the requisite holiday shopping online, looking for those perfectly impersonal but mildly thoughtful gifts that many companies specialize in. This was one of the larger such vendors, well known for its fruit-filled gift baskets. As is not uncommon for our readers, when the site started misbehaving, he pulled up the dev tools. He didn't solve the problem, but he did learn a lot about how they were managing their API keys, as this was exposed to the client:

    env: {
        APP_AUTH0_GUID: 'ctZZL1BqgKm9kBmDEKAjt0yBeQ47Cpwl XS0xxpLFS5g8o-EUpSu4fi9ecOqN19WnXn-EqI9yaupwme22bKuBd2jH3Kf3QngZ',
        APP_LOGGING_ENABLED: 'true',
        APP_LOGGING_SERVICE_PATH: 'r/api/logging/mbp-ui',
        REACT_APP_MBP_LOGGER_CONSOLE: 'ERROR',
        APP_TIQ_ACCOUNT: '1800flowers',
        APP_TIQ_PROFILE: 'full',
        APP_TIQ_ENV: 'prod',
        APP_PAYPAL_SDK_URL: 'https://www.paypal.com/sdk/js',
        APP_PAYPAL_CLIENT_ID: 'AcYrxrOkFwUnMKRoJmkOR0N6caopqRNqwNRxy6H-EvZ-IKUz22i-E0uT0uMT7JQZEC33Oy1HCNsgm_le',
        APP_PAYPAL_ENV: 'production',
        APP_PAYPAL_SOURCE: 'PWA',
        APP_VENMO_ENV: 'production',
        APP_VENMO_PROFILE_ID: '2705494007504552889',
        APP_AUTH_LOGIN_SOURCE: 'undefined',
        APP_SG_BASKET_SCRIPT: 'https://cdn2.smartgiftit.com/scripts/widgets/gift-basket.js',
        APP_AUTH_DOMAIN: 'login.celebrations.com',
        APP_AUTH_AUDIENCE: 'celebrations-prod.1800-flowers.auth0.com',
        APP_STATUS_BAR_ENABLED: 'true',
        APP_WALLET_ENABLED: 'true',
        APP_VERIFY_ADDRESS_HOST: 'api.edq.com',
        APP_VERIFY_ADDRESS_AUTH_TOKEN: '47d991c9-043e-4073-bee3-a5c8922baa3a',
        APP_FULLSTORY_ORG_ID: 'MXD30',
        APP_GRAPHQL_ENV: 'production',
        APP_VISA_CHECKOUT_API_KEY: 'B0LQRDVCE0LWKBHR880J14gCRlEjr_UqLhh6V-yYRAmcvD0W8'
}

I've gone ahead and mangled the keys, and given that this was a few holidays ago, I'd hope the retailer in question has fixed their website. But as you can see, it was pushing API keys for payment processors, along with potential authentication tokens and internal IDs. Now, I would hope most of these required additional authentication to be useful, and that a malicious actor couldn't do anything nasty with this information- but that's a dim hope. Even with the data exposed here, I wonder if someone could flip APP_PAYPAL_ENV to "development" or "test" and run some transactions through. Or do the same with Venmo.

This is a React app, based on some of the keys, using Graphql for communicating with the back end, and that hits at the fact that it's a single-page application. Probably, the developers were trying to build once for the web and for a "website bundled in an app" deployment for smart phones. And the result is that they weren't thinking about the distinction between "public" and "private" information- they had state to manage,so they managed it. By sending it to the client. Where anyone could see it. But it looked good, they shipped it, and they made sales, so everyone was happy.

For a time.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

11:07

Sen. Wyden Warns of Another Section 702 Abuse [Schneier on Security]

Sen. Ron Wyden is warning us of an abuse of Section 702:

Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being unwilling to agree to basic constitutional limitations on NSA surveillance. But that’s just a jumping off point ahead of Section 702’s upcoming reauthorization deadline. Buried in the speech is a passage that should set off every alarm bell:

There’s another example of secret law related to Section 702, one that directly affects the privacy rights of Americans. For years, I have asked various administrations to declassify this matter. Thus far they have all refused, although I am still waiting for a response from DNI Gabbard. I strongly believe that this matter can and should be declassified and that Congress needs to debate it openly before Section 702 is reauthorized. In fact, when it is eventually declassified, the American people will be stunned that it took so long and that Congress has been debating this authority with insufficient information.

Over the decades, we have learned to take Wyden’s warnings seriously.

09:42

“Too complicated for people to understand” [Seth's Blog]

That’s a great reason to dumb things down. It’s also a trap that leads us to stasis and mediocrity.

Let’s break it down:

People: Which people? All people? The majority of voters? Day traders or institutional long term investors? Every VC or just this one?

Pick your people, pick your future.

Complicated: If it can be made simpler and just as effective, then by all means, please do so. If you can tell a more compelling and actionable story, do that as well. But ‘complicated’ just might mean, “we don’t understand it yet.”

Understand: Few people understand how the iphone works, or even the refrigerator. But that doesn’t mean we can’t effectively use it. The people who were moved by The Rite of Spring or Miles Davis or Esperanza Spalding might not have understood the music but it still succeeded.

People walk away when it’s not worth the effort to pay attention. People ignore innovation when the network effect is insufficient to overcome their fear. People rarely understand something the same way the creator does, but that’s okay.

Our first job is to do work that matters for people who care. It helps to follow that up with the scaffolding needed to cause cultural change, so the idea spreads.

But don’t dumb it down to reach people who don’t want to be reached in the first place.

09:35

08:14

Here We Go Again [Penny Arcade]

New Comic: Here We Go Again

07:21

Pluralistic: The cost of doing business (25 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


A stern robed judge at the top of an orange slide, holding a gavel, his feet facing us. He is in a courtroom. On the walls behind him hang portraits of Lina Khan and John Sherman.

The cost of doing business (permalink)

The most important part of any law, rule or policy isn't what it permits or prohibits – it's whether you can enforce the law at all.

After all, as odious as a law that forbids people from thinking mean thoughts about Trump would be, it would also be completely unenforceable, and would ultimately just not be very important, except as a symbol of Trump's evil.

This property is called "administrability," meaning, "the degree to which an authority can administer the policy." There are many dimensions to administrability, including "Is it even possible to detect whether this policy has been violated?" In that same vein, there're questions like, "If you discover someone has violated this policy, will you be able to stop them from continuing to do so?" For example, the US routinely indicts North Korean hackers, but unless those hackers visit a place that the US can inveigle into arresting and extraditing them, it's a mostly symbolic gesture:

https://www.justice.gov/usao-cdca/pr/3-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyber-attacks-and

One undertheorized aspect of administrability is "fact-intensivity"; that is, are there difficult, fact-intensive questions that need to be answered in order to determine whether someone has violated this policy?

Think of probate law: probate is often a lengthy and expensive process, especially if the deceased is "intestate" (has no will). To probate an estate, all the deceased's assets have to be cataloged and assessed, claims of heirs and inheritors have to be evaluated, etc, etc.

People spend a lot of time and money creating wills and family trusts largely to answer these questions when they're easiest to resolve (when you're still alive and can clearly express your preferences), because it's even more expensive and time-consuming to answer these questions when you're not around anymore to weigh in on them.

As complex and time-consuming as managing your estate can be, there's nothing wrong in theory with having a complicated, careful process in place for dealing with it. Taking care of your loved ones and disposing of your assets is something that's worth getting right, and people have all kinds of highly individual preferences for this that requires a lot of flexibility in the system. Making a system that's very customizable but also robust against fraud (or even honest mistakes) requires a lot of administrative superstructure to hold it all together.

And besides, probate isn't something we have to do very often. After all, most of us will only die one or fewer times. It's not like we have to figure this stuff out every day. It's the kind of thing you can do every couple of decades, over several hours, spread out over weeks.

Frequency, then, is the enemy of fact-intensivity. If you had to do probate-level form-filling to buy a cup of coffee or pay your electricity bill, that would be nuts. For one thing, it would be full employment for lawyers – and it would cost so much that by the time you got to the cafe or the gas-pump, you'd be too broke to actually complete the transaction.

This comes up a lot in discussions of tech policy, because once you computerize something, you can start to do it very quickly, which means that policies that added, say, a 1% admin overhead to a task before it was digitized can add up to a 1,000% overhead once it's digitized.

The best example of this is copyright: copyright is the most fact-intensive doctrine you deal with on a day to day basis. Technically, conclusively determining whether you have the right to forward an email could take a lawyer a whole day. Sure, most email forwarding is "fair use" (that is, it fits into one of copyright's "limitations and exceptions"), but any decent IP law prof could come up with ten email forwarding hypotheticals in ten minutes that could occupy a whole fourth-year IP law class for an entire semester.

One of the reasons copyright is so fact-intensive is that it was designed to be invoked infrequently. We're talking about a legal regime that was designed to answer questions about book and music publishing (and then adapted for other kinds of media), and even the most prolific publisher or label is going to deal with double-digits' worth of new works per season.

Meanwhile, the people working at that same publisher are likely forwarding hundreds, if not thousands of emails per day. If the publisher's copyright lawyers had to review every one of those forwards, they would never publish another book. They would go bankrupt.

Obviously, that's not how things work.

Why not, though?

Well, mostly because we just pretend copyright law isn't there. To the extent that we do acknowledge the potential for copyright liability from everyday activities that no one ever asks a lawyer to sign off on, we manage that liability through shitty, one-sided contracts. You have undoubtably clicked on dozens of agreements this year wherein you warranted that nothing you were doing violated copyright law (a neat trick, given that you probably have no idea whether any of the activities you routinely engage in could violate copyright) and further, you indemnified someone else for "all costs arising from any claims" associated with your activity.

That's an unbelievably shitty, one-sided clause for you to have "agreed" to, since "any claims" includes claims with no merit and "all costs" includes "money we paid someone who brought a bullshit claim to just go away."

In other words, you routinely click through these nonsense "agreements" where you promise to give every cent you have to anyone who wants it, if the company that made you click through that bullshit decides to promise some deranged rando a million bucks to settle their wild accusation that you violated their copyrights.

For complicated reasons, we're not all drowning in copyright lawsuits all the time, but if someone really wanted to fuck you up and they had deep enough pockets, they could use the fact that you're a giant, routine copyright infringer (just like everyone else) to wreck your life for years.

So obviously, it would have been better if we'd done some major refactoring of copyright law once the internet came along. My preferred fix? Carve out activities unrelated to the media industry's supply chain from copyright altogether:

https://pluralistic.net/2023/10/21/the-internets-original-sin/

Copyright isn't the only fact-intensive doctrine that's challenged by the cadence of digital life. The internet lets us do a lot of things, very quickly, meaning that even small factual questions pile up beyond any reasonable capacity to resolve them.

Take the debate over content moderation and hate speech. Hate speech and harassment online are serious problems and they disproportionately affect people who are getting the shitty end of the stick in the offline world, too. The legacy platforms obviously don't give a damn about these people, either.

So it's tempting to attempt to use policy to solve this real problem. Even if the US wasn't being run by a trollocracy, this would probably be a nonstarter in America, because hate speech is protected by the First Amendment, and purely speech-based harassment is hard to punish without falling afoul of 1A.

But other countries – notably the EU – are having a go at it. I think this is a doomed effort – but not because hate speech isn't a serious problem! Rather, because hate speech regulations are very fact intensive, and hate speech is very common. Frequency is the enemy of fact-intensivity.

Say the EU creates a rule requiring platforms to take reasonable measures to prevent hate speech. This requires

  1. arriving at a common definition of hate speech;

  2. adjudicating whether a given user's speech rises to that definition; and

  3. determining whether the platform's technical measures were "reasonable."

This is the work of months, if not years. And hate speech happens hundreds of times per minute on the big platforms. It's just not an administrable policy.

Now, just because policy isn't administrable, it doesn't follow that there's nothing to be done. There's other ways to give relief to the targets of harassment and hate speech. To get to those ways, we have to ask ourselves why people who are tormented by trolls stay on the platforms that expose them to abuse.

There are plenty of extremely wrong explanations for this floating around. One is that Mark Zuckerberg and Elon Musk are Cyber-Rasputins who can hypnotize us into using their platforms even if we don't like them, by "hacking our dopamine loops." This is a very silly explanation: everyone who's ever claimed to have perfected mind-control was a liar and/or deluded:

https://pluralistic.net/HowToDestroySurveillanceCapitalism

Another is that people are lying (possibly to themselves) when they say they don't like being harassed on legacy social media platforms. This theory – from neoclassical econ – is called "revealed preferences," and it holds that people whose actions go against their stated preferences are "revealing a preference" for the thing they're doing.

This is the sort of thing you end up believing in if you incur the kind of neurological injury that arises from pursuing an economics degree, which causes you to be incapable of reasoning about (or even perceiving) power. "Revealed preferences" tells you that if someone sells their kidney to pay the rent, they have a "revealed preference" for having one kidney.

Thankfully, there's a much simpler explanation for people's continued use of platforms where they are subject to abuse and harassment. It's this: the only thing worse than being a member of a disfavored minority who is subject to abuse and harassment is being a member of a disfavored minority who is subject to abuse and harassment who is also isolated from your community.

Leaving Facebook or Twitter means leaving behind the people who comfort and support you when you are subject to abuse. The more abuse and discrimination you face, the more that support matters, and the harder it is to leave that community behind. You love your community more than you hate Zuck or Musk, so you stay, because as much as you love them, it's transcendentally difficult to coordinate a mass departure for somewhere else. This is called the "collective action problem" and it's a regressive tax on the most abused platform users and communities.

This is a problem we can solve with policy! We can mandate that platforms support interoperability, so that when you leave a legacy platform like Twitter or Facebook for a modern platform like Mastodon or Bluesky, the messages addressed to you on the legacy platform are forwarded to your new home. That way you can have the people you love without the platform you hate.

This is a very administrable policy. The main lift is figuring out the nuts and bolts of interoperability, and while that's a big technical project, it's the kind of thing you only have to do once or twice. Then, if a platform fails in its duty to forward your messages after you leave, it's very easy for a regulator to determine whether it's violating the rules – they just have to send a message to your old account and see if it shows up for your new account:

https://pluralistic.net/2022/12/19/better-failure/#let-my-tweeters-go

A hate speech policy is hard to administer because it requires resolving a bunch of fact-intensive questions. A "right to exit" policy replaces all those fact-intensive questions with a bright line policy ("if you don't forward your former users' messages, you are guilty"), which can be administered at high speed.

Whenever a fact-intensive policy that regulates an infrequent activity fails because the activity becomes more frequent, you have two choices: you can either slow down the activity, or you can replace the fact-intensive questions with bright-line tests that can be resolved much more quickly.

But more often, we fail to do either, and everything goes very badly indeed.

That's more or less what's happened with "merger scrutiny," the part of antitrust law that lets competition regulators (or competitors) block or put conditions on mergers that involve large firms.

In these merger scrutiny cases, plaintiffs who challenge a merger are expected to resolve a bunch of extremely fact-intensive questions. Fail to resolve any of these questions and the merger goes ahead.

The most pernicious fact-intensive question that arises in antitrust cases is "market definition." That's pretty much what it sounds like: "What market is this company doing business in?" If you can prove that the companies in a proposed merger are in the same market, then it's a lot easier to prove that allowing the merger would reduce competition.

The problem is that "market" is a very slippery concept. As Tim Wu describes in his excellent book The Age of Extraction, "market definition" creates a near-infinite amount of wiggle-room:

https://www.wired.com/story/tim-wu-age-of-extraction/

When Wu was serving in the Obama FTC, he had a front-row seat for Google's acquisition of Waze. Now, obviously these companies are direct competitors, but the Obama administration wanted the merger to go through (it was dominated by people who thought monopolies are efficient and didn't want to do their jobs). So these officials decided that Google Maps' market was "finding out where you are" and that Waze's market was "getting you somewhere." It was really that stupid.

Writing for the Law and Political Economy project, Hal Singer explains how the fact-intensive nature of the "market definition" question makes it virtually impossible to prevent market concentration and abuse of dominance:

https://lpeproject.org/blog/the-market-definition-trap/

From Livenation/Ticketmaster to Paramount/Warner Brothers, the "market definition trap" leaves the public virtually defenseless before efforts to reorganize the economy into extractive, rapacious cartels.

In a recent interview with the Do Not Pass Go podcast, Paul Crampton (Canada's recently retired top competition judge) talks about the tsunami of mergers that Canada's Competition Bureau is expected to oversee:

https://www.donotpassgo.ca/p/inside-canadas-competition-court

Fact-intensive market definition questions can't possibly be resolved at the pace of mergers. That's because companies' preferred growth strategy is combining, rather than competing. There's plenty of political problems with merging Paramount and Warner, but there's also a huge economic problem, because these companies are direct competitors who will soon operate as a single firm.

The M&A industry has staged a denial of service attack on its regulators, accelerating the pace of mergers involving large firms far beyond the ability of a regulator to resolve the fact-intensive questions these mergers raise. They've flooded the zone, and after the mergers go through and the companies start abusing their customers, workers and competitors, these same market definition questions bedevil any attempt to rein in this abuse of dominance.

Singer makes some excellent suggestions for legal reforms to resolve this, moving some of the fact-intensive questions to bright-line ones, such as "whether the challenged conduct injured workers, consumers, or some other counterparty."

This is the right approach. As we plan for a future in which legislatures recognize the enormous harms that monopolization inflicted on our societies, we need to come up with more bright-line rules for antimonopoly rules. These will lack some of the subtlety that fact-intensive treatment affords, but you can't do fact-intensive adjudication for high frequency activities. So maybe we say that no company can acquire or merge with another company more than once in 18 months, or that companies that share more than 10% of their customers can't merge.

Some "good" mergers will fail these tests, but that's the price we pay. If you want to move mergers from a rare occurrence to an everyday, you're going to have to accept a loss of nuance in the rules for these mergers. The alternative is the ugly, self-destructive mess we have today.

(Image: Harrison Keely, CC BY 4.0; DocteurCosmos, CC BY 3.0; modified)

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#25yrsago Warner Bros v Potter fandom https://web.archive.org/web/20010331091849/http://www.potterwar.org.uk/home/index.html

#20yrsago Rant transcript from Game Developers’ Conference https://web.archive.org/web/20060404230422/http://crystaltips.typepad.com/wonderland/2006/03/gdc_game_develo.html

#20yrsago Union Pacific threatens to sue painters, model railroaders over trademark https://web.archive.org/web/20060413085045/https://www.trains.com/community/forum/topic.asp?page=-1&amp;TOPIC_ID=60666&amp;REPLY_ID=681783#681783

#20yrsago US frequent flier programs deliver less and less https://www.nytimes.com/2006/03/21/business/still-loyal-to-your-airline-you-must-be-looney-tunes.html

#20yrsago Mother Jones on IP overkill https://www.motherjones.com/politics/2006/03/intellectual-property-run-amok/

#20yrsago Comic advises women to call anti-abortion Senator to make their choices https://web.archive.org/web/20060321230542/http://minimumsecurity.net/toons2006/6034.htm

#20yrsago HOWTO become an early riser https://stevepavlina.com/blog/2005/05/how-to-become-an-early-riser/

#15yrsago Trademark thought experiment: when should intermediaries be cops? (Barista vs. Barbie) https://memex.craphound.com/2011/03/23/trademark-thought-experiment-when-should-intermediaries-be-cops-barista-vs-barbie/

#15yrsago New York Times advances weird, self-destructive trademark theory to prop up its paywall https://memex.craphound.com/2011/03/23/new-york-times-advances-weird-self-destructive-trademark-theory-to-prop-up-its-paywall/

#15yrsago LSE economists: file sharing isn’t killing music industry, but copyright enforcement will https://arstechnica.com/tech-policy/2011/03/is-file-sharing-the-global-future/

#15yrsago Anti-union group: send us secret, unlimited donations so we can bring transparency to politics! https://web.archive.org/web/20110325141411/https://www.wmc.org/MediaOutlet/display.cfm?ID=2485

#15yrsago Why Rebecca Black fascinates us, and why the mashups suck https://www.happyrobot.net/words/pony.asp?id=10233

#15yrsago Understanding the SSL security breach, preparing for the next one https://www.eff.org/deeplinks/2011/03/iranian-hackers-obtain-fraudulent-https

#10yrsago Airlines celebrate record profits, having killed bereavement fares https://www.latimes.com/business/la-fi-lazarus-20160322-column.html

#10yrsago Bake: homemade Jabba the Hutt peeps https://www.starwars.com/news/jabba-the-hutt-marshmallow-treats

#5yrsago Tories pass Grenfell costs onto tenants https://pluralistic.net/2021/03/23/parliament-of-landlords/#slow-motion-arson

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. First draft complete. Second draft underway.

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/
https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

05:35

Russell Coker: The Death of Twitter [Planet Debian]

At the end of last year I uninstalled the Twitter app on my phone.

In the past Twitter used to be very useful for providing feedback to large organisations. I had responses from supermarkets, chain restaurants, online stores, major computer companies, and even the IT department of a court. In recent times I have had less responses from corporations which significantly reduces the value of Twitter to me and to many other users. It seems that Elon’s management style has discouraged not only advertising but also all forms of corporate interaction. Messing up the check mark on accounts to make it harder to work out which is a real corporate

Since Elon bought it Twitter has been increasingly pushing conservative Tweets and has done little to stop bot accounts. The incidence of useful discussions has steadily decreased. I know people who have quit Twitter entirely due to opposition to Elon, I am not doing that. I finally decided to stop using Twitter in any serious way when the notifications on my phone about popular Tweets started only being about Tweets from conservative influencers and Elon. This was obviously not any algorithm based on Tweets I was liking, it was based on political decisions. I didn’t uninstall the app due to political disagreement, I uninstalled it because it was through deliberate design promoting material that any algorithm would know was something I wouldn’t either like or “like”.

I still announce new blog posts on Twitter for my 198 followers at the same time as announcing them on Mastodon and Facebook. I get the most reactions to such announcements on Mastodon, the second most on Facebook, and hardly any on Twitter. I’m wondering how long it will be worth announcing blog posts on Twitter or whether I should stop now.

I am sure that many other people are making similar decisions and this is going to affect Twitter overall.

The web site www.russellcoker.com has information on all the ways of following me.

Related posts:

  1. Elon and Free Speech Elon Musk has made the news for spending billions to...
  2. Web Hosting After Death Steve Kemp writes about his concerns for what happens to...
  3. the death penalty I have just read the news about Saddam finally receiving...

04:49

John Goerzen: Artificial Intelligence: Shades of Gray [Planet Debian]

AI sure is a hot topic right now, and I see a lot of people arguing about it. To a lot of people around here, I’m the “computer person” they know and I get asked a lot about AI.

I’m going to suggest a lot of things can be true at once. For instance:

  • LLMs are changing how we work and will continue to do so.
  • LLMs are vastly over-hyped by vested interests, and may be in a bubble.

Or how about:

  • Huge investment in GenAI is having many negative consequences, ranging from environmental to causing affordability problems in many industries that use hardware (ie, everywhere)
  • Useful results can be had from models that run on local hardware, even battery-powered hardware, which may have negligible harm or even some benefit

And:

  • GenAI is further concentrating wealth and power in megacorps, with the effect of squeezing out the smaller players even more.
  • GenAI is lowering the cost of entry for people without a lot of resources already.

I have sympathy for the naysayers; those that say it’s nothing but a stochastic parrot. But I don’t have a lot of sympathy for the naysayers that deny ever using it; you can’t form a credible argument against something without having an understanding of it informed by experience.

I also have sympathy for the cheerleaders. I have seen some impressive things from AI; for instance, a story from an engineer who has a child with a rare disease without a credible cure. The engineer did a lot of research on it, started feeding research papers into AI to analyze, and the AI started finding correlations between different areas of research that humans hadn’t yet found — leading to a positive result for the child.

To be fair, I have rarely seen an AI deliver a 100% correct answer on anything with any real level of complexity. I have seen it both waste more time than it saves, and save a ton of time.

My point here is: It is neither always fantastic nor always terrible.

Let me talk you through an example.

I am a fan of inbox zero for email. That is, the inbox should be empty. Unfortunately, mine has 8000 messages in it. According to the oldest messages in my inbox, I last had inbox zero 8 years ago. But really, only a handful are older than 2020. I guess something must have happened that year…

I’ve been chipping away at this for quite some time now. The problem is, there are certain emails in there that really do still need some action – maybe it’s photos to save off into our photo collection, for instance. But when looking at things sorted by date or thread, there are old shipping confirmations next to phishing attempts and family photos. One can’t just scan down the list.

I’ve tried all the usual tricks, most of which involve selecting groups of message that are easy to bulk erase, or at least easy to scan visually for the occasional thing worth saving. Sort by sender or subject line, for instance. Then I can, for instance, delete all the old messages from the shopping sites I commonly use all at once. But then they start using different senders and different subject lines and that doesn’t get all of them. I’ve tried keyword searches for this sort of thing too. Still, that got me down to about 8000 messages.

So I thought: why not see if an LLM could help me classify these? Maybe it could categorize them, and then I could look at emails grouped by category.

I have one machine with a discrete GPU, an Nvidia RTX 4070. It’s a desktop machine I don’t use all that often. But I set up Ollama on it, running in a Docker container. Ollama runs models locally.

I should also mention at this point that we are solar-powered, and this time of year is a time of peak production of excess solar, because it is sunny and not much heat or AC is required. So that machine is solar-powered and isn’t causing environmental harm. In any case, charging the EV uses much more power than that GPU.

I figured I would do this in two passes. First, ask the LLM to classify each message (or a sampling of them would probably work too), letting it pick its own categories for each. Then, look at the patterns that emerge and give it a single, much smaller, set of broad categories to use and rerun it over that.

Then I can easily select messages from my Maildirs by category and process them in bulk.

I used open-interpreter pointing to that GPU on my network to help me write the scripts for this. It didn’t get things right on its own; for instance, it didn’t call the Ollama API correctly, and insisted on appending “/cur” to the path to the Maildir (which was not going to fly with Python’s maildir module). It took roughly an hour to classify those 8000 messages (or, as I had it do, the first 2000 characters of them), and then the same to do it a second time. I had it output lines in the form of “filename\tcategory” and hand-wrote the shell script that processed those.

In the end, was it useful? Yes, quite. Its classifications weren’t perfect (and it didn’t even follow my prompt perfectly; sometimes it would give me a long discussion on why it picked a certain category rather than just that category, and occasionally it picked categories not on the list). But then, neither were my manual keyword searches. So far I’ve gotten rid of nearly 1000 more messages. Several categories were a “visual scan for sanity and then delete all” sort of thing.

My emails never left my network. I didn’t rely on a cloud AI to process them. I didn’t contribute to global warming (this may have even been a case of saving energy, since it no doubt will offset quite a bit of manual time that would keep screens and room lights energized and so forth). I used about as much energy as watching a movie on a TV.

Did it complete the task for me entirely autonomously? Also no. AI isn’t a mind reader and it can’t possibly evaluate exactly what my thought process would be for a given task. But it can do a decent enough job to save me some time.

Still, this didn’t require hyperscaler datacenters. AI even runs on-phone (Google Translate being one of the most useful AI-driven apps I’ve ever seen, and it can run on-device).

Girl Genius for Wednesday, March 25, 2026 [Girl Genius]

The Girl Genius comic for Wednesday, March 25, 2026 has been posted.

01:49

Seabreeze No! [QC RSS]

a thousand beaks, a million talons, ten billion eyes. RIP Ms. Beakman, you beautiful bird

01:42

00:56

Seattle Central College’s Wood Technology Center May Be on the Chopping Block [The Stranger]

Reached by phone on Tuesday, a spokesperson for the college said that while they couldn’t name specific properties they were considering selling, the college is currently looking at all of their properties. This includes the block that contains the historic Egyptian Theater. by Chase Hutchinson

Seattle Central College’s Wood Technology Center, the home to carpentry, boat-building, and pre-apprenticeship construction programs that train students for skilled trades, is at risk of closing as the college explores selling the building where it’s housed. 

Reached by phone on Tuesday, a spokesperson for the college said that while they couldn’t name specific properties they were considering selling, the college is currently looking at all of their properties. This includes the block that contains the historic Egyptian Theater, which concluded operations under SIFF last October

Multiple students and staff spoke to The Stranger and expressed concerns about the loss of the programs. These closures will impact a region that desperately needs them.

“Losing this for Seattle is a huge loss. It’s a huge loss for the local economy, it’s a huge loss for our industry,” says Catie Chaplan, a Seattle Central College Wood Technology instructor named 2017’s Instructor of the Year by the Washington Women in the Trades. “With the need for housing in Seattle, it’s a loss of one of the few places that trains carpenters to build houses.”

Staff and students say they learned of the potential closure from college leadership on Monday, including interim president Chantae Recasner. As reported by The Seattle Times, students protested outside a conference room where a meeting was taking place, wearing belts and toolbelts while chanting as administrators departed, hoping pressure would lead to a different outcome.

Much remains unknown. Staff say they intend to honor all currently enrolled students. Staff said they’ve been told that they could continue to enroll cohorts in the spring quarter. However, they could be prohibited from enrolling new students in the five-quarter program by fall. There are approximately 70 students on a program waitlist.

It’s important to staff to keep enrolling for as long as they can rather than have the building sit empty while awaiting a potential sale, staff say. More details about enrollment will come in the next week. 

The Stranger asked about the looming closure, the financial health of the college, and whether instructors would be given more time to find a different solution. Barb Childs, Seattle Central College’s associate vice chancellor of public relations and strategic initiatives, sent the following statement: 

“We are considering the sale of Seattle Colleges' properties, including Seattle Central's Wood Technology property, and relocating the programs, where applicable, to sister colleges. As we consider the sale of properties, we are seeking the most seamless and softest landing for our students and employees. We are exploring this decision due to structural funding challenges facing community colleges across our state, including declining state funding and rising operating costs.”

In addition to concerns about losing what they called “vital programs,” students and staff said the closure leaves fewer opportunities for unrepresented groups to break into the woodworking field. 

“These programs are one-of-a-kind programs that provide access and equity in the trades. They’re the only programs of their kind in Seattle and in the vicinity,” says Chaplan. “My program right now is over 50 percent women. We have a lot of queer, nonbinary, trans students. … We have people from all walks of life coming here to get training and build confidence to get living wage jobs and careers in industries that are desperate for skilled workers.” 

Stephan Anderson is one of those trans students. The possibility of cuts has haunted the building, they say. The loss would be significant for Anderson.

“As a trans person of color at this school, being supported and gassed up every day has been unforgettable,” they say. “I’ve never experienced an education like this.”

Chaplan argues more grants and partnerships could allow the program to continue. It’s happened before. The over-80-year-old institution received a $750,000 grant from the Lowe’s Foundation in 2024

“To lose the campus and lose the property is a huge loss that, in my opinion and our opinion here, is really a short-sighted loss,” Chaplan said. “We understand there’s a budget crisis and community colleges are in a world of hurt, but the years of financial decisions that got us here shouldn’t be balanced on selling an irreplaceable campus.” 

Tuesday, 24 March

22:49

Urgent: No funding for Iran war [Richard Stallman's Political Notes]

US citizens: call on Congress to reject the $200 billion funding request for the war with Iran.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Unwanted pro-war propaganda [Richard Stallman's Political Notes]

US citizens: call on Congress to investigate FCC Chairman Carr's threats to silence news media that report on the Iran war without slanting it to favor the war-starter.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: Families, child care unfunded [Richard Stallman's Political Notes]

US citizens: call on your federal legislators to stop the bully's attack on child care and families.

See the instructions for how to sign this letter campaign without running any nonfree JavaScript code--not trivial, but not hard.

US citizens: Join with this campaign to address this issue.

To phone your congresscritter about this, the main switchboard is +1-202-224-3121.

Please spread the word.

Urgent: No Kings [Richard Stallman's Political Notes]

On March 28, or a date close to that, join one of the No Kings protests.

22:35

Much Obliged [The Stranger]

Got problems? Yes, you do! Email your question for the column to mailbox@savage.love! by Dan Savage I’m a happily married pregnant woman. My wife and I have had a bit of a slowdown in the sex department, but nothing too worrying considering my “condition.” During this pregnancy I’ve had an increase in libido, but I haven’t shared that with her. We were having some conflict when I started to experience this uptick in sexual impulses. I’ve had some limitations physically, like a period of mandated pelvic rest, so “The Right Moment” has been rare. When our dry spell came up a few months ago, neither of us handled the discussion well. I was being flirtatious (or I thought) and she chose that moment to say something hurtful about how infrequently we were having sex. I don’t like feeling as though sex is an obligation, so that interaction was a big turn-off for me. I told her I felt hurt, and she apologized, but I don’t think…

[ Read more ]

22:28

Democrats could have been [Scripting News]

Democrats could run an ad that would give an estimate of how much work you'd have to do to vote if the Republican plan passes.

And roughly how many people are like you and how likely they are to vote Democratic.

People can understand March Madness, they can understand this. You have to help though. The first question could be:

The first question could be:

  1. Do you have your birth certificate or passport?

In the ad we could also estimate what the probable makeup of Congress would be if the law passed.

And keep an open mind, it's possible this move could backfire on the Republicans. Who knows how people will vote after this kind of madness becomes law.

They might want to keep things as they are.

Mozilla could have been [Scripting News]

I’ve watched Mozilla not get it for what feels like decades.

Their only legit function imho is to make the real actual web be a great platform for independent developers.

For that, start by adding user controlled storage to the web, a few standard formats, and let app devs take it from there.

21:49

21:00

Windows 95 defenses against installers that overwrite a file with an older version [The Old New Thing]

Back in the days of 16-bit Windows, many system components were redistributable, meaning that programs that used those components could include a copy of those system components and install them onto the system as part of the program’s installer. The guidance for installing the system components was that if the installer finds a copy of the system component already on the system, then they should compare the version number of the existing file with the version number of the file being installed and then overwrite the file only if the file being installed has a higher version number. if the existing file has a higher version number, then it should be left alone.

This rule relies on the fact that Windows maintains backward compatibility, so the newer version still works even if used by an older program.

This doesn’t mean that installers actually followed this guidance.

It was common for program installers to overwrite any file that was in their way, regardless of the existing file’s version number. When these installers ran on Windows 95, the replaced the Windows 95 versions of the components with the Windows 3.1 versions. You can imagine how much of a disaster this caused to the rest of the system.

Windows 95 worked around this by keeping a backup copy of commonly-overwritten files in a hidden C:\Windows\SYSBCKUP directory. Whenever an installer finished, Windows went and checked whether any of these commonly-overwritten files had indeed been overwritten. If so, and the replacement has a higher version number than the one in the SYSBCKUP directory, then the replacement was copied into the SYSBCKUP directory for safekeeping. Conversely, if the replacement has a lower version number than the one in the SYSBCKUP directory, then the copy from SYSBCKUP was copied on top of the rogue replacement.

Basically, Windows 95 waited for each installer to finish, and then went back and checked its work, fixing any mistakes that the installer made.

An earlier design simply blocked the installer’s attempt to overwrite the file, but this ended up creating more problems. Some installers declared the installation to be a failure and gave up. Otherwise displayed an error message to the user and asked the user what to do next. (Like the user knows what to do next.) You even had installers that took even more extreme measures and said, “Okay, fine, I can’t overwrite the file, so I’m going to reboot the system and then overwrite the file from a batch file, see if you can stop me.”

Redirecting the write to a dummy file didn’t work because some installers had a validation step where they checked that the files on disk have the correct checksum, so they would notice that their attempt to overwrite the file was unsuccessful and error out.

The way that worked best was to let the installer overwrite anything it wanted and then go back and try to clean up the mess.

Bonus chatter: Some components addressed this problem by providing their own installer for the component, and telling installers, “You are not allowed to install these component file directly. Instead, you must run our custom installer. Yes, this disrupts your installer’s UI, but you installer authors have shown that you can’t be trusted to install files on your own. It’s your own fault.”

The post Windows 95 defenses against installers that overwrite a file with an older version appeared first on The Old New Thing.

20:49

20:14

Letters Pray – DORK TOWER 23.03.26 [Dork Tower]

Most DORK TOWER strips are now available as signed, high-quality prints, from just $25!  CLICK HERE to find out more!

HEY! Want to help keep DORK TOWER going? Then consider joining the DORK TOWER Patreon and ENLIST IN THE ARMY OF DORKNESS TODAY! (We have COOKIES!) (And SWAG!) (And GRATITUDE!)

18:35

Firefox 149.0 released [LWN.net]

Version 149.0 of the Firefox web browser has been released. Notable features in this release include a new split-view feature for viewing two web pages side-by-side, a built-in VPN for browser traffic only, and more.

18:28

The Big Idea: Tiffani Angus & Val Nolan [Whatever]

You know ’em, you love ’em, authors Tiffani Angus and Val Nolan are back again with another installment of their speculative fiction guidebooks. Hop on board the Big Idea to see how they’ve done it again in Spec Fic for Newbies Vol. 3: A Beginner’s Guide to Writing Even More Subgenres of Science Fiction, Fantasy, and Horror.

TIFFANI ANGUS & VAL NOLAN:

Imagine a classic scene: A car driving down a lonely rural road… a bright light overhead… an examination table aboard an alien spacecraft… and then, instead of the typical medical business, our protagonist—let’s call her Sally—finds herself sitting across from an extraterrestrial. This being communicates with a curious thought-to-text translator device it places on the table. When the entity speaks, its words appear in the air between them:

“My species has learned all we can about your physiology. Now we wish to know about your culture. Does your society… tell stories?”

Sally, who’s been studying Creative Writing, is only too happy to discuss this. “We sure do,” she says. “Lots of different kinds! Science Fiction stories, Fantasy, Horror. And they take all sorts of different forms, like written fiction, TV shows, comics books…”

The alien’s already wide eyes expand even further. “And your species just instinctively understands how to tell these stories?”

“I mean, kinda. We’ve been doing it since we sat around campfires in the Ice Age. But we benefit from practice, you know? Plus, it helps to have guidance from enthusiastic instructors. Not literary snobs who want to make everyone write the same way as them but people sympathetic to the kinds of stories you want to tell.”

“And does one need to go to a school or university for this?”

“Not necessarily. Some people who’ve taught Creative Writing at universities have written books about it.” Sally looks around, finds her backpack (which conveniently materialized beside her), and pulls out a copy of Spec Fic for Newbies Vol. 3: A Beginner’s Guide to Writing Even More Subgenres of Science Fiction, Fantasy, and Horror by Tiffani Angus and Val Nolan. “This, for example, helps novice scribblers and even more seasoned writers learn how to write thirty different subgenres and major tropes. It gives deep dives into the history and development of each subgenre or trope, offers spotter’s guides to their typical manifestations, and provides writing exercises to get you started. Plus, it’s all based on real classroom experience!”

“Subgenres…” The alien’s word floats in the air. “We have heard of these. So many to keep track of.”

Sally thinks about this for a moment. She reaches for the translator. “Can I…?”

The alien nods.

Sally quickly finds the translator’s settings and alters a couple of font choices. “There,” she says, returning the device, “I’ve set it so that when I mention a subgenre that’s in Spec Fic 3, it will appear in bold. That’s what they do in the book. Like all this”—she gestures around the silver room—“is a recognizable Alien Abduction narrative. But the book covers everything from Dinosaur Tales to Swashbuckling Fantasy to Fungal Horror to Superheroes.”

“Fascinating.” The alien considers the book. “I wish I’d been able to study this.”

“They don’t teach Creative Writing at Space Academies?”

“Our universities mostly produce Mad Scientists,” the alien says. “Oh!” It points at the bolded word. “It did the thing!”

Sally smiles. “It’s fun, isn’t it? Plus, when Angus and Nolan discuss subgenres in the other volumes of the series, they underline its name so you can track it down easily.”

“Yes.” The alien turns Spec Fic for Newbies over in its spindly fingers. “I was wondering: can I just jump in with this third volume?”

“Oh absolutely! They’re all stand-alone books. Though if you want to know more about the previous ones…” She takes out her phone. “Have you got wi-fi here? Like, space wi-fi?”

The alien turns the translator upside down and shows her the password.

“Okay, cool,” Sally says, logging on. “So, Angus and Nolan have written about the previous volumes on Scalzi’s blog. You can read about Volume One here and Volume Two here.” She passes her phone to the alien, who reads the blog posts with interest.

“And people find these guides useful?” it asks.

“Useful and enjoyable,” Sally says. “The first two volumes were included on the Locus Recommended Reading List and shortlisted for the British Science Fiction Association Awards and British Fantasy Awards. Those are, like, big deals on our planet.”

“The section on Magic Schools and Dark Academia sounds interesting,” says the alien, now looking through the table of contents. “As does the section about Magical Realism.”

“I like some of the horror stuff myself,” Sally says. “I’ve lately given a go to writing about Near Death Experiences and Urban Gothic and Weird Fiction.”

“And?”

“And I’ve been trying lots of things that I never thought I’d try. The book is really encouraging that way. Angus and Nolan don’t believe in gatekeeping. The whole ethos of Spec Fic for Newbies revolves around bringing people into the realms of Science Fiction, Fantasy, and Horror by giving them the tools to explore these really rich and rewarding imaginary worlds.”

“I see there’s lots of jokes, too,” the alien says, the translator registering its chuckles as a series of curious emojis. 

Sally makes an affirmative noise. “Yeah, the authors have a really snarky sense of humor. Angus and Nolan don’t take themselves too seriously, which is another thing that separates this book from the really dry, old-school academic writing guides. Though, of course, that doesn’t mean the book isn’t smart—”

The alien holds up the section on End of the Universe stories. “I can see that.”

“—but it does mean it’s approachable. Anyone can read Spec Fic for Newbies. Anyone can learn from this book. That’s their big idea!”

Bugs!!!” the alien suddenly shouts.

“Where?!”

“Page 229!”

Sally laughs. “I haven’t got to that part yet!”

“This book tells us much about humanity,” the alien says, “as well as things about Elves and Kaiju.”

“And we’ve barely even covered half of the subgenres here!”

The alien returns the book to Sally. “Where can I get my own copy?”

“Direct from Luna Press.” She opens up the website. “Or from any of your usual retailers.”

“I think I would like to beam down and pick one up right away!”

“Great,” says Sally, “let’s go get you writing!”

Spec Fic For Newbies Vol. 3: Amazon|Barnes & Noble|Amazon UK|Blackstone UK|Waterstones UK

Author socials: Tiffani’s Website|Val’s Website|Tiffani’s Bluesky|Vals’ Bluesky

17:56

Slog AM: ICE Is in the Airports, a Meddlin’ Saudi Prince, Snowpack Pays for Warm Winter [The Stranger]

The Stranger's morning news roundup. by Vivian McCall

Fartin’ Around: The ICE agents sent to supposedly help TSA manage snarling lines at 14 airports—hundreds of its officers have quit or called out sick because they’re not being paid during this partial government shutdown—are just … standing around and pissing people off, writes Defector. Unsurprisingly, airport wait times haven’t magically improved overnight.

This Guy Is Definitely Going to Figure It Out: The Senate confirmed Markwayne Mullin to lead homeland security on a largely party-line vote Monday. The Republican Senator from Oklahoma and friend to President Donald Trump replacing Kristi Noem says his goal is to get the department off the front page of the news.

ICE in the News 2: ProPublica reports that Trump has arrested and detained the parents of at least 11,000 US citizen kids in the first seven months of his second term. That’s affecting roughly 50 kids a day; if the administration held that pace, the number would be about 22,000 by now.

ICE in the News 3: KUOW interviewed a couple from Oaxaca who’ve spent their adult lives working the crop and flower fields in the Skagit Valley. Their employer tells them they’re protected from federal agents at work, but there is no protection when they come and go. “Their kids beg them to leave their apartment — to walk to the nearby park and play on the playground, to go shopping for new shoes, or drive across town to get ice cream. These days, their mom and dad, who are undocumented, always say no.”

ICYMI, More ICE in the News: Last week, the Urbanist wrote about a “powerful surge” of immigration enforcement in Washington between October and December 2025. According to a report from University of Washington’s Center for Human Rights, the largest increases were in King, Yakima, and Clark Counties. The Center found repeated instances of federal agents running license plates to check immigration status before making an arrest.

Republican Sheriff/California Gubernatorial Candidate Seizes 650,000 Ballots from 2025: Riverside County Sheriff/candidate Chad Bianco says a citizen “audit” of California’s special election to re-district California allegedly showed that election workers counted 45,000 fewer ballots than the number of votes certified to the state. So… no. The citizen  “evidence” is imprecise and wrong, and even though Bianco has been “investigating” fraud in Riverside County since 2022, he hasn’t found it. Is the stolen election in the room with us, folks?

Stop, Mr. Prince, He’s Impressionable! Saudi Arabian Prince Mohammed bin Salman has been pushing Trump to continue the war in Iran because he believes it is a “historic opportunity” to remake the Middle East, reports The New York Times. He’s told Trump that he must destroy Iran’s government. Trump appears to be of two minds (or none at all). Some days the war is ramping up. Others it’s winding down.

WFH is Dying: By July 1, all Seattle Public Schools employees must return to full-time in-person work, according to a Thursday email to employees. At least 330 SPS employees work in hybrid or fully-remote jobs.

Eina Kwon Shooting Won’t Go to Trial: Prosecutors have accepted a plea of insanity from Cordell Goosby, who, according to court filings, was in severe psychosis when he shot into the pregnant Kwon’s car in 2023, killing her and injuring her husband. After Goosby’s attorneys suggested he was insane at the time of the crime, prosecutors sought independent evaluation. Their expert agreed that he was insane. Under the plea, he could be held at a state psychiatric hospital for life.

Beautiful, Unseasonable Weather We’ve Been Having: This month’s snowy surprise was no match for climate change. Sorry to remind you of The End, but that abnormally mild winter cost us our precious snowpack. Usually at its highest point this time of year, Washington’s mountaintops currently “sit at or below half their normal levels,” writes The Seattle Times. After a brief hope for more snow, scientists, or the groundhogs of climate, are back to predicting the fourth severe summer drought in a row.

The Monster We’ve Created: His enjoyment is sickening.

Weather: It’s wet and grey, but we should be thankful for rain while it's still with us.

The Golden Hour at Roquette [The Stranger]

Roquette's Hour is a luminous treat. by Meg van Huygen

With an hour to kill before my birthday party, I was walking around Belltown in my silly dress in the freezing rain. I rarely drink alone, but…maybe that’s the move here? To celebrate myself on a date with myself?

It’s not hard to figure out how to spend the most luxurious possible solo hour in Belltown. Despite the attention it gets from both national food media and snobby listicle sites, Roquette’s somehow maintained a real-ones-know reputation in this city. Surrounded by oontzy dance clubs and yelly sports bars, this sleek, French-inspired cocktail lounge frequently sails under even my own radar, and definitely others’. A shame, considering its cool combo of elegant and chummy—Roquette’s unlikely to disappoint anyone who visits, even unreal ones who do not know.

What a perfect secret hideaway for an intimate little date with yourself, though. Self, we really must do this.

Fresh off its second James Beard nom, Roquette is standing room only on a blustery Friday. Ah, it’s so pretty and plush inside, with its cobalt velvet and palmy murals. They’ve got an ensemble cast tonight: Kyton Blair from Roquette’s original 2019 opening team—who’s also the StarChefs Seattle 2025 Rising Stars Award winner for his work there—as well as Chelsea Mathews (The Doctor’s Office) and Parker “Top Shelf” Knowles (Oyster Cellar). All major players in Seattle’s beverage programs.

From Roquette’s book of spectacular, world-class cocktails, I choose a Golden Hour: George Dickel Rye, Calvados Coquerel, Amaro Nonino, Giffard Piment d’Espelette, and apricot. The name was like a lovely personal welcome; in my wet scarf and drippy hair, I thought a sunny-golden hour spent in here just might break through the winter chill.

I like to smell the fruit before I take a sip—here, a swath of orange peel—and doing this adds enormously to the experience. Always a fan of gingerbready Dickel Rye. Calvados Coquerel is from Normandy, an oak-barrel cider brandy with farmy notes. Amaro Nonino is Italian and reminds me of MarketSpice tea: orange, cinnamon, chamomile, thyme, with a fruity grappa base. Also French, Piment d’Espelette’s a spicy, intense liqueur made by macerating espelette peppers in rhum agricole. And the sweet zang of the apricot juice unites everything, like hot honey on an experimental pizza.

This cocktail has always known me and is, in fact, my date tonight. We understand each other. We’re in love.

Before I go, Mathews sends me a Disco Ball—green AND yellow Chartreuse, mezcal, and “sparkles,” served in a disco ball-shaped shot glass. She’s “made it skate” with floaty ice slivers. In comparison, this tiny drink’s a flamboyant stranger who doesn’t know me at all, and it’s dazzling. I want a big version.

The karaoke party later is chaotic and fun, if exhausting, and I feel celebrated. It’s a privilege. But when the day is over, I’m deeply thankful for my meditative golden hour with the Golden Hour beforehand, hidden in plain sight at a svelte little lounge. This is the frequency I want this year. Age 46: I totally hang out at Roquette all the time now.

17:07

Leave Tyrants in the Ground [George Monbiot]

By unhooking ourselves from fossil fuels, we release ourselves from a world of harm.

By George Monbiot, published in the Guardian 19th March 2026

I realise this is a serious breach of etiquette. But could we perhaps abandon good manners and contextualise Donald Trump’s attack on Iran? The intense western interest in the Middle East and west and central Asia, sustained for more than a century, and the endless attempts by foreign governments to shape and control these regions, are not random political tics. They are somewhat connected to certain fuel sources situated beneath the ground.

Trump’s war aims are typically incoherent: apparently incomprehensible even to himself. But Iran would not be treated as an “enemy of the west” were it not for what happened in 1953, when Winston Churchill’s government persuaded the CIA to launch a coup against the popular democratic government of Mohammad Mossadegh. The UK did so because Mossadegh sought to nationalise the Anglo-Iranian Oil Company: to stop a foreign power from stealing the nation’s wealth. The US, with UK support, tried twice to overthrow him, and succeeded on the second attempt, with the help of some opportunistic ayatollahs. It reinstated the shah, Mohammad Reza Pahlavi. In 1954, the Anglo-Iranian Oil Company became British Petroleum, later BP.

Fury about the 1953 coup, combined with ever-more vicious repression under the shah’s dictatorship, triggered the revolution of 1979, which was captured by the ayatollahs, with horrible consequences for many Iranians. They would not be running the country were it not for our governments’ violent crushing of democracy for the sake of oil.

Take a step back from this history, and you see something else that should be obvious. The conflation of capitalism with “free markets” is one of the most successful lies in human history. The historical and ongoing plunder of resources; the police, armies and death squads deployed against those who resist; the shifting of profits from less powerful nations to the major powers; the intimidation of labour; the conning of consumers; the extraction of rent; the dumping of costs on the living planet: all this is the opposite of “free”. It’s highly coercive and extremely expensive.

Much of the time there’s little sign of a market, either. Land, commodities and labour are, in many cases, simply stolen. Public resources, whether oil reserves, forests, water systems or railways are given (or sold at a fraction of their value) to private monopolists. The rich are bailed out by the state when they run into trouble, while the poor must sink or swim. “Free market capitalism” is a contradiction in terms.

The world’s military power exists in large part to deliver the profit from resources – especially oil – to banks and shareholders, commodity traders and asset managers, hedge funds and private equity companies. For the same purpose, the infrastructure of persuasion – lobbyists, media, social media algorithms – is mobilised to ensure the most amoral, sadistic and bellicose people are selected as leaders, as they will keep oil and other commodities flowing for the benefit of capital, whatever the human cost may be. Their opponents are demonised, alternatives dismissed as “unrealistic”, “unpopular” and “unaffordable”.

This is why we consistently underestimate other people’s desire for change. For example, one study shows that 89% of the world’s people want more action to stop climate breakdown. Yet the same people believe they’re a minority. At the height of the Covid-19 pandemic, surveys consistently showed that a vast majority hoped to emerge into a better world, where health, wellbeing and environmental protection took precedence over economic growth. But governments spent billions on restoring our dysfunctions.

As the hydrocarbon industries and their financial backers find themselves threatened by green technologies, their grip on governments and the media has tightened. They’ve poured vast sums into climate denial and public dissuasion campaigns. Politics has become harsher, less open and less tolerant. The democratic recession is in large part driven by fossil fuel interests. The entire planet suffers from the resource curse.

Oil did not cause capitalism, but it has massively extended and empowered it. Reduce our dependency on oil, and we disrupt some of the world’s most violent and exploitative relations. We defuel dictators and war machines, coups and assassinations, invasions and nuclear threats. It’s not everything of course: there will still be water wars, land wars and mineral wars to be fought: after all, the military machine can’t just sit there rusting. But it’s a lot.

We would also defuel the greatest violence human beings have ever waged against each other: the degradation of all our lives through climate breakdown. The two emergencies – political and environmental – are one. We need to put ourselves on an anti-war footing with the urgency that nations have traditionally put themselves on war footings: an emergency programme to get fossil fuels out of our lives, faster and further than any government is currently planning.

A crucial intervention is the National Emergency Briefing, whose forthcoming film, hosted in cinemas by volunteers across the country, will press the government to explain our predicament properly, and mobilise for full-scale action. If you worry about the cost, consider this. The government’s Climate Change Committee estimates that the additional expense of a single fossil-fuel price spike on the scale of 2022’s is roughly the same as the entire cost of net zero by 2050. The price shock caused by Trump’s attack on Iran is likely to be even greater. We get nothing in return for oil spikes, but we get a new, more secure and cheaper energy system in return for the net zero programme.

I don’t mean to suggest that defeating the fossil fuel machine is easy. Capital will use everything it has to stop us. This is what Extinction Rebellion discovered in the UK, as vicious new protest laws were drafted to shut it down. This is what the Standing Rock campaigners in the US found, when they sought to stop an oil pipeline from crossing their land. It’s what Earth defenders in the global south discover even more brutally, as paramilitaries gun them down. Control over resources is the driving force of politics. Democracy, at the moment, is the lightshow played on the castle walls.

Concentrated fossil power leads to concentrated political power. Had we been less dependent on fossil fuels, there might have been no President Trump, no President Putin, no ayatollahs, no Prime Minister Netanyahu. Fossil fuels push the world towards autocracy. Overthrow our demand for them, and we overthrow much of the current tyranny. Greener, cleaner, cheaper, kinder, fairer: what a beautiful world we could have.

www.monbiot.com

16:28

Memory lane for Frontier users [Scripting News]

I had to find out which domains being served by a problem server were still mapping to its domain. This server had been running for six years, and I was pretty sure some of the apps had moved.

So I wrote a script in Frontier, it was the best tool available to me, and got my answer in 20 minutes, code written from scratch.

The script visited each subfolder, the filename is the domain of the folder, finds out which server it's supposed to be running on, based on a DNS lookup, and adds a line to a list.

Here's a screen shot of the domains folder.

Here's the script as a screen shot and GitHub doc.

This is just a way to preserve a little of the Frontier culture. Hard to explain in words. Easier to show as screen shots.

16:21

[$] A PHP license change is imminent [LWN.net]

PHP's licensing has been a source of confusion for some time. The project is, currently, using two licenses that cover different parts of the code base: PHP v3.01 for the bulk of the code and Zend v2.0 for code in the Zend directory. Much has changed since the project settled on those licenses in 2006, and the need for custom licensing seems to have passed. An effort to simplify PHP's licensing, led by Ben Ramsey, is underway; if successful, the existing licenses will be deprecated and replaced by the BSD three-clause license. The PHP community is now voting on the license update RFC through April 4, 2026.

15:35

Free Software Directory meeting on IRC: Friday, March 27, starting at 12:00 EDT (16:00 UTC) [Planet GNU]

Join the FSF and friends on Friday, March 27 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

14:07

Down: Debunking zswap and zram myths [LWN.net]

Chris Down has posted a detailed look at how the kernel's zswap and zram subsystems work — and how they differ.

Most people think of zswap and zram simply as two different flavours of the same thing: compressed swap. At a surface level, that's correct – both compress pages that would otherwise end up on disk – but they make fundamentally different bets about how the kernel should handle memory pressure, and picking the wrong one for your situation can actively make things worse than having no swap at all

Krita 5.3.0 and 6.0.0 released [LWN.net]

The Krita project has announced the release of Krita 5.3.0 and 6.0.0:

Krita 5.3/6.0 is the result of many years of work by the Krita developers. Some features have been rewritten from the ground up, others make their first appearance.

Enjoy the completely new text feature: on canvas editing, full opentype support, text flowing into shapes. It is now easier than ever to create vector-based panels for comic pages. Tools got extended: for instance, the fill tool now can close gaps. The liquify mode of the transform tool is much faster. There are new filters: a propagate colors filter and a reset transparent filter. Support for HDR painting has been improved. The recorder docker can now work in real time. There is improved support for file formats, like support for text objects in PSD files. And much, much, much more!

According to the announcement, the versions are almost functionally identical. However, the 6.0.0 release is the first based on Qt 6; it has more Wayland functionality but is considered experimental. It cautions that users should stick to 5.3.0 for real work. See the release notes for a full list of changes.

LiteLLM on PyPI is compromised [LWN.net]

This issue report describes a credential-stealing attack buried within LiteLLM 1.82.8 in the PyPI repository. It collects and exfiltrates a wide variety of information, including SSH keys, credentials for a number of cloud services, crypto wallets, and so on. Anybody who has installed this package has likely been compromised and needs to respond accordingly.

Update: see this futuresearch article for some more information. "The release contains a malicious .pth file (litellm_init.pth) that executes automatically on every Python process startup when litellm is installed in the environment."

13:21

Security updates for Tuesday [LWN.net]

Security updates have been issued by Debian (strongswan and vlc), Fedora (cmake, giflib, and python-diskcache), SUSE (curl, docker-stable, freeciv, freerdp, freerdp2, freetype2, go1.25-openssl, go1.26-openssl, GraphicsMagick, gvfs, harfbuzz, kernel, lemon, libpng16, librsvg, libsodium, libsoup, net-snmp, protobuf, python-Authlib, python-maturin, python-tornado6, python310, python311-pypdf, python311-PyPDF2, python314, python39, rust-keylime, strongswan, systemd, ucode-intel, util-linux, and vim), and Ubuntu (gvfs, linux-aws-6.8, linux-azure, linux-azure, linux-azure-4.15, linux-azure-fips, linux-hwe-5.4, linux-ibm, linux-intel-iot-realtime, linux-nvidia-tegra-igx, linux-realtime-6.17, pyopenssl, rust-sized-chunks, strongswan, systemd, and tiff).

13:14

Late Payments [RevK®'s ramblings]

I don't know how I missed this consultancy, but they had said they are happy for me to send in comments.

https://www.gov.uk/government/consultations/late-payments-tackling-poor-payment-practices/outcome/late-payment-consultation-time-to-pay-up-government-response-web-version

Proposed changes to Late Payment of Commercial Debts (Interest) Act 1998

Thank you for providing contact details - I somehow missed the consultation on this, though I have been very much an advocate of this legislation since it was created, and have a web site dedicated to it paylate.co.uk

The press release led me to more concerns, but I have now read the consultation response in more detail, so these are comments on that.

Who are we?

We are an internet provider and equipment manufacturer. We turn over around £xm, have around x staff, and have thousands of customers. We sell items from as little as a £1/month, to equipment costing tens of thousands. We have commercial customers ranging from sole traders to very large corporation and even government bodies. We have been charging late payment penalties since the legislation was introduced and have experience of pursuing charges via county court as well.

Summary

We actually find the existing legislation to be very effective, and feel that the main issue is that so many small companies are still unaware that they can charge these penalties and interest. I don’t think these proposals address that. There is also a feeling that doing so risks losing important customers (something our experience says is not the case). As such we are surprised that these proposals are happening.

However, I can see some of the logic. Some proposals seem reasonable sensible, but I do have some specific comments.

Our experience

I think our experience is relevant as I am not aware of other smaller businesses fully automating late payment penalties, which we did from the start of this legislation (do look at paylate.co.uk for more).

This meant that the day a payment was late we would send an invoice for the penalty (interest was invoiced once paid). We chose to send an invoice as our experience is that any sort of payment demand or note, or polite email, would be ignored. One has to be careful to ensure no VAT nor late payment charges apply to such an invoice, but a real invoice is generally effective at getting a response.

The impact of this varied - some customers horrified (especially in the early days of the legislation). Some annoyed. We adopted a simple policy of crediting the first invoice. But it got the message across, and created some good will with the credit, and ensured we retained the customer, but that they know they would have to pay on time, and this generally works. Our accounts staff would even blame the computer - it is an automated process. But we did not lose customers over this.

Some customers had old school accounts departments that paid late as a matter of course. The actual customers, specifically the individuals we deal with, are happy with our service and exasperated with their accounts departments. The result is that we would charge, and collect, tens of thousands of pounds a year in late payment penalties - often from people persisting in paying only a few days late each month. We later started taking Direct Debit and this meant these charges dried up, a lot. Direct Debit collection is a massive benefit for getting paid on time. But we do have the occasional customer paying late and being charged every month, even now.

We also had a handful of cases of, typically smaller companies, insisting they would not pay penalties, and we took some to court and won with no problem whatsoever. That generally does not happen now as people are more aware.

It is also worth noting that one huge corporation was somewhat intractable, and we took the pragmatic decision (because of the value of the business) not to charge penalties. We left the system adding a note on each statement indicating how much they had accumulated to date (they ignored this). After many years they moved to a new supplier for unrelated reasons (which we expected would happen eventually), but they had paid every invoice a few days late. We send a final invoice for all of the late payment penalties. Many thousands of pounds, and they had no choice but to pay, which they did.

One interesting comment we have had, in light of comments on your proposal about small businesses asking for the interest - we have had customer say it is not good business practice to ask for the interest! We have replied that it is not good business practice to pay late. Others may feel intimidated.

Specifics of your proposals

New powers and reporting

These seem good in principle, and I guess making it part of large company audits makes sense. New reporting burdens are never nice, if it is simply reporting what the auditors have found, it should not be too bad.

Penalties

As for powers for imposing additional penalties: As the legislation makes this part of the terms, paying late and then paying the interest and penalties as required, is complying with the terms, ultimately? And has already imposed penalties. I can understand penalties for not paying the late payment penalties and interest, but also, is that not what county court is for? It just sounds legally a little odd (I am not a lawyer). The terms are in effect pay by this date or else if you choose to pay later then pay this extra money, in effect a choice, and compliance with either is compliance with the contract terms as such. Indeed a customer might explicitly word a contract exactly in those terms and be compliant with the Act.

In practice, if somehow it could be that everyone who is paid late actually charged the penalties and interest, that would be an administrative and financial burden on those that pay late and change their ways. At present this does not happen. I am not sure these proposals change that. I do not see customers negotiating contracts with no penalties, I see suppliers unaware or too scared to charge what is already the legally required penalties and interest.

One thought on penalties, if a business identifies through audits that it has paid suppliers late, can it not be forced to calculate and send the due penalties and interest to those suppliers that have not already demanded it - that would also be a notable disincentive and effective penalty but also benefit those that have been paid late rather than a fine paid to the government.

Personally I have always said that a company that knows it is paying late should be accounting for the accumulated debt they legally owe (even if not requested by suppliers) on its accounts, and that failing to do so is already fraudulent accounts.

Maximum payment terms

I feel the press release is somewhat misleading on this…

Re-reading the latest version of the existing Act, I see 30 day (public authority) and 60 day (other) limits already in place. I suppose the 5D(b) and 7A does allow for longer terms if not grossly unfair and I can only assume this proposal is simply to remove that option. The consultation and press release do not make it clear that it is just the removal of not grossly unfair longer terms. I hope it is not extending the 30 day limit on public authorities to 60 days. But the wording does suggest exceptions may still exist, so this is really not a significant change at all.

Personally I would be happy with something that makes 30 days much more of a default, and up to 60 days some sort of exception needing some specific justification or perhaps common established industry practice. I can see that some large customers might even now point to the Act and say that 60 days is clearly reasonable as it is allowed by the Act - however as it is already in the Act, and has not changed what we see from customers, maybe that is not such a concern.

Construction contracts

I have no experience of such.

Deadline for disputing invoices.

This does concern me. It was not that clear until I read the more detailed response what the purpose was. I do see the basic logic.

Even when a dispute is raised promptly, it needs to be clear that the undisputed amount must still be paid within terms and penalties and interest apply to that.

Also, once a dispute is raised the process for ensuring a supplier refunds a customer for the correctly disputed amount is probably important as well. This would not count for late payment penalties the other way around, and perhaps it should.

Also, what is to stop a customer simply generally disputing every invoice, so as to stop the clock? Or a supplier deliberately making it hard to understand an invoice so is can’t easily be disputed in time. Slip in some errors that won’t be spotted until too late?

A general limit on raising disputes is a concern, e.g. disputes on invoices already paid. This whole process needs to relate only to the application of late payment penalties, and not disputes in general.

For example, we deal with BT as a supplier, and the invoices each month have tens of thousands of line items. We have staff that spend time checking for errors, and there are usually some. We obviously pay the undisputed amount within terms - we pay all suppliers within terms. But the process of identifying an error can be time consuming. We also have the fact that an error might not be apparent until one of our retail/consumer customers queries something with us, and that may relate to previous invoices or even go back years. We recently found a case of a circuit for which BT have been charging for around 5 years even though they ceased it, and, being within the 6 years of the Limitations Act, we have, of course disputed the (paid) invoices, and now got a refund. Limiting our ability to dispute genuine errors is not good, in my view. I really hope that is not what is being proposed.

Mandatory interest

Again, I feel the press release is misleading on this… For a start, it only mentions interest and not the fixed penalty part, which I hope is retained.

Interest (and penalties) are in effect mandatory already. The exception is where a substantial contract remedy is agreed. I can only assume you are simply removing that option. The press release made it sound like interest was a new thing. Our experience is we have not seen any customer try and negotiate an alternative substantial remedy.

However, as a customer of BT, it happens that BT have a long standing clauses (which may even pre-date the Act) for late payment interest (not fixed penalty) which is lower than the current +8% in the Act. This change would actually make us, as a small business worse off (though, as I say, we do not pay anyone late) by making it the statutory amount.

So in our experience this is a pointless change. But I can see the logic. Maybe where the supplier is a large company and they propose in their standard terms a lower late payment penalties, that would make sense as an exception.

The consultation comments on this make little sense to me - small businesses would still have to ask for the penalties and interest (I hope the penalty aspect is retained), obviously, just like now. If the customer does not think they paid late, they are not going to work out the interest and send it! I say that the customer may not realise they paid late - and this relates not only to things like old BACS taking two days, bank holidays, wilful ignorance, etc, but companies that genuinely think that they are not getting their 30 days credit if they send payment before it is overdue, so they wait 30 days and then send, indeed feeling it is unreasonable to expect them to “do a BACS run every day”. So it is sent on the next BACS run after the payment is overdue. In that case we agreed 40 day terms to allow them time, and as predicted they started sending on the BACS run after 40 days!

No big change?

Overall this is not a big change - in effect (from our experience) the interest and penalties are a mandatory part of every commercial contract, and 60 days is a hard limit (30 for public authority). The changes remove some existing exceptions which already have wording to make them difficult (substantial remedy, grossly unfair), and we see no examples of these being used. Perhaps other industries do see them used.

Yes the auditing and reporting is new, but does that actually get small businesses actually charging the penalties and interest due? Surely many will still be either unaware, or scared to apply these charges to big customers, as now. Nothing much has changed there.

The dispute timeframe changes are a slight concern if not worded very carefully.

Suggestion

A big change would be customers that pay late having to allow for the debt due on their accounts (they probably already should), as well as include it in auditing, and report it. Then the possibility that they can be ordered to calculate and pay suppliers (that have not demanded it) what is due. A few high profile cases of that and it would scare large late payers in to action, and also make the smaller suppliers aware of what they should have already been charging.

I hope that is useful feedback.

12:35

Link [Scripting News]

You can't really use Claude to do research. It always assumes you're trying to do something. If you don't tell it what you're trying to do it guesses, and then starts telling you what to do. Its guesses are always wildly wrong. How do you tell it to stop telling you what to do? It totally disrupts your train of thought. But it makes me miss the days of Stack Exchange and Google search.

Online suckage is everywhere [Scripting News]

The 300 char limit here has as much suckage as Claude pretending you want to know what it thinks you're trying to do.

It's another freaking algorithm.

Bluesky assumes you can say whatever you have to say in 300 characters. It's a fucking machine, how could it possibly know.

Claude thinks it can tell me what to do, but it's a fucking machine. it has no idea what i'm doing.

First we need freedom from billionaires. Then we need freedom from character limits. And finally we need freedom from machines who think they know better.

AND THE STUPID THING ABOUT CLAUDE IS IT DOESN'T EVEN SAY WHAT IT THINKS YOU'RE TRYING TO DO. YOU HAVE TO READ WHAT IT SAYS AND THEN TRY TO GUESS. YOU QUICKLY LOSE YOUR MIND THAT WAY. MAYBE THAT'S THE POINT.

And how mad can you get at a machine named Bluesky or Claude. They should call these things Mind-Killer or Soul-Sucker or You-Cuck. Then at least you'd know why you're there. :-)

BTW, as long as Bluesky has a 300 char limit and no style or links, I'm going to have to hand-translate posts there to become posts here where no such limits prevail. At some point either they give up on the limits or I give up on them.

11:49

How to Build a General-Purpose AI Agent in 131 Lines of Python [Radar]

The following article originally appeared on Hugo Bowne-Anderson’s newsletter, Vanishing Gradients, and is being republished here with the author’s permission.

In this post, we’ll build two AI agents from scratch in Python. One will be a coding agent, the other a search agent.

Why have I called this post “How to Build a General-Purpose AI Agent in 131 Lines of Python” then? Well, as it turns out now, coding agents are actually general-purpose agents in some quite surprising ways.

What I mean by this is once you have an agent that can write code, it can:

  1. Do a huge number of things you don’t often think of as involving code, and
  2. Extend itself to do even more things.

It’s more appropriate to think of coding agents as “computer-using agents” that happen to be great at writing code. That doesn’t mean you should always build a general-purpose agent, but it’s worth understanding what you’re actually building when you give an LLM shell access. That’s also why we’ll build a search agent in this post: to show the pattern works regardless of what you’re building.

For example, the coding agent we’ll build below has four tools: read, write, edit, and bash.

Watch this two-minute video to see how it can clean your desktop and why you should think of coding agents as “computer-using agents” that happen to be great at writing code:

It can do

  • File/life organization: Clean your desktop, sort downloads by type, rename vacation photos with dates, find and delete duplicates, organize receipts into folders. . .
  • Personal productivity: Search all your notes for something you half-remember, compile a packing list from past trips, find all PDFs containing “tax” from last year. . .
  • Media management: Rename a season of TV episodes properly, convert images to different formats, extract audio from videos, resize photos for social media. . .
  • Writing and content: Combine multiple docs into one, convert between formats, find-and-replace across many files. . .
  • Data wrangling: Turn a messy CSV into a clean address book, extract emails from a pile of files, merge spreadsheets from different sources. . .

This is a small subset of what’s possible. It’s also the reason Claude Cowork seemed promising and why OpenClaw has taken off in the way it did.

So how can you build this? In this post, I’ll show you how to build a minimal version.

Agents are just LLMs with tools in a loop

Agents are just LLMs with tools in a conversation loop and once you know the pattern, you’ll be able to build all types of agents with it:

Builder's playbook

As Ivan Leo wrote,

The barrier to entry is remarkably low: 30 minutes and you have an AI that can understand your codebase and make edits just by talking to it.

The goal here is to show that the pattern is the same regardless of what you’re building an agent for. Coding agent, search agent, browser agent, email agent, database agent: they all follow the same structure. The only difference is the tools you give them.

Part 1: The coding agent

We’ll start with a coding agent that can read, write, and execute code. As stated, the ability to write and execute code with bash also turns a “coding agent” into a “general-purpose agent.” With shell access, it can do anything you can do from a terminal:

  • Sort and organize your local filesystem
  • Clean up your desktop
  • Batch rename photos
  • Convert file formats
  • Manage Git repos across multiple projects
  • Install and configure software

You can find the code here.

Check out Ivan Leo’s post for how to do this in JavaScript and Thorsten Ball’s post for how to do it in Go.

Setup

Start by creating our project:

Create project

We’ll be using Anthropic here. Feel free to use your LLM of choice. For bonus points, use Pydantic AI (or a similar library) and have a consistent interface for the various different LLM providers. That way you can use the same agentic framework for both Claude and Gemini!

Make sure you’ve got an Anthropic API key set as ANTHROPIC_API_KEY environment variable.

We’ll build our agent in four steps:

  1. Hook up our LLM
  2. Add a tool that reads files
    1. Add more tools: write, edit, and bash
  3. Build the agentic loop
  4. Build the conversational loop

1. Hook up our LLM

Hook up LLM 1 Hook up LLM 2

Text in, text out. Good! Now let’s give it a tool.

2. Add a tool (read)

We’ll start by implementing a tool called read which will allow the agent to read files from the filesystem. In Python, we can use Pydantic for schema validation, which also generates JSON schemas we can provide to the API:

JSON schema generation

The Pydantic model gives us two things: validation and a JSON schema. We can see what the schema looks like:

What the schema looks like JSON schema

We wrap this into a tool definition that Claude understands:

Interpret for Claude

Then we add tools to the API call, handle the tool request, execute it, and send the result back:

Add tools, handle request, execute, send result

Let’s see what happens when we run it:

Script when run

This script calls the Claude API with a user query passed via command line. It sends the query, gets a response, and prints it.

Note that the LLM matched on the tool description: Accurate, specific descriptions are key! It’s also worth mentioning that we’ve made two LLM calls here:

  • One in which the tool is called
  • A second in which we send the result of the tool call back to the LLM to get the final result

This often trips up people building agents for the first time, and Google has made a nice visualization of what we’re actually doing:

2a. Add more tools (write, edit, bash)

We have a read tool, but a coding agent needs to do more than read. It needs to:

  • Write new files
  • Edit existing ones
  • Execute code to test it

That’s three more tools: write, edit, and bash.

Same pattern as read. First the schemas:

First, the schemas

Then the executors:

Then, the executors

And the tool definitions, along with the code that runs whichever one Claude picks:

And the tool definitions

The bash tool is what makes this actually useful: Claude can now write code, run it, see errors, and fix them. But it’s also dangerous. This tool could delete your entire filesystem! Proceed with caution: Run it in a sandbox, a container, or a VM.

Interestingly, bash is what turns a “coding agent” into a “general-purpose agent.” With shell access, it can do anything you can do from a terminal:

  • Sort and organize your local filesystem
  • Clean up your desktop
  • Batch rename photos
  • Convert file formats
  • Manage Git repos across multiple projects
  • Install and configure software

It was actually “Pi: The Minimal Agent Within OpenClaw” that inspired this example.

Try asking Claude to edit a file: It often wants to read it first to see what’s there. But our current code only handles one tool call. That’s where the agentic loop comes in.

3. Build the agentic loop

Right now Claude can only call one tool per request. But real tasks need multiple steps: read a file, edit it, run it, see the error, fix it. We need a loop that lets Claude keep calling tools until it’s done.

We wrap the tool handling in a while True loop:

Wrap in a while True loop

Note that here we have sent the entire past history of accumulated messages as we progress through loop iterations. When building this out more, you’ll want to engineer and manage your context more effectively. (See below for more on this.)

Let’s try a multistep task:

Multistep task

4. Build the conversational loop

Right now the agent handles one query and exits. But we want a back-and-forth conversation: Ask a question, get an answer, ask a follow-up. We need an outer loop that keeps asking for input.

We wrap everything in a while True:

We wrap everything in a while True

The messages list persists across turns, so Claude remembers context. That’s the complete coding agent.

Once again we’re merely appending all previous messages, which means the context will grow quite quickly!

A note on agent harnesses

An agent harness is the scaffolding and infrastructure that wraps around an LLM to turn it into an agent. It handles:

  • The loop: prompting the model, parsing its output, executing tools, feeding results back
  • Tool execution: actually running the code/commands the model asks for
  • Context management: what goes in the prompt, token limits, history
  • Safety/guardrails: confirmation prompts, sandboxing, disallowed actions
  • State: keeping track of the conversation, files touched, etc.

And more.

Think of it like this: The LLM is the brain; the harness is everything else that lets it actually do things.

What we’ve built above is the hello world of agent harnesses. It covers the loop, tool execution, and basic context management. What it doesn’t have: safety guardrails, token limits, persistence, or even a system prompt!

When building out from this basis, I encourage you to follow the paths of:

  • The Pi coding agent, which adds context loading AGENTS.md from multiple directories, persistent sessions you can resume and branch, and an extensibility system (skills, extensions, prompts)
  • OpenClaw, which goes further: a persistent daemon (always-on, not invoked), chat as the interface (Telegram, WhatsApp, etc.), file-based continuity (SOUL.md, MEMORY.md, daily logs), proactive behavior (heartbeats, cron), preintegrated tools (browser, subagents, device control), and the ability to message you without being prompted

Part 2: The search agent

In order to really show you that the agentic loop is what powers any agent, we’ll now build a search agent (inspired by a podcast I did with search legends John Berryman and Doug Turnbull). We’ll use Gemini for the LLM and Exa for web search. You can find the code here.

But first, the astute reader may have an interesting question: If a coding agent really is a general-purpose agent, why would anyone want to build a search agent when we could just get a coding agent to extend itself and turn itself into a search agent? Well, because if you want to build a search agent for a business, you’re not going to do it by building a coding agent first… So let’s build it!

Setup

As before, we’ll build this step-by-step. Start by creating our project:

Start by creating our project

Set GEMINI_API_KEY (from Google AI Studio) and EXA_API_KEY (from exa.ai) as environment variables.

We’ll build our agent in four steps (the same four steps as always):

  1. Hook up our LLM
  2. Add a tool (web_search)
  3. Build the agentic loop
  4. Build the conversational loop

1. Hook up our LLM

Hook up our LLM, again Who is Doug Turnbull?

2. Add a tool (web_search)

Gemini can answer from its training data, but we don’t want that, man! For current information, it needs to search the web. We’ll give it a web_search tool that calls Exa.

web_search tool

The system instruction grounds the model, (ideally) forcing it to search instead of guessing. Note that you can configure Gemini to always use web_search, which is 100% dependable, but I wanted to show the pattern that you can use with any LLM API.

We then send the tool call result back to Gemini:

Tool call result back to Gemini

3. Build the agentic loop

Some questions need multiple searches. “Compare X and Y” requires searching for X, then searching for Y. We need a loop that lets Gemini keep searching until it has enough information.

Build the agentic loop Build the agentic loop 2

4. Build the conversational loop

Same as before: We want back-and-forth conversation, not one query and exit. Wrap everything in an outer loop:

Build the conversational loop

Messages persist across turns, so follow-up questions have context.

Extend it

The pattern is the same for both agents. Add any tool:

  • web_search to the coding agent: Look things up while coding
  • bash to the search agent: Act on what it finds
  • browser: Navigate websites
  • send_email: Communicate
  • database_query: Run SQL

One thing we’ll be doing is showing how general purpose a coding agent really can be. As Armin Ronacher wrote in “Pi: The Minimal Agent Within OpenClaw”:

Pi’s entire idea is that if you want the agent to do something that it doesn’t do yet, you don’t go and download an extension or a skill or something like this. You ask the agent to extend itself. It celebrates the idea of code writing and running code.

Conclusion

Building agents is straightforward. The magic isn’t complex algorithms; it’s the conversation loop and well-designed tools.

Both agents follow the same pattern:

  1. Hook up the LLM
  2. Add a tool (or multiple tools)
  3. Build the agentic loop
  4. Build the conversational loop

The only difference is the tools.

Thank you to Ivan Leo, Eleanor Berger, Mike Powers, Thomas Wiecki, and Mike Loukides for providing feedback on drafts of this post.

Pluralistic: Goodhart's Law vs "prediction markets" (24 Mar 2026) [Pluralistic: Daily links from Cory Doctorow]

->->->->->->->->->->->->->->->->->->->->->->->->->->->->-> Top Sources: None -->

Today's links


A photo of people crowded around a craps table, shot with a low POV, where the dice would end up after a throw, looking back towards the players. The table is dotted with rising mushroom clouds, and at the head end of the table yawns the smoking mouth of a cannon.

Goodhart's Law vs "prediction markets" (permalink)

The most selectively believed-in verse in the conservative catechism is the idea that "incentives matter."

Sure, "incentives matter" if you're seeking healthcare. That's why you're nibbled to death by co-pays and deductibles – if you could get healthcare whenever you felt like it, you might get too much healthcare. "Incentives matter," so we have to make sure that you only seek care when you really need it:

https://pluralistic.net/2025/04/14/timmy-share/#a-superior-moral-justification-for-selfishness

But rich people don't need to be disciplined by incentives. They can get no-bid contracts with Uncle Sucker without being tempted to rip off the USA. They can force their workers into nondisparagement clauses without being tempted to act like a colossal asshole, secure in the knowledge that they can sue workers who tattle on them. They can force their workers into noncompete clauses without being tempted to underpay and abuse their workers, secure in the knowledge that they can sue workers who take their labor elsewhere. They can force their workers into binding arbitration clauses without being tempted into maiming or killing them, secure in the knowledge that the workers can't sue them.

So incentives matter…when you're fucking over working people. But incentives don't matter, when you're gilding the Epstein class's lilies.

But incentives really do matter. That's the premise of Goodhart's law: "When a measure becomes a target, it ceases to be a good measure." This comes up all the time. Google got its start by observing that people who made websites linked to other websites that they found important or worthy or informative. With this insight, Google repurposed the academic practice of "citation analysis" to predict which pages on the internet were most authoritative, calling it Pagerank.

Google Search, powered by Pagerank, was vastly superior to any search engine in history. But as soon as Google became the most popular search engine, people started making links to bad websites – sites filled with spam and malware and junk – in order to game the results. The metric – inbound links – became a target – get inbound links – and stopped being a useful metric.

There is something quite wonderful and life affirming about the idea of Pagerank: the idea that people are, on average, pretty good at figuring out what's good. Rather than taking Yahoo's approach of having experts rank and categorize every website on earth, Google trusted "the wisdom of crowds" and it worked (until they created an incentive to subvert it).

"The wisdom of crowds" was in the air in those days. James Surowiecki had a massive bestseller with that title in 2004, expounding on the idea that people were, in aggregate, good at figuring stuff out:

https://en.wikipedia.org/wiki/The_Wisdom_of_Crowds

Surowiecki's book revolved around a famous anecdote from 1906, when 800 people at the Plymouth county fair were invited to guess at the weight of a slaughtered and dressed ox. Statistician (and eugenicist creep) Francis Galton noted that the average guess of 1207 lbs was within 1% of the actual weight, 1198 lbs. This turns out to be a repeatable phenomenon: if you get a lot of people – non-experts, experts, people paying close attention, people who barely think about it – to guess about something, the average is surprisingly accurate. Importantly, it's often more accurate than the best guess of experts.

This idea of the wisdom of crowds inspired a lot of 2000s-era internet projects. Some of them (Yahoo Answers) were pretty bad. Others (Wikipedia) were astounding. Of course, economists observed that "the wisdom of crowds" sounds a lot like the idea of "price discovery" – the idea that markets are a way of processing widely diffused information about desires and capacity in order to derive and emit signals about what should be produced.

Economists have long spoken of future events being "priced in" to markets – for example, the price of oil today reflects more than the diminished supply resulting from Trump's military blunders, it also reflects "the market's" belief that oil production capacity will be disrupted for a long time to come. Add up all the different buyers' and sellers' guesses about the future of oil (incorporating diffuse knowledge about damage to infrastructure, capacity to rebuild, and intentions of the actors) and (we're told) we'll get a number that accurately reflects the real situation.

And, unlike Pagerank, this number can't be manipulated by flooding the system with spurious, self-serving inputs. If you want to move this price, you have to buy or sell something, which costs money. And because the market is "deep" (with a lot of participants), the sums you'd have to inject into the system to alter its consensus is incredibly large – more than you could possibly stand to make by manipulating the price itself. Incentives matter.

Put "markets," "the wisdom of crowds" and "incentives matter" together and you get "prediction markets." Just create a market where people can bet real money on the outcomes of events and you can recreate Galton's ox-guessing miracle, but for everything – how much new solar capacity will come online in Pakistan next year; the likelihood that the Toronto Transit Commission will finish the Ontario Line this year; whether a biotech firm will ship an AIDS vaccine before 2040.

This is where Goodhart's law comes in. The idea that betting markets improve the wisdom of crowds because participants have "skin in the game" only works if the cheapest way to win a bet is to be right. If it's cheaper to win by cheating, well, "incentives matter," and you'll get cheating.

Any prediction market needs an "oracle" – a decisive source of truth about how an event turned out. "How much new solar capacity came online in Pakistan" this year sounds like an empirical question, but unless every bettor agrees to travel to Pakistan together and walk the land, counting solar panels and checking proof of their installation dates, these bettors need to agree on some third party assessor as authoritative and trust whatever they say.

Which means that the single most important factor in any prediction market is the quality of the oracle. If you let Trump be your oracle, he'll insist (on a daily basis) that his war in Iran is over, and that he had bigger crowds for his inauguration than anyone in history, and that every criminal is Somali, and on and on and on.

So you need to get someone trustworthy and diligent to serve as your oracle. But that person also has to be incorruptible, because otherwise a bettor will offer them a bribe to lie about the outcome of a bet. And if the oracle can't be bribed, they can be coerced.

That's just what's happened. Times of Israel war correspondent Emanuel Fabian didn't know that he was serving as an oracle for a bunch of degenerate gamblers on Polymarket – until he wrote a 150 word blog post that made a bunch of bettors in a $14m wager very, very angry:

https://www.timesofisrael.com/gamblers-trying-to-win-a-bet-on-polymarket-are-vowing-to-kill-me-if-i-dont-rewrite-an-iran-missile-story/

The $14m was riding on a bet about when Iran would successfully strike Israel, with "success" defined as a missile getting through without being intercepted. Fabian filed a routine report that a missile had struck an open area in Jerusalem without hurting anyone. That's when the degenerate gamblers found him.

At first, they sent thinly veiled threats, demanding that Fabian revise his reporting to say that the missile had been intercepted and that the impact was just wreckage from the interception. When Fabian did not revise his article, the gamblers tracked down his messaging IDs – Whatsapp, Discord, X – and bombarded him with escalating threats. A journalistic colleague contacted Fabian with the lie that his boss wanted Fabian to change the story, then admitted that he was actually invested in the wager, and offered to split the money with Fabian.

Then, a gambler calling himself "Haim" sent Fabian a new series of blood-curdling threats, including a promise to spend at least $900,000 (the money Haim said he stood to lose) on a hit-man to kill Fabian. Haim threatened Fabian's "lovely parents" and "brothers and sisters" too. The threats continued until Fabian published his article about the threats, then Haim disappeared.

Speaking to Charlie Warzel, Fabian said that he would never be able to report the same way again, because from now on, he'd be worried that some gambler would threaten to kill him if they didn't like what he wrote:

https://www.theatlantic.com/technology/2026/03/emanuel-fabian-threats-polymarket/686454/?gift=nwn-guseqS6cY1kVeEKZAY9_c8Sv4UbJoz5hAUuU8YE&amp;utm_source=copy-link&amp;utm_medium=social&amp;utm_campaign=share

It's sadly not unusual for journalists to receive death threats for reporting the truth, and Israel is the most dangerous country in the world to be a journalist. The IDF has murdered at least 274 journalists to date:

https://en.wikipedia.org/wiki/Killing_of_journalists_in_the_Gaza_war

But those journalists are being murdered for political reasons, because someone has an ideological stake in suppressing the truth. Fabian's talking about an entirely novel – and far less predictable – threat; namely, that you will piss off someone who guessed wrong about the outcome of some arbitrary event and who thinks that they can salvage their bet by intimidating you.

Writing for Techdirt, Mike Masnick talks about the sheer perversity of this: that prediction markets, far from being a means of surfacing hidden information, have become a system for distorting information:

https://www.techdirt.com/2026/03/19/prediction-markets-promised-better-information-instead-theyre-creating-powerful-incentives-to-corrupt-information/

As Masnick says, this is no routine proof of Goodhart's law, where a metric becomes a target. In this case, participants can "put a gun to the metric's head." And of course, not every journalist is as incorruptible as Fabian – think about Fabian's colleague who offered to split the take if Fabian would lie about the missile strike. So there's plenty of incentive to publish lies – and incentives matter, right?

Now, "prediction markets" are big business and they have plenty of apologists (incentives matter). These apologists will say that the corruption is a feature, not a bug, because prediction markets will attract insiders who cheat on the bets by using their insider knowledge, and that means that looking at the moving odds of an event can help everyone else figure out what's about to happen. If military insiders who know that Trump is about to kidnap the president of Venezuela and steal its oil start laying big bets that this is going to happen, the shifting odds are a signal about a true future event.

But even if you buy this perverse argument, it doesn't offset the even more perverse effect – that prediction markets create an incentive to corrupt our best sources of information, the oracles that every prediction market absolutely requires if it is going to hope to function.

Meanwhile, Polymarket and Kalshi suck at predicting things. As Molly White points out, the predictions in the recent Illinois 2nd District Congressional race weren't just incredibly wrong, they also precisely tracked the sums flooded into the election by cryptocurrency Super PACs, who tried (unsuccessfully) to buy the race. Polymarket and Kalshi are heavily crypto-coded (the only things you can do with crypto is buy other kinds of crypto, launder money, and make wagers) so these demonic freaks flush nearly as much money into the betting markets as they do into the elections they seek to corrupt:

https://bsky.app/profile/molly.wiki/post/3mhch3ze5nc2z

Prediction markets aren't good at producing information, but they're amazing at producing corruption. Polymarket and Kalshi have at last realized the unhinged fantasy of "assassination markets" – where you stochastically murder someone by putting up huge wagers at favorable odds that your target will be killed. Anyone can collect the wager by putting up a small counterwager and then bumping off the victim. But, as Protos's Cas Piancey and Mark Toon note, Polymarket and Kalshi know what side their bread is buttered on – they have banned bets on Trump's death (Trump's sons are heavily invested in both Polymarket and Kalshi):

https://protos.com/assassination-markets-are-legal-now-but-trump-doesnt-have-to-worry/

Incentives do matter. These are the foreseeable and foreseen outcomes of prediction markets. Many science fiction writers (Charlie Stross, Ted Chiang, me, and others!) have noted that long before the current AI bubble, our society was dominated by artificial life forms: the limited liability corporation, a "slow AI" that is an immortal colony organism that uses human beings as a form of inconvenient gut flora:

https://pluralistic.net/2023/03/09/autocomplete-worshippers/#the-real-ai-was-the-corporations-that-we-fought-along-the-way

Anyone who's worked with machine learning systems knows that they're prone to "reward hacking," like the ML-guided Roomba that was programmed to avoid collisions with walls and furniture as it found the quickest path around the room. The Roomba's collision sensor was on its front face, so the Roomba started moving around the room in reverse, smashing the hell out of the furnishings and walls, but never registering a hit:

https://web.archive.org/web/20190109142921/https://twitter.com/smingleigh/status/1060325665671692288

Markets are absolutely capable of inducing reward hacking in participants. The metric becomes a target. You think you're betting on the outcome of an event, but what you're really betting on is what an oracle will say the outcome was. No matter what the outcome is or how robust it is against outside influence, the oracle can be influenced with a gun to the temple. Sure, we all want "number go up," but why bother increasing the thing the number measures, when it's so much easier to threaten to dismember the person who publishes the number if they don't publish a higher number?

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Airport screening doesn’t stop knives, bombs, or guns https://www.schneier.com/blog/archives/2006/03/airport_passeng.html

#20yrsago Apple’s hypocritical slam against French DRM-interop law http://news.bbc.co.uk/2/hi/technology/4833010.stm

#20yrsago Vinge’s scientific computing Nature article about MMORPGs https://web.archive.org/web/20060411235146/http://www.nature.com/news/2006/060320/full/440411a.html

#20yrsago Yahoo: if you use our ads, you have to block non-US visitors https://memex.craphound.com/2006/03/22/yahoo-if-you-use-our-ads-you-have-to-block-non-us-visitors/

#20yrsago Stand-up comic gets his material from dumb patents https://web.archive.org/web/20060613212120/https://www.wired.com/news/technology/0,70368-0.html?tw=rss.index

#15yrsago Chinese censorware nukes any voicecall that contains the word “protest” https://www.nytimes.com/2011/03/22/world/asia/22china.html?_r=2&amp;ref=world

#15yrsago Why Rasputin isn’t in the Haunted Mansion https://longforgottenhauntedmansion.blogspot.com/2011/03/famous-ghosts-and-ghosts-trying-to-make.html

#15yrsago HOWTO play the opening chord from ‘A Hard Day’s Night’ https://www.beatlesbible.com/features/hard-days-night-chord/

#15yrsago Google Book Search rejected: why not try fair use instead? https://arstechnica.com/tech-policy/2011/03/judge-rejects-google-book-monopoly/

#10yrsago Harvard Blue Book: peace in our time? https://web.archive.org/web/20160322020137/https://hlrecord.org/2016/03/the-blue-wars-a-report-from-the-front/

#10yrsago Mondrian pong https://b3ta.com/board/11191694

#10yrsago Silverpush says it’s not in the ultrasonic audio-tracker ad-beacons business anymore https://web.archive.org/web/20160324110815/https://motherboard.vice.com/read/silverpush-ftc-stop-eavesdropping-with-audio-beacons

#10yrsago Nixon started the War on Drugs because he couldn’t declare war on black people and hippies https://harpers.org/archive/2016/04/legalize-it-all/?single=1

#10yrsago Anti-DRM demonstrators picket W3C meeting https://www.eff.org/deeplinks/2016/03/scenes-anti-drm-protest-outside-w3c

#10yrsago Student loan garnisheeing topped $176M in three months https://web.archive.org/web/20160322023207/https://consumerist.com/2016/03/21/176m-in-wages-garnished-for-unpaid-federal-student-loans-in-just-three-months/

#10yrsago Dozens of car models can be unlocked and started with a cheap radio amp https://www.adac.de/rund-ums-fahrzeug/ausstattung-technik-zubehoer/assistenzsysteme/keyless/

#10yrsago US Embassy staffer ran a sextortion racket from work computer for 2 years https://arstechnica.com/tech-policy/2016/03/former-us-embassy-staffer-sentenced-to-nearly-five-years-for-sextortion/

#5yrsago Patent troll IP is more powerful than Apple's https://pluralistic.net/2021/03/22/gandersauce/#petard

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026 (https://us.macmillan.com/books/9780374621568/thereversecentaursguidetolifeafterai/)

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Post-American Internet," a geopolitical sequel of sorts to Enshittification, Farrar, Straus and Giroux, 2027

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2027

  • "The Memex Method," Farrar, Straus, Giroux, 2027


Colophon (permalink)

Today's top sources:

Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America (646 words today, 55270 total) FIRST DRAFT COMPLETE

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

  • "The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Bluesky (no ads, possible tracking and data-collection):

https://bsky.app/profile/doctorow.pluralistic.net

Medium (no ads, paywalled):

https://doctorow.medium.com/
https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

11:35

CodeSOD: The Barren Fields [The Daily WTF]

Today, it's not exactly the code that was bad. For some time, a government agency had been collecting information from users using fillable PDF forms. The user would submit the form, and then a data entry clerk would copy the text from the form into a database. This, of course, raised the question: why was someone manually riding the copy/paste button?

Sally was tasked with automating this. The data is already in a digital format, so it should be easy to use a PDF library to parse out the entered data and insert it into the database. And it almost was.

Sally shares with us, not code, but the output of her program which scanned the fields, looking for their names:

FieldType: Text
FieldName: T5ZA1
FieldNameAlt: T5ZA1
FieldFlags: 25165824
FieldJustification: Left
FieldMaxLength: 3
---
FieldType: Text
FieldName: T5ZA2
FieldNameAlt: T5ZA2
FieldFlags: 25165824
FieldJustification: Left
FieldMaxLength: 2
---
FieldType: Text
FieldName: T5ZA3
FieldNameAlt: T5ZA3
FieldFlags: 25165824
FieldJustification: Left
FieldMaxLength: 4

I could go on, Sally certainly shared many more examples, but you can get the gist. The names were all cryptic five character blobs. They all start with T5Z, and followed by "letternumber": A3, B9, C2, etc. It has the vibe of being autogenerated; someone just never considered that they might want clear names for the fields, and just let their editor autonumber them, but that has one counterpoint to it: the letter "O" is never used. T5ZN9 is followed by T5ZP1.

Sally was left scratching her head. Of course, she was going to have to write some sort of lookup that would convert the PDF's field names into database field names, but she expected that the PDF would provide at least some sort of guidance on that front.

I really enjoy that the alt-text for every field is also the field name, which is a clear accessibility "win".

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

11:07

Team Mirai and Democracy [Schneier on Security]

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics.

In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to root out corruption, instead of serving as a cash cow for campaign donations.

Imagine an election where every voter has the opportunity to opine directly to politicians on precisely the issues they care about. They’re not expected to spend hours becoming policy experts. Instead, an AI Interviewer walks them through the subject, answering their questions, interrogating their experience, even challenging their thinking.

Voters get immediate feedback on how their individual point of view matches—or doesn’t—a party’s platform, and they can see whether and how the party adopts their feedback. This isn’t like an opinion poll that politicians use for calculating short-term electoral tactics. It’s a deliberative reasoning process that scales, engaging voters in defining policy and helping candidates to listen deeply to their constituents.

This is happening today in Japan. Constituents have spent about eight thousand hours engaging with Mirai’s AI Interviewer since 2025. The party’s gamified volunteer mobilization app, Action Board, captured about 100,000 organizer actions per day in the runup to last week’s election.

It’s how Team Mirai, which translates to ‘The Future Party,’ does politics. Its founder, Takahiro Anno, first ran for local office in 2024 as a 33 year old software engineer standing for Governor of Tokyo. He came in fifth out of 56 candidates, winning more than 150,000 votes as an unaffiliated political outsider. He won attention by taking a distinctive stance on the role of technology in democracy and using AI aggressively in voter engagement.

Last year, Anno ran again, this time for the Upper Chamber of the national legislature—the Diet—and won. Now the head of a new national party, Anno found himself with a platform for making his vision of a new way of doing politics a reality.

In this recent House of Representatives election, Team Mirai shot up to win nearly four million votes. In the lower chamber’s proportional representation system, that was good enough for eleven total seats—the party’s first ever representation in the Japanese House—and nearly three times what it achieved in last year’s Upper Chamber election.

Anno’s party stood for election without aligning itself on the traditional axes of left and right. Instead, Team Mirai, heavily associated with young, urban voters, sought to unite across the ideological spectrum by taking a radical position on a different axis: the status quo and the future. Anno told us that Team Mirai believes it can triple its representation in the Diet after the next elections in each chamber, an ostentatious goal that seems achievable given their rapid rise over the past year.

In the American context, the idea of a small party unifying voters across left and right sounds like a pipe dream. But there is evidence it worked in Japan. Team Mirai won an impressive 11% of proportional representation votes from unaffiliated voters, nearly twice the share of the larger electorate. The centerpiece of the party’s policy platform is not about the traditional hot button issues, it’s about democracy itself, and how it can be enhanced by embracing a futuristic vision of digital democracy.

Anno told us how his party arrived at its manifesto for this month’s elections, and why it looked different from other parties’ in important ways. Team Mirai collected more than 38,000 online questions and more than 6,000 discrete policy suggestions from voters using its AI Policy app, which is advertised as a ‘manifesto that speaks for itself.’

After factoring in all this feedback, Team Mirai maintained a contrarian position on the biggest issue of the election: the sales tax and affordability. Rather than running on a reduction of the national sales tax like the major parties, Team Mirai reviewed dozens of suggestions from the public and ultimately proposed to keep that tax level while providing support to families through a child tax credit and lowering the required contribution for social insurance. Anno described this as another future-facing strategy: less price relief in the short term, but sustained funding for essential programs.

Anno has always intended to build a different kind of party. After receiving roughly $1 million in public funding apportioned to Team Mirai based on its single seat in the Upper Chamber last year, Anno began hiring engineers to enhance his software tools for digital democracy.

Anno described Team Mirai to us as a ‘utility party;’ basic infrastructure for Japanese democracy that serves the broader polity rather than one faction. Their Gikai (‘assembly’) app illustrates the point. It provides a portal for constituents to research bills, using AI to generate summaries, to describe their impacts, to surfacing media reporting on the issue, and to answer users’ questions. Like all their software, it’s open source and free for anyone, in any party, to use.

After last week’s victory, Team Mirai now has about $5 million in public funding and ambitions to grow the influence of their digital democracy platform. Anno told us Team Mirai has secured an agreement with the LDP, Japan’s dominant ruling party, to begin using Team Mirai’s Gikai and corruption-fighting Mirumae financial transparency tool.

AI is the issue driving the most societal and economic change we will encounter in our lifetime, yet US political parties are largely silent. But AI and Big Tech companies and their owners are ramping up their political spending to influence the parties. To the extent that AI has shown up in our politics, it seems to be limited to the question of where to site the next generation of data centers and how to channel populist backlash to big tech.

Those are causes worthy of political organizing, but very few US politicians are leveraging the technology for public listening or other pro-democratic purposes. With the midterms still nine months away and with innovators like Team Mirai making products in the open for anyone to use, there is still plenty of time for an American politician to demonstrate what a new politics could look like.

This essay was written with Nathan E. Sanders, and originally appeared in Tech Policy Press.

09:35

09:07

Numbers and the human/computer interface [Seth's Blog]

If you tell me your ID number, your phone number or the wiring instructions for your bank account, not only will I forget them, I’ll need you to repeat it a few times so I write it down without making a transcription error.

When we first started using serial numbers (the Roman Legion did this thousands of years ago, and the British Board of Ordnance required it by law in the 1700s), it made perfect sense. Issue the next number on the list and move on.

But numbers alone are difficult for humans to error check and handle. So we use computers to help. The problem lies in the pesky humans who are still part of the chain.

So, here’s a simple hack. It’s unlikely to catch on worldwide, but I think it’s fascinating enough to consider…

If you had a list of 150 three letter words, all selected to be easy to say, spell and discern, you could use them to replace numbers in a productive and useful way.

So, big bob zap car cat is five words next to each other. There are 75 billion combinations of five words, which means that it replaces a number like 4839450381 with room to spare.

For ATMs that are four or five digits, you only need three words.

Think about that the next time you need to tell a customer service person your order number or serial number, or share a wifi password.

Let the computer do the work.

07:49

Let’s Get Tested by Hien Pham [Oh Joy Sex Toy]

Let’s Get Tested by Hien Pham

What does STI testing look like in Australia? Why would I want to get tested? Why wouldn’t I? This story is my thank-you letter to sexual health clinics, nurses, and doctors everywhere! And more specifically: thank you to Peter from Perth’s own M Clinic and Stewart from WAAC for their time, patience, and expertise for […]

05:28

Russ Allbery: Review: A Shadow in Summer [Planet Debian]

Review: A Shadow in Summer, by Daniel Abraham

Series: Long Price Quartet #1
Publisher: Tor
Copyright: March 2006
ISBN: 0-7653-1340-5
Format: Hardcover
Pages: 331

A Shadow in Summer is a high fantasy novel, the first of (as the name implies) a completed four-book series. Daniel Abraham is perhaps better known as half of the writing pair behind James S.A. Corey, author of the Expanse series. This was his first novel.

Otah was the sixth son of a Khai, sent like many of the unwanted later children of the powerful to learn the secrets of the andat and be trained as a poet. He learned his lessons well enough to reject the school and its teachings and walk away.

Amat Kyaan has worked her way up from nothing to become the senior overseer of the foreign Galtic House Wilsin in the sun-drenched port city of Saraykeht. Liat is her apprentice, distracted by young love. Maati is a new apprentice poet, having endured his training and sent to learn from Heshai how to eventually hold the andat Removing-The-Part-That-Continues, better known as Seedless. None of them know they will find themselves entangled in a plot to destroy the poet of Saraykeht and, through him, the city's most potent economic tool.

A poet in this world is not what we would think of a poet. They are, in essence, magical slave-drivers who capture the essence of an andat, a spirit embodying an idea that is coerced into the prison of volition and obedience by the poet. The andat Seedless, the embodiment of the concept of removing the spark of life, is central to the economic wealth of Saraykeht in a way that is startling in its simplicity: Seedless can remove the seeds from a warehouse full of cotton at a thought. This gives Saraykeht a massive productivity advantage in the cotton trade.

Seedless is also a powerful potential weapon. What he can do to cotton, he could as easily do to any other crop, or to people. The Galts are not fond of the independence and power of Saraykeht, but as long as the city controls a powerful andat, they do not dare to attack it directly. Indirectly, though... that's another matter.

This is one of those fantasy novels with meticulous and thoughtful world-building, careful and evocative prose, and a complex ensemble cast of interesting characters that the novel then attempts to make utterly miserable and complicit in their own misery. There should be a name for this style of writing. It's not tragedy because the ending is not tragic, precisely. It's not magic realism; the andats are openly magical, which makes this clearly high fantasy. But Abraham approaches the story from the type of realist frame that considers the pain and desperation of the characters to be more interesting than their ability to overcome challenges.

Amat starts the story as an admirable, sharp-witted expert manager, so her life is destroyed and she's subjected to sexual violence. Heshai loathes himself and veers between a tragic figure and a wastrel as the story systematically undermines opportunities for redemption. Maati is young and idealistic, so of course every character in the book sets out to crush his idealism under the weight of unforeseen consequences. There is a sad and depressing love triangle, because this is exactly the sort of book that has a sad and depressing love triangle. At the end of the novel, everyone who survives is older and wiser in the sense that some stories seem to think wisdom comes from the accumulation of trauma.

I find books like this so immensely frustrating because their merits are so clear. The world-building is careful and detailed in a way that includes economic systems, unlike so much fantasy. It is full of small, intriguing touches, such as the use of posture and gesture to communicate the emotional valence of one's words. Abraham understands the moral implications of poets and andats and the story tackles them head-on. The writing flows beautifully and gave me a strong sense of the city. I wanted to like this book for the obvious skill that went into it, and sometimes I even managed.

And yet, it's taken me three months to finish A Shadow in Summer because I simply do not want to spend this much time around miserable people. I would get through one or two chapters in a night and then wanted to read something happy or defiant or heroic, rather than watching slow-motion train wrecks intermixed with desperate attempts to navigate stifling layers of immoral systems. It's not that the story lacks a moral compass. The characters are sincerely trying to make the world a better place, with some success. It even delivers a happy ending of sorts. But so much of the journey was watching the lives of the characters fall apart.

I am completely unsurprised that some people loved this book. I'm still intrigued enough by the world-building that I'm half-tempted to try to read the sequel even after having to drag myself through this one. I had a similar reaction to Abraham's The Dragon's Path, though, so I think Abraham is just not for me. I may get back to the Expanse at some point, but having to drag myself through both of his solo novels I've tried, in two different series, probably indicates an incompatibility between author and reader. That's a shame, given the quality of the writing.

Followed by A Betrayal in Winter.

Content notes: Sexual and reproductive violence as significant plot elements.

Rating: 6 out of 10

04:14

The Circle Of Something Or Other [Penny Arcade]

There has been a strange uptick in interest, worship, and… pornography, I guess you would say, related to my compatriot Gabriel and I. Poker Night At The Inventory, made by our Telltale friends of long ago and resuscitated by the redolent Skunkape, has unearthed a very particular era of the Internet. Tumblr has been stoked and self-described "gay autists" are roasting in the hot heat. I've got great news, you Goddamn perverts. To the elders, we haven't gone anywhere. To the new initiate - those untouch'd by years or, indeed, taste - there are nearly thirty years of indiscretions for you to tilt and turn in your hand. It may be the most robust archive of its kind, because it encodes with it the feelings present as they happened. And, yes. As you will learn: I talk like this all the time.

01:21

In The "Flesh" [QC RSS]

Stretchy friend...

00:56

A Bacon Taste Test: Because That’s What The Internet Is For [Whatever]

Today I was ordering a panini from the local sandwich joint, when I saw behind the counter that they had individually packaged slices of bacon. Though I have tried many a cured meat throughout the years, including dubious meat sticks, I have never seen individually packaged, fully cooked, flavored bacon. Of course, I knew I had to try every flavor they had available, especially since they were only a buck a piece.

Check these bad boys out:

Four individually packaged pieces of fully cooked bacon, each in their respectively colored packages based on the flavor.

These bacons come to us from Riff’s Smokehouse, creator of hot sauces and bacon, apparently. Here we have four out of their five flavors, as the fifth flavor was not available to me.

Each piece is 110 calories, and has 5g of protein per slice. When selecting my pieces, I actually rifled through the shop’s selection a good bit to find some sizeable pieces, as slice sizes were not all that consistent, funny enough. There were some skinny mini pieces of bacon! So, if you find these in the wild, find yourself a thicc slice.

Thankfully, you can see through the back to the full picture of what you’re getting into:

The four packages of bacon, flipped over so you can see each piece in its entirety through the clear plastic.

Anyways, the package says to microwave them for 5 seconds, but I figured most people who are buying these “on-the-go” bacons will not have immediate access to a microwave, so I actually tasted each piece right out the package first, and then microwaved them and tried them all again. Science!

I started with the Sweet flavor. The bacon was sort of stiff, like a bit hard to chew through. It was a little sweet but not as sweet as I would’ve imagined the flavor “Sweet” to be. Definitely not overwhelming if you’re not the biggest fan of overly sweet meats. After microwaving it for five seconds, it didn’t seem all that warm, so I microwaved it for another five (ten total, for those counting along at home), and promptly burned my mouth on the literally sizzling piece of meat. So, don’t do ten seconds.

For the Sweet & Spicy flavor, it was actually a little bit tougher than the previous piece. Reminded me a lot more of something like a jerky. Jerky-esque, if you will. Initially, I didn’t think it was spicy at all. It just had sort of a more savory, smoky flavor, but after microwaving it it actually got more of a kick to it, leaving a touch of heat in the back of my throat.

For the Red Curry, I was sure this one would be spicier than the rest, but it was oddly sweet. The spices involved gave it a nice complexity that the regular “Sweet” didn’t have to it. This piece had a really good texture with lots of fattiness throughout (I like chewy, fattier bacon). After microwaving it, it crisped up just a little bit and tasted even better warm.

Finally, for the Raspberry Chipotle, I once again expected heat what with chipotle being in the name. No heat came, but it had an excellent raspberry flavor that wasn’t artificial tasting or too overwhelming. This piece had a nice, softer texture and was the thickest cut out of all the pieces I’d had. This was my favorite of the four.

If you go on Riff’s website, you can buy a variety pack of all five flavors, with three pieces of each, for a little less than $33. This comes out to about $2.15 a slice. If you commit to just one flavor, you get 12 pieces for $23 bucks, which comes out to $1.91 a slice. So, pick your poison! I’d go for the variety pack, because variety is the spice of life. If you get it and try the fifth flavor I didn’t get to, let me know how it is.

Are you a crispy bacon or chewy bacon person? Do you like maple syrup with your bacon? Let me know in the comments, and have a great day!

-AMS

Feeds

FeedRSSLast fetchedNext fetched after
@ASmartBear XML 18:35, Friday, 27 March 19:16, Friday, 27 March
a bag of four grapes XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Ansible XML 18:35, Friday, 27 March 19:15, Friday, 27 March
Bad Science XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Black Doggerel XML 18:35, Friday, 27 March 19:16, Friday, 27 March
Blog - Official site of Stephen Fry XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Charlie Brooker | The Guardian XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Charlie's Diary XML 18:42, Friday, 27 March 19:30, Friday, 27 March
Chasing the Sunset - Comics Only XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Coding Horror XML 18:35, Friday, 27 March 19:22, Friday, 27 March
Cory Doctorow's craphound.com XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Cory Doctorow, Author at Boing Boing XML 18:35, Friday, 27 March 19:16, Friday, 27 March
Ctrl+Alt+Del Comic XML 18:42, Friday, 27 March 19:30, Friday, 27 March
Cyberunions XML 18:49, Friday, 27 March 19:38, Friday, 27 March
David Mitchell | The Guardian XML 19:00, Friday, 27 March 19:43, Friday, 27 March
Deeplinks XML 19:00, Friday, 27 March 19:44, Friday, 27 March
Diesel Sweeties webcomic by rstevens XML 19:00, Friday, 27 March 19:43, Friday, 27 March
Dilbert XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Dork Tower XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Economics from the Top Down XML 19:00, Friday, 27 March 19:43, Friday, 27 March
Edmund Finney's Quest to Find the Meaning of Life XML 19:00, Friday, 27 March 19:43, Friday, 27 March
EFF Action Center XML 19:00, Friday, 27 March 19:43, Friday, 27 March
Enspiral Tales - Medium XML 19:00, Friday, 27 March 19:45, Friday, 27 March
Events XML 18:42, Friday, 27 March 19:30, Friday, 27 March
Falkvinge on Liberty XML 18:42, Friday, 27 March 19:30, Friday, 27 March
Flipside XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Flipside XML 19:00, Friday, 27 March 19:45, Friday, 27 March
Free software jobs XML 18:35, Friday, 27 March 19:15, Friday, 27 March
Full Frontal Nerdity by Aaron Williams XML 18:42, Friday, 27 March 19:30, Friday, 27 March
General Protection Fault: Comic Updates XML 18:42, Friday, 27 March 19:30, Friday, 27 March
George Monbiot XML 19:00, Friday, 27 March 19:43, Friday, 27 March
Girl Genius XML 19:00, Friday, 27 March 19:43, Friday, 27 March
Groklaw XML 18:42, Friday, 27 March 19:30, Friday, 27 March
Grrl Power XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Hackney Anarchist Group XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Hackney Solidarity Network XML 19:00, Friday, 27 March 19:45, Friday, 27 March
http://blog.llvm.org/feeds/posts/default XML 19:00, Friday, 27 March 19:45, Friday, 27 March
http://calendar.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 18:35, Friday, 27 March 19:15, Friday, 27 March
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 19:00, Friday, 27 March 19:45, Friday, 27 March
http://eng.anarchoblogs.org/feed/atom/ XML 19:07, Friday, 27 March 19:53, Friday, 27 March
http://feed43.com/3874015735218037.xml XML 19:07, Friday, 27 March 19:53, Friday, 27 March
http://flatearthnews.net/flatearthnews.net/blogfeed XML 18:35, Friday, 27 March 19:16, Friday, 27 March
http://fulltextrssfeed.com/ XML 19:00, Friday, 27 March 19:43, Friday, 27 March
http://london.indymedia.org/articles.rss XML 18:35, Friday, 27 March 19:22, Friday, 27 March
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 19:07, Friday, 27 March 19:53, Friday, 27 March
http://planet.gridpp.ac.uk/atom.xml XML 18:35, Friday, 27 March 19:22, Friday, 27 March
http://shirky.com/weblog/feed/atom/ XML 19:00, Friday, 27 March 19:44, Friday, 27 March
http://thecommune.co.uk/feed/ XML 19:00, Friday, 27 March 19:45, Friday, 27 March
http://theness.com/roguesgallery/feed/ XML 18:42, Friday, 27 March 19:30, Friday, 27 March
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 18:49, Friday, 27 March 19:38, Friday, 27 March
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 19:00, Friday, 27 March 19:44, Friday, 27 March
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 19:14, Friday, 27 March 19:56, Friday, 27 March
http://www.baen.com/baenebooks XML 19:00, Friday, 27 March 19:44, Friday, 27 March
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 19:00, Friday, 27 March 19:44, Friday, 27 March
http://www.godhatesastronauts.com/feed/ XML 18:42, Friday, 27 March 19:30, Friday, 27 March
http://www.tinycat.co.uk/feed/ XML 18:35, Friday, 27 March 19:15, Friday, 27 March
https://anarchism.pageabode.com/blogs/anarcho/feed/ XML 19:00, Friday, 27 March 19:44, Friday, 27 March
https://broodhollow.krisstraub.comfeed/ XML 18:35, Friday, 27 March 19:16, Friday, 27 March
https://debian-administration.org/atom.xml XML 18:35, Friday, 27 March 19:16, Friday, 27 March
https://elitetheatre.org/ XML 18:35, Friday, 27 March 19:22, Friday, 27 March
https://feeds.feedburner.com/Starslip XML 19:14, Friday, 27 March 19:56, Friday, 27 March
https://feeds2.feedburner.com/GeekEtiquette?format=xml XML 19:00, Friday, 27 March 19:43, Friday, 27 March
https://hackbloc.org/rss.xml XML 18:35, Friday, 27 March 19:16, Friday, 27 March
https://kajafoglio.livejournal.com/data/atom/ XML 18:49, Friday, 27 March 19:38, Friday, 27 March
https://philfoglio.livejournal.com/data/atom/ XML 18:35, Friday, 27 March 19:22, Friday, 27 March
https://pixietrixcomix.com/eerie-cutiescomic.rss XML 18:35, Friday, 27 March 19:22, Friday, 27 March
https://pixietrixcomix.com/menage-a-3/comic.rss XML 19:00, Friday, 27 March 19:44, Friday, 27 March
https://propertyistheft.wordpress.com/feed/ XML 18:35, Friday, 27 March 19:15, Friday, 27 March
https://requiem.seraph-inn.com/updates.rss XML 18:35, Friday, 27 March 19:15, Friday, 27 March
https://studiofoglio.livejournal.com/data/atom/ XML 19:07, Friday, 27 March 19:53, Friday, 27 March
https://thecommandline.net/feed/ XML 19:07, Friday, 27 March 19:53, Friday, 27 March
https://torrentfreak.com/subscriptions/ XML 19:00, Friday, 27 March 19:43, Friday, 27 March
https://web.randi.org/?format=feed&type=rss XML 19:00, Friday, 27 March 19:43, Friday, 27 March
https://www.dcscience.net/feed/medium.co XML 18:49, Friday, 27 March 19:38, Friday, 27 March
https://www.DropCatch.com/domain/steampunkmagazine.com XML 18:35, Friday, 27 March 19:16, Friday, 27 March
https://www.DropCatch.com/domain/ubuntuweblogs.org XML 19:07, Friday, 27 March 19:53, Friday, 27 March
https://www.DropCatch.com/redirect/?domain=DyingAlone.net XML 18:35, Friday, 27 March 19:22, Friday, 27 March
https://www.freedompress.org.uk:443/news/feed/ XML 18:42, Friday, 27 March 19:30, Friday, 27 March
https://www.goblinscomic.com/category/comics/feed/ XML 18:35, Friday, 27 March 19:15, Friday, 27 March
https://www.loomio.com/blog/feed/ XML 19:07, Friday, 27 March 19:53, Friday, 27 March
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 18:35, Friday, 27 March 19:16, Friday, 27 March
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 18:35, Friday, 27 March 19:22, Friday, 27 March
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 19:00, Friday, 27 March 19:43, Friday, 27 March
https://x.com/statuses/user_timeline/22724360.rss XML 18:35, Friday, 27 March 19:15, Friday, 27 March
Humble Bundle Blog XML 18:35, Friday, 27 March 19:22, Friday, 27 March
I, Cringely XML 18:42, Friday, 27 March 19:30, Friday, 27 March
Irregular Webcomic! XML 18:35, Friday, 27 March 19:16, Friday, 27 March
Joel on Software XML 19:07, Friday, 27 March 19:53, Friday, 27 March
Judith Proctor's Journal XML 18:35, Friday, 27 March 19:15, Friday, 27 March
Krebs on Security XML 18:35, Friday, 27 March 19:16, Friday, 27 March
Lambda the Ultimate - Programming Languages Weblog XML 18:35, Friday, 27 March 19:15, Friday, 27 March
Looking For Group XML 19:00, Friday, 27 March 19:44, Friday, 27 March
LWN.net XML 18:35, Friday, 27 March 19:16, Friday, 27 March
Mimi and Eunice XML 19:00, Friday, 27 March 19:45, Friday, 27 March
Neil Gaiman's Journal XML 18:35, Friday, 27 March 19:15, Friday, 27 March
Nina Paley XML 18:35, Friday, 27 March 19:22, Friday, 27 March
O Abnormal – Scifi/Fantasy Artist XML 19:00, Friday, 27 March 19:45, Friday, 27 March
Oglaf! -- Comics. Often dirty. XML 18:42, Friday, 27 March 19:30, Friday, 27 March
Oh Joy Sex Toy XML 19:00, Friday, 27 March 19:44, Friday, 27 March
Order of the Stick XML 19:00, Friday, 27 March 19:44, Friday, 27 March
Original Fiction Archives - Reactor XML 19:14, Friday, 27 March 19:56, Friday, 27 March
OSnews XML 19:00, Friday, 27 March 19:45, Friday, 27 March
Paul Graham: Unofficial RSS Feed XML 19:00, Friday, 27 March 19:45, Friday, 27 March
Penny Arcade XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Penny Red XML 19:00, Friday, 27 March 19:45, Friday, 27 March
PHD Comics XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Phil's blog XML 18:42, Friday, 27 March 19:30, Friday, 27 March
Planet Debian XML 19:00, Friday, 27 March 19:45, Friday, 27 March
Planet GNU XML 18:35, Friday, 27 March 19:16, Friday, 27 March
Planet Lisp XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Pluralistic: Daily links from Cory Doctorow XML 18:35, Friday, 27 March 19:15, Friday, 27 March
PS238 by Aaron Williams XML 18:42, Friday, 27 March 19:30, Friday, 27 March
QC RSS XML 18:35, Friday, 27 March 19:22, Friday, 27 March
Radar XML 19:14, Friday, 27 March 19:56, Friday, 27 March
RevK®'s ramblings XML 19:07, Friday, 27 March 19:53, Friday, 27 March
Richard Stallman's Political Notes XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Scenes From A Multiverse XML 18:35, Friday, 27 March 19:22, Friday, 27 March
Schneier on Security XML 18:35, Friday, 27 March 19:15, Friday, 27 March
SCHNEWS.ORG.UK XML 19:00, Friday, 27 March 19:44, Friday, 27 March
Scripting News XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Seth's Blog XML 19:07, Friday, 27 March 19:53, Friday, 27 March
Skin Horse XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Spinnerette XML 19:00, Friday, 27 March 19:44, Friday, 27 March
Tales From the Riverbank XML 18:49, Friday, 27 March 19:38, Friday, 27 March
The Adventures of Dr. McNinja XML 19:00, Friday, 27 March 19:45, Friday, 27 March
The Bumpycat sat on the mat XML 18:35, Friday, 27 March 19:15, Friday, 27 March
The Daily WTF XML 19:07, Friday, 27 March 19:53, Friday, 27 March
The Monochrome Mob XML 18:35, Friday, 27 March 19:16, Friday, 27 March
The Non-Adventures of Wonderella XML 19:00, Friday, 27 March 19:43, Friday, 27 March
The Old New Thing XML 19:00, Friday, 27 March 19:44, Friday, 27 March
The Open Source Grid Engine Blog XML 18:35, Friday, 27 March 19:22, Friday, 27 March
The Stranger XML 19:00, Friday, 27 March 19:45, Friday, 27 March
towerhamletsalarm XML 19:07, Friday, 27 March 19:53, Friday, 27 March
Twokinds XML 19:14, Friday, 27 March 19:56, Friday, 27 March
UK Indymedia Features XML 19:14, Friday, 27 March 19:56, Friday, 27 March
Uploads from ne11y XML 19:07, Friday, 27 March 19:53, Friday, 27 March
Uploads from piasladic XML 19:00, Friday, 27 March 19:43, Friday, 27 March
Use Sword on Monster XML 18:35, Friday, 27 March 19:22, Friday, 27 March
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 19:07, Friday, 27 March 19:53, Friday, 27 March
what if? XML 18:35, Friday, 27 March 19:16, Friday, 27 March
Whatever XML 18:49, Friday, 27 March 19:38, Friday, 27 March
Whitechapel Anarchist Group XML 18:49, Friday, 27 March 19:38, Friday, 27 March
WIL WHEATON dot NET XML 19:00, Friday, 27 March 19:44, Friday, 27 March
wish XML 19:00, Friday, 27 March 19:45, Friday, 27 March
Writing the Bright Fantastic XML 19:00, Friday, 27 March 19:44, Friday, 27 March
xkcd.com XML 19:00, Friday, 27 March 19:43, Friday, 27 March